зеркало из https://github.com/mozilla/gecko-dev.git
Backout 907d5bc3bd26 (Bug 969012) for bustage on a CLOSED TREE.
This commit is contained in:
Родитель
5e64bb5ea4
Коммит
988ea0a8d6
|
@ -3,6 +3,15 @@ load(libdir + "parallelarray-helpers.js");
|
|||
function testClosureCreationAndInvocation() {
|
||||
var a = range(0, 64);
|
||||
function makeaddv(v) {
|
||||
var u = 1;
|
||||
var t = 2;
|
||||
var s = 3;
|
||||
var r = 4;
|
||||
var q = 5;
|
||||
var p = 6;
|
||||
var o = 7;
|
||||
var n = 8;
|
||||
var m = 9;
|
||||
var l = 10;
|
||||
var k = 11;
|
||||
var j = 12;
|
||||
|
@ -25,6 +34,11 @@ function testClosureCreationAndInvocation() {
|
|||
case 6: return g; case 7: return h;
|
||||
case 8: return i; case 9: return j;
|
||||
case 10: return k; case 11: return l;
|
||||
case 12: return m; case 13: return n;
|
||||
case 14: return o; case 15: return p;
|
||||
case 16: return q; case 17: return r;
|
||||
case 18: return s; case 19: return t;
|
||||
case 20: return u;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
|
@ -3,6 +3,15 @@ load(libdir + "parallelarray-helpers.js");
|
|||
function testClosureCreationAndInvocation() {
|
||||
var a = range(0, 64);
|
||||
function makeaddv(v) {
|
||||
var u = 1;
|
||||
var t = 2;
|
||||
var s = 3;
|
||||
var r = 4;
|
||||
var q = 5;
|
||||
var p = 6;
|
||||
var o = 7;
|
||||
var n = 8;
|
||||
var m = 9;
|
||||
var l = 10;
|
||||
var k = 11;
|
||||
var j = 12;
|
||||
|
@ -23,6 +32,11 @@ function testClosureCreationAndInvocation() {
|
|||
case 6: return g; case 7: return h;
|
||||
case 8: return i; case 9: return j;
|
||||
case 10: return k; case 11: return l;
|
||||
case 12: return m; case 13: return n;
|
||||
case 14: return o; case 15: return p;
|
||||
case 16: return q; case 17: return r;
|
||||
case 18: return s; case 19: return t;
|
||||
case 20: return u;
|
||||
}
|
||||
};
|
||||
};
|
||||
|
|
|
@ -972,7 +972,8 @@ CodeGenerator::visitLambda(LLambda *lir)
|
|||
|
||||
JS_ASSERT(!info.singletonType);
|
||||
|
||||
masm.createGCObject(output, tempReg, info.fun, gc::DefaultHeap, ool->entry());
|
||||
masm.newGCThing(output, tempReg, info.fun, ool->entry(), gc::DefaultHeap);
|
||||
masm.initGCThing(output, tempReg, info.fun);
|
||||
|
||||
emitLambdaInit(output, scopeChain, info);
|
||||
|
||||
|
@ -3336,6 +3337,29 @@ CodeGenerator::visitNewDerivedTypedObject(LNewDerivedTypedObject *lir)
|
|||
return callVM(CreateDerivedTypedObjInfo, lir);
|
||||
}
|
||||
|
||||
bool
|
||||
CodeGenerator::visitNewSlots(LNewSlots *lir)
|
||||
{
|
||||
Register temp1 = ToRegister(lir->temp1());
|
||||
Register temp2 = ToRegister(lir->temp2());
|
||||
Register temp3 = ToRegister(lir->temp3());
|
||||
Register output = ToRegister(lir->output());
|
||||
|
||||
masm.mov(ImmPtr(GetIonContext()->runtime), temp1);
|
||||
masm.mov(ImmWord(lir->mir()->nslots()), temp2);
|
||||
|
||||
masm.setupUnalignedABICall(2, temp3);
|
||||
masm.passABIArg(temp1);
|
||||
masm.passABIArg(temp2);
|
||||
masm.callWithABI(JS_FUNC_TO_DATA_PTR(void *, NewSlots));
|
||||
|
||||
masm.testPtr(output, output);
|
||||
if (!bailoutIf(Assembler::Zero, lir->snapshot()))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool CodeGenerator::visitAtan2D(LAtan2D *lir)
|
||||
{
|
||||
Register temp = ToRegister(lir->temp());
|
||||
|
@ -3384,7 +3408,8 @@ CodeGenerator::visitNewArray(LNewArray *lir)
|
|||
if (!addOutOfLineCode(ool))
|
||||
return false;
|
||||
|
||||
masm.createGCObject(objReg, tempReg, templateObject, lir->mir()->initialHeap(), ool->entry());
|
||||
masm.newGCThing(objReg, tempReg, templateObject, ool->entry(), lir->mir()->initialHeap());
|
||||
masm.initGCThing(objReg, tempReg, templateObject);
|
||||
|
||||
masm.bind(ool->rejoin());
|
||||
return true;
|
||||
|
@ -3470,7 +3495,8 @@ CodeGenerator::visitNewObject(LNewObject *lir)
|
|||
if (!addOutOfLineCode(ool))
|
||||
return false;
|
||||
|
||||
masm.createGCObject(objReg, tempReg, templateObject, lir->mir()->initialHeap(), ool->entry());
|
||||
masm.newGCThing(objReg, tempReg, templateObject, ool->entry(), lir->mir()->initialHeap());
|
||||
masm.initGCThing(objReg, tempReg, templateObject);
|
||||
|
||||
masm.bind(ool->rejoin());
|
||||
return true;
|
||||
|
@ -3505,13 +3531,14 @@ CodeGenerator::visitNewDeclEnvObject(LNewDeclEnvObject *lir)
|
|||
if (!ool)
|
||||
return false;
|
||||
|
||||
masm.createGCObject(objReg, tempReg, templateObj, gc::DefaultHeap, ool->entry());
|
||||
|
||||
masm.newGCThing(objReg, tempReg, templateObj, ool->entry(), gc::DefaultHeap);
|
||||
masm.initGCThing(objReg, tempReg, templateObj);
|
||||
masm.bind(ool->rejoin());
|
||||
return true;
|
||||
}
|
||||
|
||||
typedef JSObject *(*NewCallObjectFn)(JSContext *, HandleScript, HandleShape, HandleTypeObject);
|
||||
typedef JSObject *(*NewCallObjectFn)(JSContext *, HandleScript, HandleShape,
|
||||
HandleTypeObject, HeapSlot *);
|
||||
static const VMFunction NewCallObjectInfo =
|
||||
FunctionInfo<NewCallObjectFn>(NewCallObject);
|
||||
|
||||
|
@ -3524,11 +3551,22 @@ CodeGenerator::visitNewCallObject(LNewCallObject *lir)
|
|||
JSObject *templateObj = lir->mir()->templateObject();
|
||||
|
||||
// If we have a template object, we can inline call object creation.
|
||||
OutOfLineCode *ool = oolCallVM(NewCallObjectInfo, lir,
|
||||
(ArgList(), ImmGCPtr(lir->mir()->block()->info().script()),
|
||||
ImmGCPtr(templateObj->lastProperty()),
|
||||
ImmGCPtr(templateObj->hasSingletonType() ? nullptr : templateObj->type())),
|
||||
StoreRegisterTo(objReg));
|
||||
OutOfLineCode *ool;
|
||||
if (lir->slots()->isRegister()) {
|
||||
ool = oolCallVM(NewCallObjectInfo, lir,
|
||||
(ArgList(), ImmGCPtr(lir->mir()->block()->info().script()),
|
||||
ImmGCPtr(templateObj->lastProperty()),
|
||||
ImmGCPtr(templateObj->hasSingletonType() ? nullptr : templateObj->type()),
|
||||
ToRegister(lir->slots())),
|
||||
StoreRegisterTo(objReg));
|
||||
} else {
|
||||
ool = oolCallVM(NewCallObjectInfo, lir,
|
||||
(ArgList(), ImmGCPtr(lir->mir()->block()->info().script()),
|
||||
ImmGCPtr(templateObj->lastProperty()),
|
||||
ImmGCPtr(templateObj->hasSingletonType() ? nullptr : templateObj->type()),
|
||||
ImmPtr(nullptr)),
|
||||
StoreRegisterTo(objReg));
|
||||
}
|
||||
if (!ool)
|
||||
return false;
|
||||
|
||||
|
@ -3536,7 +3574,11 @@ CodeGenerator::visitNewCallObject(LNewCallObject *lir)
|
|||
// Objects can only be given singleton types in VM calls.
