From dad5fb18d038798d1480780c3e044608189da951 Mon Sep 17 00:00:00 2001 From: Jan de Mooij Date: Sat, 26 Nov 2016 21:19:23 +0100 Subject: [PATCH] Bug 1319437 part 2 - Port code for GETPROP on shadowing DOM proxies to CacheIR. r=nbp --- js/src/jit/BaselineDebugModeOSR.cpp | 1 - js/src/jit/BaselineInspector.cpp | 1 - js/src/jit/CacheIR.cpp | 33 ++++++++ js/src/jit/CacheIR.h | 2 + js/src/jit/SharedIC.cpp | 116 +--------------------------- js/src/jit/SharedIC.h | 60 -------------- js/src/jit/SharedICList.h | 1 - 7 files changed, 37 insertions(+), 177 deletions(-) diff --git a/js/src/jit/BaselineDebugModeOSR.cpp b/js/src/jit/BaselineDebugModeOSR.cpp index 97601b11752f..f609c6a53379 100644 --- a/js/src/jit/BaselineDebugModeOSR.cpp +++ b/js/src/jit/BaselineDebugModeOSR.cpp @@ -705,7 +705,6 @@ RecompileBaselineScriptForDebugMode(JSContext* cx, JSScript* script, _(GetProp_CallNativeGlobal) \ _(GetProp_CallDOMProxyNative) \ _(GetProp_CallDOMProxyWithGenerationNative) \ - _(GetProp_DOMProxyShadowed) \ _(GetProp_Generic) \ _(SetProp_CallScripted) \ _(SetProp_CallNative) diff --git a/js/src/jit/BaselineInspector.cpp b/js/src/jit/BaselineInspector.cpp index 88257dfe3aea..2424a64c1281 100644 --- a/js/src/jit/BaselineInspector.cpp +++ b/js/src/jit/BaselineInspector.cpp @@ -1021,7 +1021,6 @@ BaselineInspector::expectedPropertyAccessInputType(jsbytecode* pc) case ICStub::GetProp_CallDOMProxyNative: case ICStub::GetProp_CallDOMProxyWithGenerationNative: - case ICStub::GetProp_DOMProxyShadowed: case ICStub::GetElem_NativeSlotName: case ICStub::GetElem_NativeSlotSymbol: case ICStub::GetElem_NativePrototypeSlotName: diff --git a/js/src/jit/CacheIR.cpp b/js/src/jit/CacheIR.cpp index 714e5ee7c5be..0a5171f6478f 100644 --- a/js/src/jit/CacheIR.cpp +++ b/js/src/jit/CacheIR.cpp @@ -403,6 +403,25 @@ GetPropIRGenerator::tryAttachGenericProxy(CacheIRWriter& writer, HandleObject ob return true; } +bool +GetPropIRGenerator::tryAttachDOMProxyShadowed(CacheIRWriter& writer, HandleObject obj, + ObjOperandId objId) +{ + MOZ_ASSERT(!emitted_); + MOZ_ASSERT(IsCacheableDOMProxy(obj)); + + emitted_ = true; + + writer.guardShape(objId, obj->maybeShape()); + + // No need for more guards: we know this is a DOM proxy, since the shape + // guard enforces a given JSClass, so just go ahead and emit the call to + // ProxyGet. + writer.callProxyGetResult(objId, NameToId(name_)); + writer.typeMonitorResult(); + return true; +} + bool GetPropIRGenerator::tryAttachProxy(CacheIRWriter& writer, HandleObject obj, ObjOperandId objId) { @@ -411,6 +430,20 @@ GetPropIRGenerator::tryAttachProxy(CacheIRWriter& writer, HandleObject obj, ObjO if (!obj->is()) return true; + // Skim off DOM proxies. + if (IsCacheableDOMProxy(obj)) { + RootedId id(cx_, NameToId(name_)); + DOMProxyShadowsResult shadows = GetDOMProxyShadowsCheck()(cx_, obj, id); + if (shadows == ShadowCheckFailed) { + cx_->clearPendingException(); + return false; + } + if (DOMProxyIsShadowing(shadows)) + return tryAttachDOMProxyShadowed(writer, obj, objId); + + MOZ_ASSERT(shadows == DoesntShadow || shadows == DoesntShadowUnique); + } + return tryAttachGenericProxy(writer, obj, objId); } diff --git a/js/src/jit/CacheIR.h b/js/src/jit/CacheIR.h index baba40ca8406..677109e41645 100644 --- a/js/src/jit/CacheIR.h +++ b/js/src/jit/CacheIR.h @@ -465,6 +465,8 @@ class MOZ_RAII GetPropIRGenerator MOZ_MUST_USE bool tryAttachGenericProxy(CacheIRWriter& writer, HandleObject obj, ObjOperandId objId); + MOZ_MUST_USE bool tryAttachDOMProxyShadowed(CacheIRWriter& writer, HandleObject obj, + ObjOperandId objId); MOZ_MUST_USE bool tryAttachProxy(CacheIRWriter& writer, HandleObject obj, ObjOperandId objId); MOZ_MUST_USE bool tryAttachPrimitive(CacheIRWriter& writer, ValOperandId valId); diff --git a/js/src/jit/SharedIC.cpp