ChangeLog

2016-07-20  Saam Barati  <sbarati@apple.com>

        op_add/ValueAdd should be an IC in all JIT tiers

        https://bugs.webkit.org/show_bug.cgi?id=159649

        Reviewed by NOBODY (OOPS!).

        This patch makes Add an IC inside all JIT tiers. It does so in a

        simple, but effective, way. We will try to generate an int+int add

        that will repatch itself if its type checks fail. Sometimes though,

        we have runtime type data saying that the add won't be int+int.

        In those cases, we will just generate a full snippet that doesn't patch itself.

        Other times, we may generate no inline code and defer to making a C call. A lot

        of this patch is just refactoring ResultProfile into what we're now calling ArithProfile.

        ArithProfile does everything ResultProfile used to do, and more. It records simple type

        data about the LHS/RHS operands it sees. This allows us to determine if an op_add

        has only seen int+int operands, etc. ArithProfile will also contain the ResultType

        for the LHS/RHS that the parser feeds into op_add. ArithProfile now fits into 32-bits.

        This means instead of having a side table like we did for ResultProfile, we just

        inject the ArithProfile into the bytecode instruction stream. This makes asking

        for ArithProfile faster; we no longer need to lock around this operation.

        The size of an Add has gone down on average, but we can still do better.

        We still generate a lot of code because we generate calls to the slow path.

        I think we can make this better by moving the slow path to a shared thunk

        system. This patch mostly lays the foundation for future improvements to Add,

        and a framework to move all other arithmetic operations to be typed-based ICs.

        Here is some data I took on the average op_add/ValueAdd size on various benchmarks:

                   |   JetStream  |  Speedometer |  Unity 3D  |

             ------| -------------|-----------------------------

              Old  |  189 bytes   |  169 bytes   |  192 bytes |

             ------| -------------|-----------------------------

              New  |  148 bytes   |  124 bytes   |  143 bytes |

             ---------------------------------------------------

        Making an arithmetic IC is now easy. The JITMathIC class will hold a snippet

        generator as a member variable. To make a snippet an IC, you need to implement

        a generateInline(.) method, which generates the inline IC. Then, you need to

        generate the IC where you used to generate the snippet. When generating the

        IC, we need to inform JITMathIC of various data like we do with StructureStubInfo.

        We need to tell it about where the slow path starts, where the slow path call is, etc.

        When generating a JITMathIC, it may tell you that it didn't generate any code inline.

        This is a request to the user of JITMathIC to just generate a C call along the

        fast path. JITMathIC may also have the snippet tell it to just generate the full

        snippet instead of the int+int path along the fast path.

        In subsequent patches, we can improve upon how we decide to generate int+int or

        the full snippet. I tried to get clever by having double+double, double+int, int+double,

        fast paths, but they didn't work out nearly as well as the int+int fast path. I ended up

        generating a lot of code when I did this and ended up using more memory than just generating

        the full snippet. There is probably some way we can be clever and generate specialized fast

        paths that are more successful than what I tried implementing, but I think that's worth doing

        this in follow up patches once the JITMathIC foundation has landed.

        This patch also fixes a bug inside the slow path lambdas in the DFG.

        Before, it was not legal to emit an exception check inside them. Now,

        it is. So it's now easy to define arbitrary late paths using the DFG

        slow path lambda API.

        * CMakeLists.txt:

        * JavaScriptCore.xcodeproj/project.pbxproj:

        * bytecode/ArithProfile.cpp: Added.

        (JSC::ArithProfile::emitDetectNumericness):

        (JSC::ArithProfile::shouldEmitSetDouble):

        (JSC::ArithProfile::emitSetDouble):

        (JSC::ArithProfile::shouldEmitSetNonNumber):

        (JSC::ArithProfile::emitSetNonNumber):

        (WTF::printInternal):

        * bytecode/ArithProfile.h: Added.

        (JSC::ObservedType::ObservedType):

        (JSC::ObservedType::sawInt32):

        (JSC::ObservedType::isOnlyInt32):

        (JSC::ObservedType::sawNumber):

        (JSC::ObservedType::isOnlyNumber):

        (JSC::ObservedType::sawNonNumber):

        (JSC::ObservedType::isOnlyNonNumber):

        (JSC::ObservedType::isEmpty):

        (JSC::ObservedType::bits):

        (JSC::ObservedType::withInt32):

        (JSC::ObservedType::withNumber):

        (JSC::ObservedType::withNonNumber):

        (JSC::ObservedType::withoutNonNumber):

        (JSC::ObservedType::operator==):

        (JSC::ArithProfile::ArithProfile):

        (JSC::ArithProfile::fromInt):

        (JSC::ArithProfile::lhsResultType):

        (JSC::ArithProfile::rhsResultType):

        (JSC::ArithProfile::lhsObservedType):

        (JSC::ArithProfile::rhsObservedType):

        (JSC::ArithProfile::setLhsObservedType):

        (JSC::ArithProfile::setRhsObservedType):

        (JSC::ArithProfile::tookSpecialFastPath):

        (JSC::ArithProfile::didObserveNonInt32):

        (JSC::ArithProfile::didObserveDouble):

        (JSC::ArithProfile::didObserveNonNegZeroDouble):

        (JSC::ArithProfile::didObserveNegZeroDouble):

        (JSC::ArithProfile::didObserveNonNumber):

        (JSC::ArithProfile::didObserveInt32Overflow):

        (JSC::ArithProfile::didObserveInt52Overflow):

        (JSC::ArithProfile::setObservedNonNegZeroDouble):

        (JSC::ArithProfile::setObservedNegZeroDouble):

        (JSC::ArithProfile::setObservedNonNumber):

        (JSC::ArithProfile::setObservedInt32Overflow):

        (JSC::ArithProfile::setObservedInt52Overflow):

        (JSC::ArithProfile::addressOfBits):

        (JSC::ArithProfile::detectNumericness):

        (JSC::ArithProfile::lhsSawInt32):

        (JSC::ArithProfile::lhsSawNumber):

        (JSC::ArithProfile::lhsSawNonNumber):

        (JSC::ArithProfile::rhsSawInt32):

        (JSC::ArithProfile::rhsSawNumber):

        (JSC::ArithProfile::rhsSawNonNumber):

        (JSC::ArithProfile::observeLHSAndRHS):

        (JSC::ArithProfile::bits):

        (JSC::ArithProfile::hasBits):

        (JSC::ArithProfile::setBit):

        * bytecode/CodeBlock.cpp:

        (JSC::CodeBlock::dumpRareCaseProfile):

        (JSC::CodeBlock::dumpArithProfile):

        (JSC::CodeBlock::dumpBytecode):

        (JSC::CodeBlock::addStubInfo):

        (JSC::CodeBlock::addJITAddIC):

        (JSC::CodeBlock::findStubInfo):

        (JSC::CodeBlock::resetJITData):

        (JSC::CodeBlock::shrinkToFit):

        (JSC::CodeBlock::dumpValueProfiles):

        (JSC::CodeBlock::rareCaseProfileCountForBytecodeOffset):

        (JSC::CodeBlock::arithProfileForBytecodeOffset):

        (JSC::CodeBlock::arithProfileForPC):

        (JSC::CodeBlock::couldTakeSpecialFastCase):

        (JSC::CodeBlock::dumpResultProfile): Deleted.

        (JSC::CodeBlock::resultProfileForBytecodeOffset): Deleted.

        (JSC::CodeBlock::specialFastCaseProfileCountForBytecodeOffset): Deleted.

        (JSC::CodeBlock::ensureResultProfile): Deleted.

        * bytecode/CodeBlock.h:

        (JSC::CodeBlock::stubInfoBegin):

        (JSC::CodeBlock::stubInfoEnd):

        (JSC::CodeBlock::couldTakeSlowCase):

        (JSC::CodeBlock::numberOfResultProfiles): Deleted.

        * bytecode/MethodOfGettingAValueProfile.cpp:

        (JSC::MethodOfGettingAValueProfile::emitReportValue):

        * bytecode/MethodOfGettingAValueProfile.h:

        (JSC::MethodOfGettingAValueProfile::MethodOfGettingAValueProfile):

        * bytecode/ValueProfile.cpp:

        (JSC::ResultProfile::emitDetectNumericness): Deleted.

        (JSC::ResultProfile::emitSetDouble): Deleted.

        (JSC::ResultProfile::emitSetNonNumber): Deleted.

        (WTF::printInternal): Deleted.

        * bytecode/ValueProfile.h:

        (JSC::getRareCaseProfileBytecodeOffset):

        (JSC::ResultProfile::ResultProfile): Deleted.

        (JSC::ResultProfile::bytecodeOffset): Deleted.

        (JSC::ResultProfile::specialFastPathCount): Deleted.

        (JSC::ResultProfile::didObserveNonInt32): Deleted.

        (JSC::ResultProfile::didObserveDouble): Deleted.

        (JSC::ResultProfile::didObserveNonNegZeroDouble): Deleted.

        (JSC::ResultProfile::didObserveNegZeroDouble): Deleted.

        (JSC::ResultProfile::didObserveNonNumber): Deleted.

        (JSC::ResultProfile::didObserveInt32Overflow): Deleted.

        (JSC::ResultProfile::didObserveInt52Overflow): Deleted.

        (JSC::ResultProfile::setObservedNonNegZeroDouble): Deleted.

        (JSC::ResultProfile::setObservedNegZeroDouble): Deleted.

        (JSC::ResultProfile::setObservedNonNumber): Deleted.

        (JSC::ResultProfile::setObservedInt32Overflow): Deleted.

        (JSC::ResultProfile::setObservedInt52Overflow): Deleted.

        (JSC::ResultProfile::addressOfFlags): Deleted.

        (JSC::ResultProfile::addressOfSpecialFastPathCount): Deleted.

        (JSC::ResultProfile::detectNumericness): Deleted.

        (JSC::ResultProfile::hasBits): Deleted.

        (JSC::ResultProfile::setBit): Deleted.

        (JSC::getResultProfileBytecodeOffset): Deleted.

        * bytecompiler/BytecodeGenerator.cpp:

        (JSC::BytecodeGenerator::emitBinaryOp):

        * dfg/DFGByteCodeParser.cpp:

        (JSC::DFG::ByteCodeParser::makeSafe):

        * dfg/DFGGraph.cpp:

        (JSC::DFG::Graph::methodOfGettingAValueProfileFor):

        * dfg/DFGJITCompiler.cpp:

        (JSC::DFG::JITCompiler::exceptionCheck):

        * dfg/DFGSlowPathGenerator.h:

        (JSC::DFG::SlowPathGenerator::generate):

        * dfg/DFGSpeculativeJIT.cpp:

        (JSC::DFG::SpeculativeJIT::addSlowPathGenerator):

        (JSC::DFG::SpeculativeJIT::runSlowPathGenerators):

        (JSC::DFG::SpeculativeJIT::compileValueAdd):

        * dfg/DFGSpeculativeJIT.h:

        (JSC::DFG::SpeculativeJIT::silentSpillAllRegistersImpl):

        (JSC::DFG::SpeculativeJIT::silentSpillAllRegisters):

        (JSC::DFG::SpeculativeJIT::callOperation):

        * ftl/FTLLowerDFGToB3.cpp:

        (JSC::FTL::DFG::LowerDFGToB3::compileValueAdd):

        (JSC::FTL::DFG::LowerDFGToB3::compileStrCat):

        (JSC::FTL::DFG::LowerDFGToB3::emitBinarySnippet):

        (JSC::FTL::DFG::LowerDFGToB3::emitAddSnippet):

        (JSC::FTL::DFG::LowerDFGToB3::emitBinaryBitOpSnippet):

        * jit/CCallHelpers.h:

        (JSC::CCallHelpers::setupArgumentsWithExecState):

        (JSC::CCallHelpers::setupArguments):

        * jit/JIT.h:

        * jit/JITAddGenerator.cpp:

        (JSC::JITAddGenerator::generateInline):

        (JSC::JITAddGenerator::generateFastPath):

        * jit/JITAddGenerator.h:

        (JSC::JITAddGenerator::JITAddGenerator):

        (JSC::JITAddGenerator::didEmitFastPath): Deleted.

        (JSC::JITAddGenerator::endJumpList): Deleted.

        (JSC::JITAddGenerator::slowPathJumpList): Deleted.

        * jit/JITArithmetic.cpp:

        (JSC::JIT::emit_op_jless):

        (JSC::JIT::emitSlow_op_urshift):

        (JSC::getOperandTypes):

        (JSC::JIT::emit_op_add):

        (JSC::JIT::emitSlow_op_add):

        (JSC::JIT::emit_op_div):

        (JSC::JIT::emit_op_mul):

        (JSC::JIT::emitSlow_op_mul):

        (JSC::JIT::emit_op_sub):

        (JSC::JIT::emitSlow_op_sub):

        * jit/JITDivGenerator.cpp:

        (JSC::JITDivGenerator::generateFastPath):

        * jit/JITDivGenerator.h:

        (JSC::JITDivGenerator::JITDivGenerator):

        * jit/JITInlines.h:

        (JSC::JIT::callOperation):

        * jit/JITMathIC.h: Added.

        (JSC::JITMathIC::doneLocation):

        (JSC::JITMathIC::slowPathStartLocation):

        (JSC::JITMathIC::slowPathCallLocation):

        (JSC::JITMathIC::generateInline):

        (JSC::JITMathIC::generateOutOfLine):

        (JSC::JITMathIC::finalizeInlineCode):

        * jit/JITMathICForwards.h: Added.

        * jit/JITMathICInlineResult.h: Added.

        * jit/JITMulGenerator.cpp:

        (JSC::JITMulGenerator::generateFastPath):

        * jit/JITMulGenerator.h:

        (JSC::JITMulGenerator::JITMulGenerator):

        * jit/JITOperations.cpp:

        * jit/JITOperations.h:

        * jit/JITSubGenerator.cpp:

        (JSC::JITSubGenerator::generateFastPath):

        * jit/JITSubGenerator.h:

        (JSC::JITSubGenerator::JITSubGenerator):

        * jit/Repatch.cpp:

        (JSC::readCallTarget):

        (JSC::ftlThunkAwareRepatchCall):

        (JSC::tryCacheGetByID):

        (JSC::repatchGetByID):

        (JSC::appropriateGenericPutByIdFunction):

        (JSC::tryCachePutByID):

        (JSC::repatchPutByID):

        (JSC::tryRepatchIn):

        (JSC::repatchIn):

        (JSC::linkSlowFor):

        (JSC::resetGetByID):

        (JSC::resetPutByID):

        (JSC::repatchCall): Deleted.

        * jit/Repatch.h:

        * llint/LLIntData.cpp:

        (JSC::LLInt::Data::performAssertions):

        * llint/LowLevelInterpreter.asm:

        * llint/LowLevelInterpreter32_64.asm:

        * llint/LowLevelInterpreter64.asm:

        * parser/ResultType.h:

        (JSC::ResultType::ResultType):

        (JSC::ResultType::isInt32):

        (JSC::ResultType::definitelyIsNumber):

        (JSC::ResultType::definitelyIsString):

        (JSC::ResultType::definitelyIsBoolean):

        (JSC::ResultType::mightBeNumber):

        (JSC::ResultType::isNotNumber):

        (JSC::ResultType::forBitOp):

        (JSC::ResultType::bits):

        (JSC::OperandTypes::OperandTypes):

        * runtime/CommonSlowPaths.cpp:

        (JSC::SLOW_PATH_DECL):

        (JSC::updateArithProfileForBinaryArithOp):

        (JSC::updateResultProfileForBinaryArithOp): Deleted.

        * tests/stress/op-add-exceptions.js: Added.

        (assert):

        (f1):

        (f2):

        (f3):

        (let.oException.valueOf):

        (foo):

        (ident):

        (bar):

2016-07-20  Michael Saboff  <msaboff@apple.com>

        CrashOnOverflow in JSC::Yarr::YarrPatternConstructor::setupAlternativeOffsets

203469

Source/JavaScriptCore/CMakeLists.txt

@@set(JavaScriptCore_SOURCES

    builtins/BuiltinExecutableCreator.cpp

    bytecode/AdaptiveInferredPropertyValueWatchpointBase.cpp

178 bytecode/ArithProfile.cpp

    bytecode/ArrayAllocationProfile.cpp

    bytecode/ArrayProfile.cpp

    bytecode/BytecodeBasicBlock.cpp

203461

Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

		7905BB691D12050E0019FE57 /* InlineAccess.h in Headers */ = {isa = PBXBuildFile; fileRef = 7905BB671D12050E0019FE57 /* InlineAccess.h */; settings = {ATTRIBUTES = (Private, ); }; };

		79160DBD1C8E3EC8008C085A /* ProxyRevoke.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 79160DBB1C8E3EC8008C085A /* ProxyRevoke.cpp */; };

		79160DBE1C8E3EC8008C085A /* ProxyRevoke.h in Headers */ = {isa = PBXBuildFile; fileRef = 79160DBC1C8E3EC8008C085A /* ProxyRevoke.h */; settings = {ATTRIBUTES = (Private, ); }; };

1282 79233C2B1D34715700C5A834 /* JITMathIC.h in Headers */ = {isa = PBXBuildFile; fileRef = 79233C291D34715700C5A834 /* JITMathIC.h */; settings = {ATTRIBUTES = (Private, ); }; };

		792CB3491C4EED5C00D13AF3 /* PCToCodeOriginMap.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 792CB3471C4EED5C00D13AF3 /* PCToCodeOriginMap.cpp */; };

		792CB34A1C4EED5C00D13AF3 /* PCToCodeOriginMap.h in Headers */ = {isa = PBXBuildFile; fileRef = 792CB3481C4EED5C00D13AF3 /* PCToCodeOriginMap.h */; settings = {ATTRIBUTES = (Private, ); }; };

		7964656A1B952FF0003059EE /* GetPutInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 796465681B952FF0003059EE /* GetPutInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };

		797E07A91B8FCFB9008400BA /* JSGlobalLexicalEnvironment.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 797E07A71B8FCFB9008400BA /* JSGlobalLexicalEnvironment.cpp */; };

		797E07AA1B8FCFB9008400BA /* JSGlobalLexicalEnvironment.h in Headers */ = {isa = PBXBuildFile; fileRef = 797E07A81B8FCFB9008400BA /* JSGlobalLexicalEnvironment.h */; settings = {ATTRIBUTES = (Private, ); }; };

		799EF7C41C56ED96002B0534 /* B3PCToOriginMap.h in Headers */ = {isa = PBXBuildFile; fileRef = 799EF7C31C56ED96002B0534 /* B3PCToOriginMap.h */; settings = {ATTRIBUTES = (Private, ); }; };

		79A228351D35D71E00D8E067 /* ArithProfile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 79A228331D35D71E00D8E067 /* ArithProfile.cpp */; };

		79A228361D35D71F00D8E067 /* ArithProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = 79A228341D35D71E00D8E067 /* ArithProfile.h */; };

		79AF0BE41D3EFD4C00E95FA5 /* JITMathICInlineResult.h in Headers */ = {isa = PBXBuildFile; fileRef = 79AF0BE31D3EFD4C00E95FA5 /* JITMathICInlineResult.h */; settings = {ATTRIBUTES = (Private, ); }; };

		79B00CBC1C6AB07E0088C65D /* ProxyConstructor.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 79B00CB81C6AB07E0088C65D /* ProxyConstructor.cpp */; };

		79B00CBD1C6AB07E0088C65D /* ProxyConstructor.h in Headers */ = {isa = PBXBuildFile; fileRef = 79B00CB91C6AB07E0088C65D /* ProxyConstructor.h */; settings = {ATTRIBUTES = (Private, ); }; };

		79B00CBE1C6AB07E0088C65D /* ProxyObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 79B00CBA1C6AB07E0088C65D /* ProxyObject.cpp */; settings = {COMPILER_FLAGS = "-fno-optimize-sibling-calls"; }; };

