blob: 435017116576faacfbd1de87153640dcf6173b23 [file] [log] [blame]
/*
* Copyright (C) 2008-2021 Apple Inc. All rights reserved.
* Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of Apple Inc. ("Apple") nor the names of
* its contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY APPLE AND ITS CONTRIBUTORS "AS IS" AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL APPLE OR ITS CONTRIBUTORS BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "CodeBlock.h"
#include "ArithProfile.h"
#include "BasicBlockLocation.h"
#include "BytecodeDumper.h"
#include "BytecodeLivenessAnalysisInlines.h"
#include "BytecodeOperandsForCheckpoint.h"
#include "BytecodeStructs.h"
#include "CodeBlockInlines.h"
#include "CodeBlockSet.h"
#include "ControlFlowProfiler.h"
#include "DFGCapabilities.h"
#include "DFGCommon.h"
#include "DFGJITCode.h"
#include "EvalCodeBlock.h"
#include "FullCodeOrigin.h"
#include "FunctionCodeBlock.h"
#include "FunctionExecutableDump.h"
#include "GetPutInfo.h"
#include "InlineCallFrame.h"
#include "Instruction.h"
#include "InstructionStream.h"
#include "IsoCellSetInlines.h"
#include "JIT.h"
#include "JITMathIC.h"
#include "JITWorklist.h"
#include "JSCInlines.h"
#include "JSCJSValue.h"
#include "JSLexicalEnvironment.h"
#include "JSModuleEnvironment.h"
#include "JSSet.h"
#include "JSString.h"
#include "JSTemplateObjectDescriptor.h"
#include "LLIntData.h"
#include "LLIntEntrypoint.h"
#include "LLIntExceptions.h"
#include "LLIntPrototypeLoadAdaptiveStructureWatchpoint.h"
#include "MetadataTable.h"
#include "ModuleProgramCodeBlock.h"
#include "ObjectAllocationProfileInlines.h"
#include "PCToCodeOriginMap.h"
#include "ProfilerDatabase.h"
#include "ProgramCodeBlock.h"
#include "ReduceWhitespace.h"
#include "SlotVisitorInlines.h"
#include "StackVisitor.h"
#include "StructureStubInfo.h"
#include "TypeLocationCache.h"
#include "TypeProfiler.h"
#include "VMInlines.h"
#include <wtf/Forward.h>
#include <wtf/SimpleStats.h>
#include <wtf/StringPrintStream.h>
#include <wtf/text/UniquedStringImpl.h>
#if ENABLE(ASSEMBLER)
#include "RegisterAtOffsetList.h"
#endif
#if ENABLE(FTL_JIT)
#include "FTLJITCode.h"
#endif
namespace JSC {
DEFINE_ALLOCATOR_WITH_HEAP_IDENTIFIER(CodeBlockRareData);
const ClassInfo CodeBlock::s_info = {
"CodeBlock", nullptr, nullptr, nullptr,
CREATE_METHOD_TABLE(CodeBlock)
};
CString CodeBlock::inferredName() const
{
switch (codeType()) {
case GlobalCode:
return "<global>";
case EvalCode:
return "<eval>";
case FunctionCode:
return jsCast<FunctionExecutable*>(ownerExecutable())->ecmaName().utf8();
case ModuleCode:
return "<module>";
default:
CRASH();
return CString("", 0);
}
}
bool CodeBlock::hasHash() const
{
return !!m_hash;
}
bool CodeBlock::isSafeToComputeHash() const
{
return !isCompilationThread();
}
CodeBlockHash CodeBlock::hash() const
{
if (!m_hash) {
RELEASE_ASSERT(isSafeToComputeHash());
m_hash = CodeBlockHash(ownerExecutable()->source(), specializationKind());
}
return m_hash;
}
CString CodeBlock::sourceCodeForTools() const
{
if (codeType() != FunctionCode)
return ownerExecutable()->source().toUTF8();
SourceProvider* provider = source().provider();
FunctionExecutable* executable = jsCast<FunctionExecutable*>(ownerExecutable());
UnlinkedFunctionExecutable* unlinked = executable->unlinkedExecutable();
unsigned unlinkedStartOffset = unlinked->startOffset();
unsigned linkedStartOffset = executable->source().startOffset();
int delta = linkedStartOffset - unlinkedStartOffset;
unsigned rangeStart = delta + unlinked->unlinkedFunctionNameStart();
unsigned rangeEnd = delta + unlinked->startOffset() + unlinked->sourceLength();
return toCString(
"function ",
provider->source().substring(rangeStart, rangeEnd - rangeStart).utf8());
}
CString CodeBlock::sourceCodeOnOneLine() const
{
return reduceWhitespace(sourceCodeForTools());
}
CString CodeBlock::hashAsStringIfPossible() const
{
if (hasHash() || isSafeToComputeHash())
return toCString(hash());
return "<no-hash>";
}
void CodeBlock::dumpAssumingJITType(PrintStream& out, JITType jitType) const
{
out.print(inferredName(), "#", hashAsStringIfPossible());
out.print(":[", RawPointer(this), "->");
if (!!m_alternative)
out.print(RawPointer(alternative()), "->");
out.print(RawPointer(ownerExecutable()), ", ", jitType, codeType());
if (codeType() == FunctionCode)
out.print(specializationKind());
out.print(", ", instructionsSize());
if (this->jitType() == JITType::BaselineJIT && m_shouldAlwaysBeInlined)
out.print(" (ShouldAlwaysBeInlined)");
if (ownerExecutable()->neverInline())
out.print(" (NeverInline)");
if (ownerExecutable()->neverOptimize())
out.print(" (NeverOptimize)");
else if (ownerExecutable()->neverFTLOptimize())
out.print(" (NeverFTLOptimize)");
if (ownerExecutable()->didTryToEnterInLoop())
out.print(" (DidTryToEnterInLoop)");
if (ownerExecutable()->isInStrictContext())
out.print(" (StrictMode)");
if (m_didFailJITCompilation)
out.print(" (JITFail)");
if (this->jitType() == JITType::BaselineJIT && m_didFailFTLCompilation)
out.print(" (FTLFail)");
if (this->jitType() == JITType::BaselineJIT && m_hasBeenCompiledWithFTL)
out.print(" (HadFTLReplacement)");
out.print("]");
}
void CodeBlock::dump(PrintStream& out) const
{
dumpAssumingJITType(out, jitType());
}
void CodeBlock::dumpSource()
{
dumpSource(WTF::dataFile());
}
void CodeBlock::dumpSource(PrintStream& out)
{
ScriptExecutable* executable = ownerExecutable();
if (executable->isFunctionExecutable()) {
FunctionExecutable* functionExecutable = reinterpret_cast<FunctionExecutable*>(executable);
StringView source = functionExecutable->source().provider()->getRange(
functionExecutable->parametersStartOffset(),
functionExecutable->typeProfilingEndOffset(vm()) + 1); // Type profiling end offset is the character before the '}'.
out.print("function ", inferredName(), source);
return;
}
out.print(executable->source().view());
}
void CodeBlock::dumpBytecode()
{
dumpBytecode(WTF::dataFile());
}
void CodeBlock::dumpBytecode(PrintStream& out)
{
ICStatusMap statusMap;
getICStatusMap(statusMap);
BytecodeGraph graph(this, this->instructions());
CodeBlockBytecodeDumper<CodeBlock>::dumpGraph(this, instructions(), graph, out, statusMap);
}
void CodeBlock::dumpBytecode(PrintStream& out, const InstructionStream::Ref& it, const ICStatusMap& statusMap)
{
BytecodeDumper<CodeBlock>::dumpBytecode(this, out, it, statusMap);
}
void CodeBlock::dumpBytecode(PrintStream& out, unsigned bytecodeOffset, const ICStatusMap& statusMap)
{
const auto it = instructions().at(bytecodeOffset);
dumpBytecode(out, it, statusMap);
}
namespace {
class PutToScopeFireDetail final : public FireDetail {
public:
PutToScopeFireDetail(CodeBlock* codeBlock, const Identifier& ident)
: m_codeBlock(codeBlock)
, m_ident(ident)
{
}
void dump(PrintStream& out) const final
{
out.print("Linking put_to_scope in ", FunctionExecutableDump(jsCast<FunctionExecutable*>(m_codeBlock->ownerExecutable())), " for ", m_ident);
}
private:
CodeBlock* m_codeBlock;
const Identifier& m_ident;
};
} // anonymous namespace
CodeBlock::CodeBlock(VM& vm, Structure* structure, CopyParsedBlockTag, CodeBlock& other)
: JSCell(vm, structure)
, m_globalObject(other.m_globalObject)
, m_shouldAlwaysBeInlined(true)
#if ENABLE(JIT)
, m_capabilityLevelState(DFG::CapabilityLevelNotSet)
#endif
, m_didFailJITCompilation(false)
, m_didFailFTLCompilation(false)
, m_hasBeenCompiledWithFTL(false)
, m_numCalleeLocals(other.m_numCalleeLocals)
, m_numVars(other.m_numVars)
, m_numberOfArgumentsToSkip(other.m_numberOfArgumentsToSkip)
, m_hasDebuggerStatement(false)
, m_steppingMode(SteppingModeDisabled)
, m_numBreakpoints(0)
, m_bytecodeCost(other.m_bytecodeCost)
, m_scopeRegister(other.m_scopeRegister)
, m_hash(other.m_hash)
, m_unlinkedCode(other.vm(), this, other.m_unlinkedCode.get())
, m_ownerExecutable(other.vm(), this, other.m_ownerExecutable.get())
, m_vm(other.m_vm)
, m_instructionsRawPointer(other.m_instructionsRawPointer)
, m_constantRegisters(other.m_constantRegisters)
, m_functionDecls(other.m_functionDecls)
, m_functionExprs(other.m_functionExprs)
, m_metadata(other.m_metadata)
, m_creationTime(MonotonicTime::now())
{
ASSERT(heap()->isDeferred());
ASSERT(m_scopeRegister.isLocal());
ASSERT(source().provider());
setNumParameters(other.numParameters());
vm.heap.codeBlockSet().add(this);
}
void CodeBlock::finishCreation(VM& vm, CopyParsedBlockTag, CodeBlock& other)
{
Base::finishCreation(vm);
finishCreationCommon(vm);
optimizeAfterWarmUp();
if (other.m_rareData) {
createRareDataIfNecessary();
m_rareData->m_exceptionHandlers = other.m_rareData->m_exceptionHandlers;
}
}
CodeBlock::CodeBlock(VM& vm, Structure* structure, ScriptExecutable* ownerExecutable, UnlinkedCodeBlock* unlinkedCodeBlock, JSScope* scope)
: JSCell(vm, structure)
, m_globalObject(vm, this, scope->globalObject(vm))
, m_shouldAlwaysBeInlined(true)
#if ENABLE(JIT)
, m_capabilityLevelState(DFG::CapabilityLevelNotSet)
#endif
, m_didFailJITCompilation(false)
, m_didFailFTLCompilation(false)
, m_hasBeenCompiledWithFTL(false)
, m_numCalleeLocals(unlinkedCodeBlock->numCalleeLocals())
, m_numVars(unlinkedCodeBlock->numVars())
, m_hasDebuggerStatement(false)
, m_steppingMode(SteppingModeDisabled)
, m_numBreakpoints(0)
, m_scopeRegister(unlinkedCodeBlock->scopeRegister())
, m_unlinkedCode(vm, this, unlinkedCodeBlock)
, m_ownerExecutable(vm, this, ownerExecutable)
, m_vm(&vm)
, m_instructionsRawPointer(unlinkedCodeBlock->instructions().rawPointer())
, m_metadata(unlinkedCodeBlock->metadata().link())
, m_creationTime(MonotonicTime::now())
{
ASSERT(heap()->isDeferred());
ASSERT(m_scopeRegister.isLocal());
ASSERT(source().provider());
setNumParameters(unlinkedCodeBlock->numParameters());
vm.heap.codeBlockSet().add(this);
}
// The main purpose of this function is to generate linked bytecode from unlinked bytecode. The process
// of linking is taking an abstract representation of bytecode and tying it to a GlobalObject and scope
// chain. For example, this process allows us to cache the depth of lexical environment reads that reach
// outside of this CodeBlock's compilation unit. It also allows us to generate particular constants that
// we can't generate during unlinked bytecode generation. This process is not allowed to generate control
// flow or introduce new locals. The reason for this is we rely on liveness analysis to be the same for
// all the CodeBlocks of an UnlinkedCodeBlock. We rely on this fact by caching the liveness analysis
// inside UnlinkedCodeBlock. Also, Baseline JIT code is shared between all CodeBlocks of an UnlinkedCodeBlock,
// so the bytecode must remain the same between CodeBlocks sharing an UnlinkedCodeBlock.
bool CodeBlock::finishCreation(VM& vm, ScriptExecutable* ownerExecutable, UnlinkedCodeBlock* unlinkedCodeBlock,
JSScope* scope)
{
Base::finishCreation(vm);
finishCreationCommon(vm);
ASSERT(vm.heap.isDeferred());
auto throwScope = DECLARE_THROW_SCOPE(vm);
if (m_unlinkedCode->wasCompiledWithTypeProfilerOpcodes() || m_unlinkedCode->wasCompiledWithControlFlowProfilerOpcodes())
vm.functionHasExecutedCache()->removeUnexecutedRange(ownerExecutable->sourceID(), ownerExecutable->typeProfilingStartOffset(vm), ownerExecutable->typeProfilingEndOffset(vm));
ScriptExecutable* topLevelExecutable = ownerExecutable->topLevelExecutable();
// We wait to initialize template objects until the end of finishCreation beecause it can
// throw. We rely on linking to put the CodeBlock into a coherent state, so we can't throw
// until we're all done linking.
Vector<unsigned> templateObjectIndices = setConstantRegisters(unlinkedCodeBlock->constantRegisters(), unlinkedCodeBlock->constantsSourceCodeRepresentation());
// We already have the cloned symbol table for the module environment since we need to instantiate
// the module environments before linking the code block. We replace the stored symbol table with the already cloned one.
if (UnlinkedModuleProgramCodeBlock* unlinkedModuleProgramCodeBlock = jsDynamicCast<UnlinkedModuleProgramCodeBlock*>(vm, unlinkedCodeBlock)) {
SymbolTable* clonedSymbolTable = jsCast<ModuleProgramExecutable*>(ownerExecutable)->moduleEnvironmentSymbolTable();
if (m_unlinkedCode->wasCompiledWithTypeProfilerOpcodes()) {
ConcurrentJSLocker locker(clonedSymbolTable->m_lock);
clonedSymbolTable->prepareForTypeProfiling(locker);
}
replaceConstant(VirtualRegister(unlinkedModuleProgramCodeBlock->moduleEnvironmentSymbolTableConstantRegisterOffset()), clonedSymbolTable);
}
bool shouldUpdateFunctionHasExecutedCache = m_unlinkedCode->wasCompiledWithTypeProfilerOpcodes() || m_unlinkedCode->wasCompiledWithControlFlowProfilerOpcodes();
m_functionDecls = FixedVector<WriteBarrier<FunctionExecutable>>(unlinkedCodeBlock->numberOfFunctionDecls());
for (size_t count = unlinkedCodeBlock->numberOfFunctionDecls(), i = 0; i < count; ++i) {
UnlinkedFunctionExecutable* unlinkedExecutable = unlinkedCodeBlock->functionDecl(i);
if (shouldUpdateFunctionHasExecutedCache)
vm.functionHasExecutedCache()->insertUnexecutedRange(ownerExecutable->sourceID(), unlinkedExecutable->typeProfilingStartOffset(), unlinkedExecutable->typeProfilingEndOffset());
m_functionDecls[i].set(vm, this, unlinkedExecutable->link(vm, topLevelExecutable, ownerExecutable->source(), std::nullopt, NoIntrinsic, ownerExecutable->isInsideOrdinaryFunction()));
}
m_functionExprs = FixedVector<WriteBarrier<FunctionExecutable>>(unlinkedCodeBlock->numberOfFunctionExprs());
for (size_t count = unlinkedCodeBlock->numberOfFunctionExprs(), i = 0; i < count; ++i) {
UnlinkedFunctionExecutable* unlinkedExecutable = unlinkedCodeBlock->functionExpr(i);
if (shouldUpdateFunctionHasExecutedCache)
vm.functionHasExecutedCache()->insertUnexecutedRange(ownerExecutable->sourceID(), unlinkedExecutable->typeProfilingStartOffset(), unlinkedExecutable->typeProfilingEndOffset());
m_functionExprs[i].set(vm, this, unlinkedExecutable->link(vm, topLevelExecutable, ownerExecutable->source(), std::nullopt, NoIntrinsic, ownerExecutable->isInsideOrdinaryFunction()));
}
if (unlinkedCodeBlock->numberOfExceptionHandlers()) {
createRareDataIfNecessary();
if (size_t count = unlinkedCodeBlock->numberOfExceptionHandlers()) {
m_rareData->m_exceptionHandlers.resizeToFit(count);
for (size_t i = 0; i < count; i++) {
const UnlinkedHandlerInfo& unlinkedHandler = unlinkedCodeBlock->exceptionHandler(i);
HandlerInfo& handler = m_rareData->m_exceptionHandlers[i];
#if ENABLE(JIT)
auto& instruction = *instructions().at(unlinkedHandler.target).ptr();
handler.initialize(unlinkedHandler, CodeLocationLabel<ExceptionHandlerPtrTag>(LLInt::handleCatch(instruction.width()).code()));
#else
handler.initialize(unlinkedHandler);
#endif
}
}
}
// Bookkeep the strongly referenced module environments.