b/js/src/jit/SharedIC.cpp index 5f8720a655da..49faa1bbd846 100644 --- a/js/src/jit/SharedIC.cpp +++ b/js/src/jit/SharedIC.cpp @@ -187,7 +187,6 @@ ICStub::NonCacheIRStubMakesGCCalls(Kind kind) case GetProp_CallNativeGlobal: case GetProp_CallDOMProxyNative: case GetProp_CallDOMProxyWithGenerationNative: - case GetProp_DOMProxyShadowed: case GetProp_Generic: case SetProp_CallScripted: case SetProp_CallNative: @@ -480,12 +479,6 @@ ICStub::trace(JSTracer* trc) TraceEdge(trc, &propStub->getter(), "baseline-getproplistbasenative-stub-getter"); break; } - case ICStub::GetProp_DOMProxyShadowed: { - ICGetProp_DOMProxyShadowed* propStub = toGetProp_DOMProxyShadowed(); - TraceEdge(trc, &propStub->shape(), "baseline-getproplistbaseshadowed-stub-shape"); - TraceEdge(trc, &propStub->name(), "baseline-getproplistbaseshadowed-stub-name"); - break; - } case ICStub::GetProp_CallNativeGlobal: { ICGetProp_CallNativeGlobal* callStub = toGetProp_CallNativeGlobal(); callStub->receiverGuard().trace(trc); @@ -2464,21 +2457,8 @@ TryAttachNativeGetAccessorPropStub(JSContext* cx, SharedStubInfo* info, isTemporarilyUnoptimizable, isDOMProxy); - // If it's a shadowed listbase proxy property, attach stub to call Proxy::get instead. - if (isDOMProxy && DOMProxyIsShadowing(domProxyShadowsResult)) { - MOZ_ASSERT(obj == holder); - - JitSpew(JitSpew_BaselineIC, " Generating GetProp(DOMProxyProxy) stub"); - Rooted proxy(cx, &obj->as()); - ICGetProp_DOMProxyShadowed::Compiler compiler(cx, info->engine(), monitorStub, proxy, name, - info->pcOffset()); - ICStub* newStub = compiler.getStub(compiler.getStubSpace(info->outerScript(cx))); - if (!newStub) - return false; - stub->addNewStub(newStub); - *attached = true; - return true; - } + if (isDOMProxy && DOMProxyIsShadowing(domProxyShadowsResult)) + return true; // This case is handled by CacheIR. // Try handling JSNative getters. if (!cacheableCall || isScripted) @@ -3256,76 +3236,6 @@ ICGetPropCallDOMProxyNativeCompiler::getStub(ICStubSpace* space) pcOffset_); } -ICStub* -ICGetProp_DOMProxyShadowed::Compiler::getStub(ICStubSpace* space) -{ - RootedShape shape(cx, proxy_->maybeShape()); - return New(cx, space, getStubCode(), firstMonitorStub_, shape, - proxy_->handler(), name_, pcOffset_); -} - -static bool -ProxyGet(JSContext* cx, HandleObject proxy, HandlePropertyName name, MutableHandleValue vp) -{ - RootedValue receiver(cx, ObjectValue(*proxy)); - RootedId id(cx, NameToId(name)); - return Proxy::get(cx, proxy, receiver, id, vp); -} - -typedef bool (*ProxyGetFn)(JSContext* cx, HandleObject proxy, HandlePropertyName name, - MutableHandleValue vp); -static const VMFunction ProxyGetInfo = FunctionInfo(ProxyGet, "ProxyGet"); - -bool -ICGetProp_DOMProxyShadowed::Compiler::generateStubCode(MacroAssembler& masm) -{ - Label failure; - - AllocatableGeneralRegisterSet regs(availableGeneralRegs(1)); - // Need to reserve a scratch register, but the scratch register should not be - // ICTailCallReg, because it's used for |enterStubFrame| which needs a - // non-ICTailCallReg scratch reg. - Register scratch = regs.takeAnyExcluding(ICTailCallReg); - - // Guard input is an object. - masm.branchTestObject(Assembler::NotEqual, R0, &failure); - - // Unbox. - Register objReg = masm.extractObject(R0, ExtractTemp0); - - // Shape guard. - masm.loadPtr(Address(ICStubReg, ICGetProp_DOMProxyShadowed::offsetOfShape()), scratch); - masm.branchTestObjShape(Assembler::NotEqual, objReg, scratch, &failure); - - // No need to do any more guards; it's safe to call ProxyGet even - // if we've since stopped shadowing. - - // Call ProxyGet(JSContext* cx, HandleObject proxy, HandlePropertyName name, MutableHandleValue vp); - - // Push a stub frame so that we can perform a non-tail call. - enterStubFrame(masm, scratch); - - // Push