		79B00CBF1C6AB07E0088C65D /* ProxyObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 79B00CBB1C6AB07E0088C65D /* ProxyObject.h */; settings = {ATTRIBUTES = (Private, ); }; };

1296 79B1788E1D399B8000B1A567 /* JITMathICForwards.h in Headers */ = {isa = PBXBuildFile; fileRef = 79A899FE1D38612E00D18C73 /* JITMathICForwards.h */; settings = {ATTRIBUTES = (Private, ); }; };

		79C4B15D1BA2158F00FD592E /* DFGLiveCatchVariablePreservationPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 79C4B15B1BA2158F00FD592E /* DFGLiveCatchVariablePreservationPhase.cpp */; };

		79C4B15E1BA2158F00FD592E /* DFGLiveCatchVariablePreservationPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 79C4B15C1BA2158F00FD592E /* DFGLiveCatchVariablePreservationPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };

		79CFC6F01C33B10000C768EA /* LLIntPCRanges.h in Headers */ = {isa = PBXBuildFile; fileRef = 79CFC6EF1C33B10000C768EA /* LLIntPCRanges.h */; settings = {ATTRIBUTES = (Private, ); }; };

		7905BB671D12050E0019FE57 /* InlineAccess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = InlineAccess.h; sourceTree = "<group>"; };

		79160DBB1C8E3EC8008C085A /* ProxyRevoke.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ProxyRevoke.cpp; sourceTree = "<group>"; };

		79160DBC1C8E3EC8008C085A /* ProxyRevoke.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ProxyRevoke.h; sourceTree = "<group>"; };

3485 79233C291D34715700C5A834 /* JITMathIC.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITMathIC.h; sourceTree = "<group>"; };

		792CB3471C4EED5C00D13AF3 /* PCToCodeOriginMap.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PCToCodeOriginMap.cpp; sourceTree = "<group>"; };

		792CB3481C4EED5C00D13AF3 /* PCToCodeOriginMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PCToCodeOriginMap.h; sourceTree = "<group>"; };

		796465681B952FF0003059EE /* GetPutInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GetPutInfo.h; sourceTree = "<group>"; };

		797E07A71B8FCFB9008400BA /* JSGlobalLexicalEnvironment.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSGlobalLexicalEnvironment.cpp; sourceTree = "<group>"; };

		797E07A81B8FCFB9008400BA /* JSGlobalLexicalEnvironment.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSGlobalLexicalEnvironment.h; sourceTree = "<group>"; };

		799EF7C31C56ED96002B0534 /* B3PCToOriginMap.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = B3PCToOriginMap.h; path = b3/B3PCToOriginMap.h; sourceTree = "<group>"; };

		79A228331D35D71E00D8E067 /* ArithProfile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArithProfile.cpp; sourceTree = "<group>"; };

		79A228341D35D71E00D8E067 /* ArithProfile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArithProfile.h; sourceTree = "<group>"; };

		79A899FE1D38612E00D18C73 /* JITMathICForwards.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITMathICForwards.h; sourceTree = "<group>"; };

		79AF0BE31D3EFD4C00E95FA5 /* JITMathICInlineResult.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITMathICInlineResult.h; sourceTree = "<group>"; };

		79B00CB81C6AB07E0088C65D /* ProxyConstructor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ProxyConstructor.cpp; sourceTree = "<group>"; };

		79B00CB91C6AB07E0088C65D /* ProxyConstructor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ProxyConstructor.h; sourceTree = "<group>"; };

		79B00CBA1C6AB07E0088C65D /* ProxyObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ProxyObject.cpp; sourceTree = "<group>"; };

				DE5A09FF1BA3AC3E003D4424 /* IntrinsicEmitter.cpp */,

				1429D92D0ED22D7000B89619 /* JIT.cpp */,

				1429D92E0ED22D7000B89619 /* JIT.h */,

				79233C291D34715700C5A834 /* JITMathIC.h */,

				79A899FE1D38612E00D18C73 /* JITMathICForwards.h */,

				79AF0BE31D3EFD4C00E95FA5 /* JITMathICInlineResult.h */,

				FE1220251BE7F5640039E6F2 /* JITAddGenerator.cpp */,

				FE1220261BE7F5640039E6F2 /* JITAddGenerator.h */,

				86A90ECF0EE7D51F00AB350D /* JITArithmetic.cpp */,

				0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */,

				0F63945115D07051006A597C /* ArrayProfile.cpp */,

				0F63945215D07051006A597C /* ArrayProfile.h */,

6581 79A228331D35D71E00D8E067 /* ArithProfile.cpp */,

6582 79A228341D35D71E00D8E067 /* ArithProfile.h */,

				C2FCAE0C17A9C24E0034C735 /* BytecodeBasicBlock.cpp */,

				C2FCAE0D17A9C24E0034C735 /* BytecodeBasicBlock.h */,

				0F21C27E14BEAA8000ADC64B /* BytecodeConventions.h */,

				A5EA70E819F5B1010098F5EC /* AugmentableInspectorControllerClient.h in Headers */,

				0FEC84FF1BDACDAC0080FF74 /* B3ArgumentRegValue.h in Headers */,

				0FEC85011BDACDAC0080FF74 /* B3BasicBlock.h in Headers */,

7095 79233C2B1D34715700C5A834 /* JITMathIC.h in Headers */,

				0FEC85021BDACDAC0080FF74 /* B3BasicBlockInlines.h in Headers */,

				0FEC85031BDACDAC0080FF74 /* B3BasicBlockUtils.h in Headers */,

				0FEC85041BDACDAC0080FF74 /* B3BlockWorklist.h in Headers */,

				A7A8AF3A17ADB5F3005AB174 /* Int8Array.h in Headers */,

				BC11667B0E199C05008066DD /* InternalFunction.h in Headers */,

				1429D77C0ED20D7300B89619 /* Interpreter.h in Headers */,

7675 79AF0BE41D3EFD4C00E95FA5 /* JITMathICInlineResult.h in Headers */,

				A1B9E23A1B4E0D6700BC7FED /* IntlCollator.h in Headers */,

				A1B9E23C1B4E0D6700BC7FED /* IntlCollatorConstructor.h in Headers */,

				A18193E31B4E0CDB00FC1029 /* IntlCollatorConstructor.lut.h in Headers */,

				A51007C1187CC3C600B38879 /* JSGlobalObjectInspectorController.h in Headers */,

				A50E4B6418809DD50068A46D /* JSGlobalObjectRuntimeAgent.h in Headers */,

				A503FA2A188F105900110F14 /* JSGlobalObjectScriptDebugServer.h in Headers */,

7785 79A228361D35D71F00D8E067 /* ArithProfile.h in Headers */,

				A513E5C0185BFACC007E95AD /* JSInjectedScriptHost.h in Headers */,

				A513E5C2185BFACC007E95AD /* JSInjectedScriptHostPrototype.h in Headers */,

				C442CB251A6CDB8C005D3D7C /* JSInputs.json in Headers */,

				0FC8150A14043BF500CFA603 /* WriteBarrierSupport.h in Headers */,

				9688CB160ED12B4E001D649F /* X86Assembler.h in Headers */,

				9959E92E1BD17FA4001AA413 /* xxd.pl in Headers */,

8211 79B1788E1D399B8000B1A567 /* JITMathICForwards.h in Headers */,

				451539B912DC994500EF7AC4 /* Yarr.h in Headers */,

				86704B8512DBA33700A9FE7B /* YarrInterpreter.h in Headers */,

				86704B8712DBA33700A9FE7B /* YarrJIT.h in Headers */,

				0FEB3ECF16237F6C00AB67AD /* MacroAssembler.cpp in Sources */,

				86C568E011A213EE0007F7F0 /* MacroAssemblerARM.cpp in Sources */,

				FEB137571BB11EF900CD5100 /* MacroAssemblerARM64.cpp in Sources */,

9296 79A228351D35D71E00D8E067 /* ArithProfile.cpp in Sources */,

				A729009C17976C6000317298 /* MacroAssemblerARMv7.cpp in Sources */,

				FE68C6381B90DE0B0042BCB3 /* MacroAssemblerPrinter.cpp in Sources */,

				A7A4AE0817973B26005612B1 /* MacroAssemblerX86Common.cpp in Sources */,

203461

Source/JavaScriptCore/bytecode/ArithProfile.cpp

/*

 * Copyright (C) 2016 Apple Inc. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY

 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY

 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

 */

#include "config.h"

#include "ArithProfile.h"

#include "CCallHelpers.h"

#include "JSCInlines.h"

namespace JSC {

#if ENABLE(JIT)

void ArithProfile::emitDetectNumericness(CCallHelpers& jit, JSValueRegs regs, TagRegistersMode mode)

{

    if (!shouldEmitSetDouble() && !shouldEmitSetNonNumber())

        return;

    CCallHelpers::Jump isInt32 = jit.branchIfInt32(regs, mode);

    CCallHelpers::Jump notDouble = jit.branchIfNotDoubleKnownNotInt32(regs, mode);

    emitSetDouble(jit);

    CCallHelpers::Jump done = jit.jump();

    notDouble.link(&jit);

    emitSetNonNumber(jit);

    done.link(&jit);

    isInt32.link(&jit);

}

bool ArithProfile::shouldEmitSetDouble() const

{

    uint32_t mask = ArithProfile::Int32Overflow | ArithProfile::Int52Overflow | ArithProfile::NegZeroDouble | ArithProfile::NonNegZeroDouble;

    return (m_bits & mask) != mask;

}

void ArithProfile::emitSetDouble(CCallHelpers& jit)

{

    if (shouldEmitSetDouble())

        jit.or32(CCallHelpers::TrustedImm32(ArithProfile::Int32Overflow | ArithProfile::Int52Overflow | ArithProfile::NegZeroDouble | ArithProfile::NonNegZeroDouble), CCallHelpers::AbsoluteAddress(addressOfBits()));

}

bool ArithProfile::shouldEmitSetNonNumber() const

{

    uint32_t mask = ArithProfile::NonNumber;

    return (m_bits & mask) != mask;

}

void ArithProfile::emitSetNonNumber(CCallHelpers& jit)

{

    if (shouldEmitSetNonNumber())

        jit.or32(CCallHelpers::TrustedImm32(ArithProfile::NonNumber), CCallHelpers::AbsoluteAddress(addressOfBits()));

}

#endif // ENABLE(JIT)

} // namespace JSC

namespace WTF {

using namespace JSC;

void printInternal(PrintStream& out, const ArithProfile& profile)

{

    const char* separator = "";

    if (!profile.didObserveNonInt32()) {

        out.print("Int32");

        separator = "|";

    } else {

        if (profile.didObserveNegZeroDouble()) {

            out.print(separator, "NegZeroDouble");

            separator = "|";

        }

        if (profile.didObserveNonNegZeroDouble()) {

            out.print("NonNegZeroDouble");

            separator = "|";

        }

        if (profile.didObserveNonNumber()) {

            out.print("NonNumber");

            separator = "|";

        }

        if (profile.didObserveInt32Overflow()) {

            out.print("Int32Overflow");

            separator = "|";

        }

        if (profile.didObserveInt52Overflow()) {

            out.print("Int52Overflow");

            separator = "|";

        }

    }

    if (profile.tookSpecialFastPath())

        out.print(" took special fast path.");

}

} // namespace WTF

nonexistent

Source/JavaScriptCore/bytecode/ArithProfile.h

/*

 * Copyright (C) 2016 Apple Inc. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY

 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY

 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

 */

#pragma once

#include "GPRInfo.h"

#include "JSCJSValue.h"

#include "ResultType.h"

#include "TagRegistersMode.h"

namespace JSC {

class CCallHelpers;

struct ObservedType {

    ObservedType(uint8_t bits = TypeEmpty)

        : m_bits(bits)

    { }

    bool sawInt32() const { return m_bits & TypeInt32; }

    bool isOnlyInt32() const { return m_bits == TypeInt32; }

    bool sawNumber() const { return m_bits & TypeNumber; }

    bool isOnlyNumber() const { return m_bits == TypeNumber; }

    bool sawNonNumber() const { return m_bits & TypeNonNumber; }

    bool isOnlyNonNumber() const { return m_bits == TypeNonNumber; }

    bool isEmpty() const { return !m_bits; }

    uint8_t bits() const { return m_bits; }

    ObservedType withInt32() const { return ObservedType(m_bits | TypeInt32); }

    ObservedType withNumber() const { return ObservedType(m_bits | TypeNumber); }

    ObservedType withNonNumber() const { return ObservedType(m_bits | TypeNonNumber); }

    ObservedType withoutNonNumber() const { return ObservedType(m_bits & ~TypeNonNumber); }

    bool operator==(const ObservedType& other) const { return m_bits == other.m_bits; }

    static const uint8_t TypeEmpty = 0x0;

    static const uint8_t TypeInt32 = 0x1;

    static const uint8_t TypeNumber = 0x02;

    static const uint8_t TypeNonNumber = 0x04;

private:

    uint8_t m_bits;

};

struct ArithProfile {

private:

    static const uint32_t numberOfFlagBits = 5;

    static const uint32_t rhsResultTypeShift = 5;

    static const uint32_t lhsResultTypeShift = 11;

    static const uint32_t rhsObservedTypeShift = 17;

    static const uint32_t lhsObservedTypeShift = 20;

    static const uint32_t bottom6Bits = (1 << 6) - 1;

    static const uint32_t bottom3Bits = (1 << 3) - 1;

    static const uint32_t clearRhsObservedTypeBits = ~((1 << 17) | (1 << 18) | (1 << 19));

    static const uint32_t clearLhsObservedTypeBits = ~((1 << 20) | (1 << 21) | (1 << 22));

    static_assert(ResultType::numBitsNeeded == 6, "We make a strong assumption here that ResultType fits in 6 bits.");

public:

    static const uint32_t specialFastPathBit = 1 << 23;

    ArithProfile(ResultType lhs, ResultType rhs)

    {

        m_bits = (lhs.bits() << lhsResultTypeShift) | (rhs.bits() << rhsResultTypeShift);

        ASSERT(lhsResultType().bits() == lhs.bits() && rhsResultType().bits() == rhs.bits());

        ASSERT(lhsObservedType().isEmpty());

        ASSERT(rhsObservedType().isEmpty());

    }

    ArithProfile()

    { }

    static ArithProfile fromInt(uint32_t bits)

    {

        ArithProfile result;

        result.m_bits = bits;

        return result;

    }

    enum ObservedResults {

        NonNegZeroDouble = 1 << 0,

        NegZeroDouble    = 1 << 1,

        NonNumber        = 1 << 2,

        Int32Overflow    = 1 << 3,

        Int52Overflow    = 1 << 4,

    };

    ResultType lhsResultType() const { return ResultType((m_bits >> lhsResultTypeShift) & bottom6Bits); }

    ResultType rhsResultType() const { return ResultType((m_bits >> rhsResultTypeShift) & bottom6Bits); }

    ObservedType lhsObservedType() const { return ObservedType((m_bits >> lhsObservedTypeShift) & bottom3Bits); }

    ObservedType rhsObservedType() const { return ObservedType((m_bits >> rhsObservedTypeShift) & bottom3Bits); }

    void setLhsObservedType(ObservedType type)

    {

        uint32_t bits = m_bits;

        bits &= clearLhsObservedTypeBits;

        bits |= type.bits() << lhsObservedTypeShift;

        m_bits = bits;

        ASSERT(lhsObservedType() == type);

    }

    void setRhsObservedType(ObservedType type)

    { 

        uint32_t bits = m_bits;

        bits &= clearRhsObservedTypeBits;

        bits |= type.bits() << rhsObservedTypeShift;

        m_bits = bits;

        ASSERT(rhsObservedType() == type);

    }

    bool tookSpecialFastPath() const { return m_bits & specialFastPathBit; }

    bool didObserveNonInt32() const { return hasBits(NonNegZeroDouble | NegZeroDouble | NonNumber); }

    bool didObserveDouble() const { return hasBits(NonNegZeroDouble | NegZeroDouble); }

    bool didObserveNonNegZeroDouble() const { return hasBits(NonNegZeroDouble); }

    bool didObserveNegZeroDouble() const { return hasBits(NegZeroDouble); }

    bool didObserveNonNumber() const { return hasBits(NonNumber); }

    bool didObserveInt32Overflow() const { return hasBits(Int32Overflow); }

    bool didObserveInt52Overflow() const { return hasBits(Int52Overflow); }

    void setObservedNonNegZeroDouble() { setBit(NonNegZeroDouble); }

    void setObservedNegZeroDouble() { setBit(NegZeroDouble); }

    void setObservedNonNumber() { setBit(NonNumber); }

    void setObservedInt32Overflow() { setBit(Int32Overflow); }

    void setObservedInt52Overflow() { setBit(Int52Overflow); }

    void* addressOfBits() { return &m_bits; }

    void detectNumericness(JSValue value)

    {

        if (value.isInt32())

            return;

        if (value.isNumber()) {

            m_bits |= Int32Overflow | Int52Overflow | NonNegZeroDouble | NegZeroDouble;

            return;

        }

        m_bits |= NonNumber;

    }

    void lhsSawInt32() { setLhsObservedType(lhsObservedType().withInt32()); }

    void lhsSawNumber() { setLhsObservedType(lhsObservedType().withNumber()); }

    void lhsSawNonNumber() { setLhsObservedType(lhsObservedType().withNonNumber()); }

    void rhsSawInt32() { setRhsObservedType(rhsObservedType().withInt32()); }

    void rhsSawNumber() { setRhsObservedType(rhsObservedType().withNumber()); }

    void rhsSawNonNumber() { setRhsObservedType(rhsObservedType().withNonNumber()); }

    void observeLHSAndRHS(JSValue lhs, JSValue rhs)

    {

        ArithProfile newProfile = *this;

        if (lhs.isNumber()) {

            if (lhs.isInt32())

                newProfile.lhsSawInt32();

            else

                newProfile.lhsSawNumber();

        } else

            newProfile.lhsSawNonNumber();

        if (rhs.isNumber()) {

            if (rhs.isInt32())

                newProfile.rhsSawInt32();

            else

                newProfile.rhsSawNumber();

        } else

            newProfile.rhsSawNonNumber();

        m_bits = newProfile.bits();

    }

#if ENABLE(JIT)    

    // Sets (Int32Overflow | Int52Overflow | NonNegZeroDouble | NegZeroDouble) if it sees a

    // double. Sets NonNumber if it sees a non-number.

    void emitDetectNumericness(CCallHelpers&, JSValueRegs, TagRegistersMode = HaveTagRegisters);

    // Sets (Int32Overflow | Int52Overflow | NonNegZeroDouble | NegZeroDouble).

    bool shouldEmitSetDouble() const;

    void emitSetDouble(CCallHelpers&);

    // Sets NonNumber.

    void emitSetNonNumber(CCallHelpers&);

    bool shouldEmitSetNonNumber() const;

#endif // ENABLE(JIT)

    uint32_t bits() const { return m_bits; }

private:

    bool hasBits(int mask) const { return m_bits & mask; }

    void setBit(int mask) { m_bits |= mask; }

    uint32_t m_bits { 0 }; // We take care to update m_bits only in a single operation. We don't ever store an inconsistent bit representation to it.