HashSet<JSModuleEnvironment*> stronglyReferencedModuleEnvironments;
auto link_profile = [&](const auto& /*instruction*/, auto /*bytecode*/, auto& metadata) {
static_assert(std::is_same_v<ValueProfile, decltype(metadata.m_profile)>);
};
auto link_objectAllocationProfile = [&](const auto& /*instruction*/, auto bytecode, auto& metadata) {
metadata.m_objectAllocationProfile.initializeProfile(vm, m_globalObject.get(), this, m_globalObject->objectPrototype(), bytecode.m_inlineCapacity);
};
auto link_arrayAllocationProfile = [&](const auto& /*instruction*/, auto bytecode, auto& metadata) {
metadata.m_arrayAllocationProfile.initializeIndexingMode(bytecode.m_recommendedIndexingType);
};
auto link_callLinkInfo = [&](const auto& instruction, auto bytecode, auto& metadata) {
#if ENABLE(JIT)
if constexpr (decltype(bytecode)::opcodeID == op_tail_call) {
CallFrameShuffleData shuffleData = CallFrameShuffleData::createForBaselineOrLLIntTailCall(bytecode, numParameters());
metadata.m_callLinkInfo.initialize(vm, CallLinkInfo::callTypeFor(decltype(bytecode)::opcodeID), instruction.index(), &shuffleData);
return;
}
#endif
metadata.m_callLinkInfo.initialize(vm, CallLinkInfo::callTypeFor(decltype(bytecode)::opcodeID), instruction.index(), nullptr);
};
#define LINK_FIELD(__field) \
WTF_LAZY_JOIN(link_, __field)(instruction, bytecode, metadata);
#define INITIALIZE_METADATA(__op) \
auto bytecode = instruction->as<__op>(); \
auto& metadata = bytecode.metadata(this); \
new (&metadata) __op::Metadata { bytecode }; \
#define LINK_IMPL(...) \
INITIALIZE_METADATA(WTF_LAZY_FIRST(__VA_ARGS__)) \
WTF_LAZY_HAS_REST(__VA_ARGS__)({ \
WTF_LAZY_FOR_EACH_TERM(LINK_FIELD, WTF_LAZY_REST_(__VA_ARGS__)) \
}) \
#define CASE(__op) case __op::opcodeID
#define LINK(...) \
CASE(WTF_LAZY_FIRST(__VA_ARGS__)): { \
LINK_IMPL(__VA_ARGS__) \
break; \
}
const InstructionStream& instructionStream = instructions();
for (const auto& instruction : instructionStream) {
OpcodeID opcodeID = instruction->opcodeID();
m_bytecodeCost += opcodeLengths[opcodeID];
switch (opcodeID) {
LINK(OpGetByVal, profile)
LINK(OpGetPrivateName, profile)
LINK(OpGetByIdWithThis, profile)
LINK(OpTryGetById, profile)
LINK(OpGetByIdDirect, profile)
LINK(OpGetByValWithThis, profile)
LINK(OpGetPrototypeOf, profile)
LINK(OpGetFromArguments, profile)
LINK(OpToNumber, profile)
LINK(OpToNumeric, profile)
LINK(OpToObject, profile)
LINK(OpGetArgument, profile)
LINK(OpGetInternalField, profile)
LINK(OpToThis, profile)
LINK(OpBitand, profile)
LINK(OpBitor, profile)
LINK(OpBitnot, profile)
LINK(OpBitxor, profile)
LINK(OpLshift, profile)
LINK(OpRshift, profile)
LINK(OpGetById, profile)
LINK(OpEnumeratorNext)
LINK(OpEnumeratorInByVal)
LINK(OpEnumeratorHasOwnProperty)
LINK(OpEnumeratorGetByVal, profile)
LINK(OpInByVal)
LINK(OpPutByVal)
LINK(OpPutByValDirect)
LINK(OpPutPrivateName)
LINK(OpSetPrivateBrand)
LINK(OpCheckPrivateBrand)
LINK(OpNewArray)
LINK(OpNewArrayWithSize)
LINK(OpNewArrayBuffer, arrayAllocationProfile)
LINK(OpNewObject, objectAllocationProfile)
LINK(OpPutById)
LINK(OpCreateThis)
LINK(OpCreatePromise)
LINK(OpCreateGenerator)
LINK(OpJneqPtr)
LINK(OpCatch)
LINK(OpProfileControlFlow)
LINK(OpCall, callLinkInfo, profile)
LINK(OpTailCall, callLinkInfo, profile)
LINK(OpCallEval, callLinkInfo, profile)
LINK(OpConstruct, callLinkInfo, profile)
LINK(OpIteratorOpen, callLinkInfo)
LINK(OpIteratorNext, callLinkInfo)
LINK(OpCallVarargs, callLinkInfo, profile)
LINK(OpTailCallVarargs, callLinkInfo, profile)
LINK(OpTailCallForwardArguments, callLinkInfo, profile)
LINK(OpConstructVarargs, callLinkInfo, profile)
case op_resolve_scope: {
INITIALIZE_METADATA(OpResolveScope)
const Identifier& ident = identifier(bytecode.m_var);
RELEASE_ASSERT(bytecode.m_resolveType != ResolvedClosureVar);
ResolveOp op = JSScope::abstractResolve(m_globalObject.get(), bytecode.m_localScopeDepth, scope, ident, Get, bytecode.m_resolveType, InitializationMode::NotInitialization);
metadata.m_resolveType = op.type;
metadata.m_localScopeDepth = op.depth;
if (op.lexicalEnvironment) {
if (op.type == ModuleVar) {
// Keep the linked module environment strongly referenced.
if (stronglyReferencedModuleEnvironments.add(jsCast<JSModuleEnvironment*>(op.lexicalEnvironment)).isNewEntry)
addConstant(ConcurrentJSLocker(m_lock), op.lexicalEnvironment);
metadata.m_lexicalEnvironment.set(vm, this, op.lexicalEnvironment);
} else
metadata.m_symbolTable.set(vm, this, op.lexicalEnvironment->symbolTable());
} else if (JSScope* constantScope = JSScope::constantScopeForCodeBlock(op.type, this)) {
metadata.m_constantScope.set(vm, this, constantScope);
if (op.type == GlobalProperty || op.type == GlobalPropertyWithVarInjectionChecks)
metadata.m_globalLexicalBindingEpoch = m_globalObject->globalLexicalBindingEpoch();
} else
metadata.m_globalObject.clear();
break;
}
case op_get_from_scope: {
INITIALIZE_METADATA(OpGetFromScope)
link_profile(instruction, bytecode, metadata);
metadata.m_watchpointSet = nullptr;
ASSERT(!isInitialization(bytecode.m_getPutInfo.initializationMode()));
if (bytecode.m_getPutInfo.resolveType() == ResolvedClosureVar) {
metadata.m_getPutInfo = GetPutInfo(bytecode.m_getPutInfo.resolveMode(), ClosureVar, bytecode.m_getPutInfo.initializationMode(), bytecode.m_getPutInfo.ecmaMode());
break;
}
const Identifier& ident = identifier(bytecode.m_var);
ResolveOp op = JSScope::abstractResolve(m_globalObject.get(), bytecode.m_localScopeDepth, scope, ident, Get, bytecode.m_getPutInfo.resolveType(), InitializationMode::NotInitialization);
metadata.m_getPutInfo = GetPutInfo(bytecode.m_getPutInfo.resolveMode(), op.type, bytecode.m_getPutInfo.initializationMode(), bytecode.m_getPutInfo.ecmaMode());
if (op.type == ModuleVar)
metadata.m_getPutInfo = GetPutInfo(bytecode.m_getPutInfo.resolveMode(), ClosureVar, bytecode.m_getPutInfo.initializationMode(), bytecode.m_getPutInfo.ecmaMode());
if (op.type == GlobalVar || op.type == GlobalVarWithVarInjectionChecks || op.type == GlobalLexicalVar || op.type == GlobalLexicalVarWithVarInjectionChecks)
metadata.m_watchpointSet = op.watchpointSet;
else if (op.structure)
metadata.m_structure.set(vm, this, op.structure);
metadata.m_operand = op.operand;
break;
}
case op_put_to_scope: {
INITIALIZE_METADATA(OpPutToScope)
if (bytecode.m_getPutInfo.resolveType() == ResolvedClosureVar) {
// Only do watching if the property we're putting to is not anonymous.
if (bytecode.m_var != UINT_MAX) {
SymbolTable* symbolTable = jsCast<SymbolTable*>(getConstant(bytecode.m_symbolTableOrScopeDepth.symbolTable()));
const Identifier& ident = identifier(bytecode.m_var);
ConcurrentJSLocker locker(symbolTable->m_lock);
auto iter = symbolTable->find(locker, ident.impl());
ASSERT(iter != symbolTable->end(locker));
iter->value.prepareToWatch();
metadata.m_watchpointSet = iter->value.watchpointSet();
} else
metadata.m_watchpointSet = nullptr;
break;
}
const Identifier& ident = identifier(bytecode.m_var);
metadata.m_watchpointSet = nullptr;
ResolveOp op = JSScope::abstractResolve(m_globalObject.get(), bytecode.m_symbolTableOrScopeDepth.scopeDepth(), scope, ident, Put, bytecode.m_getPutInfo.resolveType(), bytecode.m_getPutInfo.initializationMode());
metadata.m_getPutInfo = GetPutInfo(bytecode.m_getPutInfo.resolveMode(), op.type, bytecode.m_getPutInfo.initializationMode(), bytecode.m_getPutInfo.ecmaMode());
if (op.type == GlobalVar || op.type == GlobalVarWithVarInjectionChecks || op.type == GlobalLexicalVar || op.type == GlobalLexicalVarWithVarInjectionChecks)
metadata.m_watchpointSet = op.watchpointSet;
else if (op.type == ClosureVar || op.type == ClosureVarWithVarInjectionChecks) {
if (op.watchpointSet)
op.watchpointSet->invalidate(vm, PutToScopeFireDetail(this, ident));
} else if (op.structure)
metadata.m_structure.set(vm, this, op.structure);
metadata.m_operand = op.operand;
break;
}
case op_profile_type: {
RELEASE_ASSERT(m_unlinkedCode->wasCompiledWithTypeProfilerOpcodes());
INITIALIZE_METADATA(OpProfileType)
size_t instructionOffset = instruction.offset() + instruction->size() - 1;
unsigned divotStart, divotEnd;
GlobalVariableID globalVariableID = 0;
RefPtr<TypeSet> globalTypeSet;
bool shouldAnalyze = m_unlinkedCode->typeProfilerExpressionInfoForBytecodeOffset(instructionOffset, divotStart, divotEnd);
SymbolTable* symbolTable = nullptr;
switch (bytecode.m_flag) {
case ProfileTypeBytecodeClosureVar: {
const Identifier& ident = identifier(bytecode.m_identifier);
unsigned localScopeDepth = bytecode.m_symbolTableOrScopeDepth.scopeDepth();
// Even though type profiling may be profiling either a Get or a Put, we can always claim a Get because
// we're abstractly "read"ing from a JSScope.
ResolveOp op = JSScope::abstractResolve(m_globalObject.get(), localScopeDepth, scope, ident, Get, bytecode.m_resolveType, InitializationMode::NotInitialization);
if (op.type == ClosureVar || op.type == ModuleVar)
symbolTable = op.lexicalEnvironment->symbolTable();
else if (op.type == GlobalVar)
symbolTable = m_globalObject.get()->symbolTable();
UniquedStringImpl* impl = (op.type == ModuleVar) ? op.importedName.get() : ident.impl();
if (symbolTable) {
ConcurrentJSLocker locker(symbolTable->m_lock);
// If our parent scope was created while profiling was disabled, it will not have prepared for profiling yet.
symbolTable->prepareForTypeProfiling(locker);
globalVariableID = symbolTable->uniqueIDForVariable(locker, impl, vm);
globalTypeSet = symbolTable->globalTypeSetForVariable(locker, impl, vm);
} else
globalVariableID = TypeProfilerNoGlobalIDExists;
break;
}
case ProfileTypeBytecodeLocallyResolved: {
SymbolTable* symbolTable = jsCast<SymbolTable*>(getConstant(bytecode.m_symbolTableOrScopeDepth.symbolTable()));
const Identifier& ident = identifier(bytecode.m_identifier);
ConcurrentJSLocker locker(symbolTable->m_lock);
// If our parent scope was created while profiling was disabled, it will not have prepared for profiling yet.
globalVariableID = symbolTable->uniqueIDForVariable(locker, ident.impl(), vm);
globalTypeSet = symbolTable->globalTypeSetForVariable(locker, ident.impl(), vm);
break;
}
case ProfileTypeBytecodeDoesNotHaveGlobalID:
case ProfileTypeBytecodeFunctionArgument: {
globalVariableID = TypeProfilerNoGlobalIDExists;
break;
}
case ProfileTypeBytecodeFunctionReturnStatement: {
RELEASE_ASSERT(ownerExecutable->isFunctionExecutable());
globalTypeSet = jsCast<FunctionExecutable*>(ownerExecutable)->returnStatementTypeSet();
globalVariableID = TypeProfilerReturnStatement;
if (!shouldAnalyze) {
// Because a return statement can be added implicitly to return undefined at the end of a function,
// and these nodes don't emit expression ranges because they aren't in the actual source text of
// the user's program, give the type profiler some range to identify these return statements.
// Currently, the text offset that is used as identification is "f" in the function keyword
// and is stored on TypeLocation's m_divotForFunctionOffsetIfReturnStatement member variable.
divotStart = divotEnd = ownerExecutable->typeProfilingStartOffset(vm);
shouldAnalyze = true;
}
break;
}
}
std::pair<TypeLocation*, bool> locationPair = vm.typeProfiler()->typeLocationCache()->getTypeLocation(globalVariableID,
ownerExecutable->sourceID(), divotStart, divotEnd, WTFMove(globalTypeSet), &vm);
TypeLocation* location = locationPair.first;
bool isNewLocation = locationPair.second;
if (bytecode.m_flag == ProfileTypeBytecodeFunctionReturnStatement)
location->m_divotForFunctionOffsetIfReturnStatement = ownerExecutable->typeProfilingStartOffset(vm);
if (shouldAnalyze && isNewLocation)
vm.typeProfiler()->insertNewLocation(location);
metadata.m_typeLocation = location;
break;
}
case op_debug: {
if (instruction->as<OpDebug>().m_debugHookType == DidReachDebuggerStatement)
m_hasDebuggerStatement = true;
break;
}
case op_create_rest: {
int numberOfArgumentsToSkip = instruction->as<OpCreateRest>().m_numParametersToSkip;
ASSERT_UNUSED(numberOfArgumentsToSkip, numberOfArgumentsToSkip >= 0);
// This is used when rematerializing the rest parameter during OSR exit in the FTL JIT.");
m_numberOfArgumentsToSkip = numberOfArgumentsToSkip;
break;
}
default:
break;
}
}
#undef CASE
#undef INITIALIZE_METADATA
#undef LINK_FIELD
#undef LINK
if (m_unlinkedCode->wasCompiledWithControlFlowProfilerOpcodes())
insertBasicBlockBoundariesForControlFlowProfiler();
// Set optimization thresholds only after instructions is initialized, since these
// rely on the instruction count (and are in theory permitted to also inspect the
// instruction stream to more accurate assess the cost of tier-up).
optimizeAfterWarmUp();
// If the concurrent thread will want the code block's hash, then compute it here
// synchronously.
if (Options::alwaysComputeHash())
hash();
if (Options::dumpGeneratedBytecodes())
dumpBytecode();
if (m_metadata)
vm.heap.reportExtraMemoryAllocated(m_metadata->sizeInBytes());
initializeTemplateObjects(topLevelExecutable, templateObjectIndices);
RETURN_IF_EXCEPTION(throwScope, false);
return true;
}
void CodeBlock::finishCreationCommon(VM& vm)
{
m_ownerEdge.set(vm, this, ExecutableToCodeBlockEdge::create(vm, this));
}
#if ENABLE(JIT)
void CodeBlock::setupWithUnlinkedBaselineCode(Ref<BaselineJITCode> jitCode)
{
setJITCode(jitCode.copyRef());
{
const auto& jitCodeMap = this->jitCodeMap();
for (size_t i = 0; i < numberOfExceptionHandlers(); ++i) {
HandlerInfo& handler = exceptionHandler(i);
// FIXME: <rdar://problem/39433318>.
handler.nativeCode = jitCodeMap.find(BytecodeIndex(handler.target)).retagged<ExceptionHandlerPtrTag>();
}
}
{
ConcurrentJSLocker locker(m_lock);
ASSERT(!m_baselineJITData);
m_baselineJITData = BaselineJITData::create(jitCode->m_constantPool.size());
m_baselineJITData->m_stubInfos = FixedVector<StructureStubInfo>(jitCode->m_unlinkedStubInfos.size());
for (auto& unlinkedCallLinkInfo : jitCode->m_unlinkedCalls) {
CallLinkInfo* callLinkInfo = getCallLinkInfoForBytecodeIndex(locker, unlinkedCallLinkInfo.bytecodeIndex);
ASSERT(callLinkInfo);
static_cast<BaselineCallLinkInfo*>(callLinkInfo)->setCodeLocations(unlinkedCallLinkInfo.doneLocation);
}
for (size_t i = 0; i < jitCode->m_constantPool.size(); ++i) {
auto entry = jitCode->m_constantPool.at(i);
switch (entry.type()) {
case JITConstantPool::Type::GlobalObject:
m_baselineJITData->at(i) = m_globalObject.get();
break;
case JITConstantPool::Type::StructureStubInfo: {
unsigned index = bitwise_cast<uintptr_t>(entry.pointer());
UnlinkedStructureStubInfo& unlinkedStubInfo = jitCode->m_unlinkedStubInfos[index];
StructureStubInfo& stubInfo = m_baselineJITData->m_stubInfos[index];
stubInfo.initializeFromUnlinkedStructureStubInfo(this, unlinkedStubInfo);
m_baselineJITData->at(i) = &stubInfo;
break;
}
case JITConstantPool::Type::FunctionDecl: {
unsigned index = bitwise_cast<uintptr_t>(entry.pointer());
m_baselineJITData->at(i) = functionDecl(index);
break;
}
case JITConstantPool::Type::FunctionExpr: {
unsigned index = bitwise_cast<uintptr_t>(entry.pointer());
m_baselineJITData->at(i) = functionExpr(index);
break;
}
}
}
}
switch (codeType()) {
case GlobalCode:
case ModuleCode:
case EvalCode:
m_shouldAlwaysBeInlined = false;
break;
case FunctionCode:
// We could have already set it to false because we detected an uninlineable call.