|
||||
masm.jump(ool->entry());
|
||||
} else {
|
||||
masm.createGCObject(objReg, tempReg, templateObj, gc::DefaultHeap, ool->entry());
|
||||
masm.newGCThing(objReg, tempReg, templateObj, ool->entry(), gc::DefaultHeap);
|
||||
masm.initGCThing(objReg, tempReg, templateObj);
|
||||
|
||||
if (lir->slots()->isRegister())
|
||||
masm.storePtr(ToRegister(lir->slots()), Address(objReg, JSObject::offsetOfSlots()));
|
||||
}
|
||||
|
||||
masm.bind(ool->rejoin());
|
||||
|
@ -3553,6 +3595,17 @@ CodeGenerator::visitNewCallObjectPar(LNewCallObjectPar *lir)
|
|||
JSObject *templateObj = lir->mir()->templateObj();
|
||||
|
||||
emitAllocateGCThingPar(lir, resultReg, cxReg, tempReg1, tempReg2, templateObj);
|
||||
|
||||
// NB: !lir->slots()->isRegister() implies that there is no slots
|
||||
// array at all, and the memory is already zeroed when copying
|
||||
// from the template object
|
||||
|
||||
if (lir->slots()->isRegister()) {
|
||||
Register slotsReg = ToRegister(lir->slots());
|
||||
JS_ASSERT(slotsReg != resultReg);
|
||||
masm.storePtr(slotsReg, Address(resultReg, JSObject::offsetOfSlots()));
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -3611,7 +3664,8 @@ CodeGenerator::visitNewStringObject(LNewStringObject *lir)
|
|||
if (!ool)
|
||||
return false;
|
||||
|
||||
masm.createGCObject(output, temp, templateObj, gc::DefaultHeap, ool->entry());
|
||||
masm.newGCThing(output, temp, templateObj, ool->entry(), gc::DefaultHeap);
|
||||
masm.initGCThing(output, temp, templateObj);
|
||||
|
||||
masm.loadStringLength(input, temp);
|
||||
|
||||
|
@ -3856,7 +3910,7 @@ CodeGenerator::visitCreateThisWithTemplate(LCreateThisWithTemplate *lir)
|
|||
return false;
|
||||
|
||||
// Allocate. If the FreeList is empty, call to VM, which may GC.
|
||||
masm.newGCThing(objReg, tempReg, templateObject, lir->mir()->initialHeap(), ool->entry());
|
||||
masm.newGCThing(objReg, tempReg, templateObject, ool->entry(), lir->mir()->initialHeap());
|
||||
|
||||
// Initialize based on the templateObject.
|
||||
masm.bind(ool->rejoin());
|
||||
|
@ -4925,70 +4979,6 @@ JitCompartment::generateStringConcatStub(JSContext *cx, ExecutionMode mode)
|
|||
return code;
|
||||
}
|
||||
|
||||
JitCode *
|
||||
JitRuntime::generateMallocStub(JSContext *cx)
|
||||
{
|
||||
const Register regReturn = CallTempReg0;
|
||||
const Register regNBytes = CallTempReg0;
|
||||
const Register regRuntime = CallTempReg1;
|
||||
const Register regTemp = CallTempReg1;
|
||||
|
||||
MacroAssembler masm(cx);
|
||||
|
||||
RegisterSet regs = RegisterSet::Volatile();
|
||||
regs.takeUnchecked(regNBytes);
|
||||
masm.PushRegsInMask(regs);
|
||||
|
||||
masm.setupUnalignedABICall(2, regTemp);
|
||||
masm.movePtr(ImmPtr(cx->runtime()), regRuntime);
|
||||
masm.passABIArg(regRuntime);
|
||||
masm.passABIArg(regNBytes);
|
||||
masm.callWithABI(JS_FUNC_TO_DATA_PTR(void *, MallocWrapper));
|
||||
masm.storeCallResult(regReturn);
|
||||
|
||||
masm.PopRegsInMask(regs);
|
||||
masm.ret();
|
||||
|
||||
Linker linker(masm);
|
||||
JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
|
||||
|
||||
#ifdef JS_ION_PERF
|
||||
writePerfSpewerJitCodeProfile(code, "MallocStub");
|
||||
#endif
|
||||
|
||||
return code;
|
||||
}
|
||||
|
||||
JitCode *
|
||||
JitRuntime::generateFreeStub(JSContext *cx)
|
||||
{
|
||||
const Register regSlots = CallTempReg0;
|
||||
const Register regTemp = CallTempReg1;
|
||||
|
||||
MacroAssembler masm(cx);
|
||||
|
||||
RegisterSet regs = RegisterSet::Volatile();
|
||||
regs.takeUnchecked(regSlots);
|
||||
masm.PushRegsInMask(regs);
|
||||
|
||||
masm.setupUnalignedABICall(1, regTemp);
|
||||
masm.passABIArg(regSlots);
|
||||
masm.callWithABI(JS_FUNC_TO_DATA_PTR(void *, js_free));
|
||||
|
||||
masm.PopRegsInMask(regs);
|
||||
|
||||
masm.ret();
|
||||
|
||||
Linker linker(masm);
|
||||
JitCode *code = linker.newCode<NoGC>(cx, JSC::OTHER_CODE);
|
||||
|
||||
#ifdef JS_ION_PERF
|
||||
writePerfSpewerJitCodeProfile(code, "FreeStub");
|
||||
#endif
|
||||
|
||||
return code;
|
||||
}
|
||||
|
||||
typedef bool (*CharCodeAtFn)(JSContext *, HandleString, int32_t, uint32_t *);
|
||||
static const VMFunction CharCodeAtInfo = FunctionInfo<CharCodeAtFn>(jit::CharCodeAt);
|
||||
|
||||
|
@ -5642,7 +5632,9 @@ CodeGenerator::visitArrayConcat(LArrayConcat *lir)
|
|||
masm.branch32(Assembler::NotEqual, Address(temp1, ObjectElements::offsetOfLength()), temp2, &fail);
|
||||
|
||||
// Try to allocate an object.
|
||||
masm.createGCObject(temp1, temp2, lir->mir()->templateObj(), lir->mir()->initialHeap(), &fail);
|
||||
JSObject *templateObj = lir->mir()->templateObj();
|
||||
masm.newGCThing(temp1, temp2, templateObj, &fail, lir->mir()->initialHeap());
|
||||
masm.initGCThing(temp1, temp2, templateObj);
|
||||
masm.jump(&call);
|
||||
{
|
||||
masm.bind(&fail);
|
||||
|
@ -6013,7 +6005,8 @@ CodeGenerator::visitRest(LRest *lir)
|
|||
JSObject *templateObject = lir->mir()->templateObject();
|
||||
|
||||
Label joinAlloc, failAlloc;
|
||||
masm.createGCObject(temp2, temp0, templateObject, gc::DefaultHeap, &failAlloc);
|
||||
masm.newGCThing(temp2, temp0, templateObject, &failAlloc, gc::DefaultHeap);
|
||||
masm.initGCThing(temp2, temp0, templateObject);
|
||||
masm.jump(&joinAlloc);
|
||||
{
|
||||
masm.bind(&failAlloc);
|
||||
|
|
|
@ -131,6 +131,7 @@ class CodeGenerator : public CodeGeneratorSpecific
|
|||
bool visitCallDirectEvalV(LCallDirectEvalV *lir);
|
||||
bool visitDoubleToInt32(LDoubleToInt32 *lir);
|
||||
bool visitFloat32ToInt32(LFloat32ToInt32 *lir);
|
||||
bool visitNewSlots(LNewSlots *lir);
|
||||
bool visitNewArrayCallVM(LNewArray *lir);
|
||||
bool visitNewArray(LNewArray *lir);
|
||||
bool visitOutOfLineNewArray(OutOfLineNewArray *ool);
|
||||
|
|
|
@ -29,7 +29,6 @@
|
|||
#include "jit/ExecutionModeInlines.h"
|
||||
#include "jit/IonAnalysis.h"
|
||||
#include "jit/IonBuilder.h"
|
||||
#include "jit/IonLinker.h"
|
||||
#include "jit/IonOptimizationLevels.h"
|
||||
#include "jit/IonSpewer.h"
|
||||
#include "jit/JitCommon.h"
|
||||
|
@ -269,16 +268,6 @@ JitRuntime::initialize(JSContext *cx)
|
|||
if (!shapePreBarrier_)
|
||||
return false;
|
||||
|
||||
IonSpew(IonSpew_Codegen, "# Emitting malloc stub");
|
||||
mallocStub_ = generateMallocStub(cx);
|
||||
if (!mallocStub_)
|
||||
return false;
|
||||
|
||||
IonSpew(IonSpew_Codegen, "# Emitting free stub");
|
||||
freeStub_ = generateFreeStub(cx);
|
||||
if (!freeStub_)
|
||||
return false;
|
||||
|
||||
IonSpew(IonSpew_Codegen, "# Emitting VM function wrappers");
|
||||
for (VMFunction *fun = VMFunction::functions; fun; fun = fun->next) {
|
||||
if (!generateVMWrapper(cx, *fun))
|
||||
|
|
|
@ -4597,9 +4597,23 @@ IonBuilder::createCallObject(MDefinition *callee, MDefinition *scope)
|
|||
// creation.