};

} // namespace JSC

namespace WTF {

void printInternal(PrintStream&, const JSC::ArithProfile&);

} // namespace WTF

nonexistent

Source/JavaScriptCore/bytecode/CodeBlock.cpp

#include "config.h"

#include "CodeBlock.h"

33#include "ArithProfile.h"

#include "BasicBlockLocation.h"

#include "BytecodeGenerator.h"

#include "BytecodeUseDef.h"

#include "InlineCallFrame.h"

#include "Interpreter.h"

#include "JIT.h"

49#include "JITMathIC.h"

#include "JSCJSValue.h"

#include "JSFunction.h"

#include "JSLexicalEnvironment.h"

@@void CodeBlock::dumpRareCaseProfile(Prin

    out.print(name, profile->m_counter);

}

772 void CodeBlock::dump~~Resul~~tProfile(PrintStream& out, ~~Resul~~tProfile* profile, bool& hasPrintedProfiling)

774void CodeBlock::dumpArithProfile(PrintStream& out, ArithProfile* profile, bool& hasPrintedProfiling)

{

    if (!profile)

        return;

@@void CodeBlock::dumpBytecode(

    dumpRareCaseProfile(out, "rare case: ", rareCaseProfileForBytecodeOffset(location), hasPrintedProfiling);

    {

        ConcurrentJITLocker locker(m_lock);

1773 dump~~Resul~~tProfile(out, ~~resul~~tProfileForBytecodeOffset(~~locker,~~ location), hasPrintedProfiling);

1775 dumpArithProfile(out, arithProfileForBytecodeOffset(location), hasPrintedProfiling);

    }

#if ENABLE(DFG_JIT)

@@StructureStubInfo* CodeBlock::addStubInf

    return m_stubInfos.add(accessType);

}

JITAddIC* CodeBlock::addJITAddIC()

{

    return m_addICs.add();

}

StructureStubInfo* CodeBlock::findStubInfo(CodeOrigin codeOrigin)

{

    for (StructureStubInfo* stubInfo : m_stubInfos) {

@@void CodeBlock::resetJITData()

    // We can clear this because the DFG's queries to these data structures are guarded by whether

    // there is JIT code.

    m_rareCaseProfiles.clear();

    
    // We can clear these because the DFG only accesses members of this data structure when

    // holding the lock or after querying whether we have JIT code.

    m_resultProfiles.clear();

    m_bytecodeOffsetToResultProfileIndexMap = nullptr;

}

#endif

@@void CodeBlock::shrinkToFit(ShrinkMode s

    ConcurrentJITLocker locker(m_lock);

    m_rareCaseProfiles.shrinkToFit();

3286 m_resultProfiles.shrinkToFit();

    
    if (shrinkMode == EarlyShrink) {

        m_constantRegisters.shrinkToFit();

@@void CodeBlock::dumpValueProfiles()

        RareCaseProfile* profile = rareCaseProfile(i);

        dataLogF("   bc = %d: %u\n", profile->m_bytecodeOffset, profile->m_counter);

    }

    dataLog("ResultProfile for ", *this, ":\n");

    for (unsigned i = 0; i < numberOfResultProfiles(); ++i) {

        const ResultProfile& profile = *resultProfile(i);

        dataLog("   bc = ", profile.bytecodeOffset(), ": ", profile, "\n");

    }

}

#endif // ENABLE(VERBOSE_VALUE_PROFILE)

@@unsigned CodeBlock::rareCaseProfileCount

    return 0;

}

4369 ~~Resul~~tProfile* CodeBlock::~~resul~~tProfileForBytecodeOffset(~~const ConcurrentJITLocker&,~~ int bytecodeOffset)

4365ArithProfile* CodeBlock::arithProfileForBytecodeOffset(int bytecodeOffset)

43704366{

    if (!m_bytecodeOffsetToResultProfileIndexMap)

        return nullptr;

    auto iterator = m_bytecodeOffsetToResultProfileIndexMap->find(bytecodeOffset);

    if (iterator == m_bytecodeOffsetToResultProfileIndexMap->end())

    auto opcodeID = vm()->interpreter->getOpcodeID(instructions()[bytecodeOffset].u.opcode);

    switch (opcodeID) {

    case op_bitor:

    case op_bitand:

    case op_bitxor:

    case op_add:

    case op_mul:

    case op_sub:

    case op_div:

        break;

    default:

43754378 return nullptr;

4376 return &m_resultProfiles[iterator->value];

4377 }

4379 }

43784380

unsigned CodeBlock::specialFastCaseProfileCountForBytecodeOffset(int bytecodeOffset)

{

    ConcurrentJITLocker locker(m_lock);

    return specialFastCaseProfileCountForBytecodeOffset(locker, bytecodeOffset);

4381 Instruction* instruction = &instructions()[bytecodeOffset + 4];

4382 return bitwise_cast<ArithProfile*>(&instruction->u.operand);

43834383}

43844384

4385 ~~unsign~~ed CodeBlock::~~specialFastCase~~Profile~~Count~~For~~BytecodeOffset(co~~nst Con~~currentJITLocker& locker, int bytecodeOffset~~)

4385ArithProfile& CodeBlock::arithProfileForPC(Instruction* pc)

43864386{

    ResultProfile* profile = resultProfileForBytecodeOffset(locker, bytecodeOffset);

    if (!profile)

        return 0;

    return profile->specialFastPathCount();

    if (!ASSERT_DISABLED) {

        ASSERT(pc >= instructions().begin() && pc < instructions().end());

        auto opcodeID = vm()->interpreter->getOpcodeID(pc[0].u.opcode);

        switch (opcodeID) {

        case op_bitor:

        case op_bitand:

        case op_bitxor:

        case op_add:

        case op_mul:

        case op_sub:

        case op_div:

            break;

        default:

            ASSERT_NOT_REACHED();

        }

    }

    return *bitwise_cast<ArithProfile*>(&pc[4].u.operand);

}

bool CodeBlock::couldTakeSpecialFastCase(int bytecodeOffset)

{

    if (!hasBaselineJITProfiling())

        return false;

    unsigned specialFastCaseCount = specialFastCaseProfileCountForBytecodeOffset(bytecodeOffset);

    return specialFastCaseCount >= Options::couldTakeSlowCaseMinimumCount();

}

ResultProfile* CodeBlock::ensureResultProfile(int bytecodeOffset)

{

    ConcurrentJITLocker locker(m_lock);

    return ensureResultProfile(locker, bytecodeOffset);

}

ResultProfile* CodeBlock::ensureResultProfile(const ConcurrentJITLocker& locker, int bytecodeOffset)

{

    ResultProfile* profile = resultProfileForBytecodeOffset(locker, bytecodeOffset);

    if (!profile) {

        m_resultProfiles.append(ResultProfile(bytecodeOffset));

        profile = &m_resultProfiles.last();

        ASSERT(&m_resultProfiles.last() == &m_resultProfiles[m_resultProfiles.size() - 1]);

        if (!m_bytecodeOffsetToResultProfileIndexMap)

            m_bytecodeOffsetToResultProfileIndexMap = std::make_unique<BytecodeOffsetToResultProfileIndexMap>();

        m_bytecodeOffsetToResultProfileIndexMap->add(bytecodeOffset, m_resultProfiles.size() - 1);

    }

    return profile;

    ArithProfile* profile = arithProfileForBytecodeOffset(bytecodeOffset);

    if (!profile)

        return false;

    return profile->tookSpecialFastPath();

}

#if ENABLE(JIT)

203461

Source/JavaScriptCore/bytecode/CodeBlock.h

#include "HandlerInfo.h"

#include "Instruction.h"

#include "JITCode.h"

54#include "JITMathICForwards.h"

#include "JITWriteBarrier.h"

#include "JSCell.h"

#include "JSGlobalObject.h"

namespace JSC {

class ExecState;

83class JITAddGenerator;

class JSModuleEnvironment;

class LLIntOffsetsExtractor;

class PCToCodeOriginMap;

@@class TypeLocation;

enum class AccessType : int8_t;

93struct ArithProfile;

94

typedef HashMap<CodeOrigin, StructureStubInfo*, CodeOriginApproximateHash> StubInfoMap;

enum ReoptimizationMode { DontCountReoptimization, CountReoptimization };

@@public:

    
#if ENABLE(JIT)

    StructureStubInfo* addStubInfo(AccessType);

252 JITAddIC* addJITAddIC();

    Bag<StructureStubInfo>::iterator stubInfoBegin() { return m_stubInfos.begin(); }

    Bag<StructureStubInfo>::iterator stubInfoEnd() { return m_stubInfos.end(); }

@@public:

        return value >= Options::couldTakeSlowCaseMinimumCount();

    }

    ResultProfile* ensureResultProfile(int bytecodeOffset);

    ResultProfile* ensureResultProfile(const ConcurrentJITLocker&, int bytecodeOffset);

    unsigned numberOfResultProfiles() { return m_resultProfiles.size(); }

    ResultProfile* resultProfileForBytecodeOffset(const ConcurrentJITLocker&, int bytecodeOffset);

    unsigned specialFastCaseProfileCountForBytecodeOffset(const ConcurrentJITLocker&, int bytecodeOffset);

    unsigned specialFastCaseProfileCountForBytecodeOffset(int bytecodeOffset);

448 ArithProfile* arithProfileForBytecodeOffset(int bytecodeOffset);

449 ArithProfile& arithProfileForPC(Instruction*);

    bool couldTakeSpecialFastCase(int bytecodeOffset);

@@private:

    void dumpValueProfiling(PrintStream&, const Instruction*&, bool& hasPrintedProfiling);

    void dumpArrayProfiling(PrintStream&, const Instruction*&, bool& hasPrintedProfiling);

    void dumpRareCaseProfile(PrintStream&, const char* name, RareCaseProfile*, bool& hasPrintedProfiling);

960 void dump~~Resul~~tProfile(PrintStream&, ~~Resul~~tProfile*, bool& hasPrintedProfiling);

960 void dumpArithProfile(PrintStream&, ArithProfile*, bool& hasPrintedProfiling);

    bool shouldVisitStrongly();

    bool shouldJettisonDueToWeakReference();

@@private:

#if ENABLE(JIT)

    std::unique_ptr<RegisterAtOffsetList> m_calleeSaveRegisters;

    Bag<StructureStubInfo> m_stubInfos;

1016 Bag<JITAddIC> m_addICs;

    Bag<ByValInfo> m_byValInfos;

    Bag<CallLinkInfo> m_callLinkInfos;

    SentinelLinkedList<CallLinkInfo, BasicRawSentinelNode<CallLinkInfo>> m_incomingCalls;

@@private:

    RefCountedArray<ValueProfile> m_argumentValueProfiles;

    RefCountedArray<ValueProfile> m_valueProfiles;

    SegmentedVector<RareCaseProfile, 8> m_rareCaseProfiles;

    SegmentedVector<ResultProfile, 8> m_resultProfiles;

    typedef HashMap<unsigned, unsigned, IntHash<unsigned>, WTF::UnsignedWithZeroKeyHashTraits<unsigned>> BytecodeOffsetToResultProfileIndexMap;

    std::unique_ptr<BytecodeOffsetToResultProfileIndexMap> m_bytecodeOffsetToResultProfileIndexMap;

    RefCountedArray<ArrayAllocationProfile> m_arrayAllocationProfiles;

    ArrayProfileVector m_arrayProfiles;

    RefCountedArray<ObjectAllocationProfile> m_objectAllocationProfiles;

203461

Source/JavaScriptCore/bytecode/MethodOfGettingAValueProfile.cpp

#if ENABLE(DFG_JIT)

31#include "ArithProfile.h"

#include "CCallHelpers.h"

#include "CodeBlock.h"

#include "JSCInlines.h"

@@void MethodOfGettingAValueProfile::emitR

        return;

    }

68 case ~~Resul~~tProfileReady: {

69 u.~~resul~~tProfile->emitDetectNumericness(jit, regs, DoNotHaveTagRegisters);

69 case ArithProfileReady: {

70 u.arithProfile->emitDetectNumericness(jit, regs, DoNotHaveTagRegisters);

        return;

    } }

203461

Source/JavaScriptCore/bytecode/MethodOfGettingAValueProfile.h

@@namespace JSC {

class CCallHelpers;

class CodeBlock;

class LazyOperandValueProfileKey;

43 struct ~~Resul~~tProfile;

43struct ArithProfile;

struct ValueProfile;

class MethodOfGettingAValueProfile {

@@public:

            m_kind = None;

    }

62 MethodOfGettingAValueProfile(~~Resul~~tProfile* profile)

62 MethodOfGettingAValueProfile(ArithProfile* profile)

6363 {

6464 if (profile) {

65 m_kind = ~~Resul~~tProfileReady;

66 u.~~resul~~tProfile = profile;

65 m_kind = ArithProfileReady;

66 u.arithProfile = profile;

        } else

            m_kind = None;

    }

@@private:

    enum Kind {

        None,

        Ready,

82 ~~Resul~~tProfileReady,

82 ArithProfileReady,

        LazyOperand

    };

    Kind m_kind;

    union {

        ValueProfile* profile;

89 ~~Resul~~tProfile* ~~resul~~tProfile;

89 ArithProfile* arithProfile;

        struct {

            CodeBlock* codeBlock;

            unsigned bytecodeOffset;

203461

Source/JavaScriptCore/bytecode/ValueProfile.cpp

namespace JSC {

#if ENABLE(JIT)

void ResultProfile::emitDetectNumericness(CCallHelpers& jit, JSValueRegs regs, TagRegistersMode mode)

{

    CCallHelpers::Jump isInt32 = jit.branchIfInt32(regs, mode);

    CCallHelpers::Jump notDouble = jit.branchIfNotDoubleKnownNotInt32(regs, mode);

    // FIXME: We could be more precise here.

    emitSetDouble(jit);

    CCallHelpers::Jump done = jit.jump();

    notDouble.link(&jit);

    emitSetNonNumber(jit);

    done.link(&jit);

    isInt32.link(&jit);

}

void ResultProfile::emitSetDouble(CCallHelpers& jit)

{

    jit.or32(CCallHelpers::TrustedImm32(ResultProfile::Int32Overflow | ResultProfile::Int52Overflow | ResultProfile::NegZeroDouble | ResultProfile::NonNegZeroDouble), CCallHelpers::AbsoluteAddress(addressOfFlags()));

}

void ResultProfile::emitSetNonNumber(CCallHelpers& jit)

{

    jit.or32(CCallHelpers::TrustedImm32(ResultProfile::NonNumber), CCallHelpers::AbsoluteAddress(addressOfFlags()));

}

#endif // ENABLE(JIT)

5934} // namespace JSC

namespace WTF {

using namespace JSC;

void printInternal(PrintStream& out, const ResultProfile& profile)

{

    const char* separator = "";

    if (!profile.didObserveNonInt32()) {

        out.print("Int32");

        separator = "|";

    } else {

        if (profile.didObserveNegZeroDouble()) {

            out.print(separator, "NegZeroDouble");

            separator = "|";

        }

        if (profile.didObserveNonNegZeroDouble()) {

            out.print("NonNegZeroDouble");

            separator = "|";

        }

        if (profile.didObserveNonNumber()) {

            out.print("NonNumber");

            separator = "|";

        }

        if (profile.didObserveInt32Overflow()) {

            out.print("Int32Overflow");

            separator = "|";

        }

        if (profile.didObserveInt52Overflow()) {

            out.print("Int52Overflow");

            separator = "|";

        }

    }

    if (profile.specialFastPathCount()) {

        out.print(" special fast path: ");

        out.print(profile.specialFastPathCount());

    }

}

} // namespace WTF

203461

Source/JavaScriptCore/bytecode/ValueProfile.h

@@inline int getRareCaseProfileBytecodeOff

    return rareCaseProfile->m_bytecodeOffset;

}

struct ResultProfile {

private:

    static const int numberOfFlagBits = 5;

public:

    ResultProfile(int bytecodeOffset)

        : m_bytecodeOffsetAndFlags(bytecodeOffset << numberOfFlagBits)

    {

        ASSERT(((bytecodeOffset << numberOfFlagBits) >> numberOfFlagBits) == bytecodeOffset);

    }

    enum ObservedResults {

        NonNegZeroDouble = 1 << 0,

        NegZeroDouble    = 1 << 1,

        NonNumber        = 1 << 2,

        Int32Overflow    = 1 << 3,

        Int52Overflow    = 1 << 4,

    };

    int bytecodeOffset() const { return m_bytecodeOffsetAndFlags >> numberOfFlagBits; }

    unsigned specialFastPathCount() const { return m_specialFastPathCount; }

    bool didObserveNonInt32() const { return hasBits(NonNegZeroDouble | NegZeroDouble | NonNumber); }

    bool didObserveDouble() const { return hasBits(NonNegZeroDouble | NegZeroDouble); }

    bool didObserveNonNegZeroDouble() const { return hasBits(NonNegZeroDouble); }

    bool didObserveNegZeroDouble() const { return hasBits(NegZeroDouble); }

    bool didObserveNonNumber() const { return hasBits(NonNumber); }

    bool didObserveInt32Overflow() const { return hasBits(Int32Overflow); }

    bool didObserveInt52Overflow() const { return hasBits(Int52Overflow); }

    void setObservedNonNegZeroDouble() { setBit(NonNegZeroDouble); }

    void setObservedNegZeroDouble() { setBit(NegZeroDouble); }

    void setObservedNonNumber() { setBit(NonNumber); }

    void setObservedInt32Overflow() { setBit(Int32Overflow); }

    void setObservedInt52Overflow() { setBit(Int52Overflow); }

    void* addressOfFlags() { return &m_bytecodeOffsetAndFlags; }

    void* addressOfSpecialFastPathCount() { return &m_specialFastPathCount; }

    void detectNumericness(JSValue value)

    {

        if (value.isInt32())

            return;

        if (value.isNumber()) {

            m_bytecodeOffsetAndFlags |= Int32Overflow | Int52Overflow | NonNegZeroDouble | NegZeroDouble;

            return;

        }

        m_bytecodeOffsetAndFlags |= NonNumber;

    }

#if ENABLE(JIT)    

    // Sets (Int32Overflow | Int52Overflow | NonNegZeroDouble | NegZeroDouble) if it sees a

    // double. Sets NonNumber if it sees a non-number.

    void emitDetectNumericness(CCallHelpers&, JSValueRegs, TagRegistersMode = HaveTagRegisters);

    // Sets (Int32Overflow | Int52Overflow | NonNegZeroDouble | NegZeroDouble).

    void emitSetDouble(CCallHelpers&);

    // Sets NonNumber.

    void emitSetNonNumber(CCallHelpers&);

#endif // ENABLE(JIT)

private:

    bool hasBits(int mask) const { return m_bytecodeOffsetAndFlags & mask; }

    void setBit(int mask) { m_bytecodeOffsetAndFlags |= mask; }

    int m_bytecodeOffsetAndFlags;

    unsigned m_specialFastPathCount { 0 };

};

inline int getResultProfileBytecodeOffset(ResultProfile* profile)

{

    return profile->bytecodeOffset();

}

287212} // namespace JSC

288213

namespace WTF {

void printInternal(PrintStream&, const JSC::ResultProfile&);

} // namespace WTF

295214#endif // ValueProfile_h

296

203461

Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

#include "config.h"

#include "BytecodeGenerator.h"

34#include "ArithProfile.h"

#include "BuiltinExecutables.h"

#include "BytecodeLivenessAnalysis.h"

#include "Interpreter.h"

@@RegisterID* BytecodeGenerator::emitBinar

    if (opcodeID == op_bitor || opcodeID == op_bitand || opcodeID == op_bitxor ||

        opcodeID == op_add || opcodeID == op_mul || opcodeID == op_sub || opcodeID == op_div)

1603 instructions().append(types.toInt());

1604 instructions().append(ArithProfile(types.first(), types.second()).bits());

    return dst;

}

203461

Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

#if ENABLE(DFG_JIT)

31#include "ArithProfile.h"

#include "ArrayConstructor.h"

#include "BasicBlockLocation.h"

#include "CallLinkStatus.h"

@@private:

            return node;

        {

            ConcurrentJITLocker locker(m_inlineStackTop->m_profiledBlock->m_lock);

            ResultProfile* resultProfile = m_inlineStackTop->m_profiledBlock->resultProfileForBytecodeOffset(locker, m_currentIndex);

            if (resultProfile) {

918 ArithProfile* arithProfile = m_inlineStackTop->m_profiledBlock->arithProfileForBytecodeOffset(m_currentIndex);

919 if (arithProfile) {

                switch (node->op()) {

                case ArithAdd:

                case ArithSub:

                case ValueAdd:

924 if (~~resul~~tProfile->didObserveDouble())

924 if (arithProfile->didObserveDouble())

925925 node->mergeFlags(NodeMayHaveDoubleResult);

926 if (~~resul~~tProfile->didObserveNonNumber())

926 if (arithProfile->didObserveNonNumber())

                        node->mergeFlags(NodeMayHaveNonNumberResult);

                    break;

                case ArithMul: {

931 if (~~resul~~tProfile->didObserveInt52Overflow())

931 if (arithProfile->didObserveInt52Overflow())

932932 node->mergeFlags(NodeMayOverflowInt52);

933 if (~~resul~~tProfile->didObserveInt32Overflow() || m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, Overflow))

933 if (arithProfile->didObserveInt32Overflow() || m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, Overflow))

934934 node->mergeFlags(NodeMayOverflowInt32InBaseline);

935 if (~~resul~~tProfile->didObserveNegZeroDouble() || m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, NegativeZero))

935 if (arithProfile->didObserveNegZeroDouble() || m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, NegativeZero))

936936 node->mergeFlags(NodeMayNegZeroInBaseline);

937 if (~~resul~~tProfile->didObserveDouble())

937 if (arithProfile->didObserveDouble())

938938 node->mergeFlags(NodeMayHaveDoubleResult);

939 if (~~resul~~tProfile->didObserveNonNumber())

939 if (arithProfile->didObserveNonNumber())

                        node->mergeFlags(NodeMayHaveNonNumberResult);

                    break;

                }

203461

Source/JavaScriptCore/dfg/DFGGraph.cpp

@@MethodOfGettingAValueProfile Graph::meth

            return profiledBlock->valueProfileForBytecodeOffset(node->origin.semantic.bytecodeIndex);

        {

1551 ConcurrentJITLocker locker(profiledBlock->m_lock);

15521551 if (profiledBlock->hasBaselineJITProfiling()) {

1553 if (~~Resul~~tProfile* result = profiledBlock->~~resul~~tProfileForBytecodeOffset(~~locker,~~ node->origin.semantic.bytecodeIndex))

1552 if (ArithProfile* result = profiledBlock->arithProfileForBytecodeOffset(node->origin.semantic.bytecodeIndex))

                    return result;

            }

        }

203461

Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

@@void JITCompiler::exceptionCheck()

    HandlerInfo* exceptionHandler;

    bool willCatchException = m_graph.willCatchExceptionInMachineFrame(m_speculative->m_currentNode->origin.forExit, opCatchOrigin, exceptionHandler); 

    if (willCatchException) {

607 unsigned streamIndex = m_speculative->m_outOfLineStreamIndex ~~!= UINT_MAX~~ ? m_speculative->m_outOfLineStreamIndex : m_speculative->m_stream->size();

607 unsigned streamIndex = m_speculative->m_outOfLineStreamIndex ? *m_speculative->m_outOfLineStreamIndex : m_speculative->m_stream->size();

        MacroAssembler::Jump hadException = emitNonPatchableExceptionCheck();

        // We assume here that this is called after callOpeartion()/appendCall() is called.

        appendExceptionHandlingOSRExit(ExceptionCheck, streamIndex, opCatchOrigin, exceptionHandler, m_jitCode->common.lastCallSite(), hadException);

203461

Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h

@@public:

        jit->m_outOfLineStreamIndex = m_streamIndex;

        jit->m_origin = m_origin;

        generateInternal(jit);

55 jit->m_outOfLineStreamIndex = UI~~NT_MAX~~;

55 jit->m_outOfLineStreamIndex = Nullopt;

        if (!ASSERT_DISABLED)

            jit->m_jit.abortWithReason(DFGSlowPathGeneratorFellThrough);

    }

203461

Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

#include "JITBitXorGenerator.h"

#include "JITDivGenerator.h"

#include "JITLeftShiftGenerator.h"

47#include "JITMathIC.h"

#include "JITMulGenerator.h"

#include "JITRightShiftGenerator.h"

#include "JITSubGenerator.h"

#include "ScopedArguments.h"

#include "ScratchRegisterAllocator.h"

#include "WriteBarrierBuffer.h"

60#include <wtf/Box.h>

#include <wtf/MathExtras.h>

namespace JSC { namespace DFG {

@@void SpeculativeJIT::addSlowPathGenerato

void SpeculativeJIT::addSlowPathGenerator(std::function<void()> lambda)

{

365 m_slowPathLambdas.append(st~~d::make_pair(~~lambda, m_currentNode));

367 m_slowPathLambdas.append(SlowPathLambda{ lambda, m_currentNode, static_cast<unsigned>(m_stream->size()) });

}

void SpeculativeJIT::runSlowPathGenerators(PCToCodeOriginMapBuilder& pcToCodeOriginMapBuilder)

@@void SpeculativeJIT::runSlowPathGenerato

        pcToCodeOriginMapBuilder.appendItem(m_jit.label(), slowPathGenerator->origin().semantic);

        slowPathGenerator->generate(this);

    }

374 for (auto& ~~generatorPair~~ : m_slowPathLambdas) {

375 Node* currentNode = gen~~eratorPair.second~~;

376 for (auto& slowPathLambda : m_slowPathLambdas) {

377 Node* currentNode = slowPathLambda.currentNode;

376378 m_currentNode = currentNode;

379 m_outOfLineStreamIndex = slowPathLambda.streamIndex;

377380 pcToCodeOriginMapBuilder.appendItem(m_jit.label(), currentNode->origin.semantic);

378 generatorPair.first();

381 slowPathLambda.generator();

382 m_outOfLineStreamIndex = Nullopt;

    }

}

@@void SpeculativeJIT::compileValueAdd(Nod

        rightRegs = right->jsValueRegs();

    }

    JITAddGenerator gen(leftOperand, rightOperand, resultRegs, leftRegs, rightRegs,

        leftFPR, rightFPR, scratchGPR, scratchFPR);

    gen.generateFastPath(m_jit);

    JITAddIC* addIC = m_jit.codeBlock()->addJITAddIC();

    Box<MathICGenerationState> addICGenerationState = Box<MathICGenerationState>::create();

    ArithProfile* arithProfile = m_jit.graph().baselineCodeBlockFor(node->origin.semantic)->arithProfileForBytecodeOffset(node->origin.semantic.bytecodeIndex);

    addIC->m_generator = JITAddGenerator(leftOperand, rightOperand, resultRegs, leftRegs, rightRegs, leftFPR, rightFPR, scratchGPR, scratchFPR, arithProfile);

    bool generatedInline = addIC->generateInline(m_jit, *addICGenerationState);

    if (generatedInline) {

        ASSERT(!addICGenerationState->slowPathJumps.empty());

        Vector<SilentRegisterSavePlan, 4> savePlans;

        silentSpillAllRegistersImpl(false, savePlans, resultRegs);

        auto done = m_jit.label();

        addSlowPathGenerator([=] () {

            addICGenerationState->slowPathJumps.link(&m_jit);

            addICGenerationState->slowPathStart = m_jit.label();

            silentSpill(savePlans);

            auto innerLeftRegs = leftRegs;

            auto innerRightRegs = rightRegs;

            if (leftOperand.isConst()) {

                innerLeftRegs = resultRegs;

                m_jit.moveValue(leftChild->asJSValue(), innerLeftRegs);

            } else if (rightOperand.isConst()) {

                innerRightRegs = resultRegs;

                m_jit.moveValue(rightChild->asJSValue(), innerRightRegs);

            }

33853416

3386 ASSERT(gen.didEmitFastPath());

3387 gen.endJumpList().append(m_jit.jump());

            if (addICGenerationState->shouldSlowPathRepatch)

                addICGenerationState->slowPathCall = callOperation(operationValueAddOptimize, resultRegs, innerLeftRegs, innerRightRegs, addIC);

            else

                addICGenerationState->slowPathCall = callOperation(operationValueAdd, resultRegs, innerLeftRegs, innerRightRegs);

33883421

3389 gen.slowPathJumpList().link(&m_jit);

            silentFill(savePlans);

            m_jit.exceptionCheck();

            m_jit.jump().linkTo(done, &m_jit);

33903425

3391 silentSpillAllRegisters(resultRegs);

            m_jit.addLinkTask([=] (LinkBuffer& linkBuffer) {

                addIC->finalizeInlineCode(*addICGenerationState, linkBuffer);

            });

        });

    } else {

        if (leftOperand.isConst()) {

            left = JSValueOperand(this, leftChild);

            leftRegs = left->jsValueRegs();

        } else if (rightOperand.isConst()) {

            right = JSValueOperand(this, rightChild);

            rightRegs = right->jsValueRegs();

        }

33923438

    if (leftOperand.isConst()) {

        leftRegs = resultRegs;

        m_jit.moveValue(leftChild->asJSValue(), leftRegs);

    } else if (rightOperand.isConst()) {

        rightRegs = resultRegs;

        m_jit.moveValue(rightChild->asJSValue(), rightRegs);

        flushRegisters();

        callOperation(operationValueAdd, resultRegs, leftRegs, rightRegs);

        m_jit.exceptionCheck();

33993442 }

34003443

    callOperation(operationValueAdd, resultRegs, leftRegs, rightRegs);

    silentFillAllRegisters(resultRegs);

    m_jit.exceptionCheck();

    gen.endJumpList().link(&m_jit);

    jsValueResult(resultRegs, node);

    return;

}

203461

Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

@@public:

    {

        silentSpillAllRegistersImpl(doSpill, plans, InvalidGPRReg, InvalidGPRReg, exclude);

    }

391 #if USE(JSVALUE32_64)

    template<typename CollectionType>

    void silentSpillAllRegistersImpl(bool doSpill, CollectionType& plans, JSValueRegs exclude)

    {

394#if USE(JSVALUE32_64)

395395 silentSpillAllRegistersImpl(doSpill, plans, exclude.tagGPR(), exclude.payloadGPR());

396 }

396#else

397 silentSpillAllRegistersImpl(doSpill, plans, exclude.gpr());

397398#endif

399 }

    
    void silentSpillAllRegisters(GPRReg exclude, GPRReg exclude2 = InvalidGPRReg, FPRReg fprExclude = InvalidFPRReg)

    {

@@public:

#if USE(JSVALUE64)

    JITCompiler::Call callOperation(J_JITOperation_EJJJaic operation, JSValueRegs result, JSValueRegs arg1, JSValueRegs arg2, JITAddIC* addIC)

    {

        m_jit.setupArgumentsWithExecState(arg1.gpr(), arg2.gpr(), TrustedImmPtr(addIC));

        return appendCallSetResult(operation, result.gpr());

    }

    JITCompiler::Call callOperation(J_JITOperation_EJJI operation, GPRReg result, GPRReg arg1, GPRReg arg2, UniquedStringImpl* uid)

    {

        m_jit.setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(uid));

@@public:

    }

#else // USE(JSVALUE32_64)

    JITCompiler::Call callOperation(J_JITOperation_EJJJaic operation, JSValueRegs result, JSValueRegs arg1, JSValueRegs arg2, JITAddIC* addIC)

    {

        m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1.payloadGPR(), arg1.tagGPR(), arg2.payloadGPR(), arg2.tagGPR(), TrustedImmPtr(addIC));

        return appendCallSetResult(operation, result.payloadGPR(), result.tagGPR());

    }

    JITCompiler::Call callOperation(J_JITOperation_EJJI operation, GPRReg resultTag, GPRReg resultPayload, GPRReg arg1Tag, GPRReg arg1Payload, GPRReg arg2Tag, GPRReg arg2Payload, UniquedStringImpl* uid)

    {

        m_jit.setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1Payload, arg1Tag, arg2Payload, arg2Tag, TrustedImmPtr(uid));

@@public:

    MinifiedGraph* m_minifiedGraph;

    Vector<std::unique_ptr<SlowPathGenerator>, 8> m_slowPathGenerators;

2834 Vector<std::pair<std::function<void()>, Node*>, 8> m_slowPathLambdas;

    struct SlowPathLambda {

        std::function<void()> generator;

        Node* currentNode;

        unsigned streamIndex;

    };

    Vector<SlowPathLambda> m_slowPathLambdas;

28352855 Vector<SilentRegisterSavePlan> m_plans;

2836 unsigned m_outOfLineStreamIndex ~~{ UINT_MAX }~~;

2856 Optional<unsigned> m_outOfLineStreamIndex;

};

203461

Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

#include "JITDivGenerator.h"

#include "JITInlineCacheGenerator.h"

#include "JITLeftShiftGenerator.h"

65#include "JITMathIC.h"

#include "JITMulGenerator.h"

#include "JITRightShiftGenerator.h"

#include "JITSubGenerator.h"

@@private:

    
    void compileValueAdd()

    {

1541 emit~~Binary~~Snippet~~<JITAddGenerator>(operationValueAdd~~);

1542 emitAddSnippet();

    }

    void compileStrCat()

@@private:

        setJSValue(patchpoint);

    }

    void emitAddSnippet()

    {

        Node* node = m_node;

        LValue left = lowJSValue(node->child1());

        LValue right = lowJSValue(node->child2());

        SnippetOperand leftOperand(m_state.forNode(node->child1()).resultType());

        SnippetOperand rightOperand(m_state.forNode(node->child2()).resultType());

        PatchpointValue* patchpoint = m_out.patchpoint(Int64);

        patchpoint->appendSomeRegister(left);

        patchpoint->appendSomeRegister(right);

        patchpoint->append(m_tagMask, ValueRep::lateReg(GPRInfo::tagMaskRegister));

        patchpoint->append(m_tagTypeNumber, ValueRep::lateReg(GPRInfo::tagTypeNumberRegister));

        RefPtr<PatchpointExceptionHandle> exceptionHandle =

            preparePatchpointForExceptions(patchpoint);

        patchpoint->numGPScratchRegisters = 1;

        patchpoint->numFPScratchRegisters = 2;

        patchpoint->clobber(RegisterSet::macroScratchRegisters());

        State* state = &m_ftlState;

        patchpoint->setGenerator(

            [=] (CCallHelpers& jit, const StackmapGenerationParams& params) {

                AllowMacroScratchRegisterUsage allowScratch(jit);

                Box<CCallHelpers::JumpList> exceptions =

                    exceptionHandle->scheduleExitCreation(params)->jumps(jit);

                JITAddIC* addIC = jit.codeBlock()->addJITAddIC();

                Box<MathICGenerationState> addICGenerationState = Box<MathICGenerationState>::create();

                ArithProfile* arithProfile = state->graph.baselineCodeBlockFor(node->origin.semantic)->arithProfileForBytecodeOffset(node->origin.semantic.bytecodeIndex);

                addIC->m_generator = JITAddGenerator(leftOperand, rightOperand, JSValueRegs(params[0].gpr()),

                    JSValueRegs(params[1].gpr()), JSValueRegs(params[2].gpr()), params.fpScratch(0),

                    params.fpScratch(1), params.gpScratch(0), InvalidFPRReg, arithProfile);

                bool generatedInline = addIC->generateInline(jit, *addICGenerationState);

                if (generatedInline) {

                    ASSERT(!addICGenerationState->slowPathJumps.empty());

                    auto done = jit.label();

                    params.addLatePath([=] (CCallHelpers& jit) {

                        AllowMacroScratchRegisterUsage allowScratch(jit);

                        addICGenerationState->slowPathJumps.link(&jit);

                        addICGenerationState->slowPathStart = jit.label();

                        if (addICGenerationState->shouldSlowPathRepatch) {

                            SlowPathCall call = callOperation(*state, params.unavailableRegisters(), jit, node->origin.semantic, exceptions.get(),

                                operationValueAddOptimize, params[0].gpr(), params[1].gpr(), params[2].gpr(), CCallHelpers::TrustedImmPtr(addIC));

                            addICGenerationState->slowPathCall = call.call();

                        } else {

                            SlowPathCall call = callOperation(*state, params.unavailableRegisters(), jit, node->origin.semantic,

                                exceptions.get(), operationValueAdd, params[0].gpr(), params[1].gpr(), params[2].gpr());

                            addICGenerationState->slowPathCall = call.call();

                        }

                        jit.jump().linkTo(done, &jit);

                        jit.addLinkTask([=] (LinkBuffer& linkBuffer) {

                            addIC->finalizeInlineCode(*addICGenerationState, linkBuffer);

                        });

                    });

                } else {

                    callOperation(

                        *state, params.unavailableRegisters(), jit, node->origin.semantic, exceptions.get(),

                        operationValueAdd, params[0].gpr(), params[1].gpr(), params[2].gpr());

                }

            });

        setJSValue(patchpoint);

    }

    template<typename BinaryBitOpGenerator>

    void emitBinaryBitOpSnippet(J_JITOperation_EJJ slowPathFunction)

    {

203461

Source/JavaScriptCore/jit/CCallHelpers.h

@@public:

        addCallArgument(arg6);

    }

    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, GPRReg arg4, TrustedImmPtr arg5, TrustedImmPtr arg6)

    {

        resetCallArguments();

        addCallArgument(GPRInfo::callFrameRegister);

        addCallArgument(arg1);

        addCallArgument(arg2);

        addCallArgument(arg3);

        addCallArgument(arg4);

        addCallArgument(arg5);

        addCallArgument(arg6);

    }

    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, GPRReg arg4, GPRReg arg5, GPRReg arg6, TrustedImmPtr arg7)

    {

        resetCallArguments();

@@public:

        setupArgumentsWithExecState(arg1, arg2, arg3);

    }

    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, GPRReg arg4, TrustedImmPtr arg5, TrustedImmPtr arg6)

    {

        poke(arg6, POKE_ARGUMENT_OFFSET + 2);

        poke(arg5, POKE_ARGUMENT_OFFSET + 1);

        poke(arg4, POKE_ARGUMENT_OFFSET);

        setupArgumentsWithExecState(arg1, arg2, arg3);

    }

    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, GPRReg arg3, GPRReg arg4, TrustedImmPtr arg5)

    {

        poke(arg5, POKE_ARGUMENT_OFFSET + 1);

@@public:

        move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);

    }

    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImmPtr arg4)

    {

        setupTwoStubArgsGPR<GPRInfo::argumentGPR1, GPRInfo::argumentGPR2>(arg1, arg2);

        move(arg3, GPRInfo::argumentGPR3);

        move(arg4, GPRInfo::argumentGPR4);

        move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);

    }

    ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImmPtr arg2, TrustedImm32 arg3, GPRReg arg4, GPRReg arg5)

    {

        setupThreeStubArgsGPR<GPRInfo::argumentGPR1, GPRInfo::argumentGPR4, GPRInfo::argumentGPR5>(arg1, arg4, arg5);

@@public:

    }

#endif

    void setupArgumentsWithExecState(JSValueRegs arg1, JSValueRegs arg2)

    {

#if USE(JSVALUE64)

        setupArgumentsWithExecState(arg1.gpr(), arg2.gpr());

#else

        setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1.payloadGPR(), arg1.tagGPR(), arg2.payloadGPR(), arg2.tagGPR());

#endif

    }

    void setupArgumentsWithExecState(JSValueRegs arg1, JSValueRegs arg2, TrustedImmPtr arg3)

    {

#if USE(JSVALUE64)

@@public:

        setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1.payloadGPR(), arg1.tagGPR(), arg2.payloadGPR(), arg2.tagGPR(), arg3);

#endif

    }

    void setupArgumentsWithExecState(JSValueRegs arg1, JSValueRegs arg2, TrustedImmPtr arg3, TrustedImmPtr arg4)

    {

#if USE(JSVALUE64)

        setupArgumentsWithExecState(arg1.gpr(), arg2.gpr(), arg3, arg4);

#else

        setupArgumentsWithExecState(EABI_32BIT_DUMMY_ARG arg1.payloadGPR(), arg1.tagGPR(), arg2.payloadGPR(), arg2.tagGPR(), arg3, arg4);

#endif

    }

    
    void setupArguments(JSValueRegs arg1)