// Don't override that observation.
m_shouldAlwaysBeInlined &= canInline(capabilityLevel()) && DFG::mightInlineFunction(this);
break;
}
if (jitCode->m_isShareable && !unlinkedCodeBlock()->m_unlinkedBaselineCode && Options::useBaselineJITCodeSharing())
unlinkedCodeBlock()->m_unlinkedBaselineCode = WTFMove(jitCode);
}
#endif // ENABLE(JIT)
CodeBlock::~CodeBlock()
{
VM& vm = *m_vm;
// We use unvalidatedGet because get() has a validation assertion that rejects access.
// This assertion is correct since destruction order of cells is not guaranteed, and member cells could already be destroyed.
// But for CodeBlock, we are ensuring the order: CodeBlock gets destroyed before UnlinkedCodeBlock gets destroyed.
// So, we can access member UnlinkedCodeBlock safely here. We bypass the assertion by using unvalidatedGet.
UnlinkedCodeBlock* unlinkedCodeBlock = m_unlinkedCode.unvalidatedGet();
if (JITCode::isBaselineCode(jitType())) {
if (m_metadata) {
m_metadata->forEach<OpCatch>([&](auto& metadata) {
if (metadata.m_buffer)
ValueProfileAndVirtualRegisterBuffer::destroy(std::exchange(metadata.m_buffer, nullptr));
});
}
}
#if ENABLE(DFG_JIT)
// The JITCode (and its corresponding DFG::CommonData) may outlive the CodeBlock by
// a short amount of time after the CodeBlock is destructed. For example, the
// Interpreter::execute methods will ref JITCode before invoking it. This can
// result in the JITCode having a non-zero refCount when its owner CodeBlock is
// destructed.
//
// Hence, we cannot rely on DFG::CommonData destruction to clear these now invalid
// watchpoints in a timely manner. We'll ensure they are cleared here eagerly.
//
// We only need to do this for a DFG/FTL CodeBlock because only these will have a
// DFG:CommonData. Hence, the LLInt and Baseline will not have any of these watchpoints.
//
// Note also that the LLIntPrototypeLoadAdaptiveStructureWatchpoint is also related
// to the CodeBlock. However, its lifecycle is tied directly to the CodeBlock, and
// will be automatically cleared when the CodeBlock destructs.
if (JITCode::isOptimizingJIT(jitType()))
jitCode()->dfgCommon()->clearWatchpoints();
#endif
vm.heap.codeBlockSet().remove(this);
if (UNLIKELY(vm.m_perBytecodeProfiler))
vm.m_perBytecodeProfiler->notifyDestruction(this);
if (!vm.heap.isShuttingDown() && unlinkedCodeBlock->didOptimize() == TriState::Indeterminate)
unlinkedCodeBlock->setDidOptimize(TriState::False);
#if ENABLE(VERBOSE_VALUE_PROFILE)
dumpValueProfiles();
#endif
// We may be destroyed before any CodeBlocks that refer to us are destroyed.
// Consider that two CodeBlocks become unreachable at the same time. There
// is no guarantee about the order in which the CodeBlocks are destroyed.
// So, if we don't remove incoming calls, and get destroyed before the
// CodeBlock(s) that have calls into us, then the CallLinkInfo vector's
// destructor will try to remove nodes from our (no longer valid) linked list.
unlinkIncomingCalls();
// Note that our outgoing calls will be removed from other CodeBlocks'
// m_incomingCalls linked lists through the execution of the ~CallLinkInfo
// destructors.
#if ENABLE(JIT)
if (auto* jitData = m_baselineJITData.get()) {
for (auto& stubInfo : jitData->m_stubInfos) {
stubInfo.aboutToDie();
stubInfo.deref();
}
}
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType())) {
for (auto* stubInfo : jitCode()->dfgCommon()->m_stubInfos) {
stubInfo->aboutToDie();
stubInfo->deref();
}
}
#endif
#endif // ENABLE(JIT)
}
bool CodeBlock::isConstantOwnedByUnlinkedCodeBlock(VirtualRegister reg) const
{
// This needs to correspond to what we do inside setConstantRegisters.
switch (unlinkedCodeBlock()->constantSourceCodeRepresentation(reg)) {
case SourceCodeRepresentation::Integer:
case SourceCodeRepresentation::Double:
return true;
case SourceCodeRepresentation::Other: {
JSValue value = unlinkedCodeBlock()->getConstant(reg);
if (!value || !value.isCell())
return true;
JSCell* cell = value.asCell();
if (cell->inherits<SymbolTable>(vm()) || cell->inherits<JSTemplateObjectDescriptor>(vm()))
return false;
return true;
}
case SourceCodeRepresentation::LinkTimeConstant:
return false;
default:
RELEASE_ASSERT_NOT_REACHED();
}
}
Vector<unsigned> CodeBlock::setConstantRegisters(const FixedVector<WriteBarrier<Unknown>>& constants, const FixedVector<SourceCodeRepresentation>& constantsSourceCodeRepresentation)
{
VM& vm = *m_vm;
JSGlobalObject* globalObject = m_globalObject.get();
Vector<unsigned> templateObjectIndices;
ASSERT(constants.size() == constantsSourceCodeRepresentation.size());
size_t count = constants.size();
{
ConcurrentJSLocker locker(m_lock);
m_constantRegisters.resizeToFit(count);
}
for (size_t i = 0; i < count; i++) {
JSValue constant = constants[i].get();
SourceCodeRepresentation representation = constantsSourceCodeRepresentation[i];
switch (representation) {
case SourceCodeRepresentation::LinkTimeConstant:
constant = globalObject->linkTimeConstant(static_cast<LinkTimeConstant>(constant.asInt32AsAnyInt()));
ASSERT(constant.isCell()); // Unlinked Baseline JIT requires this.
break;
case SourceCodeRepresentation::Other:
case SourceCodeRepresentation::Integer:
case SourceCodeRepresentation::Double:
if (!constant.isEmpty()) {
if (constant.isCell()) {
JSCell* cell = constant.asCell();
if (SymbolTable* symbolTable = jsDynamicCast<SymbolTable*>(vm, cell)) {
if (m_unlinkedCode->wasCompiledWithTypeProfilerOpcodes()) {
ConcurrentJSLocker locker(symbolTable->m_lock);
symbolTable->prepareForTypeProfiling(locker);
}
SymbolTable* clone = symbolTable->cloneScopePart(vm);
if (wasCompiledWithDebuggingOpcodes())
clone->setRareDataCodeBlock(this);
constant = clone;
} else if (jsDynamicCast<JSTemplateObjectDescriptor*>(vm, cell))
templateObjectIndices.append(i);
}
}
break;
}
m_constantRegisters[i].set(vm, this, constant);
}
return templateObjectIndices;
}
void CodeBlock::initializeTemplateObjects(ScriptExecutable* topLevelExecutable, const Vector<unsigned>& templateObjectIndices)
{
auto scope = DECLARE_THROW_SCOPE(vm());
for (unsigned i : templateObjectIndices) {
auto* descriptor = jsCast<JSTemplateObjectDescriptor*>(m_constantRegisters[i].get());
auto* templateObject = topLevelExecutable->createTemplateObject(globalObject(), descriptor);
RETURN_IF_EXCEPTION(scope, void());
m_constantRegisters[i].set(vm(), this, templateObject);
}
}
void CodeBlock::setAlternative(VM& vm, CodeBlock* alternative)
{
RELEASE_ASSERT(alternative);
RELEASE_ASSERT(alternative->jitCode());
m_alternative.set(vm, this, alternative);
}
void CodeBlock::setNumParameters(unsigned newValue)
{
m_numParameters = newValue;
m_argumentValueProfiles = FixedVector<ValueProfile>(Options::useJIT() ? newValue : 0);
}
CodeBlock* CodeBlock::specialOSREntryBlockOrNull()
{
#if ENABLE(FTL_JIT)
if (jitType() != JITType::DFGJIT)
return nullptr;
DFG::JITCode* jitCode = m_jitCode->dfg();
return jitCode->osrEntryBlock();
#else // ENABLE(FTL_JIT)
return 0;
#endif // ENABLE(FTL_JIT)
}
size_t CodeBlock::estimatedSize(JSCell* cell, VM& vm)
{
CodeBlock* thisObject = jsCast<CodeBlock*>(cell);
size_t extraMemoryAllocated = 0;
if (thisObject->m_metadata)
extraMemoryAllocated += thisObject->m_metadata->sizeInBytes();
RefPtr<JITCode> jitCode = thisObject->m_jitCode;
if (jitCode && !jitCode->isShared())
extraMemoryAllocated += jitCode->size();
return Base::estimatedSize(cell, vm) + extraMemoryAllocated;
}
template<typename Visitor>
void CodeBlock::visitChildrenImpl(JSCell* cell, Visitor& visitor)
{
CodeBlock* thisObject = jsCast<CodeBlock*>(cell);
ASSERT_GC_OBJECT_INHERITS(thisObject, info());
Base::visitChildren(cell, visitor);
visitor.append(thisObject->m_ownerEdge);
thisObject->visitChildren(visitor);
}
DEFINE_VISIT_CHILDREN(CodeBlock);
template<typename Visitor>
void CodeBlock::visitChildren(Visitor& visitor)
{
ConcurrentJSLocker locker(m_lock);
// In CodeBlock::shouldVisitStrongly() we may have decided to skip visiting this
// codeBlock. However, if we end up visiting it anyway due to other references,
// we can clear this flag and allow the verifier GC to visit it as well.
m_visitChildrenSkippedDueToOldAge = false;
if (CodeBlock* otherBlock = specialOSREntryBlockOrNull())
visitor.appendUnbarriered(otherBlock);
size_t extraMemory = 0;
if (m_metadata)
extraMemory += m_metadata->sizeInBytes();
if (m_jitCode && !m_jitCode->isShared())
extraMemory += m_jitCode->size();
visitor.reportExtraMemoryVisited(extraMemory);
stronglyVisitStrongReferences(locker, visitor);
stronglyVisitWeakReferences(locker, visitor);
VM::SpaceAndSet::setFor(*subspace()).add(this);
}
template<typename Visitor>
bool CodeBlock::shouldVisitStrongly(const ConcurrentJSLocker& locker, Visitor& visitor)
{
if (Options::forceCodeBlockLiveness())
return true;
if (shouldJettisonDueToOldAge(locker, visitor)) {
if (Options::verifyGC())
m_visitChildrenSkippedDueToOldAge = true;
return false;
}
if (UNLIKELY(m_visitChildrenSkippedDueToOldAge)) {
RELEASE_ASSERT(Options::verifyGC());
return false;
}
// Interpreter and Baseline JIT CodeBlocks don't need to be jettisoned when
// their weak references go stale. So if a basline JIT CodeBlock gets
// scanned, we can assume that this means that it's live.
if (!JITCode::isOptimizingJIT(jitType()))
return true;
return false;
}
template bool CodeBlock::shouldVisitStrongly(const ConcurrentJSLocker&, AbstractSlotVisitor&);
template bool CodeBlock::shouldVisitStrongly(const ConcurrentJSLocker&, SlotVisitor&);
bool CodeBlock::shouldJettisonDueToWeakReference(VM& vm)
{
if (!JITCode::isOptimizingJIT(jitType()))
return false;
return !vm.heap.isMarked(this);
}
static Seconds timeToLive(JITType jitType)
{
if (UNLIKELY(Options::useEagerCodeBlockJettisonTiming())) {
switch (jitType) {
case JITType::InterpreterThunk:
return 10_ms;
case JITType::BaselineJIT:
return 30_ms;
case JITType::DFGJIT:
return 40_ms;
case JITType::FTLJIT:
return 120_ms;
default:
return Seconds::infinity();
}
}
switch (jitType) {
case JITType::InterpreterThunk:
return 5_s;
case JITType::BaselineJIT:
// Effectively 10 additional seconds, since BaselineJIT and
// InterpreterThunk share a CodeBlock.
return 15_s;
case JITType::DFGJIT:
return 20_s;
case JITType::FTLJIT:
return 60_s;
default:
return Seconds::infinity();
}
}
template<typename Visitor>
ALWAYS_INLINE bool CodeBlock::shouldJettisonDueToOldAge(const ConcurrentJSLocker&, Visitor& visitor)
{
if (visitor.isMarked(this))
return false;
if (UNLIKELY(Options::forceCodeBlockToJettisonDueToOldAge()))
return true;
if (timeSinceCreation() < timeToLive(jitType()))
return false;
return true;
}
#if ENABLE(DFG_JIT)
template<typename Visitor>
static inline bool shouldMarkTransition(Visitor& visitor, DFG::WeakReferenceTransition& transition)
{
if (transition.m_codeOrigin && !visitor.isMarked(transition.m_codeOrigin.get()))
return false;
if (!visitor.isMarked(transition.m_from.get()))
return false;
return true;
}
BytecodeIndex CodeBlock::bytecodeIndexForExit(BytecodeIndex exitIndex) const
{
if (exitIndex.checkpoint()) {
const auto& instruction = instructions().at(exitIndex);
exitIndex = instruction.next().index();
}
return exitIndex;
}
#endif // ENABLE(DFG_JIT)
template<typename Visitor>
void CodeBlock::propagateTransitions(const ConcurrentJSLocker&, Visitor& visitor)
{
typename Visitor::SuppressGCVerifierScope suppressScope(visitor);
VM& vm = *m_vm;
if (jitType() == JITType::InterpreterThunk) {
if (m_metadata) {
m_metadata->forEach<OpPutById>([&] (auto& metadata) {
StructureID oldStructureID = metadata.m_oldStructureID;
StructureID newStructureID = metadata.m_newStructureID;
if (!oldStructureID || !newStructureID)
return;
Structure* oldStructure = vm.heap.structureIDTable().get(oldStructureID);
if (visitor.isMarked(oldStructure)) {
Structure* newStructure = vm.heap.structureIDTable().get(newStructureID);
visitor.appendUnbarriered(newStructure);
}
});
m_metadata->forEach<OpPutPrivateName>([&] (auto& metadata) {
StructureID oldStructureID = metadata.m_oldStructureID;
StructureID newStructureID = metadata.m_newStructureID;
if (!oldStructureID || !newStructureID)
return;
JSCell* property = metadata.m_property.get();
ASSERT(property);
if (!visitor.isMarked(property))
return;
Structure* oldStructure = vm.heap.structureIDTable().get(oldStructureID);
if (visitor.isMarked(oldStructure)) {
Structure* newStructure = vm.heap.structureIDTable().get(newStructureID);
visitor.appendUnbarriered(newStructure);
}
});
m_metadata->forEach<OpSetPrivateBrand>([&] (auto& metadata) {
StructureID oldStructureID = metadata.m_oldStructureID;
StructureID newStructureID = metadata.m_newStructureID;
if (!oldStructureID || !newStructureID)
return;
JSCell* brand = metadata.m_brand.get();
ASSERT(brand);
if (!visitor.isMarked(brand))
return;
Structure* oldStructure = vm.heap.structureIDTable().get(oldStructureID);
if (visitor.isMarked(oldStructure)) {
Structure* newStructure = vm.heap.structureIDTable().get(newStructureID);
visitor.appendUnbarriered(newStructure);
}
});
}
}
#if ENABLE(JIT)
if (JITCode::isJIT(jitType())) {
if (auto* jitData = m_baselineJITData.get()) {
for (auto& stubInfo : jitData->m_stubInfos)
stubInfo.propagateTransitions(visitor);
}
}
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType())) {
for (auto* stubInfo : jitCode()->dfgCommon()->m_stubInfos)
stubInfo->propagateTransitions(visitor);
}
#endif
#endif // ENABLE(JIT)
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType())) {
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
dfgCommon->recordedStatuses.markIfCheap(visitor);
for (StructureID structureID : dfgCommon->m_weakStructureReferences)
vm.getStructure(structureID)->markIfCheap(visitor);
for (auto& transition : dfgCommon->m_transitions) {
if (shouldMarkTransition(visitor, transition)) {
// If the following three things are live, then the target of the
// transition is also live:
//
// - This code block. We know it's live already because otherwise
// we wouldn't be scanning ourselves.