|
||||
CallObject *templateObj = inspector->templateCallObject();
|
||||
|
||||
// Allocate the object. Run-once scripts need a singleton type, so always do
|
||||
// a VM call in such cases.
|
||||
MNewCallObject *callObj = MNewCallObject::New(alloc(), templateObj, script()->treatAsRunOnce());
|
||||
// If the CallObject needs dynamic slots, allocate those now.
|
||||
MInstruction *slots;
|
||||
if (templateObj->hasDynamicSlots()) {
|
||||
size_t nslots = JSObject::dynamicSlotsCount(templateObj->numFixedSlots(),
|
||||
templateObj->lastProperty()->slotSpan(templateObj->getClass()),
|
||||
templateObj->getClass());
|
||||
slots = MNewSlots::New(alloc(), nslots);
|
||||
} else {
|
||||
slots = MConstant::New(alloc(), NullValue());
|
||||
}
|
||||
current->add(slots);
|
||||
|
||||
// Allocate the actual object. It is important that no intervening
|
||||
// instructions could potentially bailout, thus leaking the dynamic slots
|
||||
// pointer. Run-once scripts need a singleton type, so always do a VM call
|
||||
// in such cases.
|
||||
MNewCallObject *callObj = MNewCallObject::New(alloc(), templateObj, script()->treatAsRunOnce(), slots);
|
||||
current->add(callObj);
|
||||
|
||||
// Initialize the object's reserved slots. No post barrier is needed here,
|
||||
|
@ -4608,20 +4622,14 @@ IonBuilder::createCallObject(MDefinition *callee, MDefinition *scope)
|
|||
current->add(MStoreFixedSlot::New(alloc(), callObj, CallObject::calleeSlot(), callee));
|
||||
|
||||
// Initialize argument slots.
|
||||
MSlots *slots = nullptr;
|
||||
for (AliasedFormalIter i(script()); i; i++) {
|
||||
unsigned slot = i.scopeSlot();
|
||||
unsigned formal = i.frameIndex();
|
||||
MDefinition *param = current->getSlot(info().argSlotUnchecked(formal));
|
||||
if (slot >= templateObj->numFixedSlots()) {
|
||||
if (!slots) {
|
||||
slots = MSlots::New(alloc(), callObj);
|
||||
current->add(slots);
|
||||
}
|
||||
if (slot >= templateObj->numFixedSlots())
|
||||
current->add(MStoreSlot::New(alloc(), slots, slot - templateObj->numFixedSlots(), param));
|
||||
} else {
|
||||
else
|
||||
current->add(MStoreFixedSlot::New(alloc(), callObj, slot, param));
|
||||
}
|
||||
}
|
||||
|
||||
return callObj;
|
||||
|
@ -7484,10 +7492,6 @@ IonBuilder::setElemTryTypedStatic(bool *emitted, MDefinition *object,
|
|||
return true;
|
||||
|
||||
TypedArrayObject *tarr = &tarrObj->as<TypedArrayObject>();
|
||||
|
||||
if (gc::IsInsideNursery(tarr->runtimeFromMainThread(), tarr->viewData()))
|
||||
return true;
|
||||
|
||||
ArrayBufferView::ViewType viewType = (ArrayBufferView::ViewType) tarr->type();
|
||||
|
||||
MDefinition *ptr = convertShiftToMaskForStaticTypedArray(index, viewType);
|
||||
|
|
|
@ -633,11 +633,14 @@ MacroAssembler::clampDoubleToUint8(FloatRegister input, Register output)
|
|||
#endif
|
||||
}
|
||||
|
||||
// Inlined version of gc::CheckAllocatorState that checks the bare essentials
|
||||
// and bails for anything that cannot be handled with our jit allocators.
|
||||
void
|
||||
MacroAssembler::checkAllocatorState(Label *fail)
|
||||
MacroAssembler::newGCThing(Register result, Register temp, gc::AllocKind allocKind, Label *fail,
|
||||
gc::InitialHeap initialHeap /* = gc::DefaultHeap */)
|
||||
{
|
||||
// Inlined equivalent of js::gc::NewGCThing() without failure case handling.
|
||||
|
||||
int thingSize = int(gc::Arena::thingSize(allocKind));
|
||||
|
||||
#ifdef JS_GC_ZEAL
|
||||
// Don't execute the inline path if gcZeal is active.
|
||||
branch32(Assembler::NotEqual,
|
||||
|
@ -649,66 +652,29 @@ MacroAssembler::checkAllocatorState(Label *fail)
|
|||
// as the metadata to use for the object may vary between executions of the op.
|
||||
if (GetIonContext()->compartment->hasObjectMetadataCallback())
|
||||
jump(fail);
|
||||
}
|
||||
|
||||
// Inline version of ShouldNurseryAllocate.
|
||||
bool
|
||||
MacroAssembler::shouldNurseryAllocate(gc::AllocKind allocKind, gc::InitialHeap initialHeap)
|
||||
{
|
||||
#ifdef JSGC_GENERATIONAL
|
||||
// Note that Ion elides barriers on writes to objects know to be in the
|
||||
// nursery, so any allocation that can be made into the nursery must be made
|
||||
// into the nursery, even if the nursery is disabled. At runtime these will
|
||||
// take the out-of-line path, which is required to insert a barrier for the
|
||||
// initializing writes.
|
||||
return IsNurseryAllocable(allocKind) && initialHeap != gc::TenuredHeap;
|
||||
#else
|
||||
return false;
|
||||
#endif
|
||||
}
|
||||
|
||||
// Inline version of Nursery::allocateObject.
|
||||
void
|
||||
MacroAssembler::nurseryAllocate(Register result, Register slots, gc::AllocKind allocKind,
|
||||
size_t nDynamicSlots, gc::InitialHeap initialHeap, Label *fail)
|
||||
{
|
||||
#ifdef JSGC_GENERATIONAL
|
||||
JS_ASSERT(IsNurseryAllocable(allocKind));
|
||||
JS_ASSERT(initialHeap != gc::TenuredHeap);
|
||||
|
||||
// This allocation site is requesting too many dynamic slots. Several
|
||||
// allocation sites assume that nursery allocation will succeed to
|
||||
// avoid needing barriers later. Ensure these sites limit their slot
|
||||
// requests appropriately.
|
||||
JS_ASSERT(nDynamicSlots < Nursery::MaxNurserySlots);
|
||||
|
||||
// No explicit check for nursery.isEnabled() is needed, as the comparison
|
||||
// with the nursery's end will always fail in such cases.
|
||||
const Nursery &nursery = GetIonContext()->runtime->gcNursery();
|
||||
Register temp = slots;
|
||||
int thingSize = int(gc::Arena::thingSize(allocKind));
|
||||
int totalSize = thingSize + nDynamicSlots * sizeof(HeapSlot);
|
||||
loadPtr(AbsoluteAddress(nursery.addressOfPosition()), result);
|
||||
computeEffectiveAddress(Address(result, totalSize), temp);
|
||||
branchPtr(Assembler::BelowOrEqual, AbsoluteAddress(nursery.addressOfCurrentEnd()), temp, fail);
|
||||
storePtr(temp, AbsoluteAddress(nursery.addressOfPosition()));
|
||||
|
||||
if (nDynamicSlots)
|
||||
computeEffectiveAddress(Address(result, thingSize), slots);
|
||||
// Always use nursery allocation if it is possible to do so. The jit
|
||||
// assumes a nursery pointer is returned to avoid barriers.
|
||||
if (allocKind <= gc::FINALIZE_OBJECT_LAST && initialHeap != gc::TenuredHeap) {
|
||||
// Inline Nursery::allocate. No explicit check for nursery.isEnabled()
|
||||
// is needed, as the comparison with the nursery's end will always fail
|
||||
// in such cases.