    {

203461

Source/JavaScriptCore/jit/JIT.h

#include "Interpreter.h"

#include "JITDisassembler.h"

#include "JITInlineCacheGenerator.h"

46#include "JITMathIC.h"

#include "JSInterfaceJIT.h"

#include "Opcode.h"

#include "PCToCodeOriginMap.h"

49 #include "ResultType.h"

#include "UnusedPointer.h"

namespace JSC {

@@namespace JSC {

        void compileGetByIdHotPath(const Identifier*);

        // Arithmetic opcode helpers

438 void emitSub32Constant(int dst, int op, int32_t constant, ResultType opType);

        void emitBinaryDoubleOp(OpcodeID, int dst, int op1, int op2, OperandTypes, JumpList& notInt32Op1, JumpList& notInt32Op2, bool op1IsInRegisters = true, bool op2IsInRegisters = true);

#else // USE(JSVALUE32_64)

@@namespace JSC {

#endif

        MacroAssembler::Call callOperation(J_JITOperation_EJI, int, GPRReg, UniquedStringImpl*);

        MacroAssembler::Call callOperation(J_JITOperation_EJJ, int, GPRReg, GPRReg);

766 MacroAssembler::Call callOperation(J_JITOperation_EJJRp, JSValueRegs, JSValueRegs, JSValueRegs, ResultProfile*);

        MacroAssembler::Call callOperation(J_JITOperation_EJJArp, JSValueRegs, JSValueRegs, JSValueRegs, ArithProfile*);

        MacroAssembler::Call callOperation(J_JITOperation_EJJ, JSValueRegs, JSValueRegs, JSValueRegs);

        MacroAssembler::Call callOperation(J_JITOperation_EJJArpJaic, JSValueRegs, JSValueRegs, JSValueRegs, ArithProfile*, JITAddIC*);

        MacroAssembler::Call callOperation(J_JITOperation_EJJJaic, JSValueRegs, JSValueRegs, JSValueRegs, JITAddIC*);

        MacroAssembler::Call callOperation(J_JITOperation_EJJAp, int, GPRReg, GPRReg, ArrayProfile*);

        MacroAssembler::Call callOperation(J_JITOperation_EJJBy, int, GPRReg, GPRReg, ByValInfo*);

        MacroAssembler::Call callOperation(Z_JITOperation_EJOJ, GPRReg, GPRReg, GPRReg);

@@namespace JSC {

        PCToCodeOriginMapBuilder m_pcToCodeOriginMapBuilder;

        HashMap<Instruction*, JITAddIC*> m_instructionToJITAddIC;

        HashMap<Instruction*, MathICGenerationState> m_instructionToJITAddICGenerationState;

        bool m_canBeOptimized;

        bool m_canBeOptimizedOrInlined;

        bool m_shouldEmitProfiling;

203461

Source/JavaScriptCore/jit/JITAddGenerator.cpp

#include "config.h"

#include "JITAddGenerator.h"

#include "ArithProfile.h"

#include "JITMathIC.h"

#include "LinkBuffer.h"

#if ENABLE(JIT)

namespace JSC {

33 void JITAddGenerator::generateFastPath(CCallHelpers& jit)

JITMathICInlineResult JITAddGenerator::generateInline(CCallHelpers& jit, MathICGenerationState& state)

{

    // We default to speculating int32.

    ObservedType lhs = ObservedType().withInt32();

    ObservedType rhs = ObservedType().withInt32();

    if (m_arithProfile) {

        lhs = m_arithProfile->lhsObservedType();

        rhs = m_arithProfile->rhsObservedType();

        if (lhs.isEmpty() || rhs.isEmpty()) {

            lhs = ObservedType().withInt32();

            rhs = ObservedType().withInt32();

        }

    }

    if (lhs.isOnlyNonNumber() && rhs.isOnlyNonNumber())

        return JITMathICInlineResult::DontGenerate;

    if ((lhs.isOnlyInt32() || m_leftOperand.isConstInt32()) && (rhs.isOnlyInt32() || m_rightOperand.isConstInt32())) {

        ASSERT(!m_leftOperand.isConstInt32() || !m_rightOperand.isConstInt32());

        if (!m_leftOperand.isConstInt32())

            state.slowPathJumps.append(jit.branchIfNotInt32(m_left));

        if (!m_rightOperand.isConstInt32())

            state.slowPathJumps.append(jit.branchIfNotInt32(m_right));

        if (m_leftOperand.isConstInt32() || m_rightOperand.isConstInt32()) {

            JSValueRegs var = m_leftOperand.isConstInt32() ? m_right : m_left;

            int32_t constValue = m_leftOperand.isConstInt32() ? m_leftOperand.asConstInt32() : m_rightOperand.asConstInt32();

            state.slowPathJumps.append(jit.branchAdd32(CCallHelpers::Overflow, var.payloadGPR(), CCallHelpers::Imm32(constValue), m_scratchGPR));

        } else

            state.slowPathJumps.append(jit.branchAdd32(CCallHelpers::Overflow, m_right.payloadGPR(), m_left.payloadGPR(), m_scratchGPR));

        jit.boxInt32(m_scratchGPR, m_result);

        return JITMathICInlineResult::GeneratedFastPath;

    }

    return JITMathICInlineResult::GenerateFullSnippet;

}

bool JITAddGenerator::generateFastPath(CCallHelpers& jit, CCallHelpers::JumpList& endJumpList, CCallHelpers::JumpList& slowPathJumpList)

{

    ASSERT(m_scratchGPR != InvalidGPRReg);

    ASSERT(m_scratchGPR != m_left.payloadGPR());

@@void JITAddGenerator::generateFastPath(C

    ASSERT(!m_leftOperand.isConstInt32() || !m_rightOperand.isConstInt32());

    

    if (!m_leftOperand.mightBeNumber() || !m_rightOperand.mightBeNumber()) {

        ASSERT(!m_didEmitFastPath);

        return;

    }

    m_didEmitFastPath = true;

87 if (!m_leftOperand.mightBeNumber() || !m_rightOperand.mightBeNumber())

88 return false;

    if (m_leftOperand.isConstInt32() || m_rightOperand.isConstInt32()) {

        JSValueRegs var = m_leftOperand.isConstInt32() ? m_right : m_left;

@@void JITAddGenerator::generateFastPath(C

        // Try to do intVar + intConstant.

        CCallHelpers::Jump notInt32 = jit.branchIfNotInt32(var);

61 m_slowPathJumpList.append(jit.branchAdd32(CCallHelpers::Overflow, var.payloadGPR(), CCallHelpers::Imm32(constOpr.asConstInt32()), m_scratchGPR));

98 slowPathJumpList.append(jit.branchAdd32(CCallHelpers::Overflow, var.payloadGPR(), CCallHelpers::Imm32(constOpr.asConstInt32()), m_scratchGPR));

6299

63100 jit.boxInt32(m_scratchGPR, m_result);

64 m_endJumpList.append(jit.jump());

101 endJumpList.append(jit.jump());

65102

66103 if (!jit.supportsFloatingPoint()) {

67 m_slowPathJumpList.append(notInt32);

68 return;

104 slowPathJumpList.append(notInt32);

105 return true;

        }

        // Try to do doubleVar + double(intConstant).

        notInt32.link(&jit);

        if (!varOpr.definitelyIsNumber())

74 m_slowPathJumpList.append(jit.branchIfNotNumber(var, m_scratchGPR));

111 slowPathJumpList.append(jit.branchIfNotNumber(var, m_scratchGPR));

        jit.unboxDoubleNonDestructive(var, m_leftFPR, m_scratchGPR, m_scratchFPR);

@@void JITAddGenerator::generateFastPath(C

        leftNotInt = jit.branchIfNotInt32(m_left);

        rightNotInt = jit.branchIfNotInt32(m_right);

92 m_slowPathJumpList.append(jit.branchAdd32(CCallHelpers::Overflow, m_right.payloadGPR(), m_left.payloadGPR(), m_scratchGPR));

129

130 slowPathJumpList.append(jit.branchAdd32(CCallHelpers::Overflow, m_right.payloadGPR(), m_left.payloadGPR(), m_scratchGPR));

93131

94132 jit.boxInt32(m_scratchGPR, m_result);

95 m_endJumpList.append(jit.jump());

133 endJumpList.append(jit.jump());

134

96135

97136 if (!jit.supportsFloatingPoint()) {

            m_slowPathJumpList.append(leftNotInt);

            m_slowPathJumpList.append(rightNotInt);

            return;

            slowPathJumpList.append(leftNotInt);

            slowPathJumpList.append(rightNotInt);

            return true;

        }

        leftNotInt.link(&jit);

        if (!m_leftOperand.definitelyIsNumber())

105 m_slowPathJumpList.append(jit.branchIfNotNumber(m_left, m_scratchGPR));

144 slowPathJumpList.append(jit.branchIfNotNumber(m_left, m_scratchGPR));

106145 if (!m_rightOperand.definitelyIsNumber())

107 m_slowPathJumpList.append(jit.branchIfNotNumber(m_right, m_scratchGPR));

146 slowPathJumpList.append(jit.branchIfNotNumber(m_right, m_scratchGPR));

        jit.unboxDoubleNonDestructive(m_left, m_leftFPR, m_scratchGPR, m_scratchFPR);

        CCallHelpers::Jump rightIsDouble = jit.branchIfNotInt32(m_right);

@@void JITAddGenerator::generateFastPath(C

        rightNotInt.link(&jit);

        if (!m_rightOperand.definitelyIsNumber())

117 m_slowPathJumpList.append(jit.branchIfNotNumber(m_right, m_scratchGPR));

156 slowPathJumpList.append(jit.branchIfNotNumber(m_right, m_scratchGPR));

        jit.convertInt32ToDouble(m_left.payloadGPR(), m_leftFPR);

@@void JITAddGenerator::generateFastPath(C

    // Do doubleVar + doubleVar.

    jit.addDouble(m_rightFPR, m_leftFPR);

131 if (m_~~resul~~tProfile)

132 m_~~resul~~tProfile->emitSetDouble(jit);

170 if (m_arithProfile)

171 m_arithProfile->emitSetDouble(jit);

133172

134173 jit.boxDouble(m_leftFPR, m_result);

174

175 return true;

}

} // namespace JSC

203461

Source/JavaScriptCore/jit/JITAddGenerator.h

#if ENABLE(JIT)

#include "CCallHelpers.h"

32#include "JITMathICInlineResult.h"

33#include "JITOperations.h"

#include "SnippetOperand.h"

namespace JSC {

38struct MathICGenerationState;

39

3640class JITAddGenerator {

3741public:

    JITAddGenerator()

    { }

    JITAddGenerator(SnippetOperand leftOperand, SnippetOperand rightOperand,

        JSValueRegs result, JSValueRegs left, JSValueRegs right,

        FPRReg leftFPR, FPRReg rightFPR, GPRReg scratchGPR, FPRReg scratchFPR,

41 ~~Resul~~tProfile* ~~resul~~tProfile = nullptr)

48 ArithProfile* arithProfile = nullptr)

        : m_leftOperand(leftOperand)

        , m_rightOperand(rightOperand)

        , m_result(result)

@@public:

        , m_rightFPR(rightFPR)

        , m_scratchGPR(scratchGPR)

        , m_scratchFPR(scratchFPR)

51 , m_~~resul~~tProfile(~~resul~~tProfile)

58 , m_arithProfile(arithProfile)

    {

        ASSERT(!m_leftOperand.isConstInt32() || !m_rightOperand.isConstInt32());

    }

    void generateFastPath(CCallHelpers&);

    bool didEmitFastPath() const { return m_didEmitFastPath; }

    CCallHelpers::JumpList& endJumpList() { return m_endJumpList; }

    CCallHelpers::JumpList& slowPathJumpList() { return m_slowPathJumpList; }

63 JITMathICInlineResult generateInline(CCallHelpers&, MathICGenerationState&);

64 bool generateFastPath(CCallHelpers&, CCallHelpers::JumpList& endJumpList, CCallHelpers::JumpList& slowPathJumpList);

private:

    SnippetOperand m_leftOperand;

@@private:

    FPRReg m_rightFPR;

    GPRReg m_scratchGPR;

    FPRReg m_scratchFPR;

    ResultProfile* m_resultProfile;

    bool m_didEmitFastPath { false };

    CCallHelpers::JumpList m_endJumpList;

    CCallHelpers::JumpList m_slowPathJumpList;

76 ArithProfile* m_arithProfile;

};

} // namespace JSC

203461

Source/JavaScriptCore/jit/JITArithmetic.cpp

#if ENABLE(JIT)

#include "JIT.h"

31#include "ArithProfile.h"

#include "CodeBlock.h"

#include "JITAddGenerator.h"

#include "JITBitAndGenerator.h"

#include "JITDivGenerator.h"

#include "JITInlines.h"

#include "JITLeftShiftGenerator.h"

40#include "JITMathIC.h"

#include "JITMulGenerator.h"

#include "JITNegGenerator.h"

#include "JITOperations.h"

#include "JSFunction.h"

#include "Interpreter.h"

#include "JSCInlines.h"

50#include "LinkBuffer.h"

#include "ResultType.h"

#include "SlowPathCall.h"

51

namespace JSC {

void JIT::emit_op_jless(Instruction* currentInstruction)

@@void JIT::emitSlow_op_urshift(Instructio

    slowPathCall.call();

}

ALWAYS_INLINE static OperandTypes getOperandTypes(Instruction* instruction)

{

    return OperandTypes(ArithProfile::fromInt(instruction[4].u.operand).lhsResultType(), ArithProfile::fromInt(instruction[4].u.operand).rhsResultType());

}

void JIT::emit_op_add(Instruction* currentInstruction)

{

    int result = currentInstruction[1].u.operand;

    int op1 = currentInstruction[2].u.operand;

    int op2 = currentInstruction[3].u.operand;

683 OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);

684690

685691#if USE(JSVALUE64)

692 OperandTypes types = getOperandTypes(copiedInstruction(currentInstruction));

    JSValueRegs leftRegs = JSValueRegs(regT0);

    JSValueRegs rightRegs = JSValueRegs(regT1);

    JSValueRegs resultRegs = leftRegs;

    GPRReg scratchGPR = regT2;

    FPRReg scratchFPR = InvalidFPRReg;

#else

699 OperandTypes types = getOperandTypes(currentInstruction);

    JSValueRegs leftRegs = JSValueRegs(regT1, regT0);

    JSValueRegs rightRegs = JSValueRegs(regT3, regT2);

    JSValueRegs resultRegs = leftRegs;

@@void JIT::emit_op_add(Instruction* curre

    FPRReg scratchFPR = fpRegT2;

#endif

699 ~~Resul~~tProfile* ~~resul~~tProfile = nullptr;

707 ArithProfile* arithProfile = nullptr;

700708 if (shouldEmitProfiling())

701 ~~resul~~tProfile = m_codeBlock->~~ensureResul~~tProfile~~(m_by~~tec~~odeOffset~~);

709 arithProfile = &m_codeBlock->arithProfileForPC(currentInstruction);

    SnippetOperand leftOperand(types.first());

    SnippetOperand rightOperand(types.second());

@@void JIT::emit_op_add(Instruction* curre

    if (!rightOperand.isConst())

        emitGetVirtualRegister(op2, rightRegs);

718 JITAddGenerator gen(leftOperand, rightOperand, resultRegs, leftRegs, rightRegs,

719 fpRegT0, fpRegT1, scratchGPR, scratchFPR, resultProfile);

726 JITAddIC* addIC = m_codeBlock->addJITAddIC();

720727

721 gen.generateFastPath(*this);

728 m_instructionToJITAddIC.add(currentInstruction, addIC);

729 MathICGenerationState& addICGenerationState = m_instructionToJITAddICGenerationState.add(currentInstruction, MathICGenerationState()).iterator->value;

722730

    if (gen.didEmitFastPath()) {

        gen.endJumpList().link(this);

        emitPutVirtualRegister(result, resultRegs);

        addSlowCase(gen.slowPathJumpList());

    } else {

        ASSERT(gen.endJumpList().empty());

        ASSERT(gen.slowPathJumpList().empty());

        if (resultProfile) {

            if (leftOperand.isConst())

                emitGetVirtualRegister(op1, leftRegs);

            if (rightOperand.isConst())

                emitGetVirtualRegister(op2, rightRegs);

            callOperation(operationValueAddProfiled, resultRegs, leftRegs, rightRegs, resultProfile);

            emitPutVirtualRegister(result, resultRegs);

        } else {

            JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_add);

            slowPathCall.call();

        }

    }

    addIC->m_generator = JITAddGenerator(leftOperand, rightOperand, resultRegs, leftRegs, rightRegs, fpRegT0, fpRegT1, scratchGPR, scratchFPR, arithProfile);

    bool generatedInlineCode = addIC->generateInline(*this, addICGenerationState);

    if (!generatedInlineCode) {

        if (leftOperand.isConst())

            emitGetVirtualRegister(op1, leftRegs);

        else if (rightOperand.isConst())

            emitGetVirtualRegister(op2, rightRegs);

        if (arithProfile)

            callOperation(operationValueAddProfiled, resultRegs, leftRegs, rightRegs, arithProfile);

        else

            callOperation(operationValueAdd, resultRegs, leftRegs, rightRegs);

    } else

        addSlowCase(addICGenerationState.slowPathJumps);

    emitPutVirtualRegister(result, resultRegs);

}

void JIT::emitSlow_op_add(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)

{

    linkAllSlowCasesForBytecodeOffset(m_slowCases, iter, m_bytecodeOffset);

    MathICGenerationState& addICGenerationState = m_instructionToJITAddICGenerationState.find(currentInstruction)->value;

    addICGenerationState.slowPathStart = label();

    int result = currentInstruction[1].u.operand;

    int op1 = currentInstruction[2].u.operand;

    int op2 = currentInstruction[3].u.operand;

752 OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);

753759

754760#if USE(JSVALUE64)

761 OperandTypes types = getOperandTypes(copiedInstruction(currentInstruction));

    JSValueRegs leftRegs = JSValueRegs(regT0);

    JSValueRegs rightRegs = JSValueRegs(regT1);

    JSValueRegs resultRegs = leftRegs;

#else

766 OperandTypes types = getOperandTypes(currentInstruction);

    JSValueRegs leftRegs = JSValueRegs(regT1, regT0);

    JSValueRegs rightRegs = JSValueRegs(regT3, regT2);

    JSValueRegs resultRegs = leftRegs;

@@void JIT::emitSlow_op_add(Instruction* c

    else if (isOperandConstantInt(op2))

        rightOperand.setConstInt32(getOperandConstantInt(op2));

    if (leftOperand.isConst())

        emitGetVirtualRegister(op1, leftRegs);

    if (rightOperand.isConst())

        emitGetVirtualRegister(op2, rightRegs);

    JITAddIC* addIC = m_instructionToJITAddIC.get(currentInstruction);

772786 if (shouldEmitProfiling()) {

        if (leftOperand.isConst())

            emitGetVirtualRegister(op1, leftRegs);

        if (rightOperand.isConst())

            emitGetVirtualRegister(op2, rightRegs);

        ResultProfile* resultProfile = m_codeBlock->ensureResultProfile(m_bytecodeOffset);

        callOperation(operationValueAddProfiled, resultRegs, leftRegs, rightRegs, resultProfile);

        emitPutVirtualRegister(result, resultRegs);

    } else {

        JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_add);

        slowPathCall.call();

    }

        ArithProfile& arithProfile = m_codeBlock->arithProfileForPC(currentInstruction);

        if (addICGenerationState.shouldSlowPathRepatch)

            addICGenerationState.slowPathCall = callOperation(operationValueAddProfiledOptimize, resultRegs, leftRegs, rightRegs, &arithProfile, addIC);

        else

            addICGenerationState.slowPathCall = callOperation(operationValueAddProfiled, resultRegs, leftRegs, rightRegs, &arithProfile);