//
// - The code origin of the transition. Transitions may arise from
// code that was inlined. They are not relevant if the user's
// object that is required for the inlinee to run is no longer
// live.
//
// - The source of the transition. The transition checks if some
// heap location holds the source, and if so, stores the target.
// Hence the source must be live for the transition to be live.
//
// We also short-circuit the liveness if the structure is harmless
// to mark (i.e. its global object and prototype are both already
// live).
visitor.append(transition.m_to);
}
}
}
#endif // ENABLE(DFG_JIT)
}
template void CodeBlock::propagateTransitions(const ConcurrentJSLocker&, AbstractSlotVisitor&);
template void CodeBlock::propagateTransitions(const ConcurrentJSLocker&, SlotVisitor&);
template<typename Visitor>
void CodeBlock::determineLiveness(const ConcurrentJSLocker&, Visitor& visitor)
{
UNUSED_PARAM(visitor);
#if ENABLE(DFG_JIT)
VM& vm = *m_vm;
if (visitor.isMarked(this))
return;
// In rare and weird cases, this could be called on a baseline CodeBlock. One that I found was
// that we might decide that the CodeBlock should be jettisoned due to old age, so the
// isMarked check doesn't protect us.
if (!JITCode::isOptimizingJIT(jitType()))
return;
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
// Now check all of our weak references. If all of them are live, then we
// have proved liveness and so we scan our strong references. If at end of
// GC we still have not proved liveness, then this code block is toast.
bool allAreLiveSoFar = true;
for (unsigned i = 0; i < dfgCommon->m_weakReferences.size(); ++i) {
JSCell* reference = dfgCommon->m_weakReferences[i].get();
ASSERT(!jsDynamicCast<CodeBlock*>(vm, reference));
if (!visitor.isMarked(reference)) {
allAreLiveSoFar = false;
break;
}
}
if (allAreLiveSoFar) {
for (StructureID structureID : dfgCommon->m_weakStructureReferences) {
Structure* structure = vm.getStructure(structureID);
if (!visitor.isMarked(structure)) {
allAreLiveSoFar = false;
break;
}
}
}
// If some weak references are dead, then this fixpoint iteration was
// unsuccessful.
if (!allAreLiveSoFar)
return;
// All weak references are live. Record this information so we don't
// come back here again, and scan the strong references.
visitor.appendUnbarriered(this);
#endif // ENABLE(DFG_JIT)
}
template void CodeBlock::determineLiveness(const ConcurrentJSLocker&, AbstractSlotVisitor&);
template void CodeBlock::determineLiveness(const ConcurrentJSLocker&, SlotVisitor&);
void CodeBlock::finalizeLLIntInlineCaches()
{
VM& vm = *m_vm;
if (m_metadata) {
// FIXME: https://bugs.webkit.org/show_bug.cgi?id=166418
// We need to add optimizations for op_resolve_scope_for_hoisting_func_decl_in_eval to do link time scope resolution.
auto clearIfNeeded = [&] (GetByIdModeMetadata& modeMetadata, ASCIILiteral opName) {
if (modeMetadata.mode != GetByIdMode::Default)
return;
StructureID oldStructureID = modeMetadata.defaultMode.structureID;
if (!oldStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(oldStructureID)))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing ", opName, " LLInt property access.");
LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache(modeMetadata);
};
m_metadata->forEach<OpIteratorOpen>([&] (auto& metadata) {
clearIfNeeded(metadata.m_modeMetadata, "iterator open"_s);
});
m_metadata->forEach<OpIteratorNext>([&] (auto& metadata) {
clearIfNeeded(metadata.m_doneModeMetadata, "iterator next"_s);
clearIfNeeded(metadata.m_valueModeMetadata, "iterator next"_s);
});
m_metadata->forEach<OpGetById>([&] (auto& metadata) {
clearIfNeeded(metadata.m_modeMetadata, "get by id"_s);
});
m_metadata->forEach<OpTryGetById>([&] (auto& metadata) {
StructureID oldStructureID = metadata.m_structureID;
if (!oldStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(oldStructureID)))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing try_get_by_id LLInt property access.");
metadata.m_structureID = 0;
metadata.m_offset = 0;
});
m_metadata->forEach<OpGetByIdDirect>([&] (auto& metadata) {
StructureID oldStructureID = metadata.m_structureID;
if (!oldStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(oldStructureID)))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing get_by_id_direct LLInt property access.");
metadata.m_structureID = 0;
metadata.m_offset = 0;
});
m_metadata->forEach<OpGetPrivateName>([&] (auto& metadata) {
JSCell* property = metadata.m_property.get();
StructureID structureID = metadata.m_structureID;
if ((!property || vm.heap.isMarked(property)) && (!structureID || vm.heap.isMarked(vm.heap.structureIDTable().get(structureID))))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing LLInt private property access.");
metadata.m_structureID = 0;
metadata.m_offset = 0;
metadata.m_property.clear();
});
m_metadata->forEach<OpPutById>([&] (auto& metadata) {
StructureID oldStructureID = metadata.m_oldStructureID;
StructureID newStructureID = metadata.m_newStructureID;
StructureChain* chain = metadata.m_structureChain.get();
if ((!oldStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(oldStructureID)))
&& (!newStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(newStructureID)))
&& (!chain || vm.heap.isMarked(chain)))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing LLInt put transition.");
metadata.m_oldStructureID = 0;
metadata.m_offset = 0;
metadata.m_newStructureID = 0;
metadata.m_structureChain.clear();
});
m_metadata->forEach<OpPutPrivateName>([&] (auto& metadata) {
StructureID oldStructureID = metadata.m_oldStructureID;
StructureID newStructureID = metadata.m_newStructureID;
JSCell* property = metadata.m_property.get();
if ((!oldStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(oldStructureID)))
&& (!property || vm.heap.isMarked(property))
&& (!newStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(newStructureID))))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing LLInt put_private_name transition.");
metadata.m_oldStructureID = 0;
metadata.m_offset = 0;
metadata.m_newStructureID = 0;
metadata.m_property.clear();
});
m_metadata->forEach<OpSetPrivateBrand>([&] (auto& metadata) {
StructureID oldStructureID = metadata.m_oldStructureID;
StructureID newStructureID = metadata.m_newStructureID;
JSCell* brand = metadata.m_brand.get();
if ((!oldStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(oldStructureID)))
&& (!brand || vm.heap.isMarked(brand))
&& (!newStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(newStructureID))))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing LLInt set_private_brand transition.");
metadata.m_oldStructureID = 0;
metadata.m_newStructureID = 0;
metadata.m_brand.clear();
});
m_metadata->forEach<OpCheckPrivateBrand>([&] (auto& metadata) {
StructureID structureID = metadata.m_structureID;
JSCell* brand = metadata.m_brand.get();
if ((!structureID || vm.heap.isMarked(vm.heap.structureIDTable().get(structureID)))
&& (!brand || vm.heap.isMarked(brand)))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing LLInt check_private_brand transition.");
metadata.m_structureID = 0;
metadata.m_brand.clear();
});
m_metadata->forEach<OpToThis>([&] (auto& metadata) {
if (!metadata.m_cachedStructureID || vm.heap.isMarked(vm.heap.structureIDTable().get(metadata.m_cachedStructureID)))
return;
if (Options::verboseOSR()) {
Structure* structure = vm.heap.structureIDTable().get(metadata.m_cachedStructureID);
dataLogF("Clearing LLInt to_this with structure %p.\n", structure);
}
metadata.m_cachedStructureID = 0;
metadata.m_toThisStatus = merge(metadata.m_toThisStatus, ToThisClearedByGC);
});
auto handleCreateBytecode = [&] (auto& metadata, ASCIILiteral name) {
auto& cacheWriteBarrier = metadata.m_cachedCallee;
if (!cacheWriteBarrier || cacheWriteBarrier.unvalidatedGet() == JSCell::seenMultipleCalleeObjects())
return;
JSCell* cachedFunction = cacheWriteBarrier.get();
if (vm.heap.isMarked(cachedFunction))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing LLInt ", name, " with cached callee ", RawPointer(cachedFunction), ".");
cacheWriteBarrier.clear();
};
m_metadata->forEach<OpCreateThis>([&] (auto& metadata) {
handleCreateBytecode(metadata, "op_create_this"_s);
});
m_metadata->forEach<OpCreatePromise>([&] (auto& metadata) {
handleCreateBytecode(metadata, "op_create_promise"_s);
});
m_metadata->forEach<OpCreateGenerator>([&] (auto& metadata) {
handleCreateBytecode(metadata, "op_create_generator"_s);
});
m_metadata->forEach<OpCreateAsyncGenerator>([&] (auto& metadata) {
handleCreateBytecode(metadata, "op_create_async_generator"_s);
});
m_metadata->forEach<OpResolveScope>([&] (auto& metadata) {
// Right now this isn't strictly necessary. Any symbol tables that this will refer to
// are for outer functions, and we refer to those functions strongly, and they refer
// to the symbol table strongly. But it's nice to be on the safe side.
WriteBarrierBase<SymbolTable>& symbolTable = metadata.m_symbolTable;
if (!symbolTable || vm.heap.isMarked(symbolTable.get()))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing dead symbolTable ", RawPointer(symbolTable.get()));
symbolTable.clear();
});
auto handleGetPutFromScope = [&] (auto& metadata) {
GetPutInfo getPutInfo = metadata.m_getPutInfo;
if (getPutInfo.resolveType() == GlobalVar || getPutInfo.resolveType() == GlobalVarWithVarInjectionChecks
|| getPutInfo.resolveType() == ResolvedClosureVar || getPutInfo.resolveType() == GlobalLexicalVar || getPutInfo.resolveType() == GlobalLexicalVarWithVarInjectionChecks)
return;
WriteBarrierBase<Structure>& structure = metadata.m_structure;
if (!structure || vm.heap.isMarked(structure.get()))
return;
dataLogLnIf(Options::verboseOSR(), "Clearing scope access with structure ", RawPointer(structure.get()));
structure.clear();
};
m_metadata->forEach<OpGetFromScope>(handleGetPutFromScope);
m_metadata->forEach<OpPutToScope>(handleGetPutFromScope);
}
// We can't just remove all the sets when we clear the caches since we might have created a watchpoint set
// then cleared the cache without GCing in between.
m_llintGetByIdWatchpointMap.removeIf([&] (const StructureWatchpointMap::KeyValuePairType& pair) -> bool {
auto clear = [&] () {
auto& instruction = instructions().at(std::get<1>(pair.key));
OpcodeID opcode = instruction->opcodeID();
switch (opcode) {
case op_get_by_id: {
dataLogLnIf(Options::verboseOSR(), "Clearing LLInt property access.");
LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache(instruction->as<OpGetById>().metadata(this).m_modeMetadata);
break;
}
case op_iterator_open: {
dataLogLnIf(Options::verboseOSR(), "Clearing LLInt iterator open property access.");
LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache(instruction->as<OpIteratorOpen>().metadata(this).m_modeMetadata);
break;
}
case op_iterator_next: {
dataLogLnIf(Options::verboseOSR(), "Clearing LLInt iterator next property access.");
// FIXME: We don't really want to clear both caches here but it's kinda annoying to figure out which one this is referring to...
// See: https://bugs.webkit.org/show_bug.cgi?id=210693
auto& metadata = instruction->as<OpIteratorNext>().metadata(this);
LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache(metadata.m_doneModeMetadata);
LLIntPrototypeLoadAdaptiveStructureWatchpoint::clearLLIntGetByIdCache(metadata.m_valueModeMetadata);
break;
}
default:
break;
}
return true;
};
if (!vm.heap.isMarked(vm.heap.structureIDTable().get(std::get<0>(pair.key))))
return clear();
for (const LLIntPrototypeLoadAdaptiveStructureWatchpoint& watchpoint : pair.value) {
if (!watchpoint.key().isStillLive(vm))
return clear();
}
return false;
});
}
#if ENABLE(JIT)
void CodeBlock::finalizeJITInlineCaches()
{
if (auto* jitData = m_baselineJITData.get()) {
for (auto& stubInfo : jitData->m_stubInfos) {
ConcurrentJSLockerBase locker(NoLockingNecessary);
stubInfo.visitWeakReferences(locker, this);
}
}
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType())) {
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
for (auto* callLinkInfo : dfgCommon->m_callLinkInfos)
callLinkInfo->visitWeak(vm());
for (auto* stubInfo : dfgCommon->m_stubInfos) {
ConcurrentJSLockerBase locker(NoLockingNecessary);
stubInfo->visitWeakReferences(locker, this);
}
}
#endif
}
#endif
void CodeBlock::finalizeUnconditionally(VM& vm)
{
UNUSED_PARAM(vm);
updateAllPredictions();
if (JITCode::couldBeInterpreted(jitType())) {
finalizeLLIntInlineCaches();
// If the CodeBlock is DFG or FTL, CallLinkInfo in metadata is not related.
forEachLLIntOrBaselineCallLinkInfo([&](BaselineCallLinkInfo& callLinkInfo) {
callLinkInfo.visitWeak(vm);
});
}
#if ENABLE(JIT)
if (!!jitCode())
finalizeJITInlineCaches();
#endif
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType())) {
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
dfgCommon->recordedStatuses.finalize(vm);
}
#endif // ENABLE(DFG_JIT)
auto updateActivity = [&] {
if (!VM::useUnlinkedCodeBlockJettisoning())
return;
JITCode* jitCode = m_jitCode.get();
double count = 0;
bool alwaysActive = false;
switch (JITCode::jitTypeFor(jitCode)) {
case JITType::None:
case JITType::HostCallThunk:
return;
case JITType::InterpreterThunk:
count = m_unlinkedCode->llintExecuteCounter().count();
break;
case JITType::BaselineJIT:
count = m_jitExecuteCounter.count();
break;
case JITType::DFGJIT:
#if ENABLE(FTL_JIT)
count = static_cast<DFG::JITCode*>(jitCode)->tierUpCounter.count();
#else
alwaysActive = true;
#endif
break;
case JITType::FTLJIT:
alwaysActive = true;
break;
}
if (alwaysActive || m_previousCounter < count) {
// CodeBlock is active right now, so resetting UnlinkedCodeBlock's age.
m_unlinkedCode->resetAge();
}
m_previousCounter = count;
};
updateActivity();
VM::SpaceAndSet::setFor(*subspace()).remove(this);
// In CodeBlock::shouldVisitStrongly() we may have decided to skip visiting this
// codeBlock. By the time we get here, we're done with the verifier GC. So, let's
// reset this flag for the next GC cycle.
m_visitChildrenSkippedDueToOldAge = false;
}
void CodeBlock::destroy(JSCell* cell)
{
static_cast<CodeBlock*>(cell)->~CodeBlock();
}
void CodeBlock::getICStatusMap(const ConcurrentJSLocker&, ICStatusMap& result)
{
if (JITCode::couldBeInterpreted(jitType())) {
forEachLLIntOrBaselineCallLinkInfo([&](BaselineCallLinkInfo& callLinkInfo) {
result.add(callLinkInfo.codeOrigin(), ICStatus()).iterator->value.callLinkInfo = &callLinkInfo;
});
}
#if ENABLE(JIT)
if (JITCode::isJIT(jitType())) {
if (auto* jitData = m_baselineJITData.get()) {
for (auto& stubInfo : jitData->m_stubInfos)
result.add(stubInfo.codeOrigin, ICStatus()).iterator->value.stubInfo = &stubInfo;
}
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType())) {
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
for (auto* stubInfo : dfgCommon->m_stubInfos)
result.add(stubInfo->codeOrigin, ICStatus()).iterator->value.stubInfo = stubInfo;
for (auto* callLinkInfo : dfgCommon->m_callLinkInfos)
result.add(callLinkInfo->codeOrigin(), ICStatus()).iterator->value.callLinkInfo = callLinkInfo;
for (auto& pair : dfgCommon->recordedStatuses.calls)
result.add(pair.first, ICStatus()).iterator->value.callStatus = pair.second.get();
for (auto& pair : dfgCommon->recordedStatuses.gets)
result.add(pair.first, ICStatus()).iterator->value.getStatus = pair.second.get();
for (auto& pair : dfgCommon->recordedStatuses.puts)
result.add(pair.first, ICStatus()).iterator->value.putStatus = pair.second.get();
for (auto& pair : dfgCommon->recordedStatuses.ins)
result.add(pair.first, ICStatus()).iterator->value.inStatus = pair.second.get();
for (auto& pair : dfgCommon->recordedStatuses.deletes)
result.add(pair.first, ICStatus()).iterator->value.deleteStatus = pair.second.get();
}
#endif
}
#else
UNUSED_PARAM(result);
#endif
}
void CodeBlock::getICStatusMap(ICStatusMap& result)
{
ConcurrentJSLocker locker(m_lock);
getICStatusMap(locker, result);
}
#if ENABLE(JIT)
StructureStubInfo* CodeBlock::findStubInfo(CodeOrigin codeOrigin)
{
ConcurrentJSLocker locker(m_lock);
if (auto* jitData = m_baselineJITData.get()) {
for (auto& stubInfo : jitData->m_stubInfos) {
if (stubInfo.codeOrigin == codeOrigin)
return &stubInfo;
}
}
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType())) {
for (auto* stubInfo : jitCode()->dfgCommon()->m_stubInfos) {
if (stubInfo->codeOrigin == codeOrigin)
return stubInfo;
}
}
#endif
return nullptr;
}
CallLinkInfo* CodeBlock::getCallLinkInfoForBytecodeIndex(const ConcurrentJSLocker&, BytecodeIndex index)
{
if (JITCode::couldBeInterpreted(jitType())) {
auto& instruction = instructions().at(index);
switch (instruction->opcodeID()) {
#define CASE(Op) \
case Op::opcodeID: \
return &instruction->as<Op>().metadata(this).m_callLinkInfo; \
break;
FOR_EACH_OPCODE_WITH_CALL_LINK_INFO(CASE)
#undef CASE
default:
break;
}
}
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType())) {
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
for (auto* callLinkInfo : dfgCommon->m_callLinkInfos) {
if (callLinkInfo->codeOrigin() == CodeOrigin(index))
return callLinkInfo;
}
}
#endif
return nullptr;
}
void CodeBlock::resetBaselineJITData()
{
RELEASE_ASSERT(!JITCode::isJIT(jitType()));
ConcurrentJSLocker locker(m_lock);
if (auto* jitData = m_baselineJITData.get()) {
// We can clear these because no other thread will have references to any stub infos, call
// link infos, or by val infos if we don't have JIT code. Attempts to query these data
// structures using the concurrent API (getICStatusMap and friends) will return nothing if we
// don't have JIT code. So it's safe to call this if we fail a baseline JIT compile.