property name and proxy object. - masm.loadPtr(Address(ICStubReg, ICGetProp_DOMProxyShadowed::offsetOfName()), scratch); - masm.Push(scratch); - masm.Push(objReg); - - // Don't have to preserve R0 anymore. - regs.add(R0); - - if (!callVM(ProxyGetInfo, masm)) - return false; - leaveStubFrame(masm); - - // Enter type monitor IC to type-check result. - EmitEnterTypeMonitorIC(masm); - - // Failure case - jump to next stub - masm.bind(&failure); - EmitStubGuardFailure(masm); - return true; -} - bool ICGetProp_ArgumentsLength::Compiler::generateStubCode(MacroAssembler& masm) { @@ -3575,28 +3485,6 @@ ICGetProp_CallDOMProxyWithGenerationNative::Clone(JSContext* cx, other.pcOffset_); } -ICGetProp_DOMProxyShadowed::ICGetProp_DOMProxyShadowed(JitCode* stubCode, - ICStub* firstMonitorStub, - Shape* shape, - const BaseProxyHandler* proxyHandler, - PropertyName* name, - uint32_t pcOffset) - : ICMonitoredStub(ICStub::GetProp_DOMProxyShadowed, stubCode, firstMonitorStub), - shape_(shape), - proxyHandler_(proxyHandler), - name_(name), - pcOffset_(pcOffset) -{ } - -/* static */ ICGetProp_DOMProxyShadowed* -ICGetProp_DOMProxyShadowed::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub, - ICGetProp_DOMProxyShadowed& other) -{ - return New(cx, space, other.jitCode(), firstMonitorStub, - other.shape_, other.proxyHandler_, other.name_, - other.pcOffset_); -} - // // TypeMonitor_Fallback // diff --git a/js/src/jit/SharedIC.h b/js/src/jit/SharedIC.h index be25d88fb41b..3ac7d48b9cc3 100644 --- a/js/src/jit/SharedIC.h +++ b/js/src/jit/SharedIC.h @@ -2792,66 +2792,6 @@ class ICGetPropCallDOMProxyNativeCompiler : public ICStubCompiler { ICStub* getStub(ICStubSpace* space); }; -class ICGetProp_DOMProxyShadowed : public ICMonitoredStub -{ - friend class ICStubSpace; - protected: - GCPtrShape shape_; - const BaseProxyHandler* proxyHandler_; - GCPtrPropertyName name_; - uint32_t pcOffset_; - - ICGetProp_DOMProxyShadowed(JitCode* stubCode, ICStub* firstMonitorStub, Shape* shape, - const BaseProxyHandler* proxyHandler, PropertyName* name, - uint32_t pcOffset); - - public: - static ICGetProp_DOMProxyShadowed* Clone(JSContext* cx, ICStubSpace* space, - ICStub* firstMonitorStub, - ICGetProp_DOMProxyShadowed& other); - - GCPtrShape& shape() { - return shape_; - } - GCPtrPropertyName& name() { - return name_; - } - - static size_t offsetOfShape() { - return offsetof(ICGetProp_DOMProxyShadowed, shape_); - } - static size_t offsetOfProxyHandler() { - return offsetof(ICGetProp_DOMProxyShadowed, proxyHandler_); - } - static size_t offsetOfName() { - return offsetof(ICGetProp_DOMProxyShadowed, name_); - } - static size_t offsetOfPCOffset() { - return offsetof(ICGetProp_DOMProxyShadowed, pcOffset_); - } - - class Compiler : public ICStubCompiler { - ICStub* firstMonitorStub_; - Rooted proxy_; - RootedPropertyName name_; - uint32_t pcOffset_; - - MOZ_MUST_USE bool generateStubCode(MacroAssembler& masm); - - public: - Compiler(JSContext* cx, Engine engine, ICStub* firstMonitorStub, Handle proxy, - HandlePropertyName name, uint32_t pcOffset) - : ICStubCompiler(cx, ICStub::GetProp_DOMProxyShadowed, engine), - firstMonitorStub_(firstMonitorStub), - proxy_(cx, proxy), - name_(cx, name), - pcOffset_(pcOffset) - {} - - ICStub* getStub(ICStubSpace* space); - }; -}; - class ICGetProp_ArgumentsLength : public ICStub { friend class ICStubSpace; diff --git a/js/src/jit/SharedICList.h b/js/src/jit/SharedICList.h index 48883c4e4581..4fae736d3547 100644 --- a/js/src/jit/SharedICList.h +++ b/js/src/jit/SharedICList.h @@ -39,7 +39,6 @@ namespace jit { _(GetProp_CallNativeGlobal) \ _(GetProp_CallDOMProxyNative) \ _(GetProp_CallDOMProxyWithGenerationNative) \ - _(GetProp_DOMProxyShadowed) \ _(GetProp_ArgumentsLength) \ _(GetProp_ArgumentsCallee) \ _(GetProp_Generic) \