    } else

        addICGenerationState.slowPathCall = callOperation(operationValueAddOptimize, resultRegs, leftRegs, rightRegs, addIC);

    emitPutVirtualRegister(result, resultRegs);

    addLinkTask([=] (LinkBuffer& linkBuffer) {

        MathICGenerationState& addICGenerationState = m_instructionToJITAddICGenerationState.find(currentInstruction)->value;

        addIC->finalizeInlineCode(addICGenerationState, linkBuffer);

    });

}

void JIT::emit_op_div(Instruction* currentInstruction)

@@void JIT::emit_op_div(Instruction* curre

    int result = currentInstruction[1].u.operand;

    int op1 = currentInstruction[2].u.operand;

    int op2 = currentInstruction[3].u.operand;

791 OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);

792807

793808#if USE(JSVALUE64)

809 OperandTypes types = getOperandTypes(copiedInstruction(currentInstruction));

    JSValueRegs leftRegs = JSValueRegs(regT0);

    JSValueRegs rightRegs = JSValueRegs(regT1);

    JSValueRegs resultRegs = leftRegs;

    GPRReg scratchGPR = regT2;

#else

815 OperandTypes types = getOperandTypes(currentInstruction);

    JSValueRegs leftRegs = JSValueRegs(regT1, regT0);

    JSValueRegs rightRegs = JSValueRegs(regT3, regT2);

    JSValueRegs resultRegs = leftRegs;

@@void JIT::emit_op_div(Instruction* curre

#endif

    FPRReg scratchFPR = fpRegT2;

806 ~~Resul~~tProfile* ~~resul~~tProfile = nullptr;

823 ArithProfile* arithProfile = nullptr;

807824 if (shouldEmitProfiling())

808 ~~resul~~tProfile = m_codeBlock->~~ensureResul~~tProfile~~(m_by~~tec~~odeOffset~~);

825 arithProfile = &m_codeBlock->arithProfileForPC(currentInstruction);

    SnippetOperand leftOperand(types.first());

    SnippetOperand rightOperand(types.second());

@@void JIT::emit_op_div(Instruction* curre

        emitGetVirtualRegister(op2, rightRegs);

    JITDivGenerator gen(leftOperand, rightOperand, resultRegs, leftRegs, rightRegs,

834 fpRegT0, fpRegT1, scratchGPR, scratchFPR, ~~resul~~tProfile);

851 fpRegT0, fpRegT1, scratchGPR, scratchFPR, arithProfile);

    gen.generateFastPath(*this);

@@void JIT::emit_op_mul(Instruction* curre

    int result = currentInstruction[1].u.operand;

    int op1 = currentInstruction[2].u.operand;

    int op2 = currentInstruction[3].u.operand;

864 OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);

865881

866882#if USE(JSVALUE64)

883 OperandTypes types = getOperandTypes(copiedInstruction(currentInstruction));

    JSValueRegs leftRegs = JSValueRegs(regT0);

    JSValueRegs rightRegs = JSValueRegs(regT1);

    JSValueRegs resultRegs = JSValueRegs(regT2);

    GPRReg scratchGPR = regT3;

    FPRReg scratchFPR = InvalidFPRReg;

#else

890 OperandTypes types = getOperandTypes(currentInstruction);

    JSValueRegs leftRegs = JSValueRegs(regT1, regT0);

    JSValueRegs rightRegs = JSValueRegs(regT3, regT2);

    JSValueRegs resultRegs = leftRegs;

@@void JIT::emit_op_mul(Instruction* curre

    FPRReg scratchFPR = fpRegT2;

#endif

880 ~~Resul~~tProfile* ~~resul~~tProfile = nullptr;

898 ArithProfile* arithProfile = nullptr;

881899 if (shouldEmitProfiling())

882 ~~resul~~tProfile = m_codeBlock->~~ensureResul~~tProfile~~(m_by~~tec~~odeOffset~~);

900 arithProfile = &m_codeBlock->arithProfileForPC(currentInstruction);

    SnippetOperand leftOperand(types.first());

    SnippetOperand rightOperand(types.second());

@@void JIT::emit_op_mul(Instruction* curre

        emitGetVirtualRegister(op2, rightRegs);

    JITMulGenerator gen(leftOperand, rightOperand, resultRegs, leftRegs, rightRegs,

900 fpRegT0, fpRegT1, scratchGPR, scratchFPR, ~~resul~~tProfile);

918 fpRegT0, fpRegT1, scratchGPR, scratchFPR, arithProfile);

    gen.generateFastPath(*this);

@@void JIT::emit_op_mul(Instruction* curre

    } else {

        ASSERT(gen.endJumpList().empty());

        ASSERT(gen.slowPathJumpList().empty());

912 if (~~resul~~tProfile) {

930 if (arithProfile) {

            if (leftOperand.isPositiveConstInt32())

                emitGetVirtualRegister(op1, leftRegs);

            if (rightOperand.isPositiveConstInt32())

                emitGetVirtualRegister(op2, rightRegs);

917 callOperation(operationValueMulProfiled, resultRegs, leftRegs, rightRegs, ~~resul~~tProfile);

935 callOperation(operationValueMulProfiled, resultRegs, leftRegs, rightRegs, arithProfile);

            emitPutVirtualRegister(result, resultRegs);

        } else {

            JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_mul);

@@void JIT::emitSlow_op_mul(Instruction* c

    int result = currentInstruction[1].u.operand;

    int op1 = currentInstruction[2].u.operand;

    int op2 = currentInstruction[3].u.operand;

933 OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);

934951

935952#if USE(JSVALUE64)

953 OperandTypes types = getOperandTypes(copiedInstruction(currentInstruction));

    JSValueRegs leftRegs = JSValueRegs(regT0);

    JSValueRegs rightRegs = JSValueRegs(regT1);

    JSValueRegs resultRegs = leftRegs;

#else

958 OperandTypes types = getOperandTypes(currentInstruction);

    JSValueRegs leftRegs = JSValueRegs(regT1, regT0);

    JSValueRegs rightRegs = JSValueRegs(regT3, regT2);

    JSValueRegs resultRegs = leftRegs;

@@void JIT::emitSlow_op_mul(Instruction* c

            emitGetVirtualRegister(op1, leftRegs);

        if (rightOperand.isPositiveConstInt32())

            emitGetVirtualRegister(op2, rightRegs);

958 ~~Resul~~tProfile* ~~resul~~tProfile = m_codeBlock->~~ensureResul~~tProfile~~(m_by~~tec~~odeOffset~~);

959 callOperation(operationValueMulProfiled, resultRegs, leftRegs, rightRegs, ~~resul~~tProfile);

977 ArithProfile& arithProfile = m_codeBlock->arithProfileForPC(currentInstruction);

978 callOperation(operationValueMulProfiled, resultRegs, leftRegs, rightRegs, &arithProfile);

        emitPutVirtualRegister(result, resultRegs);

    } else {

        JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_mul);

@@void JIT::emit_op_sub(Instruction* curre

    int result = currentInstruction[1].u.operand;

    int op1 = currentInstruction[2].u.operand;

    int op2 = currentInstruction[3].u.operand;

972 OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);

973991

974992#if USE(JSVALUE64)

993 OperandTypes types = getOperandTypes(copiedInstruction(currentInstruction));

    JSValueRegs leftRegs = JSValueRegs(regT0);

    JSValueRegs rightRegs = JSValueRegs(regT1);

    JSValueRegs resultRegs = leftRegs;

    GPRReg scratchGPR = regT2;

    FPRReg scratchFPR = InvalidFPRReg;

#else

1000 OperandTypes types = getOperandTypes(currentInstruction);

    JSValueRegs leftRegs = JSValueRegs(regT1, regT0);

    JSValueRegs rightRegs = JSValueRegs(regT3, regT2);

    JSValueRegs resultRegs = leftRegs;

@@void JIT::emit_op_sub(Instruction* curre

    FPRReg scratchFPR = fpRegT2;

#endif

988 ~~Resul~~tProfile* ~~resul~~tProfile = nullptr;

1008 ArithProfile* arithProfile = nullptr;

9891009 if (shouldEmitProfiling())

990 ~~resul~~tProfile = m_codeBlock->~~ensureResul~~tProfile~~(m_by~~tec~~odeOffset~~);

1010 arithProfile = &m_codeBlock->arithProfileForPC(currentInstruction);

    SnippetOperand leftOperand(types.first());

    SnippetOperand rightOperand(types.second());

@@void JIT::emit_op_sub(Instruction* curre

    emitGetVirtualRegister(op2, rightRegs);

    JITSubGenerator gen(leftOperand, rightOperand, resultRegs, leftRegs, rightRegs,

999 fpRegT0, fpRegT1, scratchGPR, scratchFPR, ~~resul~~tProfile);

1019 fpRegT0, fpRegT1, scratchGPR, scratchFPR, arithProfile);

    gen.generateFastPath(*this);

@@void JIT::emitSlow_op_sub(Instruction* c

#endif

    if (shouldEmitProfiling()) {

1026 ~~Resul~~tProfile* ~~resul~~tProfile = m_codeBlock->~~ensureResul~~tProfile~~(m_by~~tec~~odeOffset~~);

1027 callOperation(operationValueSubProfiled, resultRegs, leftRegs, rightRegs, ~~resul~~tProfile);

1046 ArithProfile& arithProfile = m_codeBlock->arithProfileForPC(currentInstruction);

1047 callOperation(operationValueSubProfiled, resultRegs, leftRegs, rightRegs, &arithProfile);

        emitPutVirtualRegister(result, resultRegs);

    } else {

        JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_sub);

203461

Source/JavaScriptCore/jit/JITDivGenerator.cpp

#if ENABLE(JIT)

31#include "ArithProfile.h"

#include "JSCJSValueInlines.h"

#include "MathCommon.h"

@@void JITDivGenerator::generateFastPath(C

    }

    // Is the result actually an integer? The DFG JIT would really like to know. If it's

    // not an integer, we increment a count. If this together with the slow case counter

    // are below threshold then the DFG JIT will compile this division with a speculation

    // that the remainder is zero.

    // not an integer, we set a bit. If this together with the slow case counter are below

    // threshold then the DFG JIT will compile this division with a speculation that the

    // remainder is zero.

    // As well, there are cases where a double result here would cause an important field

    // in the heap to sometimes have doubles in it, resulting in double predictions getting

@@void JITDivGenerator::generateFastPath(C

    notDoubleZero.link(&jit);

#endif

131 if (m_~~resul~~tProfile)

132 jit.~~add~~32(CCallHelpers::TrustedImm32(1), CCallHelpers::AbsoluteAddress(m_~~resul~~tProfile->addressOf~~SpecialFastPathCount~~()));

132 if (m_arithProfile)

133 jit.or32(CCallHelpers::TrustedImm32(ArithProfile::specialFastPathBit), CCallHelpers::AbsoluteAddress(m_arithProfile->addressOfBits()));

    jit.boxDouble(m_leftFPR, m_result);

}

203461

Source/JavaScriptCore/jit/JITDivGenerator.h

@@public:

    JITDivGenerator(SnippetOperand leftOperand, SnippetOperand rightOperand,

        JSValueRegs result, JSValueRegs left, JSValueRegs right,

        FPRReg leftFPR, FPRReg rightFPR, GPRReg scratchGPR, FPRReg scratchFPR,

41 ~~Resul~~tProfile* ~~resul~~tProfile = nullptr)

41 ArithProfile* arithProfile = nullptr)

        : m_leftOperand(leftOperand)

        , m_rightOperand(rightOperand)

        , m_result(result)

@@public:

        , m_rightFPR(rightFPR)

        , m_scratchGPR(scratchGPR)

        , m_scratchFPR(scratchFPR)

51 , m_~~resul~~tProfile(~~resul~~tProfile)

51 , m_arithProfile(arithProfile)

    {

        ASSERT(!m_leftOperand.isConstInt32() || !m_rightOperand.isConstInt32());

    }

@@private:

    FPRReg m_rightFPR;

    GPRReg m_scratchGPR;

    FPRReg m_scratchFPR;

74 ~~Resul~~tProfile* m_~~resul~~tProfile;

74 ArithProfile* m_arithProfile;

    bool m_didEmitFastPath { false };

    CCallHelpers::JumpList m_endJumpList;

203461

Source/JavaScriptCore/jit/JITInlines.h

@@ALWAYS_INLINE MacroAssembler::Call JIT::

    return appendCallWithExceptionCheck(operation);

}

419 ~~inline~~ MacroAssembler::Call JIT::callOperation(J_JITOperation_EJJRp operation, JSValueRegs result, JSValueRegs arg1, JSValueRegs arg2~~, ResultProfile* resultProfile~~)

419ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJJ operation, JSValueRegs result, JSValueRegs arg1, JSValueRegs arg2)

420420{

421 setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(resultProfile));

    setupArgumentsWithExecState(arg1, arg2);

    Call call = appendCallWithExceptionCheck(operation);

    setupResults(result);

    return call;

}

ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJJArp operation, JSValueRegs result, JSValueRegs arg1, JSValueRegs arg2, ArithProfile* arithProfile)

{

    setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(arithProfile));

    Call call = appendCallWithExceptionCheck(operation);

    setupResults(result);

    return call;

}

ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJJArpJaic operation, JSValueRegs result, JSValueRegs arg1, JSValueRegs arg2, ArithProfile* arithProfile, JITAddIC* addIC)

{

    setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(arithProfile), TrustedImmPtr(addIC));

    Call call = appendCallWithExceptionCheck(operation);

    setupResults(result);

    return call;

}

ALWAYS_INLINE MacroAssembler::Call JIT::callOperation(J_JITOperation_EJJJaic operation, JSValueRegs result, JSValueRegs arg1, JSValueRegs arg2, JITAddIC* addIC)

{

    setupArgumentsWithExecState(arg1, arg2, TrustedImmPtr(addIC));

    Call call = appendCallWithExceptionCheck(operation);

    setupResults(result);

    return call;

203461

Source/JavaScriptCore/jit/JITMathIC.h

/*

 * Copyright (C) 2016 Apple Inc. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY

 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY

 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

 */

#pragma once

#if ENABLE(JIT)

#include "CCallHelpers.h"

#include "JITAddGenerator.h"

#include "JITMathICInlineResult.h"

#include "LinkBuffer.h"

#include "Repatch.h"

#include "SnippetOperand.h"

namespace JSC {

class LinkBuffer;

struct MathICGenerationState {

    MacroAssembler::Label fastPathStart;

    MacroAssembler::Label fastPathEnd;

    MacroAssembler::Label slowPathStart;

    MacroAssembler::Call slowPathCall;

    MacroAssembler::JumpList slowPathJumps;

    bool shouldSlowPathRepatch;

};

template <typename GeneratorType>

class JITMathIC {

public:

    CodeLocationLabel doneLocation() { return m_inlineStart.labelAtOffset(m_inlineSize); }

    CodeLocationLabel slowPathStartLocation() { return m_inlineStart.labelAtOffset(m_deltaFromStartToSlowPathStart); }

    CodeLocationCall slowPathCallLocation() { return m_inlineStart.callAtOffset(m_deltaFromStartToSlowPathCallLocation); }

    bool generateInline(CCallHelpers& jit, MathICGenerationState& state)

    {

        state.fastPathStart = jit.label();

        JITMathICInlineResult result = m_generator.generateInline(jit, state);

        switch (result) {

        case JITMathICInlineResult::GeneratedFastPath: {

            state.shouldSlowPathRepatch = true;

            state.fastPathEnd = jit.label();

            return true;

        }

        case JITMathICInlineResult::GenerateFullSnippet: {

            MacroAssembler::JumpList endJumpList;

            bool result = m_generator.generateFastPath(jit, endJumpList, state.slowPathJumps);

            if (result) {

                state.fastPathEnd = jit.label();

                state.shouldSlowPathRepatch = false;

                endJumpList.link(&jit);

                return true;

            }

            return false;

        }

        case JITMathICInlineResult::DontGenerate: {

            return false;

        }

        default:

            ASSERT_NOT_REACHED();

        }

        return false;

    }

    void generateOutOfLine(VM& vm, CodeBlock* codeBlock, FunctionPtr callReplacement)

    {

        // We rewire to the alternate regardless of whether or not we can allocate the out of line path

        // because if we fail allocating the out of line path, we don't want to waist time trying to

        // allocate it in the future.

        ftlThunkAwareRepatchCall(codeBlock, slowPathCallLocation(), callReplacement);

        {

            CCallHelpers jit(&vm, codeBlock);

            MacroAssembler::JumpList endJumpList; 

            MacroAssembler::JumpList slowPathJumpList; 

            bool emittedFastPath = m_generator.generateFastPath(jit, endJumpList, slowPathJumpList);

            if (!emittedFastPath)

                return;

            endJumpList.append(jit.jump());

            LinkBuffer linkBuffer(vm, jit, codeBlock, JITCompilationCanFail);

            if (linkBuffer.didFailToAllocate())

                return;

            linkBuffer.link(endJumpList, doneLocation());

            linkBuffer.link(slowPathJumpList, slowPathStartLocation());

            m_code = FINALIZE_CODE_FOR(

                codeBlock, linkBuffer, ("JITMathIC: generating out of line IC snippet"));

        }

        {

            CCallHelpers jit(&vm, codeBlock);

            auto jump = jit.jump();

            // We don't need a nop sled here because nobody should be jumping into the middle of an IC.

            bool needsBranchCompaction = false;

            LinkBuffer linkBuffer(jit, m_inlineStart.dataLocation(), jit.m_assembler.buffer().codeSize(), JITCompilationMustSucceed, needsBranchCompaction);

            RELEASE_ASSERT(linkBuffer.isValid());

            linkBuffer.link(jump, CodeLocationLabel(m_code.code().executableAddress()));

            FINALIZE_CODE(linkBuffer, ("JITMathIC: linking constant jump to out of line stub"));

        }

    }

    void finalizeInlineCode(const MathICGenerationState& state, LinkBuffer& linkBuffer)

    {

        CodeLocationLabel start = linkBuffer.locationOf(state.fastPathStart);

        m_inlineStart = start;

        m_inlineSize = MacroAssembler::differenceBetweenCodePtr(

            start, linkBuffer.locationOf(state.fastPathEnd));

        ASSERT(m_inlineSize > 0);

        m_deltaFromStartToSlowPathCallLocation = MacroAssembler::differenceBetweenCodePtr(

            start, linkBuffer.locationOf(state.slowPathCall));

        m_deltaFromStartToSlowPathStart = MacroAssembler::differenceBetweenCodePtr(

            start, linkBuffer.locationOf(state.slowPathStart));

    }

    MacroAssemblerCodeRef m_code;

    CodeLocationLabel m_inlineStart;

    int32_t m_inlineSize;

    int32_t m_deltaFromStartToSlowPathCallLocation;

    int32_t m_deltaFromStartToSlowPathStart;

    GeneratorType m_generator;

};

typedef JITMathIC<JITAddGenerator> JITAddIC;

} // namespace JSC

#endif // ENABLE(JIT)

nonexistent

Source/JavaScriptCore/jit/JITMathICForwards.h

/*

 * Copyright (C) 2016 Apple Inc. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY

 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY

 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

 */

#pragma once

#if ENABLE(JIT)

namespace JSC {

template <typename Generator> class JITMathIC;

class JITAddGenerator;

typedef JITMathIC<JITAddGenerator> JITAddIC;

} // namespace JSC

#endif // ENABLE(JIT)

nonexistent

Source/JavaScriptCore/jit/JITMathICInlineResult.h

/*

 * Copyright (C) 2016 Apple Inc. All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 * are met:

 * 1. Redistributions of source code must retain the above copyright

 *    notice, this list of conditions and the following disclaimer.

 * 2. Redistributions in binary form must reproduce the above copyright

 *    notice, this list of conditions and the following disclaimer in the

 *    documentation and/or other materials provided with the distribution.