//
// We also call this from finalizeUnconditionally when we degrade from baseline JIT to LLInt
// code. This is safe to do since all compiler threads are safepointed in finalizeUnconditionally,
// which means we've made it past bytecode parsing. Only the bytecode parser will hold onto
// references to these various *infos via its use of ICStatusMap. Also, OSR exit might point to
// these *infos, but when we have an OSR exit linked to this CodeBlock, we won't downgrade
// to LLInt.
for (auto& stubInfo : jitData->m_stubInfos) {
stubInfo.aboutToDie();
stubInfo.deref();
}
// We can clear this because the DFG's queries to these data structures are guarded by whether
// there is JIT code.
m_baselineJITData = nullptr;
}
}
#endif
template<typename Visitor>
void CodeBlock::visitOSRExitTargets(const ConcurrentJSLocker&, Visitor& visitor)
{
// We strongly visit OSR exits targets because we don't want to deal with
// the complexity of generating an exit target CodeBlock on demand and
// guaranteeing that it matches the details of the CodeBlock we compiled
// the OSR exit against.
visitor.append(m_alternative);
#if ENABLE(DFG_JIT)
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
if (dfgCommon->inlineCallFrames) {
for (auto* inlineCallFrame : *dfgCommon->inlineCallFrames) {
ASSERT(inlineCallFrame->baselineCodeBlock);
visitor.append(inlineCallFrame->baselineCodeBlock);
}
}
#endif
}
template<typename Visitor>
void CodeBlock::stronglyVisitStrongReferences(const ConcurrentJSLocker& locker, Visitor& visitor)
{
UNUSED_PARAM(locker);
visitor.append(m_globalObject);
visitor.append(m_ownerExecutable); // This is extra important since it causes the ExecutableToCodeBlockEdge to be marked.
visitor.append(m_unlinkedCode);
if (m_rareData)
m_rareData->m_directEvalCodeCache.visitAggregate(visitor);
visitor.appendValues(m_constantRegisters.data(), m_constantRegisters.size());
for (auto& functionExpr : m_functionExprs)
visitor.append(functionExpr);
for (auto& functionDecl : m_functionDecls)
visitor.append(functionDecl);
forEachObjectAllocationProfile([&](ObjectAllocationProfile& objectAllocationProfile) {
objectAllocationProfile.visitAggregate(visitor);
});
#if ENABLE(JIT)
if (auto* jitData = m_baselineJITData.get()) {
for (auto& stubInfo : jitData->m_stubInfos)
stubInfo.visitAggregate(visitor);
}
#endif
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType())) {
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
for (auto* stubInfo : dfgCommon->m_stubInfos)
stubInfo->visitAggregate(visitor);
dfgCommon->recordedStatuses.visitAggregate(visitor);
visitOSRExitTargets(locker, visitor);
}
#endif
}
template<typename Visitor>
void CodeBlock::stronglyVisitWeakReferences(const ConcurrentJSLocker&, Visitor& visitor)
{
UNUSED_PARAM(visitor);
#if ENABLE(DFG_JIT)
if (!JITCode::isOptimizingJIT(jitType()))
return;
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
for (auto& transition : dfgCommon->m_transitions) {
if (!!transition.m_codeOrigin)
visitor.append(transition.m_codeOrigin); // Almost certainly not necessary, since the code origin should also be a weak reference. Better to be safe, though.
visitor.append(transition.m_from);
visitor.append(transition.m_to);
}
for (auto& weakReference : dfgCommon->m_weakReferences)
visitor.append(weakReference);
for (StructureID structureID : dfgCommon->m_weakStructureReferences)
visitor.appendUnbarriered(visitor.vm().getStructure(structureID));
#endif
}
CodeBlock* CodeBlock::baselineAlternative()
{
#if ENABLE(JIT)
CodeBlock* result = this;
while (result->alternative())
result = result->alternative();
RELEASE_ASSERT(result);
RELEASE_ASSERT(JITCode::isBaselineCode(result->jitType()) || result->jitType() == JITType::None);
return result;
#else
return this;
#endif
}
CodeBlock* CodeBlock::baselineVersion()
{
#if ENABLE(JIT)
JITType selfJITType = jitType();
if (JITCode::isBaselineCode(selfJITType))
return this;
CodeBlock* result = replacement();
if (!result) {
if (JITCode::isOptimizingJIT(selfJITType)) {
// The replacement can be null if we've had a memory clean up and the executable
// has been purged of its codeBlocks (see ExecutableBase::clearCode()). Regardless,
// the current codeBlock is still live on the stack, and as an optimizing JIT
// codeBlock, it will keep its baselineAlternative() alive for us to fetch below.
result = this;
} else {
// This can happen if we're creating the original CodeBlock for an executable.
// Assume that we're the baseline CodeBlock.
RELEASE_ASSERT(selfJITType == JITType::None);
return this;
}
}
result = result->baselineAlternative();
ASSERT(result);
return result;
#else
return this;
#endif
}
#if ENABLE(JIT)
CodeBlock* CodeBlock::optimizedReplacement(JITType typeToReplace)
{
CodeBlock* replacement = this->replacement();
if (!replacement)
return nullptr;
if (JITCode::isHigherTier(replacement->jitType(), typeToReplace))
return replacement;
return nullptr;
}
CodeBlock* CodeBlock::optimizedReplacement()
{
return optimizedReplacement(jitType());
}
bool CodeBlock::hasOptimizedReplacement(JITType typeToReplace)
{
return !!optimizedReplacement(typeToReplace);
}
bool CodeBlock::hasOptimizedReplacement()
{
return hasOptimizedReplacement(jitType());
}
#endif
HandlerInfo* CodeBlock::handlerForBytecodeIndex(BytecodeIndex bytecodeIndex, RequiredHandler requiredHandler)
{
RELEASE_ASSERT(bytecodeIndex.offset() < instructions().size());
return handlerForIndex(bytecodeIndex.offset(), requiredHandler);
}
HandlerInfo* CodeBlock::handlerForIndex(unsigned index, RequiredHandler requiredHandler)
{
if (!m_rareData)
return nullptr;
return HandlerInfo::handlerForIndex<HandlerInfo>(m_rareData->m_exceptionHandlers, index, requiredHandler);
}
DisposableCallSiteIndex CodeBlock::newExceptionHandlingCallSiteIndex(CallSiteIndex originalCallSite)
{
#if ENABLE(DFG_JIT)
RELEASE_ASSERT(JITCode::isOptimizingJIT(jitType()));
RELEASE_ASSERT(canGetCodeOrigin(originalCallSite));
ASSERT(!!handlerForIndex(originalCallSite.bits()));
CodeOrigin originalOrigin = codeOrigin(originalCallSite);
return m_jitCode->dfgCommon()->codeOrigins->addDisposableCallSiteIndex(originalOrigin);
#else
// We never create new on-the-fly exception handling
// call sites outside the DFG/FTL inline caches.
UNUSED_PARAM(originalCallSite);
RELEASE_ASSERT_NOT_REACHED();
return DisposableCallSiteIndex(0u);
#endif
}
void CodeBlock::ensureCatchLivenessIsComputedForBytecodeIndex(BytecodeIndex bytecodeIndex)
{
ASSERT(JITCode::isBaselineCode(jitType()));
auto& instruction = instructions().at(bytecodeIndex);
OpCatch op = instruction->as<OpCatch>();
auto& metadata = op.metadata(this);
if (!!metadata.m_buffer)
return;
ensureCatchLivenessIsComputedForBytecodeIndexSlow(op, bytecodeIndex);
}
void CodeBlock::ensureCatchLivenessIsComputedForBytecodeIndexSlow(const OpCatch& op, BytecodeIndex bytecodeIndex)
{
BytecodeLivenessAnalysis& bytecodeLiveness = livenessAnalysis();
// We get the live-out set of variables at op_catch, not the live-in. This
// is because the variables that the op_catch defines might be dead, and
// we can avoid profiling them and extracting them when doing OSR entry
// into the DFG.
auto nextOffset = instructions().at(bytecodeIndex).next().offset();
FastBitVector liveLocals = bytecodeLiveness.getLivenessInfoAtInstruction(this, BytecodeIndex(nextOffset));
Vector<VirtualRegister> liveOperands;
liveOperands.reserveInitialCapacity(liveLocals.bitCount());
liveLocals.forEachSetBit([&] (unsigned liveLocal) {
liveOperands.append(virtualRegisterForLocal(liveLocal));
});
for (unsigned i = 0; i < numParameters(); ++i)
liveOperands.append(virtualRegisterForArgumentIncludingThis(i));
auto* profiles = ValueProfileAndVirtualRegisterBuffer::create(liveOperands.size());
RELEASE_ASSERT(profiles->size() == liveOperands.size());
for (unsigned i = 0; i < profiles->size(); ++i)
profiles->data()[i].m_operand = liveOperands[i];
createRareDataIfNecessary();
// The compiler thread will read this pointer value and then proceed to dereference it
// if it is not null. We need to make sure all above stores happen before this store so
// the compiler thread reads fully initialized data.
WTF::storeStoreFence();
op.metadata(this).m_buffer = profiles;
}
void CodeBlock::removeExceptionHandlerForCallSite(DisposableCallSiteIndex callSiteIndex)
{
RELEASE_ASSERT(m_rareData);
Vector<HandlerInfo>& exceptionHandlers = m_rareData->m_exceptionHandlers;
unsigned index = callSiteIndex.bits();
for (size_t i = 0; i < exceptionHandlers.size(); ++i) {
HandlerInfo& handler = exceptionHandlers[i];
if (handler.start <= index && handler.end > index) {
exceptionHandlers.remove(i);
return;
}
}
RELEASE_ASSERT_NOT_REACHED();
}
unsigned CodeBlock::lineNumberForBytecodeIndex(BytecodeIndex bytecodeIndex)
{
RELEASE_ASSERT(bytecodeIndex.offset() < instructions().size());
return ownerExecutable()->firstLine() + m_unlinkedCode->lineNumberForBytecodeIndex(bytecodeIndex);
}
unsigned CodeBlock::columnNumberForBytecodeIndex(BytecodeIndex bytecodeIndex)
{
int divot;
int startOffset;
int endOffset;
unsigned line;
unsigned column;
expressionRangeForBytecodeIndex(bytecodeIndex, divot, startOffset, endOffset, line, column);
return column;
}
void CodeBlock::expressionRangeForBytecodeIndex(BytecodeIndex bytecodeIndex, int& divot, int& startOffset, int& endOffset, unsigned& line, unsigned& column) const
{
m_unlinkedCode->expressionRangeForBytecodeIndex(bytecodeIndex, divot, startOffset, endOffset, line, column);
divot += sourceOffset();
column += line ? 1 : firstLineColumnOffset();
line += ownerExecutable()->firstLine();
}
bool CodeBlock::hasOpDebugForLineAndColumn(unsigned line, std::optional<unsigned> column)
{
const InstructionStream& instructionStream = instructions();
for (const auto& it : instructionStream) {
if (it->is<OpDebug>()) {
int unused;
unsigned opDebugLine;
unsigned opDebugColumn;
expressionRangeForBytecodeIndex(it.index(), unused, unused, unused, opDebugLine, opDebugColumn);
if (line == opDebugLine && (!column || column == opDebugColumn))
return true;
}
}
return false;
}
void CodeBlock::shrinkToFit(const ConcurrentJSLocker&, ShrinkMode shrinkMode)
{
#if USE(JSVALUE32_64)
// Only 32bit Baseline JIT is touching m_constantRegisters address directly.
if (shrinkMode == ShrinkMode::EarlyShrink)
m_constantRegisters.shrinkToFit();
#else
UNUSED_PARAM(shrinkMode);
m_constantRegisters.shrinkToFit();
#endif
}
#if ENABLE(JIT)
void CodeBlock::linkIncomingPolymorphicCall(CallFrame* callerFrame, PolymorphicCallNode* incoming)
{
noticeIncomingCall(callerFrame);
m_incomingPolymorphicCalls.push(incoming);
}
#endif // ENABLE(JIT)
void CodeBlock::linkIncomingCall(CallFrame* callerFrame, CallLinkInfo* incoming)
{
noticeIncomingCall(callerFrame);
m_incomingCalls.push(incoming);
}
void CodeBlock::unlinkIncomingCalls()
{
while (!m_incomingCalls.isEmpty())
m_incomingCalls.begin()->unlink(vm());
#if ENABLE(JIT)
while (!m_incomingPolymorphicCalls.isEmpty())
m_incomingPolymorphicCalls.begin()->unlink(vm());
#endif
}
CodeBlock* CodeBlock::newReplacement()
{
return ownerExecutable()->newReplacementCodeBlockFor(specializationKind());
}
#if ENABLE(JIT)
CodeBlock* CodeBlock::replacement()
{
const ClassInfo* classInfo = this->classInfo(vm());
if (classInfo == FunctionCodeBlock::info())
return jsCast<FunctionExecutable*>(ownerExecutable())->codeBlockFor(isConstructor() ? CodeForConstruct : CodeForCall);
if (classInfo == EvalCodeBlock::info())
return jsCast<EvalExecutable*>(ownerExecutable())->codeBlock();
if (classInfo == ProgramCodeBlock::info())
return jsCast<ProgramExecutable*>(ownerExecutable())->codeBlock();
if (classInfo == ModuleProgramCodeBlock::info())
return jsCast<ModuleProgramExecutable*>(ownerExecutable())->codeBlock();
RELEASE_ASSERT_NOT_REACHED();
return nullptr;
}
DFG::CapabilityLevel CodeBlock::computeCapabilityLevel()
{
const ClassInfo* classInfo = this->classInfo(vm());
if (classInfo == FunctionCodeBlock::info()) {
if (isConstructor())
return DFG::functionForConstructCapabilityLevel(this);
return DFG::functionForCallCapabilityLevel(this);
}
if (classInfo == EvalCodeBlock::info())
return DFG::evalCapabilityLevel(this);
if (classInfo == ProgramCodeBlock::info())
return DFG::programCapabilityLevel(this);
if (classInfo == ModuleProgramCodeBlock::info())
return DFG::programCapabilityLevel(this);
RELEASE_ASSERT_NOT_REACHED();
return DFG::CannotCompile;
}
#endif // ENABLE(JIT)
void CodeBlock::jettison(Profiler::JettisonReason reason, ReoptimizationMode mode, const FireDetail* detail)
{
#if !ENABLE(DFG_JIT)
UNUSED_PARAM(mode);
UNUSED_PARAM(detail);
#endif
VM& vm = *m_vm;
CodeBlock* codeBlock = this; // Placate GCC for use in CODEBLOCK_LOG_EVENT (does not like this).
CODEBLOCK_LOG_EVENT(codeBlock, "jettison", ("due to ", reason, ", counting = ", mode == CountReoptimization, ", detail = ", pointerDump(detail)));
RELEASE_ASSERT(reason != Profiler::NotJettisoned);
#if ENABLE(DFG_JIT)
if (DFG::shouldDumpDisassembly()) {
dataLog("Jettisoning ", *this);
if (mode == CountReoptimization)
dataLog(" and counting reoptimization");
dataLog(" due to ", reason);
if (detail)
dataLog(", ", *detail);
dataLog(".\n");
}
if (reason == Profiler::JettisonDueToWeakReference) {
if (DFG::shouldDumpDisassembly()) {
dataLog(*this, " will be jettisoned because of the following dead references:\n");
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
for (auto& transition : dfgCommon->m_transitions) {
JSCell* origin = transition.m_codeOrigin.get();
JSCell* from = transition.m_from.get();
JSCell* to = transition.m_to.get();
if ((!origin || vm.heap.isMarked(origin)) && vm.heap.isMarked(from))
continue;
dataLog(" Transition under ", RawPointer(origin), ", ", RawPointer(from), " -> ", RawPointer(to), ".\n");
}
for (unsigned i = 0; i < dfgCommon->m_weakReferences.size(); ++i) {
JSCell* weak = dfgCommon->m_weakReferences[i].get();
if (vm.heap.isMarked(weak))
continue;
dataLog(" Weak reference ", RawPointer(weak), ".\n");
}
}
}
#endif // ENABLE(DFG_JIT)
DeferGCForAWhile deferGC(vm);
// We want to accomplish two things here:
// 1) Make sure that if this CodeBlock is on the stack right now, then if we return to it
// we should OSR exit at the top of the next bytecode instruction after the return.