|
||||
const Nursery &nursery = GetIonContext()->runtime->gcNursery();
|
||||
loadPtr(AbsoluteAddress(nursery.addressOfPosition()), result);
|
||||
computeEffectiveAddress(Address(result, thingSize), temp);
|
||||
branchPtr(Assembler::BelowOrEqual, AbsoluteAddress(nursery.addressOfCurrentEnd()), temp, fail);
|
||||
storePtr(temp, AbsoluteAddress(nursery.addressOfPosition()));
|
||||
return;
|
||||
}
|
||||
#endif // JSGC_GENERATIONAL
|
||||
}
|
||||
|
||||
// Inlined version of FreeSpan::allocate.
|
||||
void
|
||||
MacroAssembler::freeSpanAllocate(Register result, Register temp, gc::AllocKind allocKind, Label *fail)
|
||||
{
|
||||
CompileZone *zone = GetIonContext()->compartment->zone();
|
||||
int thingSize = int(gc::Arena::thingSize(allocKind));
|
||||
|
||||
// Load FreeSpan::first of |zone|'s freeLists for |allocKind|. If there is
|
||||
// no room remaining in the span, we bail to finish the allocation. The
|
||||
// interpreter will call |refillFreeLists|, setting up a new FreeSpan so
|
||||
// that we can continue allocating in the jit.
|
||||
// Inline FreeSpan::allocate.
|
||||
// There is always exactly one FreeSpan per allocKind per JSCompartment.
|
||||
// If a FreeSpan is replaced, its members are updated in the freeLists table,
|
||||
// which the code below always re-reads.
|
||||
loadPtr(AbsoluteAddress(zone->addressOfFreeListFirst(allocKind)), result);
|
||||
branchPtr(Assembler::BelowOrEqual, AbsoluteAddress(zone->addressOfFreeListLast(allocKind)), result, fail);
|
||||
computeEffectiveAddress(Address(result, thingSize), temp);
|
||||
|
@ -716,115 +682,25 @@ MacroAssembler::freeSpanAllocate(Register result, Register temp, gc::AllocKind a
|
|||
}
|
||||
|
||||
void
|
||||
MacroAssembler::callMallocStub(size_t nbytes, Register result, Label *fail)
|
||||
{
|
||||
// This register must match the one in JitRuntime::generateMallocStub.
|
||||
const Register regNBytes = CallTempReg0;
|
||||
|
||||
JS_ASSERT(nbytes > 0);
|
||||
JS_ASSERT(nbytes <= INT32_MAX);
|
||||
|
||||
push(regNBytes);
|
||||
move32(Imm32(nbytes), regNBytes);
|
||||
call(GetIonContext()->runtime->jitRuntime()->mallocStub());
|
||||
movePtr(regNBytes, result);
|
||||
pop(regNBytes);
|
||||
branchTest32(Assembler::Zero, result, result, fail);
|
||||
}
|
||||
|
||||
void
|
||||
MacroAssembler::callFreeStub(Register slots)
|
||||
{
|
||||
// This register must match the one in JitRuntime::generateFreeStub.
|
||||
const Register regSlots = CallTempReg0;
|
||||
|
||||
push(regSlots);
|
||||
movePtr(slots, regSlots);
|
||||
call(GetIonContext()->runtime->jitRuntime()->freeStub());
|
||||
pop(regSlots);
|
||||
}
|
||||
|
||||
// Inlined equivalent of gc::AllocateObject, without failure case handling.
|
||||
void
|
||||
MacroAssembler::allocateObject(Register result, Register slots, gc::AllocKind allocKind,
|
||||
uint32_t nDynamicSlots, gc::InitialHeap initialHeap, Label *fail)
|
||||
MacroAssembler::newGCThing(Register result, Register temp, JSObject *templateObject, Label *fail,
|
||||
gc::InitialHeap initialHeap)
|
||||
{
|
||||
gc::AllocKind allocKind = templateObject->tenuredGetAllocKind();
|
||||
JS_ASSERT(allocKind >= gc::FINALIZE_OBJECT0 && allocKind <= gc::FINALIZE_OBJECT_LAST);
|
||||
|
||||
checkAllocatorState(fail);
|
||||
|
||||
if (shouldNurseryAllocate(allocKind, initialHeap))
|
||||
return nurseryAllocate(result, slots, allocKind, nDynamicSlots, initialHeap, fail);
|
||||
|
||||
if (!nDynamicSlots)
|
||||
return freeSpanAllocate(result, slots, allocKind, fail);
|
||||
|
||||
callMallocStub(nDynamicSlots * sizeof(HeapValue), slots, fail);
|
||||
|
||||
Label failAlloc;
|
||||
Label success;
|
||||
|
||||
push(slots);
|
||||
freeSpanAllocate(result, slots, allocKind, &failAlloc);
|
||||
pop(slots);
|
||||
jump(&success);
|
||||
|
||||
bind(&failAlloc);
|
||||
pop(slots);
|
||||
callFreeStub(slots);
|
||||
jump(fail);
|
||||
|
||||
bind(&success);
|
||||
}
|
||||
|
||||
void
|
||||
MacroAssembler::newGCThing(Register result, Register temp, JSObject *templateObj,
|
||||
gc::InitialHeap initialHeap, Label *fail)
|
||||
{
|
||||
// This method does not initialize the object: if external slots get
|
||||
// allocated into |temp|, there is no easy way for us to ensure the caller
|
||||
// frees them. Instead just assert this case does not happen.
|
||||
JS_ASSERT(!templateObj->numDynamicSlots());
|
||||
|
||||
gc::AllocKind allocKind = templateObj->tenuredGetAllocKind();
|
||||
JS_ASSERT(allocKind >= gc::FINALIZE_OBJECT0 && allocKind <= gc::FINALIZE_OBJECT_LAST);
|
||||
|
||||
allocateObject(result, temp, allocKind, templateObj->numDynamicSlots(), initialHeap, fail);
|
||||
}
|
||||
|
||||
void
|
||||
MacroAssembler::createGCObject(Register obj, Register temp, JSObject *templateObj,
|
||||
gc::InitialHeap initialHeap, Label *fail)
|
||||
{
|
||||
uint32_t nDynamicSlots = templateObj->numDynamicSlots();
|
||||
gc::AllocKind allocKind = templateObj->tenuredGetAllocKind();
|
||||
JS_ASSERT(allocKind >= gc::FINALIZE_OBJECT0 && allocKind <= gc::FINALIZE_OBJECT_LAST);
|
||||
|
||||
allocateObject(obj, temp, allocKind, nDynamicSlots, initialHeap, fail);
|
||||
initGCThing(obj, temp, templateObj);
|
||||
}
|
||||
|
||||
|
||||
// Inlined equivalent of gc::AllocateNonObject, without failure case handling.
|
||||
// Non-object allocation does not need to worry about slots, so can take a
|
||||
// simpler path.
|
||||
void
|
||||
MacroAssembler::allocateNonObject(Register result, Register temp, gc::AllocKind allocKind, Label *fail)
|
||||
{
|
||||
checkAllocatorState(fail);
|
||||
freeSpanAllocate(result, temp, allocKind, fail);
|
||||
newGCThing(result, temp, allocKind, fail, initialHeap);
|
||||
}
|
||||
|
||||
void
|
||||
MacroAssembler::newGCString(Register result, Register temp, Label *fail)
|
||||
{
|
||||
allocateNonObject(result, temp, js::gc::FINALIZE_STRING, fail);
|
||||
newGCThing(result, temp, js::gc::FINALIZE_STRING, fail);
|
||||
}
|
||||
|
||||
void
|
||||
MacroAssembler::newGCShortString(Register result, Register temp, Label *fail)
|
||||
{
|
||||
allocateNonObject(result, temp, js::gc::FINALIZE_SHORT_STRING, fail);
|
||||
newGCThing(result, temp, js::gc::FINALIZE_SHORT_STRING, fail);
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -899,7 +775,7 @@ MacroAssembler::newGCShortStringPar(Register result, Register cx, Register tempR
|
|||
}
|
||||
|
||||
void
|
||||
MacroAssembler::copySlotsFromTemplate(Register obj, const JSObject *templateObj,
|
||||
MacroAssembler::copySlotsFromTemplate(Register obj, Register temp, const JSObject *templateObj,
|
||||
uint32_t start, uint32_t end)
|
||||
{
|
||||
uint32_t nfixed = Min(templateObj->numFixedSlots(), end);
|
||||
|
@ -908,26 +784,27 @@ MacroAssembler::copySlotsFromTemplate(Register obj, const JSObject *templateObj,
|
|||
}
|
||||
|
||||
void
|
||||
MacroAssembler::fillSlotsWithUndefined(Address base, Register temp, uint32_t start, uint32_t end)
|
||||
MacroAssembler::fillSlotsWithUndefined(Register obj, Register temp, const JSObject *templateObj,
|
||||
uint32_t start, uint32_t end)
|
||||
{
|
||||
#ifdef JS_NUNBOX32
|
||||
// We only have a single spare register, so do the initialization as two
|
||||
// strided writes of the tag and body.