 *

 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY

 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE INC. OR

 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,

 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR

 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY

 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

 */

#pragma once

#if ENABLE(JIT)

namespace JSC {

enum class JITMathICInlineResult {

    GeneratedFastPath,

    GenerateFullSnippet,

    DontGenerate

};

} // namespace JSC

#endif // ENABLE(JIT)

nonexistent

Source/JavaScriptCore/jit/JITMulGenerator.cpp

#if ENABLE(JIT)

31#include "ArithProfile.h"

32

namespace JSC {

void JITMulGenerator::generateFastPath(CCallHelpers& jit)

@@void JITMulGenerator::generateFastPath(C

    // Do doubleVar * doubleVar.

    jit.mulDouble(m_rightFPR, m_leftFPR);

140 if (!m_~~resul~~tProfile)

142 if (!m_arithProfile)

        jit.boxDouble(m_leftFPR, m_result);

    else {

        // The Int52 overflow check below intentionally omits 1ll << 51 as a valid negative Int52 value.

@@void JITMulGenerator::generateFastPath(C

        jit.moveDoubleTo64(m_leftFPR, m_result.payloadGPR());

        CCallHelpers::Jump notNegativeZero = jit.branch64(CCallHelpers::NotEqual, m_result.payloadGPR(), CCallHelpers::TrustedImm64(negativeZeroBits));

152 jit.or32(CCallHelpers::TrustedImm32(~~Resul~~tProfile::NegZeroDouble), CCallHelpers::AbsoluteAddress(m_~~resul~~tProfile->addressOf~~Flag~~s()));

154 jit.or32(CCallHelpers::TrustedImm32(ArithProfile::NegZeroDouble), CCallHelpers::AbsoluteAddress(m_arithProfile->addressOfBits()));

        CCallHelpers::Jump done = jit.jump();

        notNegativeZero.link(&jit);

156 jit.or32(CCallHelpers::TrustedImm32(~~Resul~~tProfile::NonNegZeroDouble), CCallHelpers::AbsoluteAddress(m_~~resul~~tProfile->addressOf~~Flag~~s()));

158 jit.or32(CCallHelpers::TrustedImm32(ArithProfile::NonNegZeroDouble), CCallHelpers::AbsoluteAddress(m_arithProfile->addressOfBits()));

        jit.move(m_result.payloadGPR(), m_scratchGPR);

        jit.urshiftPtr(CCallHelpers::Imm32(52), m_scratchGPR);

        jit.and32(CCallHelpers::Imm32(0x7ff), m_scratchGPR);

        CCallHelpers::Jump noInt52Overflow = jit.branch32(CCallHelpers::LessThanOrEqual, m_scratchGPR, CCallHelpers::TrustedImm32(0x431));

163 jit.or32(CCallHelpers::TrustedImm32(~~Resul~~tProfile::Int52Overflow), CCallHelpers::AbsoluteAddress(m_~~resul~~tProfile->addressOf~~Flag~~s()));

165 jit.or32(CCallHelpers::TrustedImm32(ArithProfile::Int52Overflow), CCallHelpers::AbsoluteAddress(m_arithProfile->addressOfBits()));

        noInt52Overflow.link(&jit);

        done.link(&jit);

@@void JITMulGenerator::generateFastPath(C

        notNegativeZero.append(jit.branch32(CCallHelpers::NotEqual, m_result.payloadGPR(), CCallHelpers::TrustedImm32(0)));

        notNegativeZero.append(jit.branch32(CCallHelpers::NotEqual, m_result.tagGPR(), CCallHelpers::TrustedImm32(negativeZeroBits >> 32)));

174 jit.or32(CCallHelpers::TrustedImm32(~~Resul~~tProfile::NegZeroDouble), CCallHelpers::AbsoluteAddress(m_~~resul~~tProfile->addressOf~~Flag~~s()));

176 jit.or32(CCallHelpers::TrustedImm32(ArithProfile::NegZeroDouble), CCallHelpers::AbsoluteAddress(m_arithProfile->addressOfBits()));

        CCallHelpers::Jump done = jit.jump();

        notNegativeZero.link(&jit);

178 jit.or32(CCallHelpers::TrustedImm32(~~Resul~~tProfile::NonNegZeroDouble), CCallHelpers::AbsoluteAddress(m_~~resul~~tProfile->addressOf~~Flag~~s()));

180 jit.or32(CCallHelpers::TrustedImm32(ArithProfile::NonNegZeroDouble), CCallHelpers::AbsoluteAddress(m_arithProfile->addressOfBits()));

        jit.move(m_result.tagGPR(), m_scratchGPR);

        jit.urshiftPtr(CCallHelpers::Imm32(52 - 32), m_scratchGPR);

        jit.and32(CCallHelpers::Imm32(0x7ff), m_scratchGPR);

        CCallHelpers::Jump noInt52Overflow = jit.branch32(CCallHelpers::LessThanOrEqual, m_scratchGPR, CCallHelpers::TrustedImm32(0x431));

185 jit.or32(CCallHelpers::TrustedImm32(~~Resul~~tProfile::Int52Overflow), CCallHelpers::AbsoluteAddress(m_~~resul~~tProfile->addressOf~~Flag~~s()));

187 jit.or32(CCallHelpers::TrustedImm32(ArithProfile::Int52Overflow), CCallHelpers::AbsoluteAddress(m_arithProfile->addressOfBits()));

        m_endJumpList.append(noInt52Overflow);

        if (m_scratchGPR == m_result.tagGPR() || m_scratchGPR == m_result.payloadGPR())

203461

Source/JavaScriptCore/jit/JITMulGenerator.h

@@public:

    JITMulGenerator(SnippetOperand leftOperand, SnippetOperand rightOperand,

        JSValueRegs result, JSValueRegs left, JSValueRegs right,

        FPRReg leftFPR, FPRReg rightFPR, GPRReg scratchGPR, FPRReg scratchFPR,

41 ~~Resul~~tProfile* ~~resul~~tProfile = nullptr)

41 ArithProfile* arithProfile = nullptr)

        : m_leftOperand(leftOperand)

        , m_rightOperand(rightOperand)

        , m_result(result)

@@public:

        , m_rightFPR(rightFPR)

        , m_scratchGPR(scratchGPR)

        , m_scratchFPR(scratchFPR)

51 , m_~~resul~~tProfile(~~resul~~tProfile)

51 , m_arithProfile(arithProfile)

    {

        ASSERT(!m_leftOperand.isPositiveConstInt32() || !m_rightOperand.isPositiveConstInt32());

    }

@@private:

    FPRReg m_rightFPR;

    GPRReg m_scratchGPR;

    FPRReg m_scratchFPR;

72 ~~Resul~~tProfile* m_~~resul~~tProfile;

72 ArithProfile* m_arithProfile;

    bool m_didEmitFastPath { false };

    CCallHelpers::JumpList m_endJumpList;

203461

Source/JavaScriptCore/jit/JITOperations.cpp

#if ENABLE(JIT)

31#include "ArithProfile.h"

#include "ArrayConstructor.h"

#include "CommonSlowPaths.h"

#include "DFGCompilationMode.h"

@@JSCell* JIT_OPERATION operationToIndexSt

    return jsString(exec, Identifier::from(exec, index).string());

}

ALWAYS_INLINE static EncodedJSValue unprofiledAdd(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)

{

    VM* vm = &exec->vm();

    NativeCallFrameTracer tracer(vm, exec);

    JSValue op1 = JSValue::decode(encodedOp1);

    JSValue op2 = JSValue::decode(encodedOp2);

    return JSValue::encode(jsAdd(exec, op1, op2));

}

ALWAYS_INLINE static EncodedJSValue profiledAdd(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile* arithProfile)

{

    VM* vm = &exec->vm();

    NativeCallFrameTracer tracer(vm, exec);

    JSValue op1 = JSValue::decode(encodedOp1);

    JSValue op2 = JSValue::decode(encodedOp2);

    ASSERT(arithProfile);

    arithProfile->observeLHSAndRHS(op1, op2);

    JSValue result = jsAdd(exec, op1, op2);

    arithProfile->detectNumericness(result);

    return JSValue::encode(result);

}

22502279EncodedJSValue JIT_OPERATION operationValueAdd(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)

22512280{

    return unprofiledAdd(exec, encodedOp1, encodedOp2);

}

EncodedJSValue JIT_OPERATION operationValueAddNotProfiledNotOptimize(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile*, JITAddIC*)

{

    return unprofiledAdd(exec, encodedOp1, encodedOp2);

}

EncodedJSValue JIT_OPERATION operationValueAddProfiled(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile* arithProfile)

{

    return profiledAdd(exec, encodedOp1, encodedOp2, arithProfile);

}

EncodedJSValue JIT_OPERATION operationValueAddProfiledOptimize(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile* arithProfile, JITAddIC* addIC)

{

    VM* vm = &exec->vm();

    NativeCallFrameTracer tracer(vm, exec);

    JSValue op1 = JSValue::decode(encodedOp1);

    JSValue op2 = JSValue::decode(encodedOp2);

    ASSERT(arithProfile);

    arithProfile->observeLHSAndRHS(op1, op2);

    auto nonOptimizeVariant = operationValueAddProfiledNonOptimize;

    addIC->generateOutOfLine(*vm, exec->codeBlock(), nonOptimizeVariant);

22572306

    JSValue result = jsAdd(exec, op1, op2);

    arithProfile->detectNumericness(result);

    return JSValue::encode(result);

}

EncodedJSValue JIT_OPERATION operationValueAddProfiledNonOptimize(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile* arithProfile, JITAddIC*)

{

    return profiledAdd(exec, encodedOp1, encodedOp2, arithProfile);

}

EncodedJSValue JIT_OPERATION operationValueAddOptimize(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, JITAddIC* addIC)

{

    VM* vm = &exec->vm();

    NativeCallFrameTracer tracer(vm, exec);

    auto nonOptimizeVariant = operationValueAddNonOptimize;

    addIC->generateOutOfLine(*vm, exec->codeBlock(), nonOptimizeVariant);

    JSValue op1 = JSValue::decode(encodedOp1);

    JSValue op2 = JSValue::decode(encodedOp2);

    return JSValue::encode(jsAdd(exec, op1, op2));

}

2261 EncodedJSValue JIT_OPERATION operationValueAddProfiled(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ~~ResultProfile~~* resultProfile)

2331EncodedJSValue JIT_OPERATION operationValueAddNonOptimize(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, JITAddIC*)

{

    VM* vm = &exec->vm();

    NativeCallFrameTracer tracer(vm, exec);

@@EncodedJSValue JIT_OPERATION operationVa

    JSValue op2 = JSValue::decode(encodedOp2);

    JSValue result = jsAdd(exec, op1, op2);

2270 ~~resultProfile->detectNumericness(result);~~

2340

    return JSValue::encode(result);

}

@@EncodedJSValue JIT_OPERATION operationVa

    return JSValue::encode(jsNumber(a * b));

}

2287 EncodedJSValue JIT_OPERATION operationValueMulProfiled(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ~~Resul~~tProfile* ~~resul~~tProfile)

2357EncodedJSValue JIT_OPERATION operationValueMulProfiled(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile* arithProfile)

{

    VM* vm = &exec->vm();

    NativeCallFrameTracer tracer(vm, exec);

@@EncodedJSValue JIT_OPERATION operationVa

    double b = op2.toNumber(exec);

    JSValue result = jsNumber(a * b);

2299 ~~resul~~tProfile->detectNumericness(result);

2369 arithProfile->detectNumericness(result);

    return JSValue::encode(result);

}

@@EncodedJSValue JIT_OPERATION operationVa

    return JSValue::encode(jsNumber(a - b));

}

2316 EncodedJSValue JIT_OPERATION operationValueSubProfiled(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ~~Resul~~tProfile* ~~resul~~tProfile)

2386EncodedJSValue JIT_OPERATION operationValueSubProfiled(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile* arithProfile)

{

    VM* vm = &exec->vm();

    NativeCallFrameTracer tracer(vm, exec);

@@EncodedJSValue JIT_OPERATION operationVa

    double b = op2.toNumber(exec);

    JSValue result = jsNumber(a - b);

2328 ~~resul~~tProfile->detectNumericness(result);

2398 arithProfile->detectNumericness(result);

    return JSValue::encode(result);

}

203461

Source/JavaScriptCore/jit/JITOperations.h

#if ENABLE(JIT)

31#include "JITMathICForwards.h"

#include "MacroAssemblerCodeRef.h"

#include "PropertyOffset.h"

#include "SlowPathReturnType.h"

@@class ArrayProfile;

class CallLinkInfo;

class CodeBlock;

class ExecState;

46class JITAddGenerator;

class JSArray;

class JSFunction;

class JSLexicalEnvironment;

@@class WatchpointSet;

struct ByValInfo;

struct InlineCallFrame;

57 struct ~~Resul~~tProfile;

59struct ArithProfile;

typedef ExecState CallFrame;

@@typedef char* UnusedPtr;

    A: JSArray*

    Aap: ArrayAllocationProfile*

    Ap: ArrayProfile*

74 Arp: ArithProfile*

    By: ByValInfo*

    C: JSCell*

    Cb: CodeBlock*

@@typedef char* UnusedPtr;

    Icf: InlineCallFrame*

    Idc: const Identifier*

    J: EncodedJSValue

87 Jaic: JITAddIC*

    Jcp: const JSValue*

    Jsc: JSScope*

    Jsf: JSFunction*

@@typedef char* UnusedPtr;

    Q: int64_t

    R: Register

    Reo: RegExpObject*

95 Rp: ResultProfile*

    S: size_t

    Sprt: SlowPathReturnType

    Ssi: StructureStubInfo*

@@typedef EncodedJSValue (JIT_OPERATION *J

typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJJAp)(ExecState*, EncodedJSValue, EncodedJSValue, ArrayProfile*);

typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJJBy)(ExecState*, EncodedJSValue, EncodedJSValue, ByValInfo*);

typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJJJ)(ExecState*, EncodedJSValue, EncodedJSValue, EncodedJSValue);

136 typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJJRp)(ExecState*, EncodedJSValue, EncodedJSValue, ResultProfile*);

typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJJArp)(ExecState*, EncodedJSValue, EncodedJSValue, ArithProfile*);

typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJJArpJaic)(ExecState*, EncodedJSValue, EncodedJSValue, ArithProfile*, JITAddIC*);

typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJJJaic)(ExecState*, EncodedJSValue, EncodedJSValue, JITAddIC*);

typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJssZ)(ExecState*, JSString*, int32_t);

typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJssReo)(ExecState*, JSString*, RegExpObject*);

typedef EncodedJSValue (JIT_OPERATION *J_JITOperation_EJssReoJss)(ExecState*, JSString*, RegExpObject*, JSString*);

@@EncodedJSValue JIT_OPERATION operationNe

JSCell* JIT_OPERATION operationToIndexString(ExecState*, int32_t);

EncodedJSValue JIT_OPERATION operationValueAdd(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;

411 EncodedJSValue JIT_OPERATION operationValueAddProfiled(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ResultProfile*) WTF_INTERNAL;

EncodedJSValue JIT_OPERATION operationValueAddNotProfiledNotOptimize(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile*, JITAddIC*) WTF_INTERNAL;

EncodedJSValue JIT_OPERATION operationValueAddProfiled(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile*) WTF_INTERNAL;

EncodedJSValue JIT_OPERATION operationValueAddProfiledOptimize(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile*, JITAddIC*) WTF_INTERNAL;

EncodedJSValue JIT_OPERATION operationValueAddProfiledNonOptimize(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile*, JITAddIC*) WTF_INTERNAL;

EncodedJSValue JIT_OPERATION operationValueAddOptimize(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, JITAddIC*) WTF_INTERNAL;

EncodedJSValue JIT_OPERATION operationValueAddNonOptimize(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, JITAddIC*) WTF_INTERNAL;

412422EncodedJSValue JIT_OPERATION operationValueMul(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;

413 EncodedJSValue JIT_OPERATION operationValueMulProfiled(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ~~Resul~~tProfile*) WTF_INTERNAL;

423EncodedJSValue JIT_OPERATION operationValueMulProfiled(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile*) WTF_INTERNAL;

414424EncodedJSValue JIT_OPERATION operationValueSub(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;

415 EncodedJSValue JIT_OPERATION operationValueSubProfiled(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ~~Resul~~tProfile*) WTF_INTERNAL;

425EncodedJSValue JIT_OPERATION operationValueSubProfiled(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, ArithProfile*) WTF_INTERNAL;

void JIT_OPERATION operationProcessTypeProfilerLog(ExecState*) WTF_INTERNAL;

void JIT_OPERATION operationProcessShadowChickenLog(ExecState*) WTF_INTERNAL;

203461

Source/JavaScriptCore/jit/JITSubGenerator.cpp

#include "config.h"

#include "JITSubGenerator.h"

29#include "ArithProfile.h"

30

#if ENABLE(JIT)

namespace JSC {

@@void JITSubGenerator::generateFastPath(C

    rightWasInteger.link(&jit);

    jit.subDouble(m_rightFPR, m_leftFPR);

86 if (m_~~resul~~tProfile)

87 m_~~resul~~tProfile->emitSetDouble(jit);

88 if (m_arithProfile)

89 m_arithProfile->emitSetDouble(jit);

    jit.boxDouble(m_leftFPR, m_result);

}

203461

Source/JavaScriptCore/jit/JITSubGenerator.h

@@public:

    JITSubGenerator(SnippetOperand leftOperand, SnippetOperand rightOperand,

        JSValueRegs result, JSValueRegs left, JSValueRegs right,

        FPRReg leftFPR, FPRReg rightFPR, GPRReg scratchGPR, FPRReg scratchFPR,

41 ~~Resul~~tProfile* ~~resul~~tProfile = nullptr)

41 ArithProfile* arithProfile = nullptr)

        : m_leftOperand(leftOperand)

        , m_rightOperand(rightOperand)

        , m_result(result)

@@public:

        , m_rightFPR(rightFPR)

        , m_scratchGPR(scratchGPR)

        , m_scratchFPR(scratchFPR)

51 , m_~~resul~~tProfile(~~resul~~tProfile)

51 , m_arithProfile(arithProfile)

    { }

    void generateFastPath(CCallHelpers&);

@@private:

    FPRReg m_rightFPR;

    GPRReg m_scratchGPR;

    FPRReg m_scratchFPR;

70 ~~Resul~~tProfile* m_~~resul~~tProfile;

70 ArithProfile* m_arithProfile;

    bool m_didEmitFastPath { false };

    CCallHelpers::JumpList m_endJumpList;

203461

Source/JavaScriptCore/jit/Repatch.cpp

@@static FunctionPtr readCallTarget(CodeBl

    return result;

}

75 ~~static~~ void repatchCall(CodeBlock* codeBlock, CodeLocationCall call, FunctionPtr newCalleeFunction)

75void ftlThunkAwareRepatchCall(CodeBlock* codeBlock, CodeLocationCall call, FunctionPtr newCalleeFunction)

{

#if ENABLE(FTL_JIT)

    if (codeBlock->jitType() == JITCode::FTLJIT) {

@@static InlineCacheAction tryCacheGetByID

                bool generatedCodeInline = InlineAccess::generateArrayLength(*codeBlock->vm(), stubInfo, jsCast<JSArray*>(baseValue));

                if (generatedCodeInline) {

170 repatchCall(codeBlock, stubInfo.slowPathCallLocation(), appropriateOptimizingGetByIdFunction(kind));

170 ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), appropriateOptimizingGetByIdFunction(kind));

                    stubInfo.initArrayLength();

                    return RetryCacheLater;

                }

@@static InlineCacheAction tryCacheGetByID

            if (generatedCodeInline) {

                LOG_IC((ICEvent::GetByIdSelfPatch, structure->classInfo(), propertyName));

                structure->startWatchingPropertyForReplacements(vm, slot.cachedOffset());

223 repatchCall(codeBlock, stubInfo.slowPathCallLocation(), appropriateOptimizingGetByIdFunction(kind));