// 2) Make sure that if we call the owner executable, then we shouldn't call this CodeBlock.
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType()))
jitCode()->dfgCommon()->clearWatchpoints();
if (reason != Profiler::JettisonDueToOldAge) {
Profiler::Compilation* compilation = jitCode()->dfgCommon()->compilation.get();
if (UNLIKELY(compilation))
compilation->setJettisonReason(reason, detail);
// This accomplishes (1), and does its own book-keeping about whether it has already happened.
if (!jitCode()->dfgCommon()->invalidate()) {
// We've already been invalidated.
RELEASE_ASSERT(this != replacement() || (vm.heap.currentThreadIsDoingGCWork() && !vm.heap.isMarked(ownerExecutable())));
return;
}
}
if (DFG::shouldDumpDisassembly())
dataLog(" Did invalidate ", *this, "\n");
// Count the reoptimization if that's what the user wanted.
if (mode == CountReoptimization) {
// FIXME: Maybe this should call alternative().
// https://bugs.webkit.org/show_bug.cgi?id=123677
baselineAlternative()->countReoptimization();
if (DFG::shouldDumpDisassembly())
dataLog(" Did count reoptimization for ", *this, "\n");
}
if (this != replacement()) {
// This means that we were never the entrypoint. This can happen for OSR entry code
// blocks.
return;
}
if (alternative())
alternative()->optimizeAfterWarmUp();
if (reason != Profiler::JettisonDueToOldAge && reason != Profiler::JettisonDueToVMTraps)
tallyFrequentExitSites();
#endif // ENABLE(DFG_JIT)
// Jettison can happen during GC. We don't want to install code to a dead executable
// because that would add a dead object to the remembered set.
if (vm.heap.currentThreadIsDoingGCWork() && !vm.heap.isMarked(ownerExecutable()))
return;
{
ConcurrentJSLocker locker(m_lock);
if (JITCode::isOptimizingJIT(jitType())) {
#if ENABLE(DFG_JIT)
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
for (auto* callLinkInfo : dfgCommon->m_callLinkInfos)
callLinkInfo->setClearedByJettison();
#endif
} else {
forEachLLIntOrBaselineCallLinkInfo([&](BaselineCallLinkInfo& callLinkInfo) {
callLinkInfo.setClearedByJettison();
});
}
}
// This accomplishes (2).
ownerExecutable()->installCode(vm, alternative(), codeType(), specializationKind());
#if ENABLE(DFG_JIT)
if (DFG::shouldDumpDisassembly())
dataLog(" Did install baseline version of ", *this, "\n");
#endif // ENABLE(DFG_JIT)
}
JSGlobalObject* CodeBlock::globalObjectFor(CodeOrigin codeOrigin)
{
auto* inlineCallFrame = codeOrigin.inlineCallFrame();
if (!inlineCallFrame)
return globalObject();
return inlineCallFrame->baselineCodeBlock->globalObject();
}
class RecursionCheckFunctor {
public:
RecursionCheckFunctor(CallFrame* startCallFrame, CodeBlock* codeBlock, unsigned depthToCheck)
: m_startCallFrame(startCallFrame)
, m_codeBlock(codeBlock)
, m_depthToCheck(depthToCheck)
, m_foundStartCallFrame(false)
, m_didRecurse(false)
{ }
StackVisitor::Status operator()(StackVisitor& visitor) const
{
CallFrame* currentCallFrame = visitor->callFrame();
if (currentCallFrame == m_startCallFrame)
m_foundStartCallFrame = true;
if (m_foundStartCallFrame) {
if (visitor->callFrame()->codeBlock() == m_codeBlock) {
m_didRecurse = true;
return StackVisitor::Done;
}
if (!m_depthToCheck--)
return StackVisitor::Done;
}
return StackVisitor::Continue;
}
bool didRecurse() const { return m_didRecurse; }
private:
CallFrame* m_startCallFrame;
CodeBlock* m_codeBlock;
mutable unsigned m_depthToCheck;
mutable bool m_foundStartCallFrame;
mutable bool m_didRecurse;
};
void CodeBlock::noticeIncomingCall(CallFrame* callerFrame)
{
CodeBlock* callerCodeBlock = callerFrame->codeBlock();
dataLogLnIf(Options::verboseCallLink(), "Noticing call link from ", pointerDump(callerCodeBlock), " to ", *this);
#if ENABLE(DFG_JIT)
if (!m_shouldAlwaysBeInlined)
return;
if (!callerCodeBlock) {
m_shouldAlwaysBeInlined = false;
dataLogLnIf(Options::verboseCallLink(), " Clearing SABI because caller is native.");
return;
}
if (!hasBaselineJITProfiling())
return;
if (!DFG::mightInlineFunction(this))
return;
if (!canInline(capabilityLevelState()))
return;
if (!DFG::isSmallEnoughToInlineCodeInto(callerCodeBlock)) {
m_shouldAlwaysBeInlined = false;
dataLogLnIf(Options::verboseCallLink(), " Clearing SABI because caller is too large.");
return;
}
if (callerCodeBlock->jitType() == JITType::InterpreterThunk) {
// If the caller is still in the interpreter, then we can't expect inlining to
// happen anytime soon. Assume it's profitable to optimize it separately. This
// ensures that a function is SABI only if it is called no more frequently than
// any of its callers.
m_shouldAlwaysBeInlined = false;
dataLogLnIf(Options::verboseCallLink(), " Clearing SABI because caller is in LLInt.");
return;
}
if (JITCode::isOptimizingJIT(callerCodeBlock->jitType())) {
m_shouldAlwaysBeInlined = false;
dataLogLnIf(Options::verboseCallLink(), " Clearing SABI bcause caller was already optimized.");
return;
}
if (callerCodeBlock->codeType() != FunctionCode) {
// If the caller is either eval or global code, assume that that won't be
// optimized anytime soon. For eval code this is particularly true since we
// delay eval optimization by a *lot*.
m_shouldAlwaysBeInlined = false;
dataLogLnIf(Options::verboseCallLink(), " Clearing SABI because caller is not a function.");
return;
}
// Recursive calls won't be inlined.
RecursionCheckFunctor functor(callerFrame, this, Options::maximumInliningDepth());
vm().topCallFrame->iterate(vm(), functor);
if (functor.didRecurse()) {
dataLogLnIf(Options::verboseCallLink(), " Clearing SABI because recursion was detected.");
m_shouldAlwaysBeInlined = false;
return;
}
if (callerCodeBlock->capabilityLevelState() == DFG::CapabilityLevelNotSet) {
dataLog("In call from ", FullCodeOrigin(callerCodeBlock, callerFrame->codeOrigin()), " to ", *this, ": caller's DFG capability level is not set.\n");
CRASH();
}
if (canCompile(callerCodeBlock->capabilityLevelState()))
return;
dataLogLnIf(Options::verboseCallLink(), " Clearing SABI because the caller is not a DFG candidate.");
m_shouldAlwaysBeInlined = false;
#endif
}
unsigned CodeBlock::reoptimizationRetryCounter() const
{
#if ENABLE(JIT)
ASSERT(m_reoptimizationRetryCounter <= Options::reoptimizationRetryCounterMax());
return m_reoptimizationRetryCounter;
#else
return 0;
#endif // ENABLE(JIT)
}
#if !ENABLE(C_LOOP)
static size_t roundCalleeSaveSpaceAsVirtualRegisters(size_t calleeSaveRegisters)
{
return (WTF::roundUpToMultipleOf(sizeof(Register), calleeSaveRegisters * sizeof(CPURegister)) / sizeof(Register));
}
size_t CodeBlock::llintBaselineCalleeSaveSpaceAsVirtualRegisters()
{
return roundCalleeSaveSpaceAsVirtualRegisters(numberOfLLIntBaselineCalleeSaveRegisters());
}
size_t CodeBlock::calleeSaveSpaceAsVirtualRegisters(const RegisterAtOffsetList& calleeSaveRegisters)
{
return roundCalleeSaveSpaceAsVirtualRegisters(calleeSaveRegisters.size());
}
#endif
#if ENABLE(JIT)
void CodeBlock::countReoptimization()
{
m_reoptimizationRetryCounter++;
if (m_reoptimizationRetryCounter > Options::reoptimizationRetryCounterMax())
m_reoptimizationRetryCounter = Options::reoptimizationRetryCounterMax();
}
unsigned CodeBlock::numberOfDFGCompiles()
{
ASSERT(JITCode::isBaselineCode(jitType()));
if (Options::testTheFTL()) {
if (m_didFailFTLCompilation)
return 1000000;
return (m_hasBeenCompiledWithFTL ? 1 : 0) + m_reoptimizationRetryCounter;
}
CodeBlock* replacement = this->replacement();
return ((replacement && JITCode::isOptimizingJIT(replacement->jitType())) ? 1 : 0) + m_reoptimizationRetryCounter;
}
int32_t CodeBlock::codeTypeThresholdMultiplier() const
{
if (codeType() == EvalCode)
return Options::evalThresholdMultiplier();
return 1;
}
double CodeBlock::optimizationThresholdScalingFactor()
{
// This expression arises from doing a least-squares fit of
//
// F[x_] =: a * Sqrt[x + b] + Abs[c * x] + d
//
// against the data points:
//
// x F[x_]
// 10 0.9 (smallest reasonable code block)
// 200 1.0 (typical small-ish code block)
// 320 1.2 (something I saw in 3d-cube that I wanted to optimize)
// 1268 5.0 (something I saw in 3d-cube that I didn't want to optimize)
// 4000 5.5 (random large size, used to cause the function to converge to a shallow curve of some sort)
// 10000 6.0 (similar to above)
//
// I achieve the minimization using the following Mathematica code:
//
// MyFunctionTemplate[x_, a_, b_, c_, d_] := a*Sqrt[x + b] + Abs[c*x] + d
//
// samples = {{10, 0.9}, {200, 1}, {320, 1.2}, {1268, 5}, {4000, 5.5}, {10000, 6}}
//
// solution =
// Minimize[Plus @@ ((MyFunctionTemplate[#[[1]], a, b, c, d] - #[[2]])^2 & /@ samples),
// {a, b, c, d}][[2]]
//
// And the code below (to initialize a, b, c, d) is generated by:
//
// Print["const double " <> ToString[#[[1]]] <> " = " <>
// If[#[[2]] < 0.00001, "0.0", ToString[#[[2]]]] <> ";"] & /@ solution
//
// We've long known the following to be true:
// - Small code blocks are cheap to optimize and so we should do it sooner rather
// than later.
// - Large code blocks are expensive to optimize and so we should postpone doing so,
// and sometimes have a large enough threshold that we never optimize them.
// - The difference in cost is not totally linear because (a) just invoking the
// DFG incurs some base cost and (b) for large code blocks there is enough slop
// in the correlation between instruction count and the actual compilation cost
// that for those large blocks, the instruction count should not have a strong
// influence on our threshold.
//
// I knew the goals but I didn't know how to achieve them; so I picked an interesting
// example where the heuristics were right (code block in 3d-cube with instruction
// count 320, which got compiled early as it should have been) and one where they were
// totally wrong (code block in 3d-cube with instruction count 1268, which was expensive
// to compile and didn't run often enough to warrant compilation in my opinion), and
// then threw in additional data points that represented my own guess of what our
// heuristics should do for some round-numbered examples.
//
// The expression to which I decided to fit the data arose because I started with an
// affine function, and then did two things: put the linear part in an Abs to ensure
// that the fit didn't end up choosing a negative value of c (which would result in
// the function turning over and going negative for large x) and I threw in a Sqrt
// term because Sqrt represents my intution that the function should be more sensitive
// to small changes in small values of x, but less sensitive when x gets large.
// Note that the current fit essentially eliminates the linear portion of the
// expression (c == 0.0).
const double a = 0.061504;
const double b = 1.02406;
const double c = 0.0;
const double d = 0.825914;
double bytecodeCost = this->bytecodeCost();
ASSERT(bytecodeCost); // Make sure this is called only after we have an instruction stream; otherwise it'll just return the value of d, which makes no sense.
double result = d + a * sqrt(bytecodeCost + b) + c * bytecodeCost;
result *= codeTypeThresholdMultiplier();
dataLogLnIf(Options::verboseOSR(),
*this, ": bytecode cost is ", bytecodeCost,
", scaling execution counter by ", result, " * ", codeTypeThresholdMultiplier());
return result;
}
static int32_t clipThreshold(double threshold)
{
if (threshold < 1.0)
return 1;
if (threshold > static_cast<double>(std::numeric_limits<int32_t>::max()))
return std::numeric_limits<int32_t>::max();
return static_cast<int32_t>(threshold);
}
int32_t CodeBlock::adjustedCounterValue(int32_t desiredThreshold)
{
return clipThreshold(
static_cast<double>(desiredThreshold) *
optimizationThresholdScalingFactor() *
(1 << reoptimizationRetryCounter()));
}
bool CodeBlock::checkIfOptimizationThresholdReached()
{
#if ENABLE(DFG_JIT)
if (JITWorklist* worklist = JITWorklist::existingGlobalWorklistOrNull()) {
if (worklist->compilationState(JITCompilationKey(this, JITCompilationMode::DFG)) == JITWorklist::Compiled) {
optimizeNextInvocation();
return true;
}
}
#endif
return m_jitExecuteCounter.checkIfThresholdCrossedAndSet(this);
}
#if ENABLE(DFG_JIT)
auto CodeBlock::updateOSRExitCounterAndCheckIfNeedToReoptimize(DFG::OSRExitState& exitState) -> OptimizeAction
{
DFG::OSRExitBase& exit = exitState.exit;
if (!exitKindMayJettison(exit.m_kind)) {
// FIXME: We may want to notice that we're frequently exiting
// at an op_catch that we didn't compile an entrypoint for, and
// then trigger a reoptimization of this CodeBlock:
// https://bugs.webkit.org/show_bug.cgi?id=175842
return OptimizeAction::None;
}
exit.m_count++;
m_osrExitCounter++;
CodeBlock* baselineCodeBlock = exitState.baselineCodeBlock;
ASSERT(baselineCodeBlock == baselineAlternative());
if (UNLIKELY(baselineCodeBlock->jitExecuteCounter().hasCrossedThreshold()))
return OptimizeAction::ReoptimizeNow;
// We want to figure out if there's a possibility that we're in a loop. For the outermost
// code block in the inline stack, we handle this appropriately by having the loop OSR trigger
// check the exit count of the replacement of the CodeBlock from which we are OSRing. The
// problem is the inlined functions, which might also have loops, but whose baseline versions
// don't know where to look for the exit count. Figure out if those loops are severe enough
// that we had tried to OSR enter. If so, then we should use the loop reoptimization trigger.