|
||||
jsval_layout jv = JSVAL_TO_IMPL(UndefinedValue());
|
||||
uint32_t nfixed = Min(templateObj->numFixedSlots(), end);
|
||||
|
||||
Address addr = base;
|
||||
move32(Imm32(jv.s.payload.i32), temp);
|
||||
for (unsigned i = start; i < end; ++i, addr.offset += sizeof(HeapValue))
|
||||
store32(temp, ToPayload(addr));
|
||||
mov(ImmWord(jv.s.tag), temp);
|
||||
for (unsigned i = start; i < nfixed; i++)
|
||||
store32(temp, ToType(Address(obj, JSObject::getFixedSlotOffset(i))));
|
||||
|
||||
addr = base;
|
||||
move32(Imm32(jv.s.tag), temp);
|
||||
for (unsigned i = start; i < end; ++i, addr.offset += sizeof(HeapValue))
|
||||
store32(temp, ToType(addr));
|
||||
mov(ImmWord(jv.s.payload.i32), temp);
|
||||
for (unsigned i = start; i < nfixed; i++)
|
||||
store32(temp, ToPayload(Address(obj, JSObject::getFixedSlotOffset(i))));
|
||||
#else
|
||||
moveValue(UndefinedValue(), temp);
|
||||
for (uint32_t i = start; i < end; ++i, base.offset += sizeof(HeapValue))
|
||||
storePtr(temp, base);
|
||||
uint32_t nfixed = Min(templateObj->numFixedSlots(), end);
|
||||
for (unsigned i = start; i < nfixed; i++)
|
||||
storePtr(temp, Address(obj, JSObject::getFixedSlotOffset(i)));
|
||||
#endif
|
||||
}
|
||||
|
||||
|
@ -944,7 +821,7 @@ FindStartOfUndefinedSlots(JSObject *templateObj, uint32_t nslots)
|
|||
}
|
||||
|
||||
void
|
||||
MacroAssembler::initGCSlots(Register obj, Register slots, JSObject *templateObj)
|
||||
MacroAssembler::initGCSlots(Register obj, Register temp, JSObject *templateObj)
|
||||
{
|
||||
// Slots of non-array objects are required to be initialized.
|
||||
// Use the values currently in the template object.
|
||||
|
@ -952,9 +829,6 @@ MacroAssembler::initGCSlots(Register obj, Register slots, JSObject *templateObj)
|
|||
if (nslots == 0)
|
||||
return;
|
||||
|
||||
uint32_t nfixed = templateObj->numFixedSlots();
|
||||
uint32_t ndynamic = templateObj->numDynamicSlots();
|
||||
|
||||
// Attempt to group slot writes such that we minimize the amount of
|
||||
// duplicated data we need to embed in code and load into registers. In
|
||||
// general, most template object slots will be undefined except for any
|
||||
|
@ -963,41 +837,22 @@ MacroAssembler::initGCSlots(Register obj, Register slots, JSObject *templateObj)
|
|||
// duplicated writes of UndefinedValue to the tail. For the majority of
|
||||
// objects, the "tail" will be the entire slot range.
|
||||
uint32_t startOfUndefined = FindStartOfUndefinedSlots(templateObj, nslots);
|
||||
JS_ASSERT(startOfUndefined <= nfixed); // Reserved slots must be fixed.
|
||||
|
||||
// Copy over any preserved reserved slots.
|
||||
copySlotsFromTemplate(obj, templateObj, 0, startOfUndefined);
|
||||
|
||||
// Fill the rest of the fixed slots with undefined.
|
||||
fillSlotsWithUndefined(Address(obj, JSObject::getFixedSlotOffset(startOfUndefined)), slots,
|
||||
startOfUndefined, nfixed);
|
||||
|
||||
if (ndynamic) {
|
||||
// We are short one register to do this elegantly. Borrow the obj
|
||||
// register briefly for our slots base address.
|
||||
push(obj);
|
||||
loadPtr(Address(obj, JSObject::offsetOfSlots()), obj);
|
||||
fillSlotsWithUndefined(Address(obj, 0), slots, 0, ndynamic);
|
||||
pop(obj);
|
||||
}
|
||||
copySlotsFromTemplate(obj, temp, templateObj, 0, startOfUndefined);
|
||||
fillSlotsWithUndefined(obj, temp, templateObj, startOfUndefined, nslots);
|
||||
}
|
||||
|
||||
void
|
||||
MacroAssembler::initGCThing(Register obj, Register slots, JSObject *templateObj)
|
||||
MacroAssembler::initGCThing(Register obj, Register temp, JSObject *templateObj)
|
||||
{
|
||||
// Fast initialization of an empty object returned by allocateObject().
|
||||
// Fast initialization of an empty object returned by NewGCThing().
|
||||
|
||||
JS_ASSERT(!templateObj->hasDynamicElements());
|
||||
|
||||
storePtr(ImmGCPtr(templateObj->lastProperty()), Address(obj, JSObject::offsetOfShape()));
|
||||
storePtr(ImmGCPtr(templateObj->type()), Address(obj, JSObject::offsetOfType()));
|
||||
if (templateObj->hasDynamicSlots())
|
||||
storePtr(slots, Address(obj, JSObject::offsetOfSlots()));
|
||||
else
|
||||
storePtr(ImmPtr(nullptr), Address(obj, JSObject::offsetOfSlots()));
|
||||
storePtr(ImmPtr(nullptr), Address(obj, JSObject::offsetOfSlots()));
|
||||
|
||||
if (templateObj->is<ArrayObject>()) {
|
||||
Register temp = slots;
|
||||
JS_ASSERT(!templateObj->getDenseInitializedLength());
|
||||
|
||||
int elementsOffset = JSObject::offsetOfFixedElements();
|
||||
|
@ -1020,7 +875,7 @@ MacroAssembler::initGCThing(Register obj, Register slots, JSObject *templateObj)
|
|||
} else {
|
||||
storePtr(ImmPtr(emptyObjectElements), Address(obj, JSObject::offsetOfElements()));
|
||||
|
||||
initGCSlots(obj, slots, templateObj);
|
||||
initGCSlots(obj, temp, templateObj);
|
||||
|
||||
if (templateObj->hasPrivate()) {
|
||||
uint32_t nfixed = templateObj->numFixedSlots();
|
||||
|
|
|
@ -786,30 +786,10 @@ class MacroAssembler : public MacroAssemblerSpecific
|
|||
void branchEqualTypeIfNeeded(MIRType type, MDefinition *maybeDef, Register tag, Label *label);
|
||||
|
||||
// Inline allocation.
|
||||
private:
|
||||
void checkAllocatorState(Label *fail);
|
||||
bool shouldNurseryAllocate(gc::AllocKind allocKind, gc::InitialHeap initialHeap);
|
||||
void nurseryAllocate(Register result, Register slots, gc::AllocKind allocKind,
|
||||
size_t nDynamicSlots, gc::InitialHeap initialHeap, Label *fail);
|
||||
void freeSpanAllocate(Register result, Register temp, gc::AllocKind allocKind, Label *fail);
|
||||
void allocateObject(Register result, Register slots, gc::AllocKind allocKind,
|
||||
uint32_t nDynamicSlots, gc::InitialHeap initialHeap, Label *fail);
|
||||
void allocateNonObject(Register result, Register temp, gc::AllocKind allocKind, Label *fail);
|
||||
void copySlotsFromTemplate(Register obj, const JSObject *templateObj,
|
||||
uint32_t start, uint32_t end);
|
||||
void fillSlotsWithUndefined(Address addr, Register temp, uint32_t start, uint32_t end);
|
||||
void initGCSlots(Register obj, Register temp, JSObject *templateObj);
|
||||
|
||||
public:
|
||||
void callMallocStub(size_t nbytes, Register result, Label *fail);
|
||||
void callFreeStub(Register slots);
|
||||
void createGCObject(Register result, Register temp, JSObject *templateObj,
|
||||
gc::InitialHeap initialHeap, Label *fail);
|
||||
|
||||
void newGCThing(Register result, Register temp, JSObject *templateObj,
|
||||
gc::InitialHeap initialHeap, Label *fail);
|
||||
void initGCThing(Register obj, Register temp, JSObject *templateObj);
|
||||
|
||||
void newGCThing(Register result, Register temp, gc::AllocKind allocKind, Label *fail,
|
||||
gc::InitialHeap initialHeap = gc::DefaultHeap);
|
||||
void newGCThing(Register result, Register temp, JSObject *templateObject, Label *fail,
|
||||
gc::InitialHeap initialHeap);
|
||||
void newGCString(Register result, Register temp, Label *fail);
|
||||
void newGCShortString(Register result, Register temp, Label *fail);
|
||||
|
||||
|
@ -822,6 +802,12 @@ class MacroAssembler : public MacroAssemblerSpecific
|
|||
void newGCShortStringPar(Register result, Register cx, Register tempReg1, Register tempReg2,
|
||||
Label *fail);
|
||||
|
||||
void copySlotsFromTemplate(Register obj, Register temp, const JSObject *templateObj,
|
||||
uint32_t start, uint32_t end);
|
||||
void fillSlotsWithUndefined(Register obj, Register temp, const JSObject *templateObj,
|
||||
uint32_t start, uint32_t end);
|
||||
void initGCSlots(Register obj, Register temp, JSObject *templateObj);
|
||||
void initGCThing(Register obj, Register temp, JSObject *templateObj);
|
||||
|
||||
// Compares two strings for equality based on the JSOP.
