1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
|
// Copyright 2015 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef V8_COMPILER_JS_NATIVE_CONTEXT_SPECIALIZATION_H_
#define V8_COMPILER_JS_NATIVE_CONTEXT_SPECIALIZATION_H_
#include "src/base/flags.h"
#include "src/base/optional.h"
#include "src/compiler/graph-assembler.h"
#include "src/compiler/graph-reducer.h"
#include "src/compiler/js-heap-broker.h"
#include "src/deoptimizer/deoptimize-reason.h"
#include "src/zone/zone-containers.h"
namespace v8 {
namespace internal {
// Forward declarations.
class Factory;
class JSGlobalObject;
class JSGlobalProxy;
namespace compiler {
// Forward declarations.
enum class AccessMode;
class CommonOperatorBuilder;
class CompilationDependencies;
class ElementAccessInfo;
class JSGraph;
class JSHeapBroker;
class JSOperatorBuilder;
class MachineOperatorBuilder;
class PropertyAccessInfo;
class SimplifiedOperatorBuilder;
class TypeCache;
// Specializes a given JSGraph to a given native context, potentially constant
// folding some {LoadGlobal} nodes or strength reducing some {StoreGlobal}
// nodes. And also specializes {LoadNamed} and {SetNamedProperty} nodes
// according to type feedback (if available).
class V8_EXPORT_PRIVATE JSNativeContextSpecialization final
: public AdvancedReducer {
public:
// Flags that control the mode of operation.
enum Flag {
kNoFlags = 0u,
kBailoutOnUninitialized = 1u << 0,
};
using Flags = base::Flags<Flag>;
JSNativeContextSpecialization(Editor* editor, JSGraph* jsgraph,
JSHeapBroker* broker, Flags flags, Zone* zone,
Zone* shared_zone);
JSNativeContextSpecialization(const JSNativeContextSpecialization&) = delete;
JSNativeContextSpecialization& operator=(
const JSNativeContextSpecialization&) = delete;
const char* reducer_name() const override {
return "JSNativeContextSpecialization";
}
Reduction Reduce(Node* node) final;
// Utility for folding string constant concatenation.
// Supports JSAdd nodes and nodes typed as string or number.
// Public for the sake of unit testing.
static base::Optional<size_t> GetMaxStringLength(JSHeapBroker* broker,
Node* node);
private:
Reduction ReduceJSAdd(Node* node);
Reduction ReduceJSAsyncFunctionEnter(Node* node);
Reduction ReduceJSAsyncFunctionReject(Node* node);
Reduction ReduceJSAsyncFunctionResolve(Node* node);
Reduction ReduceJSGetSuperConstructor(Node* node);
Reduction ReduceJSFindNonDefaultConstructorOrConstruct(Node* node);
Reduction ReduceJSInstanceOf(Node* node);
Reduction ReduceJSHasInPrototypeChain(Node* node);
Reduction ReduceJSOrdinaryHasInstance(Node* node);
Reduction ReduceJSPromiseResolve(Node* node);
Reduction ReduceJSResolvePromise(Node* node);
Reduction ReduceJSLoadGlobal(Node* node);
Reduction ReduceJSStoreGlobal(Node* node);
Reduction ReduceJSLoadNamed(Node* node);
Reduction ReduceJSLoadNamedFromSuper(Node* node);
Reduction ReduceJSGetIterator(Node* node);
Reduction ReduceJSSetNamedProperty(Node* node);
Reduction ReduceJSHasProperty(Node* node);
Reduction ReduceJSLoadProperty(Node* node);
Reduction ReduceJSSetKeyedProperty(Node* node);
Reduction ReduceJSDefineKeyedOwnProperty(Node* node);
Reduction ReduceJSDefineNamedOwnProperty(Node* node);
Reduction ReduceJSDefineKeyedOwnPropertyInLiteral(Node* node);
Reduction ReduceJSStoreInArrayLiteral(Node* node);
Reduction ReduceJSToObject(Node* node);
Reduction ReduceElementAccess(Node* node, Node* index, Node* value,
ElementAccessFeedback const& feedback);
// In the case of non-keyed (named) accesses, pass the name as {static_name}
// and use {nullptr} for {key} (load/store modes are irrelevant).