// Otherwise, we should use the normal reoptimization trigger.
bool didTryToEnterInLoop = false;
for (InlineCallFrame* inlineCallFrame = exit.m_codeOrigin.inlineCallFrame(); inlineCallFrame; inlineCallFrame = inlineCallFrame->directCaller.inlineCallFrame()) {
if (inlineCallFrame->baselineCodeBlock->ownerExecutable()->didTryToEnterInLoop()) {
didTryToEnterInLoop = true;
break;
}
}
uint32_t exitCountThreshold = didTryToEnterInLoop
? exitCountThresholdForReoptimizationFromLoop()
: exitCountThresholdForReoptimization();
if (m_osrExitCounter > exitCountThreshold)
return OptimizeAction::ReoptimizeNow;
// Too few fails. Adjust the execution counter such that the target is to only optimize after a while.
baselineCodeBlock->m_jitExecuteCounter.setNewThresholdForOSRExit(exitState.activeThreshold, exitState.memoryUsageAdjustedThreshold);
return OptimizeAction::None;
}
#endif
void CodeBlock::optimizeNextInvocation()
{
dataLogLnIf(Options::verboseOSR(), *this, ": Optimizing next invocation.");
m_jitExecuteCounter.setNewThreshold(0, this);
}
void CodeBlock::dontOptimizeAnytimeSoon()
{
dataLogLnIf(Options::verboseOSR(), *this, ": Not optimizing anytime soon.");
m_jitExecuteCounter.deferIndefinitely();
}
void CodeBlock::optimizeAfterWarmUp()
{
dataLogLnIf(Options::verboseOSR(), *this, ": Optimizing after warm-up.");
#if ENABLE(DFG_JIT)
m_jitExecuteCounter.setNewThreshold(
adjustedCounterValue(Options::thresholdForOptimizeAfterWarmUp()), this);
#endif
}
void CodeBlock::optimizeAfterLongWarmUp()
{
dataLogLnIf(Options::verboseOSR(), *this, ": Optimizing after long warm-up.");
#if ENABLE(DFG_JIT)
m_jitExecuteCounter.setNewThreshold(
adjustedCounterValue(Options::thresholdForOptimizeAfterLongWarmUp()), this);
#endif
}
void CodeBlock::optimizeSoon()
{
dataLogLnIf(Options::verboseOSR(), *this, ": Optimizing soon.");
#if ENABLE(DFG_JIT)
m_jitExecuteCounter.setNewThreshold(
adjustedCounterValue(Options::thresholdForOptimizeSoon()), this);
#endif
}
void CodeBlock::forceOptimizationSlowPathConcurrently()
{
dataLogLnIf(Options::verboseOSR(), *this, ": Forcing slow path concurrently.");
m_jitExecuteCounter.forceSlowPathConcurrently();
}
#if ENABLE(DFG_JIT)
void CodeBlock::setOptimizationThresholdBasedOnCompilationResult(CompilationResult result)
{
JITType type = jitType();
if (type != JITType::BaselineJIT) {
dataLogLn(*this, ": expected to have baseline code but have ", type);
CRASH_WITH_INFO(bitwise_cast<uintptr_t>(jitCode().get()), static_cast<uint8_t>(type));
}
CodeBlock* replacement = this->replacement();
bool hasReplacement = (replacement && replacement != this);
if ((result == CompilationSuccessful) != hasReplacement) {
dataLog(*this, ": we have result = ", result, " but ");
if (replacement == this)
dataLog("we are our own replacement.\n");
else
dataLog("our replacement is ", pointerDump(replacement), "\n");
RELEASE_ASSERT_NOT_REACHED();
}
switch (result) {
case CompilationSuccessful:
RELEASE_ASSERT(replacement && JITCode::isOptimizingJIT(replacement->jitType()));
optimizeNextInvocation();
return;
case CompilationFailed:
dontOptimizeAnytimeSoon();
return;
case CompilationDeferred:
// We'd like to do dontOptimizeAnytimeSoon() but we cannot because
// forceOptimizationSlowPathConcurrently() is inherently racy. It won't
// necessarily guarantee anything. So, we make sure that even if that
// function ends up being a no-op, we still eventually retry and realize
// that we have optimized code ready.
optimizeAfterWarmUp();
return;
case CompilationInvalidated:
// Retry with exponential backoff.
countReoptimization();
optimizeAfterWarmUp();
return;
}
dataLog("Unrecognized result: ", static_cast<int>(result), "\n");
RELEASE_ASSERT_NOT_REACHED();
}
#endif
uint32_t CodeBlock::adjustedExitCountThreshold(uint32_t desiredThreshold)
{
ASSERT(JITCode::isOptimizingJIT(jitType()));
// Compute this the lame way so we don't saturate. This is called infrequently
// enough that this loop won't hurt us.
unsigned result = desiredThreshold;
for (unsigned n = baselineVersion()->reoptimizationRetryCounter(); n--;) {
unsigned newResult = result << 1;
if (newResult < result)
return std::numeric_limits<uint32_t>::max();
result = newResult;
}
return result;
}
uint32_t CodeBlock::exitCountThresholdForReoptimization()
{
return adjustedExitCountThreshold(Options::osrExitCountForReoptimization() * codeTypeThresholdMultiplier());
}
uint32_t CodeBlock::exitCountThresholdForReoptimizationFromLoop()
{
return adjustedExitCountThreshold(Options::osrExitCountForReoptimizationFromLoop() * codeTypeThresholdMultiplier());
}
bool CodeBlock::shouldReoptimizeNow()
{
return osrExitCounter() >= exitCountThresholdForReoptimization();
}
bool CodeBlock::shouldReoptimizeFromLoopNow()
{
return osrExitCounter() >= exitCountThresholdForReoptimizationFromLoop();
}
#endif
ArrayProfile* CodeBlock::getArrayProfile(const ConcurrentJSLocker&, BytecodeIndex bytecodeIndex)
{
auto instruction = instructions().at(bytecodeIndex);
switch (instruction->opcodeID()) {
#define CASE(Op) \
case Op::opcodeID: \
return &instruction->as<Op>().metadata(this).m_arrayProfile;
FOR_EACH_OPCODE_WITH_ARRAY_PROFILE(CASE)
#undef CASE
case OpGetById::opcodeID: {
auto bytecode = instruction->as<OpGetById>();
auto& metadata = bytecode.metadata(this);
if (metadata.m_modeMetadata.mode == GetByIdMode::ArrayLength)
return &metadata.m_modeMetadata.arrayLengthMode.arrayProfile;
break;
}
default:
break;
}
return nullptr;
}
ArrayProfile* CodeBlock::getArrayProfile(BytecodeIndex bytecodeIndex)
{
ConcurrentJSLocker locker(m_lock);
return getArrayProfile(locker, bytecodeIndex);
}
#if ENABLE(DFG_JIT)
DFG::CodeOriginPool& CodeBlock::codeOrigins()
{
return m_jitCode->dfgCommon()->codeOrigins.get();
}
size_t CodeBlock::numberOfDFGIdentifiers() const
{
if (!JITCode::isOptimizingJIT(jitType()))
return 0;
return m_jitCode->dfgCommon()->m_dfgIdentifiers.size();
}
const Identifier& CodeBlock::identifier(int index) const
{
UnlinkedCodeBlock* unlinkedCode = m_unlinkedCode.get();
size_t unlinkedIdentifiers = unlinkedCode->numberOfIdentifiers();
if (static_cast<unsigned>(index) < unlinkedIdentifiers)
return unlinkedCode->identifier(index);
ASSERT(JITCode::isOptimizingJIT(jitType()));
return m_jitCode->dfgCommon()->m_dfgIdentifiers[index - unlinkedIdentifiers];
}
#endif // ENABLE(DFG_JIT)
#if ASSERT_ENABLED
bool CodeBlock::hasIdentifier(UniquedStringImpl* uid)
{
UnlinkedCodeBlock* unlinkedCode = m_unlinkedCode.get();
size_t unlinkedIdentifiers = unlinkedCode->numberOfIdentifiers();
#if ENABLE(DFG_JIT)
size_t numberOfDFGIdentifiers = this->numberOfDFGIdentifiers();
size_t numberOfIdentifiers = unlinkedIdentifiers + numberOfDFGIdentifiers;
#else
size_t numberOfIdentifiers = unlinkedIdentifiers;
#endif
if (numberOfIdentifiers > 100) {
if (m_cachedIdentifierUids.size() != numberOfIdentifiers) {
Locker locker(m_cachedIdentifierUidsLock);
createRareDataIfNecessary();
HashSet<UniquedStringImpl*> cachedIdentifierUids;
cachedIdentifierUids.reserveInitialCapacity(numberOfIdentifiers);
for (unsigned index = 0; index < unlinkedIdentifiers; ++index) {
const Identifier& identifier = unlinkedCode->identifier(index);
cachedIdentifierUids.add(identifier.impl());
}
#if ENABLE(DFG_JIT)
if (numberOfDFGIdentifiers) {
ASSERT(JITCode::isOptimizingJIT(jitType()));
auto& dfgIdentifiers = m_jitCode->dfgCommon()->m_dfgIdentifiers;
for (unsigned index = 0; index < numberOfDFGIdentifiers; ++index) {
const Identifier& identifier = dfgIdentifiers[index];
cachedIdentifierUids.add(identifier.impl());
}
}
#endif
WTF::storeStoreFence();
m_cachedIdentifierUids = WTFMove(cachedIdentifierUids);
}
return m_cachedIdentifierUids.contains(uid);
}
for (unsigned index = 0; index < unlinkedIdentifiers; ++index) {
const Identifier& identifier = unlinkedCode->identifier(index);
if (identifier.impl() == uid)
return true;
}
#if ENABLE(DFG_JIT)
ASSERT(JITCode::isOptimizingJIT(jitType()));
auto& dfgIdentifiers = m_jitCode->dfgCommon()->m_dfgIdentifiers;
for (unsigned index = 0; index < numberOfDFGIdentifiers; ++index) {
const Identifier& identifier = dfgIdentifiers[index];
if (identifier.impl() == uid)
return true;
}
#endif
return false;
}
#endif
void CodeBlock::updateAllValueProfilePredictionsAndCountLiveness(unsigned& numberOfLiveNonArgumentValueProfiles, unsigned& numberOfSamplesInProfiles)
{
ConcurrentJSLocker locker(m_lock);
numberOfLiveNonArgumentValueProfiles = 0;
numberOfSamplesInProfiles = 0; // If this divided by ValueProfile::numberOfBuckets equals numberOfValueProfiles() then value profiles are full.
unsigned index = 0;
forEachValueProfile([&](ValueProfile& profile, bool isArgument) {
unsigned numSamples = profile.totalNumberOfSamples();
static_assert(ValueProfile::numberOfBuckets == 1);
if (numSamples > ValueProfile::numberOfBuckets)
numSamples = ValueProfile::numberOfBuckets; // We don't want profiles that are extremely hot to be given more weight.
numberOfSamplesInProfiles += numSamples;
if (isArgument) {
profile.computeUpdatedPrediction(locker);
unlinkedCodeBlock()->unlinkedValueProfile(index++).update(profile);
return;
}
if (profile.numberOfSamples() || profile.isSampledBefore())
numberOfLiveNonArgumentValueProfiles++;
profile.computeUpdatedPrediction(locker);
unlinkedCodeBlock()->unlinkedValueProfile(index++).update(profile);
});
if (m_metadata) {
m_metadata->forEach<OpCatch>([&](auto& metadata) {
if (metadata.m_buffer) {
metadata.m_buffer->forEach([&](ValueProfileAndVirtualRegister& profile) {
profile.computeUpdatedPrediction(locker);
});
}
});
}
#if ENABLE(DFG_JIT)
lazyOperandValueProfiles(locker).computeUpdatedPredictions(locker);
#endif
}
void CodeBlock::updateAllValueProfilePredictions()
{
unsigned ignoredValue1, ignoredValue2;
updateAllValueProfilePredictionsAndCountLiveness(ignoredValue1, ignoredValue2);
}
void CodeBlock::updateAllArrayProfilePredictions(const ConcurrentJSLocker& locker)
{
if (!m_metadata)
return;
unsigned index = 0;
auto process = [&] (ArrayProfile& profile) {
profile.computeUpdatedPrediction(locker, this);
unlinkedCodeBlock()->unlinkedArrayProfile(index++).update(profile);
};
m_metadata->forEach<OpGetById>([&] (auto& metadata) {
if (metadata.m_modeMetadata.mode == GetByIdMode::ArrayLength)
process(metadata.m_modeMetadata.arrayLengthMode.arrayProfile);
else {
// We reserve an index per GetById whether or not it's currently in ArrayLength mode.
++index;
}
});
#define VISIT(__op) \
m_metadata->forEach<__op>([&] (auto& metadata) { process(metadata.m_arrayProfile); });
FOR_EACH_OPCODE_WITH_ARRAY_PROFILE(VISIT)
#undef VISIT
m_metadata->forEach<OpIteratorNext>([&] (auto& metadata) {
process(metadata.m_iterableProfile);
});
}
void CodeBlock::updateAllArrayPredictions()
{
ConcurrentJSLocker locker(m_lock);
updateAllArrayProfilePredictions(locker);
forEachArrayAllocationProfile([&](ArrayAllocationProfile& profile) {
profile.updateProfile();
});
}
void CodeBlock::updateAllPredictions()
{
updateAllValueProfilePredictions();
updateAllArrayPredictions();
}
bool CodeBlock::shouldOptimizeNow()
{
dataLogLnIf(Options::verboseOSR(), "Considering optimizing ", *this, "...");
if (m_optimizationDelayCounter >= Options::maximumOptimizationDelay())
return true;
updateAllArrayPredictions();
unsigned numberOfLiveNonArgumentValueProfiles;
unsigned numberOfSamplesInProfiles;
updateAllValueProfilePredictionsAndCountLiveness(numberOfLiveNonArgumentValueProfiles, numberOfSamplesInProfiles);
if (Options::verboseOSR()) {
dataLogF(
"Profile hotness: %lf (%u / %u), %lf (%u / %u)\n",
(double)numberOfLiveNonArgumentValueProfiles / numberOfNonArgumentValueProfiles(),
numberOfLiveNonArgumentValueProfiles, numberOfNonArgumentValueProfiles(),
(double)numberOfSamplesInProfiles / ValueProfile::numberOfBuckets / numberOfNonArgumentValueProfiles(),
numberOfSamplesInProfiles, ValueProfile::numberOfBuckets * numberOfNonArgumentValueProfiles());
}
if ((!numberOfNonArgumentValueProfiles() || (double)numberOfLiveNonArgumentValueProfiles / numberOfNonArgumentValueProfiles() >= Options::desiredProfileLivenessRate())
&& (!totalNumberOfValueProfiles() || (double)numberOfSamplesInProfiles / ValueProfile::numberOfBuckets / totalNumberOfValueProfiles() >= Options::desiredProfileFullnessRate())
&& static_cast<unsigned>(m_optimizationDelayCounter) + 1 >= Options::minimumOptimizationDelay())
return true;
ASSERT(m_optimizationDelayCounter < std::numeric_limits<uint8_t>::max());
m_optimizationDelayCounter++;
optimizeAfterWarmUp();
return false;
}
#if ENABLE(DFG_JIT)
void CodeBlock::tallyFrequentExitSites()
{
ASSERT(JITCode::isOptimizingJIT(jitType()));
ASSERT(JITCode::isBaselineCode(alternative()->jitType()));
CodeBlock* profiledBlock = alternative();
switch (jitType()) {
case JITType::DFGJIT: {
DFG::JITCode* jitCode = m_jitCode->dfg();
for (auto& exit : jitCode->m_osrExit)
exit.considerAddingAsFrequentExitSite(profiledBlock);
break;
}
#if ENABLE(FTL_JIT)
case JITType::FTLJIT: {
// There is no easy way to avoid duplicating this code since the FTL::JITCode::m_osrExit
// vector contains a totally different type, that just so happens to behave like
// DFG::JITCode::m_osrExit.
FTL::JITCode* jitCode = m_jitCode->ftl();
for (auto& exit : jitCode->m_osrExit)
exit.considerAddingAsFrequentExitSite(profiledBlock);
break;
}
#endif
default:
RELEASE_ASSERT_NOT_REACHED();
break;
}
}
#endif // ENABLE(DFG_JIT)
void CodeBlock::notifyLexicalBindingUpdate()
{
JSGlobalObject* globalObject = m_globalObject.get();
JSGlobalLexicalEnvironment* globalLexicalEnvironment = jsCast<JSGlobalLexicalEnvironment*>(globalObject->globalScope());
SymbolTable* symbolTable = globalLexicalEnvironment->symbolTable();
ConcurrentJSLocker locker(m_lock);
auto isShadowed = [&] (UniquedStringImpl* uid) {
ConcurrentJSLocker locker(symbolTable->m_lock);
return symbolTable->contains(locker, uid);
};
const InstructionStream& instructionStream = instructions();
for (const auto& instruction : instructionStream) {
OpcodeID opcodeID = instruction->opcodeID();
switch (opcodeID) {
case op_resolve_scope: {
auto bytecode = instruction->as<OpResolveScope>();
auto& metadata = bytecode.metadata(this);
ResolveType originalResolveType = metadata.m_resolveType;
if (originalResolveType == GlobalProperty || originalResolveType == GlobalPropertyWithVarInjectionChecks) {
const Identifier& ident = identifier(bytecode.m_var);
if (isShadowed(ident.impl()))
metadata.m_globalLexicalBindingEpoch = 0;
else
metadata.m_globalLexicalBindingEpoch = globalObject->globalLexicalBindingEpoch();
}
break;
}
default:
break;
}
}
}
#if ENABLE(VERBOSE_VALUE_PROFILE)
void CodeBlock::dumpValueProfiles()
{
dataLog("ValueProfile for ", *this, ":\n");
forEachValueProfile([](ValueProfile& profile, bool isArgument) {
if (isArgument)
dataLogF(" arg: ");
else
dataLogF(" bc: ");
if (!profile.numberOfSamples() && profile.m_prediction == SpecNone) {
dataLogF("<empty>\n");
continue;
}
profile.dump(WTF::dataFile());
dataLogF("\n");
});
}
#endif // ENABLE(VERBOSE_VALUE_PROFILE)
unsigned CodeBlock::frameRegisterCount()
{
switch (jitType()) {
case JITType::InterpreterThunk:
return LLInt::frameRegisterCountFor(this);
#if ENABLE(JIT)
case JITType::BaselineJIT:
return JIT::frameRegisterCountFor(this->unlinkedCodeBlock());
#endif // ENABLE(JIT)
#if ENABLE(DFG_JIT)
case JITType::DFGJIT:
case JITType::FTLJIT:
return jitCode()->dfgCommon()->frameRegisterCount;
#endif // ENABLE(DFG_JIT)
default:
RELEASE_ASSERT_NOT_REACHED();
return 0;
}
}
int CodeBlock::stackPointerOffset()
{
return virtualRegisterForLocal(frameRegisterCount() - 1).offset();
}
size_t CodeBlock::predictedMachineCodeSize()
{
VM* vm = m_vm;
// This will be called from CodeBlock::CodeBlock before either m_vm or the
// instructions have been initialized. It's OK to return 0 because what will really
// matter is the recomputation of this value when the slow path is triggered.
if (!vm)
return 0;
if (!*vm->machineCodeBytesPerBytecodeWordForBaselineJIT)
return 0; // It's as good of a prediction as we'll get.