|
||||
// This checks for identical pointers, atoms and length and fails for everything else.
|
||||
|
|
|
@ -186,10 +186,6 @@ class JitRuntime
|
|||
JitCode *valuePreBarrier_;
|
||||
JitCode *shapePreBarrier_;
|
||||
|
||||
// Thunk to call malloc/free.
|
||||
JitCode *mallocStub_;
|
||||
JitCode *freeStub_;
|
||||
|
||||
// Thunk used by the debugger for breakpoint and step mode.
|
||||
JitCode *debugTrapHandler_;
|
||||
|
||||
|
@ -225,8 +221,6 @@ class JitRuntime
|
|||
JitCode *generateBailoutHandler(JSContext *cx);
|
||||
JitCode *generateInvalidator(JSContext *cx);
|
||||
JitCode *generatePreBarrier(JSContext *cx, MIRType type);
|
||||
JitCode *generateMallocStub(JSContext *cx);
|
||||
JitCode *generateFreeStub(JSContext *cx);
|
||||
JitCode *generateDebugTrapHandler(JSContext *cx);
|
||||
JitCode *generateForkJoinGetSliceStub(JSContext *cx);
|
||||
JitCode *generateVMWrapper(JSContext *cx, const VMFunction &f);
|
||||
|
@ -332,14 +326,6 @@ class JitRuntime
|
|||
return shapePreBarrier_;
|
||||
}
|
||||
|
||||
JitCode *mallocStub() const {
|
||||
return mallocStub_;
|
||||
}
|
||||
|
||||
JitCode *freeStub() const {
|
||||
return freeStub_;
|
||||
}
|
||||
|
||||
bool ensureForkJoinGetSliceStubExists(JSContext *cx);
|
||||
JitCode *forkJoinGetSliceStub() const {
|
||||
return forkJoinGetSliceStub_;
|
||||
|
|
|
@ -302,6 +302,32 @@ class LGoto : public LControlInstructionHelper<1, 0, 0>
|
|||
}
|
||||
};
|
||||
|
||||
class LNewSlots : public LCallInstructionHelper<1, 0, 3>
|
||||
{
|
||||
public:
|
||||
LIR_HEADER(NewSlots)
|
||||
|
||||
LNewSlots(const LDefinition &temp1, const LDefinition &temp2, const LDefinition &temp3) {
|
||||
setTemp(0, temp1);
|
||||
setTemp(1, temp2);
|
||||
setTemp(2, temp3);
|
||||
}
|
||||
|
||||
const LDefinition *temp1() {
|
||||
return getTemp(0);
|
||||
}
|
||||
const LDefinition *temp2() {
|
||||
return getTemp(1);
|
||||
}
|
||||
const LDefinition *temp3() {
|
||||
return getTemp(2);
|
||||
}
|
||||
|
||||
MNewSlots *mir() const {
|
||||
return mir_->toNewSlots();
|
||||
}
|
||||
};
|
||||
|
||||
class LNewArray : public LInstructionHelper<1, 0, 1>
|
||||
{
|
||||
public:
|
||||
|
@ -438,19 +464,22 @@ class LNewDeclEnvObject : public LInstructionHelper<1, 0, 1>
|
|||
}
|
||||
};
|
||||
|
||||
// Allocates a new CallObject.
|
||||
// Allocates a new CallObject. The inputs are:
|
||||
// slots: either a reg representing a HeapSlot *, or a placeholder
|
||||
// meaning that no slots pointer is needed.
|
||||
//
|
||||
// This instruction generates two possible instruction sets:
|
||||
// (1) If the call object is extensible, this is a callVM to create the
|
||||
// call object.
|
||||
// (2) Otherwise, an inline allocation of the call object is attempted.
|
||||
//
|
||||
class LNewCallObject : public LInstructionHelper<1, 0, 1>
|
||||
class LNewCallObject : public LInstructionHelper<1, 1, 1>
|
||||
{
|
||||
public:
|
||||
LIR_HEADER(NewCallObject)
|
||||
|
||||
LNewCallObject(const LDefinition &temp) {
|
||||
LNewCallObject(const LAllocation &slots, const LDefinition &temp) {
|
||||
setOperand(0, slots);
|
||||
setTemp(0, temp);
|
||||
}
|
||||
|
||||
|
@ -458,15 +487,21 @@ class LNewCallObject : public LInstructionHelper<1, 0, 1>
|
|||
return getTemp(0);
|
||||
}
|
||||
|
||||
const LAllocation *slots() {
|
||||
return getOperand(0);
|
||||
}
|
||||
MNewCallObject *mir() const {
|
||||
return mir_->toNewCallObject();
|
||||
}
|
||||
};
|
||||
|
||||
class LNewCallObjectPar : public LInstructionHelper<1, 1, 2>
|
||||
class LNewCallObjectPar : public LInstructionHelper<1, 2, 2>
|
||||
{
|
||||
LNewCallObjectPar(const LAllocation &cx, const LDefinition &temp1, const LDefinition &temp2) {
|
||||
LNewCallObjectPar(const LAllocation &cx, const LAllocation &slots,
|
||||
const LDefinition &temp1, const LDefinition &temp2)
|
||||
{
|
||||
setOperand(0, cx);
|
||||
setOperand(1, slots);
|
||||
setTemp(0, temp1);
|
||||
setTemp(1, temp2);
|
||||
}
|
||||
|
@ -474,16 +509,37 @@ class LNewCallObjectPar : public LInstructionHelper<1, 1, 2>
|
|||
public:
|
||||
LIR_HEADER(NewCallObjectPar);
|
||||
|
||||
static LNewCallObjectPar *New(TempAllocator &alloc, const LAllocation &cx,
|
||||
const LDefinition &temp1, const LDefinition &temp2)
|
||||
static LNewCallObjectPar *NewWithSlots(TempAllocator &alloc,
|
||||
const LAllocation &cx, const LAllocation &slots,
|
||||
const LDefinition &temp1, const LDefinition &temp2)
|
||||
{
|
||||
return new(alloc) LNewCallObjectPar(cx, temp1, temp2);
|
||||
return new(alloc) LNewCallObjectPar(cx, slots, temp1, temp2);
|
||||
}
|
||||
|
||||
static LNewCallObjectPar *NewSansSlots(TempAllocator &alloc,
|
||||
const LAllocation &cx,
|
||||
const LDefinition &temp1, const LDefinition &temp2)
|
||||
{
|
||||
LAllocation slots = LConstantIndex::Bogus();
|
||||
return new(alloc) LNewCallObjectPar(cx, slots, temp1, temp2);
|
||||
}
|
||||
|
||||
const LAllocation *forkJoinContext() {
|
||||
return getOperand(0);
|
||||
}
|
||||
|
||||
const LAllocation *slots() {
|
||||
return getOperand(1);
|
||||
}
|
||||
|
||||
const bool hasDynamicSlots() {
|
||||
// TO INVESTIGATE: Felix tried using isRegister() method here,
|
||||
// but for useFixed(_, CallTempN), isRegister() is false (and
|
||||
// isUse() is true). So for now ignore that and try to match
|
||||
// the LConstantIndex::Bogus() generated above instead.
|
||||
return slots() && ! slots()->isConstant();
|
||||
}
|
||||
|
||||
const MNewCallObjectPar *mir() const {
|
||||
return mir_->toNewCallObjectPar();
|
||||
}
|
||||
|
|
|
@ -25,6 +25,7 @@
|
|||
_(Goto) \
|
||||
_(NewArray) \
|
||||
_(NewObject) \
|
||||
_(NewSlots) \
|
||||
_(NewDeclEnvObject) \
|
||||
_(NewCallObject) \
|
||||
_(NewStringObject) \
|
||||
|
|
|
@ -160,6 +160,17 @@ LIRGenerator::visitDefFun(MDefFun *ins)
|
|||
return add(lir, ins) && assignSafepoint(lir, ins);
|
||||
}
|
||||
|
||||
bool
|
||||
LIRGenerator::visitNewSlots(MNewSlots *ins)
|
||||
{
|
||||
// No safepoint needed, since we don't pass a cx.