Reduction ReducePropertyAccess(Node* node, Node* key,
OptionalNameRef static_name, Node* value,
FeedbackSource const& source,
AccessMode access_mode);
Reduction ReduceNamedAccess(Node* node, Node* value,
NamedAccessFeedback const& feedback,
AccessMode access_mode, Node* key = nullptr);
Reduction ReduceMegaDOMPropertyAccess(
Node* node, Node* value, MegaDOMPropertyAccessFeedback const& feedback,
FeedbackSource const& source);
Reduction ReduceGlobalAccess(Node* node, Node* lookup_start_object,
Node* receiver, Node* value, NameRef const& name,
AccessMode access_mode, Node* key,
PropertyCellRef const& property_cell,
Node* effect = nullptr);
Reduction ReduceElementLoadFromHeapConstant(Node* node, Node* key,
AccessMode access_mode,
KeyedAccessLoadMode load_mode);
Reduction ReduceElementAccessOnString(Node* node, Node* index, Node* value,
KeyedAccessMode const& keyed_mode);
Reduction ReduceEagerDeoptimize(Node* node, DeoptimizeReason reason);
Reduction ReduceJSToString(Node* node);
Reduction ReduceJSLoadPropertyWithEnumeratedKey(Node* node);
Handle<String> CreateStringConstant(Node* node);
// A triple of nodes that represents a continuation.
class ValueEffectControl final {
public:
ValueEffectControl()
: value_(nullptr), effect_(nullptr), control_(nullptr) {}
ValueEffectControl(Node* value, Node* effect, Node* control)
: value_(value), effect_(effect), control_(control) {}
Node* value() const { return value_; }
Node* effect() const { return effect_; }
Node* control() const { return control_; }
private:
Node* value_;
Node* effect_;
Node* control_;
};
// Construct the appropriate subgraph for property access. Return {} if the
// property access couldn't be built.
base::Optional<ValueEffectControl> BuildPropertyAccess(
Node* lookup_start_object, Node* receiver, Node* value, Node* context,
Node* frame_state, Node* effect, Node* control, NameRef const& name,
ZoneVector<Node*>* if_exceptions, PropertyAccessInfo const& access_info,
AccessMode access_mode);
base::Optional<ValueEffectControl> BuildPropertyLoad(
Node* lookup_start_object, Node* receiver, Node* context,
Node* frame_state, Node* effect, Node* control, NameRef const& name,
ZoneVector<Node*>* if_exceptions, PropertyAccessInfo const& access_info);
ValueEffectControl BuildPropertyStore(Node* receiver, Node* value,
Node* context, Node* frame_state,
Node* effect, Node* control,
NameRef const& name,
ZoneVector<Node*>* if_exceptions,
PropertyAccessInfo const& access_info,
AccessMode access_mode);
ValueEffectControl BuildPropertyTest(Node* effect, Node* control,
PropertyAccessInfo const& access_info);
// Helpers for accessor inlining.
Node* InlinePropertyGetterCall(Node* receiver,
ConvertReceiverMode receiver_mode,
Node* lookup_start_object, Node* context,
Node* frame_state, Node** effect,
Node** control,
ZoneVector<Node*>* if_exceptions,
PropertyAccessInfo const& access_info);
void InlinePropertySetterCall(Node* receiver, Node* value, Node* context,
Node* frame_state, Node** effect,
Node** control,
ZoneVector<Node*>* if_exceptions,
PropertyAccessInfo const& access_info);
Node* InlineApiCall(Node* receiver, Node* api_holder, Node* frame_state,
Node* value, Node** effect, Node** control,
FunctionTemplateInfoRef const& function_template_info);
// Construct the appropriate subgraph for element access.
ValueEffectControl BuildElementAccess(Node* receiver, Node* index,
Node* value, Node* effect,
Node* control, Node* context,
ElementAccessInfo const& access_info,
KeyedAccessMode const& keyed_mode);
ValueEffectControl BuildElementAccessForTypedArrayOrRabGsabTypedArray(
Node* receiver, Node* index, Node* value, Node* effect, Node* control,
Node* context, ElementsKind elements_kind,
KeyedAccessMode const& keyed_mode);
// Construct appropriate subgraph to load from a String.
