comparison modules/javafx.web/src/main/native/Source/JavaScriptCore/dfg/DFGDoesGC.cpp @ 11342:d7d63c79d24f

Merge
author kcr
date Tue, 10 Sep 2019 08:52:49 -0700
parents db2c977a840b
children
comparison
equal deleted inserted replaced
6:3b0c68b543d1 7:11807faee6ec
1 /* 1 /*
2 * Copyright (C) 2014-2017 Apple Inc. All rights reserved. 2 * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
6 * are met: 6 * are met:
7 * 1. Redistributions of source code must retain the above copyright 7 * 1. Redistributions of source code must retain the above copyright
39 { 39 {
40 if (clobbersHeap(graph, node)) 40 if (clobbersHeap(graph, node))
41 return true; 41 return true;
42 42
43 // Now consider nodes that don't clobber the world but that still may GC. This includes all 43 // Now consider nodes that don't clobber the world but that still may GC. This includes all
44 // nodes. By convention we put world-clobbering nodes in the block of "false" cases but we can 44 // nodes. By default, we should assume every node can GC and return true. This includes the
45 // put them anywhere. 45 // world-clobbering nodes. We should only return false if we have proven that the node cannot
46 // GC. Typical examples of how a node can GC is if the code emitted for the node does any of the
47 // following:
48 // 1. Allocates any objects.
49 // 2. Resolves a rope string, which allocates a string.
50 // 3. Produces a string (which allocates the string) except when we can prove that
51 // the string will always be one of the pre-allcoated SmallStrings.
52 // 4. Triggers a structure transition (which can allocate a new structure)
53 // unless it is a known transition between previously allocated structures
54 // such as between Array types.
55 // 5. Calls to a JS function, which can execute arbitrary code including allocating objects.
56 // 6. Calls operations that uses DeferGC, because it may GC in its destructor.
57
46 switch (node->op()) { 58 switch (node->op()) {
47 case JSConstant: 59 case JSConstant:
48 case DoubleConstant: 60 case DoubleConstant:
49 case Int52Constant: 61 case Int52Constant:
50 case LazyJSConstant: 62 case LazyJSConstant:
65 case Upsilon: 77 case Upsilon:
66 case Phi: 78 case Phi:
67 case Flush: 79 case Flush:
68 case PhantomLocal: 80 case PhantomLocal:
69 case SetArgument: 81 case SetArgument:
70 case BitAnd: 82 case ArithBitNot:
71 case BitOr: 83 case ArithBitAnd:
72 case BitXor: 84 case ArithBitOr:
85 case ArithBitXor:
73 case BitLShift: 86 case BitLShift:
74 case BitRShift: 87 case BitRShift:
75 case BitURShift: 88 case BitURShift:
76 case ValueToInt32: 89 case ValueToInt32:
77 case UInt32ToNumber: 90 case UInt32ToNumber:
94 case ArithFloor: 107 case ArithFloor:
95 case ArithCeil: 108 case ArithCeil:
96 case ArithTrunc: 109 case ArithTrunc:
97 case ArithFRound: 110 case ArithFRound:
98 case ArithUnary: 111 case ArithUnary:
99 case ValueAdd:
100 case ValueNegate:
101 case TryGetById:
102 case GetById:
103 case GetByIdFlush:
104 case GetByIdWithThis:
105 case GetByIdDirect:
106 case GetByIdDirectFlush:
107 case PutById:
108 case PutByIdFlush:
109 case PutByIdWithThis:
110 case PutByValWithThis:
111 case PutByIdDirect:
112 case PutGetterById:
113 case PutSetterById:
114 case PutGetterSetterById:
115 case PutGetterByVal:
116 case PutSetterByVal:
117 case DefineDataProperty:
118 case DefineAccessorProperty:
119 case DeleteById:
120 case DeleteByVal:
121 case CheckStructure: 112 case CheckStructure:
122 case CheckStructureOrEmpty: 113 case CheckStructureOrEmpty:
123 case CheckStructureImmediate: 114 case CheckStructureImmediate:
124 case GetExecutable: 115 case GetExecutable:
125 case GetButterfly: 116 case GetButterfly:
139 case PutGlobalVariable: 130 case PutGlobalVariable:
140 case CheckCell: 131 case CheckCell:
141 case CheckNotEmpty: 132 case CheckNotEmpty:
142 case AssertNotEmpty: 133 case AssertNotEmpty:
143 case CheckStringIdent: 134 case CheckStringIdent:
144 case RegExpExec:
145 case RegExpExecNonGlobalOrSticky:
146 case RegExpTest:
147 case RegExpMatchFast:
148 case RegExpMatchFastGlobal:
149 case CompareBelow: 135 case CompareBelow:
150 case CompareBelowEq: 136 case CompareBelowEq:
151 case CompareEqPtr: 137 case CompareEqPtr:
152 case SameValue:
153 case Call:
154 case DirectCall:
155 case TailCallInlinedCaller:
156 case DirectTailCallInlinedCaller:
157 case Construct:
158 case DirectConstruct:
159 case CallVarargs:
160 case CallEval:
161 case TailCallVarargsInlinedCaller:
162 case ConstructVarargs:
163 case LoadVarargs:
164 case CallForwardVarargs:
165 case ConstructForwardVarargs:
166 case TailCallForwardVarargs:
167 case TailCallForwardVarargsInlinedCaller:
168 case ProfileType:
169 case ProfileControlFlow: 138 case ProfileControlFlow:
170 case OverridesHasInstance: 139 case OverridesHasInstance:
171 case InstanceOf:
172 case InstanceOfCustom:
173 case IsEmpty: 140 case IsEmpty:
174 case IsUndefined: 141 case IsUndefined:
142 case IsUndefinedOrNull:
175 case IsBoolean: 143 case IsBoolean:
176 case IsNumber: 144 case IsNumber:
177 case NumberIsInteger: 145 case NumberIsInteger:
178 case IsObject: 146 case IsObject:
179 case IsObjectOrNull: 147 case IsObjectOrNull:
180 case IsFunction: 148 case IsFunction:
181 case IsCellWithType: 149 case IsCellWithType:
182 case IsTypedArrayView: 150 case IsTypedArrayView:
183 case TypeOf: 151 case TypeOf:
184 case LogicalNot: 152 case LogicalNot:
185 case ToPrimitive:
186 case ToNumber:
187 case ToString:
188 case CallStringConstructor:
189 case NumberToStringWithRadix:
190 case NumberToStringWithValidRadixConstant:
191 case InByVal:
192 case InById:
193 case HasOwnProperty:
194 case Jump: 153 case Jump:
195 case Branch: 154 case Branch:
196 case Switch:
197 case EntrySwitch: 155 case EntrySwitch:
198 case Return:
199 case TailCall:
200 case DirectTailCall:
201 case TailCallVarargs:
202 case Throw:
203 case CountExecution: 156 case CountExecution:
204 case SuperSamplerBegin: 157 case SuperSamplerBegin:
205 case SuperSamplerEnd: 158 case SuperSamplerEnd:
206 case ForceOSRExit:
207 case CPUIntrinsic: 159 case CPUIntrinsic:
208 case CheckTraps:
209 case StringFromCharCode:
210 case NormalizeMapKey: 160 case NormalizeMapKey:
211 case GetMapBucket:
212 case GetMapBucketHead: 161 case GetMapBucketHead:
213 case GetMapBucketNext: 162 case GetMapBucketNext:
214 case LoadKeyFromMapBucket: 163 case LoadKeyFromMapBucket:
215 case LoadValueFromMapBucket: 164 case LoadValueFromMapBucket:
216 case ExtractValueFromWeakMapGet: 165 case ExtractValueFromWeakMapGet:
219 case WeakMapSet: 168 case WeakMapSet:
220 case Unreachable: 169 case Unreachable:
221 case ExtractOSREntryLocal: 170 case ExtractOSREntryLocal:
222 case ExtractCatchLocal: 171 case ExtractCatchLocal:
223 case ClearCatchLocals: 172 case ClearCatchLocals:
224 case CheckTierUpInLoop:
225 case CheckTierUpAtReturn:
226 case CheckTierUpAndOSREnter:
227 case LoopHint: 173 case LoopHint:
228 case StoreBarrier: 174 case StoreBarrier:
229 case FencedStoreBarrier: 175 case FencedStoreBarrier:
230 case InvalidationPoint: 176 case InvalidationPoint:
231 case NotifyWrite: 177 case NotifyWrite:
238 case ValueRep: 184 case ValueRep:
239 case DoubleRep: 185 case DoubleRep:
240 case Int52Rep: 186 case Int52Rep:
241 case GetGetter: 187 case GetGetter:
242 case GetSetter: 188 case GetSetter:
243 case GetByVal:
244 case GetByValWithThis:
245 case GetArrayLength: 189 case GetArrayLength:
246 case GetVectorLength: 190 case GetVectorLength:
247 case ArrayPush:
248 case ArrayPop:
249 case StringCharAt:
250 case StringCharCodeAt: 191 case StringCharCodeAt:
251 case GetTypedArrayByteOffset: 192 case GetTypedArrayByteOffset:
252 case GetPrototypeOf: 193 case GetPrototypeOf:
253 case PutByValDirect:
254 case PutByVal:
255 case PutByValAlias:
256 case PutStructure: 194 case PutStructure:
257 case GetByOffset: 195 case GetByOffset:
258 case GetGetterSetterByOffset: 196 case GetGetterSetterByOffset:
259 case PutByOffset:
260 case GetEnumerableLength: 197 case GetEnumerableLength:
261 case HasGenericProperty:
262 case HasStructureProperty:
263 case HasIndexedProperty:
264 case GetDirectPname:
265 case FiatInt52: 198 case FiatInt52:
266 case BooleanToNumber: 199 case BooleanToNumber:
267 case CheckBadCell: 200 case CheckBadCell:
268 case BottomValue: 201 case BottomValue:
269 case PhantomNewObject: 202 case PhantomNewObject:
281 case PhantomNewRegexp: 214 case PhantomNewRegexp:
282 case GetMyArgumentByVal: 215 case GetMyArgumentByVal:
283 case GetMyArgumentByValOutOfBounds: 216 case GetMyArgumentByValOutOfBounds:
284 case ForwardVarargs: 217 case ForwardVarargs:
285 case PutHint: 218 case PutHint:
286 case PutStack:
287 case KillStack: 219 case KillStack:
288 case GetStack: 220 case GetStack:
289 case GetFromArguments: 221 case GetFromArguments:
290 case PutToArguments:
291 case GetArgument: 222 case GetArgument:
292 case LogShadowChickenPrologue: 223 case LogShadowChickenPrologue:
293 case LogShadowChickenTail: 224 case LogShadowChickenTail:
294 case GetDynamicVar:
295 case PutDynamicVar:
296 case ResolveScopeForHoistingFuncDeclInEval:
297 case ResolveScope:
298 case NukeStructureAndSetButterfly: 225 case NukeStructureAndSetButterfly:
299 case AtomicsAdd: 226 case AtomicsAdd:
300 case AtomicsAnd: 227 case AtomicsAnd:
301 case AtomicsCompareExchange: 228 case AtomicsCompareExchange:
302 case AtomicsExchange: 229 case AtomicsExchange:
314 case DataViewGetInt: 241 case DataViewGetInt:
315 case DataViewGetFloat: 242 case DataViewGetFloat:
316 case DataViewSet: 243 case DataViewSet:
317 return false; 244 return false;
318 245
246 #if !ASSERT_DISABLED
247 case ArrayPush:
248 case ArrayPop:
319 case PushWithScope: 249 case PushWithScope:
320 case CreateActivation: 250 case CreateActivation:
321 case CreateDirectArguments: 251 case CreateDirectArguments:
322 case CreateScopedArguments: 252 case CreateScopedArguments:
323 case CreateClonedArguments: 253 case CreateClonedArguments:
254 case Call:
255 case CallEval:
256 case CallForwardVarargs:
324 case CallObjectConstructor: 257 case CallObjectConstructor:
258 case CallVarargs:
259 case CheckTierUpAndOSREnter:
260 case CheckTierUpAtReturn:
261 case CheckTierUpInLoop:
262 case Construct:
263 case ConstructForwardVarargs:
264 case ConstructVarargs:
265 case DefineDataProperty:
266 case DefineAccessorProperty:
267 case DeleteById:
268 case DeleteByVal:
269 case DirectCall:
270 case DirectConstruct:
271 case DirectTailCall:
272 case DirectTailCallInlinedCaller:
273 case ForceOSRExit:
274 case GetById:
275 case GetByIdDirect:
276 case GetByIdDirectFlush:
277 case GetByIdFlush:
278 case GetByIdWithThis:
279 case GetByValWithThis:
280 case GetDirectPname:
281 case GetDynamicVar:
282 case GetMapBucket:
283 case HasGenericProperty:
284 case HasIndexedProperty:
285 case HasOwnProperty:
286 case HasStructureProperty:
287 case InById:
288 case InByVal:
289 case InstanceOf:
290 case InstanceOfCustom:
291 case LoadVarargs:
292 case NumberToStringWithRadix:
293 case NumberToStringWithValidRadixConstant:
294 case ProfileType:
295 case PutById:
296 case PutByIdDirect:
297 case PutByIdFlush:
298 case PutByIdWithThis:
299 case PutByOffset:
300 case PutByValWithThis:
301 case PutDynamicVar:
302 case PutGetterById:
303 case PutGetterByVal:
304 case PutGetterSetterById:
305 case PutSetterById:
306 case PutSetterByVal:
307 case PutStack:
308 case PutToArguments:
309 case RegExpExec:
310 case RegExpExecNonGlobalOrSticky:
311 case RegExpMatchFast:
312 case RegExpMatchFastGlobal:
313 case RegExpTest:
314 case ResolveScope:
315 case ResolveScopeForHoistingFuncDeclInEval:
316 case Return:
317 case StringCharAt:
318 case TailCall:
319 case TailCallForwardVarargs:
320 case TailCallForwardVarargsInlinedCaller:
321 case TailCallInlinedCaller:
322 case TailCallVarargs:
323 case TailCallVarargsInlinedCaller:
324 case Throw:
325 case ToNumber:
325 case ToObject: 326 case ToObject:
327 case ToPrimitive:
326 case ToThis: 328 case ToThis:
329 case TryGetById:
327 case CreateThis: 330 case CreateThis:
328 case ObjectCreate: 331 case ObjectCreate:
332 case ObjectKeys:
329 case AllocatePropertyStorage: 333 case AllocatePropertyStorage:
330 case ReallocatePropertyStorage: 334 case ReallocatePropertyStorage:
331 case Arrayify: 335 case Arrayify:
332 case ArrayifyToStructure: 336 case ArrayifyToStructure:
333 case NewObject: 337 case NewObject:
336 case Spread: 340 case Spread:
337 case NewArrayWithSize: 341 case NewArrayWithSize:
338 case NewArrayBuffer: 342 case NewArrayBuffer:
339 case NewRegexp: 343 case NewRegexp:
340 case NewStringObject: 344 case NewStringObject:
345 case NewSymbol:
341 case MakeRope: 346 case MakeRope:
342 case NewFunction: 347 case NewFunction:
343 case NewGeneratorFunction: 348 case NewGeneratorFunction:
344 case NewAsyncGeneratorFunction: 349 case NewAsyncGeneratorFunction:
345 case NewAsyncFunction: 350 case NewAsyncFunction:
364 case ArraySlice: 369 case ArraySlice:
365 case ArrayIndexOf: 370 case ArrayIndexOf:
366 case ParseInt: // We might resolve a rope even though we don't clobber anything. 371 case ParseInt: // We might resolve a rope even though we don't clobber anything.