|
||||
LNewSlots *lir = new(alloc()) LNewSlots(tempFixed(CallTempReg0), tempFixed(CallTempReg1),
|
||||
tempFixed(CallTempReg2));
|
||||
if (!assignSnapshot(lir))
|
||||
return false;
|
||||
return defineReturn(lir, ins);
|
||||
}
|
||||
|
||||
bool
|
||||
LIRGenerator::visitNewArray(MNewArray *ins)
|
||||
{
|
||||
|
@ -184,7 +195,13 @@ LIRGenerator::visitNewDeclEnvObject(MNewDeclEnvObject *ins)
|
|||
bool
|
||||
LIRGenerator::visitNewCallObject(MNewCallObject *ins)
|
||||
{
|
||||
LNewCallObject *lir = new(alloc()) LNewCallObject(temp());
|
||||
LAllocation slots;
|
||||
if (ins->slots()->type() == MIRType_Slots)
|
||||
slots = useRegister(ins->slots());
|
||||
else
|
||||
slots = LConstantIndex::Bogus();
|
||||
|
||||
LNewCallObject *lir = new(alloc()) LNewCallObject(slots, temp());
|
||||
if (!define(lir, ins))
|
||||
return false;
|
||||
|
||||
|
@ -208,7 +225,17 @@ bool
|
|||
LIRGenerator::visitNewCallObjectPar(MNewCallObjectPar *ins)
|
||||
{
|
||||
const LAllocation &parThreadContext = useRegister(ins->forkJoinContext());
|
||||
LNewCallObjectPar *lir = LNewCallObjectPar::New(alloc(), parThreadContext, temp(), temp());
|
||||
const LDefinition &temp1 = temp();
|
||||
const LDefinition &temp2 = temp();
|
||||
|
||||
LNewCallObjectPar *lir;
|
||||
if (ins->slots()->type() == MIRType_Slots) {
|
||||
const LAllocation &slots = useRegister(ins->slots());
|
||||
lir = LNewCallObjectPar::NewWithSlots(alloc(), parThreadContext, slots, temp1, temp2);
|
||||
} else {
|
||||
lir = LNewCallObjectPar::NewSansSlots(alloc(), parThreadContext, temp1, temp2);
|
||||
}
|
||||
|
||||
return define(lir, ins);
|
||||
}
|
||||
|
||||
|
|
|
@ -66,6 +66,7 @@ class LIRGenerator : public LIRGeneratorSpecific
|
|||
bool visitCallee(MCallee *callee);
|
||||
bool visitGoto(MGoto *ins);
|
||||
bool visitTableSwitch(MTableSwitch *tableswitch);
|
||||
bool visitNewSlots(MNewSlots *ins);
|
||||
bool visitNewArray(MNewArray *ins);
|
||||
bool visitNewObject(MNewObject *ins);
|
||||
bool visitNewDeclEnvObject(MNewDeclEnvObject *ins);
|
||||
|
|
|
@ -8932,6 +8932,33 @@ class MPostWriteBarrier : public MBinaryInstruction, public ObjectPolicy<0>
|
|||
#endif
|
||||
};
|
||||
|
||||
class MNewSlots : public MNullaryInstruction
|
||||
{
|
||||
unsigned nslots_;
|
||||
|
||||
MNewSlots(unsigned nslots)
|
||||
: nslots_(nslots)
|
||||
{
|
||||
setResultType(MIRType_Slots);
|
||||
}
|
||||
|
||||
public:
|
||||
INSTRUCTION_HEADER(NewSlots)
|
||||
|
||||
static MNewSlots *New(TempAllocator &alloc, unsigned nslots) {
|
||||
return new(alloc) MNewSlots(nslots);
|
||||
}
|
||||
unsigned nslots() const {
|
||||
return nslots_;
|
||||
}
|
||||
AliasSet getAliasSet() const {
|
||||
return AliasSet::None();
|
||||
}
|
||||
bool possiblyCalls() const {
|
||||
return true;
|
||||
}
|
||||
};
|
||||
|
||||
class MNewDeclEnvObject : public MNullaryInstruction
|
||||
{
|
||||
CompilerRootObject templateObj_;
|
||||
|
@ -8958,13 +8985,13 @@ class MNewDeclEnvObject : public MNullaryInstruction
|
|||
}
|
||||
};
|
||||
|
||||
class MNewCallObject : public MNullaryInstruction
|
||||
class MNewCallObject : public MUnaryInstruction
|
||||
{
|
||||
CompilerRootObject templateObj_;
|
||||
bool needsSingletonType_;
|
||||
|
||||
MNewCallObject(JSObject *templateObj, bool needsSingletonType)
|
||||
: MNullaryInstruction(),
|
||||
MNewCallObject(JSObject *templateObj, bool needsSingletonType, MDefinition *slots)
|
||||
: MUnaryInstruction(slots),
|
||||
templateObj_(templateObj),
|
||||
needsSingletonType_(needsSingletonType)
|
||||
{
|
||||
|
@ -8974,11 +9001,15 @@ class MNewCallObject : public MNullaryInstruction
|
|||
public:
|
||||
INSTRUCTION_HEADER(NewCallObject)
|
||||
|
||||
static MNewCallObject *New(TempAllocator &alloc, JSObject *templateObj, bool needsSingletonType)
|
||||
static MNewCallObject *New(TempAllocator &alloc, JSObject *templateObj, bool needsSingletonType,
|
||||
MDefinition *slots)
|
||||
{
|
||||
return new(alloc) MNewCallObject(templateObj, needsSingletonType);
|
||||
return new(alloc) MNewCallObject(templateObj, needsSingletonType, slots);
|
||||
}
|
||||
|
||||
MDefinition *slots() {
|
||||
return getOperand(0);
|
||||
}
|
||||
JSObject *templateObject() {
|
||||
return templateObj_;
|
||||
}
|
||||
|
@ -8990,12 +9021,12 @@ class MNewCallObject : public MNullaryInstruction
|
|||
}
|
||||
};
|
||||
|
||||
class MNewCallObjectPar : public MUnaryInstruction
|
||||
class MNewCallObjectPar : public MBinaryInstruction
|
||||
{
|
||||
CompilerRootObject templateObj_;
|
||||
|
||||
MNewCallObjectPar(MDefinition *cx, JSObject *templateObj)
|
||||
: MUnaryInstruction(cx),
|
||||
MNewCallObjectPar(MDefinition *cx, JSObject *templateObj, MDefinition *slots)
|
||||
: MBinaryInstruction(cx, slots),
|
||||
templateObj_(templateObj)
|
||||
{
|
||||
setResultType(MIRType_Object);
|
||||
|
@ -9005,13 +9036,17 @@ class MNewCallObjectPar : public MUnaryInstruction
|
|||
INSTRUCTION_HEADER(NewCallObjectPar);
|
||||
|
||||
static MNewCallObjectPar *New(TempAllocator &alloc, MDefinition *cx, MNewCallObject *callObj) {
|
||||
return new(alloc) MNewCallObjectPar(cx, callObj->templateObject());
|
||||
return new(alloc) MNewCallObjectPar(cx, callObj->templateObject(), callObj->slots());
|
||||
}
|
||||
|
||||
MDefinition *forkJoinContext() const {
|
||||
return getOperand(0);
|
||||
}
|
||||
|
||||
MDefinition *slots() const {
|
||||
return getOperand(1);
|
||||
}
|
||||
|
||||
JSObject *templateObj() const {
|
||||
return templateObj_;
|
||||
}
|
||||
|
|
|
@ -85,6 +85,7 @@ namespace jit {
|
|||
_(ToInt32) \
|
||||
_(TruncateToInt32) \
|
||||
_(ToString) \
|
||||
_(NewSlots) \
|
||||
_(NewArray) \
|
||||
_(NewObject) \
|
||||
_(NewDeclEnvObject) \
|
||||
|
|
|
@ -179,6 +179,7 @@ class ParallelSafetyVisitor : public MInstructionVisitor
|
|||
SAFE_OP(TruncateToInt32)
|
||||
SAFE_OP(MaybeToDoubleElement)
|
||||
CUSTOM_OP(ToString)
|
||||
SAFE_OP(NewSlots)
|
||||
CUSTOM_OP(NewArray)
|
||||
CUSTOM_OP(NewObject)
|
||||
CUSTOM_OP(NewCallObject)
|
||||
|
@ -525,10 +526,6 @@ ParallelSafetyVisitor::visitCreateThisWithTemplate(MCreateThisWithTemplate *ins)
|
|||
bool
|
||||
ParallelSafetyVisitor::visitNewCallObject(MNewCallObject *ins)
|
||||
{
|
||||
if (ins->templateObject()->hasDynamicSlots()) {
|
||||
SpewMIR(ins, "call with dynamic slots");
|
||||
return markUnsafe();
|
||||
}
|
||||
replace(ins, MNewCallObjectPar::New(alloc(), ForkJoinContext(), ins));
|
||||
return true;
|
||||
}
|
||||
|
@ -643,6 +640,11 @@ ParallelSafetyVisitor::insertWriteGuard(MInstruction *writeInstruction,
|
|||
object = valueBeingWritten->toSlots()->object();
|
||||
break;
|
||||
|
||||
case MDefinition::Op_NewSlots:
|
||||
// Values produced by new slots will ALWAYS be
|
||||
// thread-local.
