js-context-specialization.cc 8.19 KB
Newer Older
1 2 3 4
// Copyright 2014 the V8 project authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

5 6
#include "src/compiler/js-context-specialization.h"

7
#include "src/compiler/common-operator.h"
8
#include "src/compiler/js-graph.h"
9
#include "src/compiler/js-heap-broker.h"
10
#include "src/compiler/js-operator.h"
11
#include "src/compiler/linkage.h"
12
#include "src/compiler/node-matchers.h"
13
#include "src/compiler/node-properties.h"
14
#include "src/objects/contexts-inl.h"
15 16 17 18 19

namespace v8 {
namespace internal {
namespace compiler {

20 21
Reduction JSContextSpecialization::Reduce(Node* node) {
  switch (node->opcode()) {
22 23
    case IrOpcode::kParameter:
      return ReduceParameter(node);
24 25 26 27 28 29
    case IrOpcode::kJSLoadContext:
      return ReduceJSLoadContext(node);
    case IrOpcode::kJSStoreContext:
      return ReduceJSStoreContext(node);
    default:
      break;
30
  }
31 32 33
  return NoChange();
}

34 35 36 37 38 39 40
Reduction JSContextSpecialization::ReduceParameter(Node* node) {
  DCHECK_EQ(IrOpcode::kParameter, node->opcode());
  int const index = ParameterIndexOf(node->op());
  if (index == Linkage::kJSCallClosureParamIndex) {
    // Constant-fold the function parameter {node}.
    Handle<JSFunction> function;
    if (closure().ToHandle(&function)) {
41
      Node* value = jsgraph()->Constant(JSFunctionRef(broker_, function));
42 43 44 45 46 47
      return Replace(value);
    }
  }
  return NoChange();
}

48 49 50 51 52 53 54 55 56 57 58
Reduction JSContextSpecialization::SimplifyJSLoadContext(Node* node,
                                                         Node* new_context,
                                                         size_t new_depth) {
  DCHECK_EQ(IrOpcode::kJSLoadContext, node->opcode());
  const ContextAccess& access = ContextAccessOf(node->op());
  DCHECK_LE(new_depth, access.depth());

  if (new_depth == access.depth() &&
      new_context == NodeProperties::GetContextInput(node)) {
    return NoChange();
  }
59

60 61 62 63 64
  const Operator* op = jsgraph_->javascript()->LoadContext(
      new_depth, access.index(), access.immutable());
  NodeProperties::ReplaceContextInput(node, new_context);
  NodeProperties::ChangeOp(node, op);
  return Changed(node);
65 66
}

67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84
Reduction JSContextSpecialization::SimplifyJSStoreContext(Node* node,
                                                          Node* new_context,
                                                          size_t new_depth) {
  DCHECK_EQ(IrOpcode::kJSStoreContext, node->opcode());
  const ContextAccess& access = ContextAccessOf(node->op());
  DCHECK_LE(new_depth, access.depth());

  if (new_depth == access.depth() &&
      new_context == NodeProperties::GetContextInput(node)) {
    return NoChange();
  }

  const Operator* op =
      jsgraph_->javascript()->StoreContext(new_depth, access.index());
  NodeProperties::ReplaceContextInput(node, new_context);
  NodeProperties::ChangeOp(node, op);
  return Changed(node);
}
85

86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102
namespace {

bool IsContextParameter(Node* node) {
  DCHECK_EQ(IrOpcode::kParameter, node->opcode());
  Node* const start = NodeProperties::GetValueInput(node, 0);
  DCHECK_EQ(IrOpcode::kStart, start->opcode());
  int const index = ParameterIndexOf(node->op());
  // The context is always the last parameter to a JavaScript function, and
  // {Parameter} indices start at -1, so value outputs of {Start} look like
  // this: closure, receiver, param0, ..., paramN, context.
  return index == start->op()->ValueOutputCount() - 2;
}

// Given a context {node} and the {distance} from that context to the target
// context (which we want to read from or store to), try to return a
// specialization context.  If successful, update {distance} to whatever
// distance remains from the specialization context.
103
base::Optional<ContextRef> GetSpecializationContext(
104
    JSHeapBroker* broker, Node* node, size_t* distance,
105
    Maybe<OuterContext> maybe_outer) {
106
  switch (node->opcode()) {
107
    case IrOpcode::kHeapConstant: {
108
      HeapObjectRef object(broker, HeapConstantOf(node->op()));
109
      if (object.IsContext()) return object.AsContext();
110 111
      break;
    }
112 113 114 115 116
    case IrOpcode::kParameter: {
      OuterContext outer;
      if (maybe_outer.To(&outer) && IsContextParameter(node) &&
          *distance >= outer.distance) {
        *distance -= outer.distance;
117
        return ContextRef(broker, outer.context);
118 119 120 121 122 123
      }
      break;
    }
    default:
      break;
  }
124
  return base::Optional<ContextRef>();
125 126 127 128
}