223 ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), appropriateOptimizingGetByIdFunction(kind));

                stubInfo.initGetByIdSelf(codeBlock, structure, slot.cachedOffset());

                return RetryCacheLater;

            }

@@void repatchGetByID(ExecState* exec, JSV

    GCSafeConcurrentJITLocker locker(exec->codeBlock()->m_lock, exec->vm().heap);

    if (tryCacheGetByID(exec, baseValue, propertyName, slot, stubInfo, kind) == GiveUpOnCache)

317 repatchCall(exec->codeBlock(), stubInfo.slowPathCallLocation(), appropriateGenericGetByIdFunction(kind));

317 ftlThunkAwareRepatchCall(exec->codeBlock(), stubInfo.slowPathCallLocation(), appropriateGenericGetByIdFunction(kind));

}

static V_JITOperation_ESsiJJI appropriateGenericPutByIdFunction(const PutPropertySlot &slot, PutKind putKind)

@@static InlineCacheAction tryCachePutByID

                bool generatedCodeInline = InlineAccess::generateSelfPropertyReplace(vm, stubInfo, structure, slot.cachedOffset());

                if (generatedCodeInline) {

                    LOG_IC((ICEvent::PutByIdSelfPatch, structure->classInfo(), ident));

375 repatchCall(codeBlock, stubInfo.slowPathCallLocation(), appropriateOptimizingPutByIdFunction(slot, putKind));

375 ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), appropriateOptimizingPutByIdFunction(slot, putKind));

                    stubInfo.initPutByIdReplace(codeBlock, structure, slot.cachedOffset());

                    return RetryCacheLater;

                }

@@void repatchPutByID(ExecState* exec, JSV

    GCSafeConcurrentJITLocker locker(exec->codeBlock()->m_lock, exec->vm().heap);

    if (tryCachePutByID(exec, baseValue, structure, propertyName, slot, stubInfo, putKind) == GiveUpOnCache)

471 repatchCall(exec->codeBlock(), stubInfo.slowPathCallLocation(), appropriateGenericPutByIdFunction(slot, putKind));

471 ftlThunkAwareRepatchCall(exec->codeBlock(), stubInfo.slowPathCallLocation(), appropriateGenericPutByIdFunction(slot, putKind));

}

static InlineCacheAction tryRepatchIn(

@@void repatchIn(

{

    SuperSamplerScope superSamplerScope(false);

    if (tryRepatchIn(exec, base, ident, wasFound, slot, stubInfo) == GiveUpOnCache)

532 repatchCall(exec->codeBlock(), stubInfo.slowPathCallLocation(), operationIn);

532 ftlThunkAwareRepatchCall(exec->codeBlock(), stubInfo.slowPathCallLocation(), operationIn);

}

static void linkSlowFor(VM*, CallLinkInfo& callLinkInfo, MacroAssemblerCodeRef codeRef)

@@void linkPolymorphicCall(

void resetGetByID(CodeBlock* codeBlock, StructureStubInfo& stubInfo, GetByIDKind kind)

{

904 repatchCall(codeBlock, stubInfo.slowPathCallLocation(), appropriateOptimizingGetByIdFunction(kind));

904 ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), appropriateOptimizingGetByIdFunction(kind));

    InlineAccess::rewireStubAsJump(*codeBlock->vm(), stubInfo, stubInfo.slowPathStartLocation());

}

@@void resetPutByID(CodeBlock* codeBlock,

        optimizedFunction = operationPutByIdDirectNonStrictOptimize;

    }

923 repatchCall(codeBlock, stubInfo.slowPathCallLocation(), optimizedFunction);

923 ftlThunkAwareRepatchCall(codeBlock, stubInfo.slowPathCallLocation(), optimizedFunction);

    InlineAccess::rewireStubAsJump(*codeBlock->vm(), stubInfo, stubInfo.slowPathStartLocation());

}

203461

Source/JavaScriptCore/jit/Repatch.h

@@void linkPolymorphicCall(ExecState*, Cal

void resetGetByID(CodeBlock*, StructureStubInfo&, GetByIDKind);

void resetPutByID(CodeBlock*, StructureStubInfo&);

void resetIn(CodeBlock*, StructureStubInfo&);

57void ftlThunkAwareRepatchCall(CodeBlock*, CodeLocationCall, FunctionPtr newCalleeFunction);

} // namespace JSC

203461

Source/JavaScriptCore/llint/LLIntData.cpp

#include "config.h"

#include "LLIntData.h"

29#include "ArithProfile.h"

#include "BytecodeConventions.h"

#include "CodeBlock.h"

#include "CodeType.h"

@@void Data::performAssertions(VM& vm)

#endif

    ASSERT(StringImpl::s_hashFlag8BitBuffer == 8);

    {

        uint32_t bits = 0x120000;

        UNUSED_PARAM(bits);

        ArithProfile arithProfile;

        arithProfile.lhsSawInt32();

        arithProfile.rhsSawInt32();

        ASSERT(arithProfile.bits() == bits);

        ASSERT(ArithProfile::fromInt(bits).lhsObservedType().isOnlyInt32());

        ASSERT(ArithProfile::fromInt(bits).rhsObservedType().isOnlyInt32());

    }

    {

        uint32_t bits = 0x220000;

        UNUSED_PARAM(bits);

        ArithProfile arithProfile;

        arithProfile.lhsSawNumber();

        arithProfile.rhsSawInt32();

        ASSERT(arithProfile.bits() == bits);

        ASSERT(ArithProfile::fromInt(bits).lhsObservedType().isOnlyNumber());

        ASSERT(ArithProfile::fromInt(bits).rhsObservedType().isOnlyInt32());

    }

    {

        uint32_t bits = 0x240000;

        UNUSED_PARAM(bits);

        ArithProfile arithProfile;

        arithProfile.lhsSawNumber();

        arithProfile.rhsSawNumber();

        ASSERT(arithProfile.bits() == bits);

        ASSERT(ArithProfile::fromInt(bits).lhsObservedType().isOnlyNumber());

        ASSERT(ArithProfile::fromInt(bits).rhsObservedType().isOnlyNumber());

    }

    {

        uint32_t bits = 0x140000;

        UNUSED_PARAM(bits);

        ArithProfile arithProfile;

        arithProfile.lhsSawInt32();

        arithProfile.rhsSawNumber();

        ASSERT(arithProfile.bits() == bits);

        ASSERT(ArithProfile::fromInt(bits).lhsObservedType().isOnlyInt32());

        ASSERT(ArithProfile::fromInt(bits).rhsObservedType().isOnlyNumber());

    }

}

#if COMPILER(CLANG)

#pragma clang diagnostic pop

203461

Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@macro binaryOpCustomStore(integerOperati

    loadConstantOrVariable2Reg(t0, t2, t0)

    bineq t2, Int32Tag, .op1NotInt

    bineq t3, Int32Tag, .op2NotInt

    loadisFromInstruction(4, t5)

    ori ArithProfileIntInt, t5

    storeisToInstruction(t5, 4)

    loadi 4[PC], t2

    integerOperationAndStore(t3, t1, t0, .slow, t2)

    dispatch(5)

@@macro binaryOpCustomStore(integerOperati

    bia t2, LowestTag, .slow

    bib t3, LowestTag, .op1NotIntOp2Double

    bineq t3, Int32Tag, .slow

    loadisFromInstruction(4, t5)

    ori ArithProfileNumberInt, t5

    storeisToInstruction(t5, 4)

    ci2d t1, ft1

    jmp .op1NotIntReady

.op1NotIntOp2Double:

    fii2d t1, t3, ft1

    loadisFromInstruction(4, t5)

    ori ArithProfileNumberNumber, t5

    storeisToInstruction(t5, 4)

.op1NotIntReady:

    loadi 4[PC], t1

    fii2d t0, t2, ft0

@@macro binaryOpCustomStore(integerOperati

    # First operand is definitely an int, the second operand is definitely not.

    loadi 4[PC], t2

    bia t3, LowestTag, .slow

    loadisFromInstruction(4, t5)

    ori ArithProfileIntNumber, t5

    storeisToInstruction(t5, 4)

    ci2d t0, ft0

    fii2d t1, t3, ft1

    doubleOperation(ft1, ft0)

203461

Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@macro binaryOpCustomStore(integerOperati

    bqb t1, tagTypeNumber, .op2NotInt

    loadisFromInstruction(1, t2)

    integerOperationAndStore(t1, t0, .slow, t2)

    loadisFromInstruction(4, t1)

    ori ArithProfileIntInt, t1

    storeisToInstruction(t1, 4)

    dispatch(5)

.op1NotInt:

@@macro binaryOpCustomStore(integerOperati

    btqz t1, tagTypeNumber, .slow

    addq tagTypeNumber, t1

    fq2d t1, ft1

    loadisFromInstruction(4, t2)

    ori ArithProfileNumberNumber, t2

    storeisToInstruction(t2, 4)

905911 jmp .op1NotIntReady

906912.op1NotIntOp2Int:

    loadisFromInstruction(4, t2)

    ori ArithProfileNumberInt, t2

    storeisToInstruction(t2, 4)

    ci2d t1, ft1

.op1NotIntReady:

    loadisFromInstruction(1, t2)

@@macro binaryOpCustomStore(integerOperati

    # First operand is definitely an int, the second is definitely not.

    loadisFromInstruction(1, t2)

    btqz t1, tagTypeNumber, .slow

    loadisFromInstruction(4, t3)

    ori ArithProfileIntNumber, t3

    storeisToInstruction(t3, 4)

    ci2d t0, ft0

    addq tagTypeNumber, t1

    fq2d t1, ft1

203461

Source/JavaScriptCore/llint/LowLevelInterpreter.asm

@@const IsInvalidated = 2

# ShadowChicken data

const ShadowChickenTailMarker = 0x7a11

# ArithProfile data

const ArithProfileIntInt = 0x120000

const ArithProfileNumberInt = 0x220000

const ArithProfileNumberNumber = 0x240000

const ArithProfileIntNumber = 0x140000

# Some register conventions.

if JSVALUE64

    # - Use a pair of registers to represent the PC: one register for the

@@if JSVALUE64

        loadp offset * 8[PB, PC, 8], dest

    end

    macro storeisToInstruction(value, offset)

        storei value, offset * 8[PB, PC, 8]

    end

    macro storepToInstruction(value, offset)

        storep value, offset * 8[PB, PC, 8]

    end

@@else

    macro loadpFromInstruction(offset, dest)

        loadp offset * 4[PC], dest

    end

    macro storeisToInstruction(value, offset)

        storei value, offset * 4[PC]

    end

end

if X86_64_WIN

203461

Source/JavaScriptCore/parser/ResultType.h

@@namespace JSC {

    private:

        friend struct OperandTypes;

35 typedef ~~char~~ Type;

35 typedef uint8_t Type;

3636 static const Type TypeInt32 = 1;

        
        static const Type TypeMaybeNumber = 0x04;

        static const Type TypeMaybeString = 0x08;

        static const Type TypeMaybeNull   = 0x10;

        static const Type TypeMaybeBool   = 0x20;

        static const Type TypeMaybeOther  = 0x40;

        static const Type TypeMaybeNumber = 0x02;

        static const Type TypeMaybeString = 0x04;

        static const Type TypeMaybeNull   = 0x08;

        static const Type TypeMaybeBool   = 0x10;

        static const Type TypeMaybeOther  = 0x20;

        static const Type TypeBits = TypeMaybeNumber | TypeMaybeString | TypeMaybeNull | TypeMaybeBool | TypeMaybeOther;

    public:

        static const int numBitsNeeded = 6;

        static_assert((TypeBits & ((1 << numBitsNeeded) - 1)) == TypeBits, "This is necessary for correctness.");

4649 explicit ResultType(Type type)

47 : m_~~type~~(type)

50 : m_bits(type)

        {

        }

51 public:

5254 bool isInt32() const

5355 {

54 return m_~~type~~ & TypeInt32;

56 return m_bits & TypeInt32;

        }

        bool definitelyIsNumber() const

        {

59 return (m_~~type~~ & TypeBits) == TypeMaybeNumber;

61 return (m_bits & TypeBits) == TypeMaybeNumber;

        }

        bool definitelyIsString() const

        {

64 return (m_~~type~~ & TypeBits) == TypeMaybeString;

66 return (m_bits & TypeBits) == TypeMaybeString;

        }

        bool definitelyIsBoolean() const

        {

69 return (m_~~type~~ & TypeBits) == TypeMaybeBool;

71 return (m_bits & TypeBits) == TypeMaybeBool;

        }

        bool mightBeNumber() const

        {

74 return m_~~type~~ & TypeMaybeNumber;

76 return m_bits & TypeMaybeNumber;

        }

        bool isNotNumber() const

@@namespace JSC {

            return numberTypeIsInt32();

        }

146 Type bits() const { return m_bits; }

147

144148 private:

145 Type m_~~type~~;

149 Type m_bits;

    };

    struct OperandTypes

@@namespace JSC {

            // We have to initialize one of the int to ensure that

            // the entire struct is initialized.

            m_u.i = 0;

155 m_u.rds.first = first.m_~~type~~;

156 m_u.rds.second = second.m_~~type~~;

159 m_u.rds.first = first.m_bits;

160 m_u.rds.second = second.m_bits;

        }

        union {

203461

Source/JavaScriptCore/runtime/CommonSlowPaths.cpp

#include "config.h"

#include "CommonSlowPaths.h"

29#include "ArithProfile.h"

#include "ArrayConstructor.h"

#include "BuiltinNames.h"

#include "CallFrame.h"

@@SLOW_PATH_DECL(slow_path_negate)

}

#if ENABLE(DFG_JIT)

362 static void update~~Resul~~tProfileForBinaryArithOp(ExecState* exec, Instruction* pc, JSValue result, JSValue left, JSValue right)

363static void updateArithProfileForBinaryArithOp(ExecState* exec, Instruction* pc, JSValue result, JSValue left, JSValue right)

363364{

364365 CodeBlock* codeBlock = exec->codeBlock();

365 unsigned bytecodeOffset = codeBlock->bytecodeOffset(pc);

366 ResultProfile* profile = codeBlock->ensureResultProfile(bytecodeOffset);

366 ArithProfile& profile = codeBlock->arithProfileForPC(pc);

    if (result.isNumber()) {

        if (!result.isInt32()) {

            if (left.isInt32() && right.isInt32())

371 profile->setObservedInt32Overflow();

371 profile.setObservedInt32Overflow();

            double doubleVal = result.asNumber();

            if (!doubleVal && std::signbit(doubleVal))

375 profile->setObservedNegZeroDouble();

375 profile.setObservedNegZeroDouble();

376376 else {

377 profile->setObservedNonNegZeroDouble();

377 profile.setObservedNonNegZeroDouble();

                // The Int52 overflow check here intentionally omits 1ll << 51 as a valid negative Int52 value.

                // Therefore, we will get a false positive if the result is that value. This is intentionally

@@static void updateResultProfileForBinary

                static const int64_t int52OverflowPoint = (1ll << 51);

                int64_t int64Val = static_cast<int64_t>(std::abs(doubleVal));

                if (int64Val >= int52OverflowPoint)

385 profile->setObservedInt52Overflow();

385 profile.setObservedInt52Overflow();

389 profile->setObservedNonNumber();

389 profile.setObservedNonNumber();

390390}

391391#else

392 static void update~~Resul~~tProfileForBinaryArithOp(ExecState*, Instruction*, JSValue, JSValue, JSValue) { }

392static void updateArithProfileForBinaryArithOp(ExecState*, Instruction*, JSValue, JSValue, JSValue) { }

#endif

SLOW_PATH_DECL(slow_path_to_number)

@@SLOW_PATH_DECL(slow_path_add)

    JSValue v2 = OP_C(3).jsValue();

    JSValue result;

    ArithProfile& arithProfile = exec->codeBlock()->arithProfileForPC(pc);

    arithProfile.observeLHSAndRHS(v1, v2);

    if (v1.isString() && !v2.isObject())

        result = jsString(exec, asString(v1), v2.toString(exec));

    else if (v1.isNumber() && v2.isNumber())

@@SLOW_PATH_DECL(slow_path_add)

        result = jsAddSlowCase(exec, v1, v2);

    RETURN_WITH_PROFILING(result, {

418 update~~Resul~~tProfileForBinaryArithOp(exec, pc, result, v1, v2);

421 updateArithProfileForBinaryArithOp(exec, pc, result, v1, v2);

    });

}

@@SLOW_PATH_DECL(slow_path_mul)

    double b = right.toNumber(exec);

    JSValue result = jsNumber(a * b);

    RETURN_WITH_PROFILING(result, {

435 update~~Resul~~tProfileForBinaryArithOp(exec, pc, result, left, right);

438 updateArithProfileForBinaryArithOp(exec, pc, result, left, right);

    });

}

@@SLOW_PATH_DECL(slow_path_sub)

    double b = right.toNumber(exec);

    JSValue result = jsNumber(a - b);

    RETURN_WITH_PROFILING(result, {

448 update~~Resul~~tProfileForBinaryArithOp(exec, pc, result, left, right);

451 updateArithProfileForBinaryArithOp(exec, pc, result, left, right);

    });

}

@@SLOW_PATH_DECL(slow_path_div)

    double b = right.toNumber(exec);

    JSValue result = jsNumber(a / b);

    RETURN_WITH_PROFILING(result, {

461 update~~Resul~~tProfileForBinaryArithOp(exec, pc, result, left, right);

464 updateArithProfileForBinaryArithOp(exec, pc, result, left, right);

    });

}

203461

Source/JavaScriptCore/tests/stress/op-add-exceptions.js

function assert(b) {

    if (!b)

        throw new Error("Bad!");

}

noInline(assert);

function f1() { return "f1"; }

noInline(f1);

function f2() { return "f2"; }

noInline(f2);

function f3() { return "f3"; }

noInline(f3);

let oException = {

    valueOf() { throw new Error(""); }

};

function foo(arg1, arg2) {

    let a = f1();

    let b = f2();

    let c = f3();

    try {

        arg1 + arg2;

    } catch(e) {

        assert(arg1 === oException);

        assert(arg2 === oException);

    }

    assert(a === "f1");

    assert(b === "f2");

    assert(c === "f3");

}

noInline(foo);

for (let i = 0; i < 1000; i++) {

    foo(i, {});

    foo({}, i);

}

foo(oException, oException);

for (let i = 0; i < 10000; i++) {

    foo(i, {});

    foo({}, i);

}

foo(oException, oException);

function ident(x) { return x; }

noInline(ident);

function bar(arg1, arg2) {

    let a = f1();

    let b = f2();

    let c = f3();

    let x = ident(arg1);

    let y = ident(arg2);

    try {

        arg1 + arg2;

    } catch(e) {

        assert(arg1 === oException);

        assert(arg2 === oException);

        assert(x === oException);

        assert(y === oException);

    }

    assert(a === "f1");

    assert(b === "f2");

    assert(c === "f3");

}

noInline(bar);

for (let i = 0; i < 1000; i++) {

    bar(i, {});

    bar({}, i);

}

bar(oException, oException);

for (let i = 0; i < 10000; i++) {

    bar(i, {});

    bar({}, i);

}

bar(oException, oException);

nonexistent

Source/WebCore/ChangeLog

2016-07-20  Saam Barati  <sbarati@apple.com>

        op_add/ValueAdd should be an IC in all JIT tiers

        https://bugs.webkit.org/show_bug.cgi?id=159649

        Reviewed by NOBODY (OOPS!).

        * ForwardingHeaders/jit/JITMathICForwards.h: Added.

2016-07-20  Chris Dumez  <cdumez@apple.com>

        CSSStyleDeclaration.setProperty() should be able to unset "important" on a property

203461

Source/WebCore/ForwardingHeaders/jit/JITMathICForwards.h

#ifndef WebCore_FWD_JITMathICForwards_h

#define WebCore_FWD_JITMathICForwards_h

#include <JavaScriptCore/JITMathICForwards.h>

#endif

nonexistent