Node* BuildIndexedStringLoad(Node* receiver, Node* index, Node* length,
Node** effect, Node** control,
KeyedAccessLoadMode load_mode);
// Construct appropriate subgraph to extend properties backing store.
Node* BuildExtendPropertiesBackingStore(const MapRef& map, Node* properties,
Node* effect, Node* control);
// Construct appropriate subgraph to check that the {value} matches
// the previously recorded {name} feedback.
Node* BuildCheckEqualsName(NameRef const& name, Node* value, Node* effect,
Node* control);
// Concatenates {left} and {right}.
Handle<String> Concatenate(Handle<String> left, Handle<String> right);
// Returns true if {str} can safely be read:
// - if we are on the main thread, then any string can safely be read
// - in the background, we can only read some string shapes, except if we
// created the string ourselves.
// {node} is the node from which we got {str}, but which is still taken as
// parameter to simplify the checks.
bool StringCanSafelyBeRead(Node* const node, Handle<String> str);
// Checks if we can turn the hole into undefined when loading an element
// from an object with one of the {receiver_maps}; sets up appropriate
// code dependencies and might use the array protector cell.
bool CanTreatHoleAsUndefined(ZoneVector<MapRef> const& receiver_maps);
void RemoveImpossibleMaps(Node* object, ZoneVector<MapRef>* maps) const;
ElementAccessFeedback const& TryRefineElementAccessFeedback(
ElementAccessFeedback const& feedback, Node* receiver,
Effect effect) const;
// Try to infer maps for the given {object} at the current {effect}.
bool InferMaps(Node* object, Effect effect, ZoneVector<MapRef>* maps) const;
// Try to infer a root map for the {object} independent of the current program
// location.
OptionalMapRef InferRootMap(Node* object) const;
// Checks if we know at compile time that the {receiver} either definitely
// has the {prototype} in it's prototype chain, or the {receiver} definitely
// doesn't have the {prototype} in it's prototype chain.
enum InferHasInPrototypeChainResult {
kIsInPrototypeChain,
kIsNotInPrototypeChain,
kMayBeInPrototypeChain
};
InferHasInPrototypeChainResult InferHasInPrototypeChain(
Node* receiver, Effect effect, HeapObjectRef const& prototype);
Node* BuildLoadPrototypeFromObject(Node* object, Node* effect, Node* control);
std::pair<Node*, Node*> ReleaseEffectAndControlFromAssembler(
JSGraphAssembler* assembler);
Graph* graph() const;
JSGraph* jsgraph() const { return jsgraph_; }
JSHeapBroker* broker() const { return broker_; }
Isolate* isolate() const;
Factory* factory() const;
CommonOperatorBuilder* common() const;
JSOperatorBuilder* javascript() const;
SimplifiedOperatorBuilder* simplified() const;
Flags flags() const { return flags_; }
Handle<JSGlobalObject> global_object() const { return global_object_; }
Handle<JSGlobalProxy> global_proxy() const { return global_proxy_; }
NativeContextRef native_context() const {
return broker()->target_native_context();
}
CompilationDependencies* dependencies() const {
return broker()->dependencies();
}
Zone* zone() const { return zone_; }
Zone* shared_zone() const { return shared_zone_; }
JSGraph* const jsgraph_;
JSHeapBroker* const broker_;
Flags const flags_;
Handle<JSGlobalObject> global_object_;
Handle<JSGlobalProxy> global_proxy_;
Zone* const zone_;
Zone* const shared_zone_;
TypeCache const* type_cache_;
ZoneUnorderedSet<Handle<String>, Handle<String>::hash,
Handle<String>::equal_to>
created_strings_;
};
DEFINE_OPERATORS_FOR_FLAGS(JSNativeContextSpecialization::Flags)
} // namespace compiler
} // namespace internal
} // namespace v8
#endif // V8_COMPILER_JS_NATIVE_CONTEXT_SPECIALIZATION_H_
|