}  // anonymous namespace

129
Reduction JSContextSpecialization::ReduceJSLoadContext(Node* node) {
130
  DCHECK_EQ(IrOpcode::kJSLoadContext, node->opcode());
131

132
  const ContextAccess& access = ContextAccessOf(node->op());
133 134 135
  size_t depth = access.depth();

  // First walk up the context chain in the graph as far as possible.
136
  Node* context = NodeProperties::GetOuterContext(node, &depth);
137

138
  base::Optional<ContextRef> maybe_concrete =
139
      GetSpecializationContext(broker(), context, &depth, outer());
140
  if (!maybe_concrete.has_value()) {
141 142
    // We do not have a concrete context object, so we can only partially reduce
    // the load by folding-in the outer context node.
143
    return SimplifyJSLoadContext(node, context, depth);
144 145 146
  }

  // Now walk up the concrete context chain for the remaining depth.
147
  ContextRef concrete = maybe_concrete.value();
148 149 150 151
  concrete = concrete.previous(&depth);
  if (depth > 0) {
    TRACE_BROKER_MISSING(broker(), "previous value for context " << concrete);
    return SimplifyJSLoadContext(node, jsgraph()->Constant(concrete), depth);
152 153 154
  }

  if (!access.immutable()) {
155 156
    // We found the requested context object but since the context slot is
    // mutable we can only partially reduce the load.
157
    return SimplifyJSLoadContext(node, jsgraph()->Constant(concrete), depth);
158 159 160
  }

  // This will hold the final value, if we can figure it out.
161
  base::Optional<ObjectRef> maybe_value;
162
  maybe_value = concrete.get(static_cast<int>(access.index()));
163 164 165 166 167 168 169 170 171

  if (!maybe_value.has_value()) {
    TRACE_BROKER_MISSING(broker(), "slot value " << access.index()
                                                 << " for context "
                                                 << concrete);
    return SimplifyJSLoadContext(node, jsgraph()->Constant(concrete), depth);
  }

  if (!maybe_value->IsSmi()) {
172 173 174 175 176
    // Even though the context slot is immutable, the context might have escaped
    // before the function to which it belongs has initialized the slot.
    // We must be conservative and check if the value in the slot is currently
    // the hole or undefined. Only if it is neither of these, can we be sure
    // that it won't change anymore.
177
    OddballType oddball_type = maybe_value->AsHeapObject().map().oddball_type();
178
    if (oddball_type == OddballType::kUndefined ||
179
        oddball_type == OddballType::kHole) {
180
      return SimplifyJSLoadContext(node, jsgraph()->Constant(concrete), depth);
181
    }
182 183 184
  }

  // Success. The context load can be replaced with the constant.
185
  Node* constant = jsgraph_->Constant(*maybe_value);
186
  ReplaceWithValue(node, constant);
187
  return Replace(constant);
188
}
189 190


191
Reduction JSContextSpecialization::ReduceJSStoreContext(Node* node) {
192 193
  DCHECK_EQ(IrOpcode::kJSStoreContext, node->opcode());

194
  const ContextAccess& access = ContextAccessOf(node->op());
195 196 197 198
  size_t depth = access.depth();

  // First walk up the context chain in the graph until we reduce the depth to 0
  // or hit a node that does not have a CreateXYZContext operator.
199
  Node* context = NodeProperties::GetOuterContext(node, &depth);
200

201
  base::Optional<ContextRef> maybe_concrete =
202
      GetSpecializationContext(broker(), context, &depth, outer());
203
  if (!maybe_concrete.has_value()) {
204 205
    // We do not have a concrete context object, so we can only partially reduce
    // the load by folding-in the outer context node.
206
    return SimplifyJSStoreContext(node, context, depth);
207 208
  }

209
  // Now walk up the concrete context chain for the remaining depth.
210
  ContextRef concrete = maybe_concrete.value();
211 212 213 214
  concrete = concrete.previous(&depth);
  if (depth > 0) {
    TRACE_BROKER_MISSING(broker(), "previous value for context " << concrete);
    return SimplifyJSStoreContext(node, jsgraph()->Constant(concrete), depth);
215 216
  }

217
  return SimplifyJSStoreContext(node, jsgraph()->Constant(concrete), depth);
218
}
219

220

221 222 223
Isolate* JSContextSpecialization::isolate() const {
  return jsgraph()->isolate();
}
224

225 226 227
}  // namespace compiler
}  // namespace internal
}  // namespace v8