|
||||
return true;
|
||||
|
||||
default:
|
||||
SpewMIR(writeInstruction, "cannot insert write guard for %s",
|
||||
valueBeingWritten->opName());
|
||||
|
|
|
@ -509,16 +509,26 @@ InterruptCheck(JSContext *cx)
|
|||
return CheckForInterrupt(cx);
|
||||
}
|
||||
|
||||
void *
|
||||
MallocWrapper(JSRuntime *rt, size_t nbytes)
|
||||
HeapSlot *
|
||||
NewSlots(JSRuntime *rt, unsigned nslots)
|
||||
{
|
||||
return rt->pod_malloc<uint8_t>(nbytes);
|
||||
JS_STATIC_ASSERT(sizeof(Value) == sizeof(HeapSlot));
|
||||
|
||||
Value *slots = reinterpret_cast<Value *>(rt->malloc_(nslots * sizeof(Value)));
|
||||
if (!slots)
|
||||
return nullptr;
|
||||
|
||||
for (unsigned i = 0; i < nslots; i++)
|
||||
slots[i] = UndefinedValue();
|
||||
|
||||
return reinterpret_cast<HeapSlot *>(slots);
|
||||
}
|
||||
|
||||
JSObject *
|
||||
NewCallObject(JSContext *cx, HandleScript script, HandleShape shape, HandleTypeObject type)
|
||||
NewCallObject(JSContext *cx, HandleScript script,
|
||||
HandleShape shape, HandleTypeObject type, HeapSlot *slots)
|
||||
{
|
||||
JSObject *obj = CallObject::create(cx, script, shape, type);
|
||||
JSObject *obj = CallObject::create(cx, script, shape, type, slots);
|
||||
if (!obj)
|
||||
return nullptr;
|
||||
|
||||
|
|
|
@ -617,9 +617,9 @@ bool SetProperty(JSContext *cx, HandleObject obj, HandlePropertyName name, Handl
|
|||
|
||||
bool InterruptCheck(JSContext *cx);
|
||||
|
||||
void *MallocWrapper(JSRuntime *rt, size_t nbytes);
|
||||
HeapSlot *NewSlots(JSRuntime *rt, unsigned nslots);
|
||||
JSObject *NewCallObject(JSContext *cx, HandleScript script,
|
||||
HandleShape shape, HandleTypeObject type);
|
||||
HandleShape shape, HandleTypeObject type, HeapSlot *slots);
|
||||
JSObject *NewStringObject(JSContext *cx, HandleString str);
|
||||
|
||||
bool SPSEnter(JSContext *cx, HandleScript script);
|
||||
|
|
|
@ -252,7 +252,8 @@ class JSObject : public js::ObjectImpl
|
|||
js::gc::AllocKind kind,
|
||||
js::gc::InitialHeap heap,
|
||||
js::HandleShape shape,
|
||||
js::HandleTypeObject type);
|
||||
js::HandleTypeObject type,
|
||||
js::HeapSlot *extantSlots = nullptr);
|
||||
|
||||
/* Make an array object with the specified initial state. */
|
||||
static inline js::ArrayObject *createArray(js::ExclusiveContext *cx,
|
||||
|
|
|
@ -497,7 +497,8 @@ inline bool JSObject::isVarObj()
|
|||
|
||||
/* static */ inline JSObject *
|
||||
JSObject::create(js::ExclusiveContext *cx, js::gc::AllocKind kind, js::gc::InitialHeap heap,
|
||||
js::HandleShape shape, js::HandleTypeObject type)
|
||||
js::HandleShape shape, js::HandleTypeObject type,
|
||||
js::HeapSlot *extantSlots /* = nullptr */)
|
||||
{
|
||||
/*
|
||||
* Callers must use dynamicSlotsCount to size the initial slot array of the
|
||||
|
@ -510,9 +511,13 @@ JSObject::create(js::ExclusiveContext *cx, js::gc::AllocKind kind, js::gc::Initi
|
|||
JS_ASSERT(js::gc::GetGCKindSlots(kind, type->clasp()) == shape->numFixedSlots());
|
||||
JS_ASSERT_IF(type->clasp()->flags & JSCLASS_BACKGROUND_FINALIZE, IsBackgroundFinalized(kind));
|
||||
JS_ASSERT_IF(type->clasp()->finalize, heap == js::gc::TenuredHeap);
|
||||
JS_ASSERT_IF(extantSlots, dynamicSlotsCount(shape->numFixedSlots(), shape->slotSpan(),
|
||||
type->clasp()));
|
||||
|
||||
const js::Class *clasp = type->clasp();
|
||||
size_t nDynamicSlots = dynamicSlotsCount(shape->numFixedSlots(), shape->slotSpan(), clasp);
|
||||
size_t nDynamicSlots = 0;
|
||||
if (!extantSlots)
|
||||
nDynamicSlots = dynamicSlotsCount(shape->numFixedSlots(), shape->slotSpan(), clasp);
|
||||
|
||||
JSObject *obj = js::NewGCObject<js::CanGC>(cx, kind, nDynamicSlots, heap);
|
||||
if (!obj)
|
||||
|
@ -520,7 +525,13 @@ JSObject::create(js::ExclusiveContext *cx, js::gc::AllocKind kind, js::gc::Initi
|
|||
|
||||
obj->shape_.init(shape);
|
||||
obj->type_.init(type);
|
||||
// Note: slots are created and assigned internally by NewGCObject.
|
||||
if (extantSlots) {
|
||||
#ifdef JSGC_GENERATIONAL
|
||||
if (cx->isJSContext())
|
||||
cx->asJSContext()->runtime()->gcNursery.notifyInitialSlots(obj, extantSlots);
|
||||
#endif
|
||||
obj->slots = extantSlots;
|
||||
}
|
||||
obj->elements = js::emptyObjectElements;
|
||||
|
||||
if (clasp->hasPrivate())
|
||||
|
|
|
@ -141,14 +141,14 @@ ScopeObject::setEnclosingScope(HandleObject obj)
|
|||
* The call object must be further initialized to be usable.
|
||||
*/
|
||||
CallObject *
|
||||
CallObject::create(JSContext *cx, HandleScript script, HandleShape shape, HandleTypeObject type)
|
||||
CallObject::create(JSContext *cx, HandleScript script, HandleShape shape, HandleTypeObject type, HeapSlot *slots)
|
||||
{
|
||||
gc::AllocKind kind = gc::GetGCObjectKind(shape->numFixedSlots());
|
||||
JS_ASSERT(CanBeFinalizedInBackground(kind, &CallObject::class_));
|
||||
kind = gc::GetBackgroundAllocKind(kind);
|
||||
|
||||
gc::InitialHeap heap = script->treatAsRunOnce() ? gc::TenuredHeap : gc::DefaultHeap;
|
||||
JSObject *obj = JSObject::create(cx, kind, heap, shape, type);
|
||||
JSObject *obj = JSObject::create(cx, kind, heap, shape, type, slots);
|
||||
if (!obj)
|
||||
return nullptr;
|
||||
|
||||
|
|
|
@ -237,7 +237,7 @@ class CallObject : public ScopeObject
|
|||
|
||||
/* These functions are internal and are exposed only for JITs. */
|
||||
static CallObject *
|
||||
create(JSContext *cx, HandleScript script, HandleShape shape, HandleTypeObject type);
|
||||
create(JSContext *cx, HandleScript script, HandleShape shape, HandleTypeObject type, HeapSlot *slots);
|
||||
|
||||
static CallObject *
|
||||
createTemplateObject(JSContext *cx, HandleScript script, gc::InitialHeap heap);
|
||||
|
|
Загрузка…
Ссылка в новой задаче