// Be conservative: return a size that will be an overestimation 84% of the time.
double multiplier = vm->machineCodeBytesPerBytecodeWordForBaselineJIT->mean() +
vm->machineCodeBytesPerBytecodeWordForBaselineJIT->standardDeviation();
// Be paranoid: silently reject bogus multipiers. Silently doing the "wrong" thing
// here is OK, since this whole method is just a heuristic.
if (multiplier < 0 || multiplier > 1000)
return 0;
double doubleResult = multiplier * bytecodeCost();
// Be even more paranoid: silently reject values that won't fit into a size_t. If
// the function is so huge that we can't even fit it into virtual memory then we
// should probably have some other guards in place to prevent us from even getting
// to this point.
if (doubleResult >= maxPlusOne<size_t>)
return 0;
return static_cast<size_t>(doubleResult);
}
String CodeBlock::nameForRegister(VirtualRegister virtualRegister)
{
for (auto& constantRegister : m_constantRegisters) {
if (constantRegister.get().isEmpty())
continue;
if (SymbolTable* symbolTable = jsDynamicCast<SymbolTable*>(vm(), constantRegister.get())) {
ConcurrentJSLocker locker(symbolTable->m_lock);
auto end = symbolTable->end(locker);
for (auto ptr = symbolTable->begin(locker); ptr != end; ++ptr) {
if (ptr->value.varOffset() == VarOffset(virtualRegister)) {
// FIXME: This won't work from the compilation thread.
// https://bugs.webkit.org/show_bug.cgi?id=115300
return ptr->key.get();
}
}
}
}
if (virtualRegister == thisRegister())
return "this"_s;
if (virtualRegister.isArgument())
return makeString("arguments[", pad(' ', 3, virtualRegister.toArgument()), ']');
return emptyString();
}
ValueProfile* CodeBlock::tryGetValueProfileForBytecodeIndex(BytecodeIndex bytecodeIndex)
{
auto instruction = instructions().at(bytecodeIndex);
switch (instruction->opcodeID()) {
#define CASE(Op) \
case Op::opcodeID: \
return &instruction->as<Op>().metadata(this).m_profile;
FOR_EACH_OPCODE_WITH_VALUE_PROFILE(CASE)
#undef CASE
case op_iterator_open:
return &valueProfileFor(instruction->as<OpIteratorOpen>().metadata(this), bytecodeIndex.checkpoint());
case op_iterator_next:
return &valueProfileFor(instruction->as<OpIteratorNext>().metadata(this), bytecodeIndex.checkpoint());
default:
return nullptr;
}
}
SpeculatedType CodeBlock::valueProfilePredictionForBytecodeIndex(const ConcurrentJSLocker& locker, BytecodeIndex bytecodeIndex)
{
if (ValueProfile* valueProfile = tryGetValueProfileForBytecodeIndex(bytecodeIndex))
return valueProfile->computeUpdatedPrediction(locker);
return SpecNone;
}
ValueProfile& CodeBlock::valueProfileForBytecodeIndex(BytecodeIndex bytecodeIndex)
{
ValueProfile* profile = tryGetValueProfileForBytecodeIndex(bytecodeIndex);
ASSERT(profile);
return *profile;
}
void CodeBlock::validate()
{
BytecodeLivenessAnalysis liveness(this); // Compute directly from scratch so it doesn't effect CodeBlock footprint.
FastBitVector liveAtHead = liveness.getLivenessInfoAtInstruction(this, BytecodeIndex(0));
if (liveAtHead.numBits() != static_cast<size_t>(m_numCalleeLocals)) {
beginValidationDidFail();
dataLog(" Wrong number of bits in result!\n");
dataLog(" Result: ", liveAtHead, "\n");
dataLog(" Bit count: ", liveAtHead.numBits(), "\n");
endValidationDidFail();
}
for (unsigned i = m_numCalleeLocals; i--;) {
VirtualRegister reg = virtualRegisterForLocal(i);
if (liveAtHead[i]) {
beginValidationDidFail();
dataLog(" Variable ", reg, " is expected to be dead.\n");
dataLog(" Result: ", liveAtHead, "\n");
endValidationDidFail();
}
}
const InstructionStream& instructionStream = instructions();
for (const auto& instruction : instructionStream) {
OpcodeID opcode = instruction->opcodeID();
if (!!baselineAlternative()->handlerForBytecodeIndex(BytecodeIndex(instruction.offset()))) {
if (opcode == op_catch || opcode == op_enter) {
// op_catch/op_enter logically represent an entrypoint. Entrypoints are not allowed to be
// inside of a try block because they are responsible for bootstrapping state. And they
// are never allowed throw an exception because of this. We rely on this when compiling
// in the DFG. Because an entrypoint never throws, the bytecode generator will never
// allow once inside a try block.
beginValidationDidFail();
dataLog(" entrypoint not allowed inside a try block.");
endValidationDidFail();
}
}
}
}
void CodeBlock::beginValidationDidFail()
{
dataLog("Validation failure in ", *this, ":\n");
dataLog("\n");
}
void CodeBlock::endValidationDidFail()
{
dataLog("\n");
dumpBytecode();
dataLog("\n");
dataLog("Validation failure.\n");
RELEASE_ASSERT_NOT_REACHED();
}
void CodeBlock::addBreakpoint(unsigned numBreakpoints)
{
m_numBreakpoints += numBreakpoints;
ASSERT(m_numBreakpoints);
if (JITCode::isOptimizingJIT(jitType()))
jettison(Profiler::JettisonDueToDebuggerBreakpoint);
}
void CodeBlock::setSteppingMode(CodeBlock::SteppingMode mode)
{
m_steppingMode = mode;
if (mode == SteppingModeEnabled && JITCode::isOptimizingJIT(jitType()))
jettison(Profiler::JettisonDueToDebuggerStepping);
}
int CodeBlock::outOfLineJumpOffset(const Instruction* pc)
{
int offset = bytecodeOffset(pc);
return m_unlinkedCode->outOfLineJumpOffset(offset);
}
const Instruction* CodeBlock::outOfLineJumpTarget(const Instruction* pc)
{
int offset = bytecodeOffset(pc);
int target = m_unlinkedCode->outOfLineJumpOffset(offset);
return instructions().at(offset + target).ptr();
}
BinaryArithProfile* CodeBlock::binaryArithProfileForBytecodeIndex(BytecodeIndex bytecodeIndex)
{
return binaryArithProfileForPC(instructions().at(bytecodeIndex.offset()).ptr());
}
UnaryArithProfile* CodeBlock::unaryArithProfileForBytecodeIndex(BytecodeIndex bytecodeIndex)
{
return unaryArithProfileForPC(instructions().at(bytecodeIndex.offset()).ptr());
}
BinaryArithProfile* CodeBlock::binaryArithProfileForPC(const Instruction* pc)
{
switch (pc->opcodeID()) {
case op_add:
return &unlinkedCodeBlock()->binaryArithProfile(pc->as<OpAdd>().m_profileIndex);
case op_mul:
return &unlinkedCodeBlock()->binaryArithProfile(pc->as<OpMul>().m_profileIndex);
case op_sub:
return &unlinkedCodeBlock()->binaryArithProfile(pc->as<OpSub>().m_profileIndex);
case op_div:
return &unlinkedCodeBlock()->binaryArithProfile(pc->as<OpDiv>().m_profileIndex);
default:
break;
}
return nullptr;
}
UnaryArithProfile* CodeBlock::unaryArithProfileForPC(const Instruction* pc)
{
switch (pc->opcodeID()) {
case op_negate:
return &unlinkedCodeBlock()->unaryArithProfile(pc->as<OpNegate>().m_profileIndex);
case op_inc:
return &unlinkedCodeBlock()->unaryArithProfile(pc->as<OpInc>().m_profileIndex);
case op_dec:
return &unlinkedCodeBlock()->unaryArithProfile(pc->as<OpDec>().m_profileIndex);
default:
break;
}
return nullptr;
}
bool CodeBlock::couldTakeSpecialArithFastCase(BytecodeIndex bytecodeIndex)
{
if (!hasBaselineJITProfiling())
return false;
BinaryArithProfile* profile = binaryArithProfileForBytecodeIndex(bytecodeIndex);
if (!profile)
return false;
return profile->tookSpecialFastPath();
}
#if ENABLE(JIT)
DFG::CapabilityLevel CodeBlock::capabilityLevel()
{
DFG::CapabilityLevel result = computeCapabilityLevel();
m_capabilityLevelState = result;
return result;
}
#endif
void CodeBlock::insertBasicBlockBoundariesForControlFlowProfiler()
{
if (!unlinkedCodeBlock()->hasOpProfileControlFlowBytecodeOffsets())
return;
const FixedVector<InstructionStream::Offset>& bytecodeOffsets = unlinkedCodeBlock()->opProfileControlFlowBytecodeOffsets();
for (size_t i = 0, offsetsLength = bytecodeOffsets.size(); i < offsetsLength; i++) {
// Because op_profile_control_flow is emitted at the beginning of every basic block, finding
// the next op_profile_control_flow will give us the text range of a single basic block.
size_t startIdx = bytecodeOffsets[i];
auto instruction = instructions().at(startIdx);
RELEASE_ASSERT(instruction->opcodeID() == op_profile_control_flow);
auto bytecode = instruction->as<OpProfileControlFlow>();
auto& metadata = bytecode.metadata(this);
int basicBlockStartOffset = bytecode.m_textOffset;
int basicBlockEndOffset;
if (i + 1 < offsetsLength) {
size_t endIdx = bytecodeOffsets[i + 1];
auto endInstruction = instructions().at(endIdx);
RELEASE_ASSERT(endInstruction->opcodeID() == op_profile_control_flow);
basicBlockEndOffset = endInstruction->as<OpProfileControlFlow>().m_textOffset - 1;
} else {
basicBlockEndOffset = sourceOffset() + ownerExecutable()->source().length() - 1; // Offset before the closing brace.
basicBlockStartOffset = std::min(basicBlockStartOffset, basicBlockEndOffset); // Some start offsets may be at the closing brace, ensure it is the offset before.
}
// The following check allows for the same textual JavaScript basic block to have its bytecode emitted more
// than once and still play nice with the control flow profiler. When basicBlockStartOffset is larger than
// basicBlockEndOffset, it indicates that the bytecode generator has emitted code for the same AST node
// more than once (for example: ForInNode, Finally blocks in TryNode, etc). Though these are different
// basic blocks at the bytecode level, they are generated from the same textual basic block in the JavaScript
// program. The condition:
// (basicBlockEndOffset < basicBlockStartOffset)
// is encountered when op_profile_control_flow lies across the boundary of these duplicated bytecode basic
// blocks and the textual offset goes from the end of the duplicated block back to the beginning. These
// ranges are dummy ranges and are ignored. The duplicated bytecode basic blocks point to the same
// internal data structure, so if any of them execute, it will record the same textual basic block in the
// JavaScript program as executing.
// At the bytecode level, this situation looks like:
// j: op_profile_control_flow (from j->k, we have basicBlockEndOffset < basicBlockStartOffset)
// ...
// k: op_profile_control_flow (we want to skip over the j->k block and start fresh at offset k as the start of a new basic block k->m).
// ...
// m: op_profile_control_flow
if (basicBlockEndOffset < basicBlockStartOffset) {
RELEASE_ASSERT(i + 1 < offsetsLength); // We should never encounter dummy blocks at the end of a CodeBlock.
metadata.m_basicBlockLocation = vm().controlFlowProfiler()->dummyBasicBlock();
continue;
}
BasicBlockLocation* basicBlockLocation = vm().controlFlowProfiler()->getBasicBlockLocation(ownerExecutable()->sourceID(), basicBlockStartOffset, basicBlockEndOffset);
// Find all functions that are enclosed within the range: [basicBlockStartOffset, basicBlockEndOffset]
// and insert these functions' start/end offsets as gaps in the current BasicBlockLocation.
// This is necessary because in the original source text of a JavaScript program,
// function literals form new basic blocks boundaries, but they aren't represented
// inside the CodeBlock's instruction stream.
auto insertFunctionGaps = [basicBlockLocation, basicBlockStartOffset, basicBlockEndOffset] (const WriteBarrier<FunctionExecutable>& functionExecutable) {
const UnlinkedFunctionExecutable* executable = functionExecutable->unlinkedExecutable();
int functionStart = executable->typeProfilingStartOffset();
int functionEnd = executable->typeProfilingEndOffset();
if (functionStart >= basicBlockStartOffset && functionEnd <= basicBlockEndOffset)
basicBlockLocation->insertGap(functionStart, functionEnd);
};
for (const WriteBarrier<FunctionExecutable>& executable : m_functionDecls)
insertFunctionGaps(executable);
for (const WriteBarrier<FunctionExecutable>& executable : m_functionExprs)
insertFunctionGaps(executable);
metadata.m_basicBlockLocation = basicBlockLocation;
}
}
#if ENABLE(JIT)
std::optional<CodeOrigin> CodeBlock::findPC(void* pc)
{
if (auto* pcToCodeOriginMap = m_jitCode->pcToCodeOriginMap()) {
if (std::optional<CodeOrigin> codeOrigin = pcToCodeOriginMap->findPC(pc))
return codeOrigin;
}
{
ConcurrentJSLocker locker(m_lock);
if (auto* jitData = m_baselineJITData.get()) {
for (auto& stubInfo : jitData->m_stubInfos) {
if (stubInfo.containsPC(pc))
return stubInfo.codeOrigin;
}
}
#if ENABLE(DFG_JIT)
if (JITCode::isOptimizingJIT(jitType())) {
DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
for (auto* stubInfo : dfgCommon->m_stubInfos) {
if (stubInfo->containsPC(pc))
return stubInfo->codeOrigin;
}
}
#endif
}
return m_jitCode->findPC(this, pc);
}
#endif // ENABLE(JIT)
std::optional<BytecodeIndex> CodeBlock::bytecodeIndexFromCallSiteIndex(CallSiteIndex callSiteIndex)
{
std::optional<BytecodeIndex> bytecodeIndex;
JITType jitType = this->jitType();
if (jitType == JITType::InterpreterThunk || jitType == JITType::BaselineJIT)
bytecodeIndex = callSiteIndex.bytecodeIndex();
else if (jitType == JITType::DFGJIT || jitType == JITType::FTLJIT) {
#if ENABLE(DFG_JIT)
RELEASE_ASSERT(canGetCodeOrigin(callSiteIndex));
CodeOrigin origin = codeOrigin(callSiteIndex);
bytecodeIndex = origin.bytecodeIndex();
#else
RELEASE_ASSERT_NOT_REACHED();
#endif
}
return bytecodeIndex;
}
void CodeBlock::jitSoon()
{
m_unlinkedCode->llintExecuteCounter().setNewThreshold(unlinkedCodeBlock()->thresholdForJIT(Options::thresholdForJITSoon()), this);
}
void CodeBlock::jitNextInvocation()
{
m_unlinkedCode->llintExecuteCounter().setNewThreshold(0, this);
}
bool CodeBlock::hasInstalledVMTrapBreakpoints() const
{
#if ENABLE(SIGNAL_BASED_VM_TRAPS)
// This function may be called from a signal handler. We need to be
// careful to not call anything that is not signal handler safe, e.g.
// we should not perturb the refCount of m_jitCode.
if (!JITCode::isOptimizingJIT(jitType()))
return false;
return m_jitCode->dfgCommon()->hasInstalledVMTrapsBreakpoints();
#else
return false;
#endif
}
bool CodeBlock::installVMTrapBreakpoints()
{
#if ENABLE(SIGNAL_BASED_VM_TRAPS)
// This function may be called from a signal handler. We need to be
// careful to not call anything that is not signal handler safe, e.g.
// we should not perturb the refCount of m_jitCode.
if (!JITCode::isOptimizingJIT(jitType()))
return false;
auto& commonData = *m_jitCode->dfgCommon();
commonData.installVMTrapBreakpoints(this);
return true;
#else
UNREACHABLE_FOR_PLATFORM();
return false;
#endif
}
void CodeBlock::dumpMathICStats()
{
#if ENABLE(MATH_IC_STATS)
double numAdds = 0.0;
double totalAddSize = 0.0;
double numMuls = 0.0;
double totalMulSize = 0.0;
double numNegs = 0.0;
double totalNegSize = 0.0;
double numSubs = 0.0;
double totalSubSize = 0.0;
auto countICs = [&] (CodeBlock*) {
// FIXME: We need to re-implement this using JITCode.
};
heap()->forEachCodeBlock(countICs);
dataLog("Num Adds: ", numAdds, "\n");
dataLog("Total Add size in bytes: ", totalAddSize, "\n");
dataLog("Average Add size: ", totalAddSize / numAdds, "\n");
dataLog("\n");
dataLog("Num Muls: ", numMuls, "\n");
dataLog("Total Mul size in bytes: ", totalMulSize, "\n");
dataLog("Average Mul size: ", totalMulSize / numMuls, "\n");
dataLog("\n");
dataLog("Num Negs: ", numNegs, "\n");
dataLog("Total Neg size in bytes: ", totalNegSize, "\n");
dataLog("Average Neg size: ", totalNegSize / numNegs, "\n");
dataLog("\n");
dataLog("Num Subs: ", numSubs, "\n");
dataLog("Total Sub size in bytes: ", totalSubSize, "\n");
dataLog("Average Sub size: ", totalSubSize / numSubs, "\n");
dataLog("-----------------------\n");
#endif
}
void setPrinter(Printer::PrintRecord& record, CodeBlock* codeBlock)
{
Printer::setPrinter(record, toCString(codeBlock));
}
} // namespace JSC
namespace WTF {
void printInternal(PrintStream& out, JSC::CodeBlock* codeBlock)
{
if (UNLIKELY(!codeBlock)) {
out.print("<null codeBlock>");
return;
}
out.print(*codeBlock);
}
} // namespace WTF