367 case SetAdd: 372 case SetAdd:
368 case MapSet: 373 case MapSet:
374 case ValueBitAnd:
375 case ValueBitOr:
376 case ValueBitXor:
377 case ValueAdd:
378 case ValueSub:
379 case ValueMul:
380 case ValueDiv:
381 case ValueNegate:
382 #else
383 // See comment at the top for why be default for all nodes should be to
384 // return true.
385 default:
386 #endif
387 return true;
388
389 case CallStringConstructor:
390 case ToString:
391 switch (node->child1().useKind()) {
392 case StringObjectUse:
393 case StringOrStringObjectUse:
394 return false;
395 default:
396 break;
397 }
398 return true;
399
400 case CheckTraps:
401 // FIXME: https://bugs.webkit.org/show_bug.cgi?id=194323
402 ASSERT(Options::usePollingTraps());
369 return true; 403 return true;
370 404
371 case CompareEq: 405 case CompareEq:
372 case CompareLess: 406 case CompareLess:
373 case CompareLessEq: 407 case CompareLessEq:
407 || node->isBinaryUseKind(StringIdentUse, NotStringVarUse) || node->isBinaryUseKind(NotStringVarUse, StringIdentUse)) 441 || node->isBinaryUseKind(StringIdentUse, NotStringVarUse) || node->isBinaryUseKind(NotStringVarUse, StringIdentUse))
408 return false; 442 return false;
409 return true; 443 return true;
410 444
411 case GetIndexedPropertyStorage: 445 case GetIndexedPropertyStorage:
446 case GetByVal:
412 if (node->arrayMode().type() == Array::String) 447 if (node->arrayMode().type() == Array::String)
413 return true; 448 return true;
449 return false;
450
451 case PutByValDirect:
452 case PutByVal:
453 case PutByValAlias:
454 if (!graph.m_plan.isFTL()) {
455 switch (node->arrayMode().modeForPut().type()) {
456 case Array::Int8Array:
457 case Array::Int16Array:
458 case Array::Int32Array:
459 case Array::Uint8Array:
460 case Array::Uint8ClampedArray:
461 case Array::Uint16Array:
462 case Array::Uint32Array:
463 return true;
464 default:
465 break;
466 }
467 }
414 return false; 468 return false;
415 469
416 case MapHash: 470 case MapHash:
417 switch (node->child1().useKind()) { 471 switch (node->child1().useKind()) {
418 case BooleanUse: 472 case BooleanUse:
426 } 480 }
427 481
428 case MultiPutByOffset: 482 case MultiPutByOffset:
429 return node->multiPutByOffsetData().reallocatesStorage(); 483 return node->multiPutByOffsetData().reallocatesStorage();
430 484
485 case SameValue:
486 if (node->isBinaryUseKind(DoubleRepUse))
487 return false;
488 return true;
489
490 case StringFromCharCode:
491 // FIXME: Should we constant fold this case?
492 // https://bugs.webkit.org/show_bug.cgi?id=194308
493 if (node->child1()->isInt32Constant() && (node->child1()->asUInt32() <= maxSingleCharacterString))
494 return false;
495 return true;
496
497 case Switch:
498 switch (node->switchData()->kind) {
499 case SwitchCell:
500 ASSERT(graph.m_plan.isFTL());
501 FALLTHROUGH;
502 case SwitchImm:
503 return false;
504 case SwitchChar:
505 return true;
506 case SwitchString:
507 if (node->child1().useKind() == StringIdentUse)
508 return false;
509 ASSERT(node->child1().useKind() == StringUse || node->child1().useKind() == UntypedUse);
510 return true;
511 }
512 RELEASE_ASSERT_NOT_REACHED();
513
431 case LastNodeType: 514 case LastNodeType:
432 RELEASE_ASSERT_NOT_REACHED(); 515 RELEASE_ASSERT_NOT_REACHED();
433 return true;
434 } 516 }
435 517
436 RELEASE_ASSERT_NOT_REACHED(); 518 RELEASE_ASSERT_NOT_REACHED();
437 return true;
438 } 519 }
439 520
440 } } // namespace JSC::DFG 521 } } // namespace JSC::DFG
441 522
442 #endif // ENABLE(DFG_JIT) 523 #endif // ENABLE(DFG_JIT)