Revert revision 331. The propagation of monomorphic prototype failure

information does not work. In certains situations, it will keep alternating between unrelated monomorphic states instead of going megamorphic. Review URL: http://codereview.chromium.org/2959 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Revert revision 331. The propagation of monomorphic prototype failure
information does not work. In certains situations, it will keep alternating between unrelated monomorphic states instead of going megamorphic. Review URL: http://codereview.chromium.org/2959 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@338 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
6a3d1868 · ager@chromium.org · d6ae7d4d · 6a3d1868 · 6a3d1868 · 6a3d1868
Commit 6a3d1868 authored Sep 18, 2008 by ager@chromium.org
Show whitespace changes
Inline Side-by-side

Showing with 137 additions and 146 deletions

ic.cc src/ic.cc +97 -108

ic.h src/ic.h +14 -12

objects-inl.h src/objects-inl.h +0 -14

objects.cc src/objects.cc +21 -7

objects.h src/objects.h +5 -5

No files found.
--- a/src/ic.cc
+++ b/src/ic.cc
@@ -61,7 +61,7 @@ void IC::TraceIC(const char* type,
                 State old_state,
                 Code* new_target) {
  if (FLAG_trace_ic) {
-    State new_state = new_target->ic_state();
+    State new_state = StateFrom(new_target, Heap::undefined_value());
    PrintF("[%s (%c->%c) ", type,
           TransitionMarkFromState(old_state),
           TransitionMarkFromState(new_state));
@@ -127,16 +127,11 @@ Address IC::OriginalCodeAddress() {
 }


-IC::State IC::ComputeCacheState(Code* target, Object* receiver,
-                                Object* name, Object** new_target) {
-  // Get the raw state from the target.
-  State target_state = target->ic_state();
+IC::State IC::StateFrom(Code* target, Object* receiver) {
+  IC::State state = target->ic_state();

-  // Assume that no new target exists in the cache.
-  *new_target = Heap::undefined_value();
-
-  if (target_state != MONOMORPHIC) return target_state;
-  if (receiver->IsUndefined() || receiver->IsNull()) return target_state;
+  if (state != MONOMORPHIC) return state;
+  if (receiver->IsUndefined() || receiver->IsNull()) return state;

  Map* map = GetCodeCacheMapForObject(receiver);

@@ -148,14 +143,8 @@ IC::State IC::ComputeCacheState(Code* target, Object* receiver,
  // the receiver map's code cache.  Therefore, if the current target
  // is in the receiver map's code cache, the inline cache failed due
  // to prototype check failure.
-  int index = -1;
-  Object* code = NULL;
-  if (name->IsString()) {
-    code = map->FindIndexInCodeCache(String::cast(name),
-                                     target->flags(),
-                                     &index);
-  }
-  if (index >= 0 && code == target) {
+  int index = map->IndexInCodeCache(target);
+  if (index >= 0) {
    // For keyed load/store, the most likely cause of cache failure is
    // that the key has changed.  We do not distinguish between
    // prototype and non-prototype failures for keyed access.
@@ -183,7 +172,6 @@ IC::State IC::ComputeCacheState(Code* target, Object* receiver,
    return UNINITIALIZED;
  }

-  *new_target = code;
  return MONOMORPHIC;
 }

@@ -287,7 +275,8 @@ Object* CallIC::TryCallAsFunction(Object* object) {
 }


-Object* CallIC::LoadFunction(Handle<Object> object,
+Object* CallIC::LoadFunction(State state,
+                             Handle<Object> object,
                             Handle<String> name) {
  // If the object is undefined or null it's illegal to try to get any
  // of its properties; throw a TypeError in that case.
@@ -326,7 +315,7 @@ Object* CallIC::LoadFunction(Handle<Object> object,

  // Lookup is valid: Update inline cache and stub cache.
  if (FLAG_use_ic && lookup.IsLoaded()) {
-    UpdateCaches(&lookup, object, name);
+    UpdateCaches(&lookup, state, object, name);
  }

  if (lookup.type() == INTERCEPTOR) {
@@ -385,6 +374,7 @@ Object* CallIC::LoadFunction(Handle<Object> object,


 void CallIC::UpdateCaches(LookupResult* lookup,
+                          State state,
                          Handle<Object> object,
                          Handle<String> name) {
  ASSERT(lookup->IsLoaded());
@@ -393,18 +383,16 @@ void CallIC::UpdateCaches(LookupResult* lookup,

  // Compute the number of arguments.
  int argc = target()->arguments_count();
+  Object* code = NULL;

-  Object* code = Heap::undefined_value();
-  State state = ComputeCacheState(target(), *object, *name, &code);
-
-  switch (state) {
-    case UNINITIALIZED:
+  if (state == UNINITIALIZED) {
+    // This is the first time we execute this inline cache.
+    // Set the target to the pre monomorphic stub to delay
+    // setting the monomorphic state.
    code = StubCache::ComputeCallPreMonomorphic(argc);
-      break;
-    case MONOMORPHIC:
-      if (code->IsUndefined()) code = StubCache::ComputeCallMegamorphic(argc);
-      break;
-    default:
+  } else if (state == MONOMORPHIC) {
+    code = StubCache::ComputeCallMegamorphic(argc);
+  } else {
    // Compute monomorphic stub.
    switch (lookup->type()) {
      case FIELD: {
@@ -441,7 +429,6 @@ void CallIC::UpdateCaches(LookupResult* lookup,
      default:
        return;
    }
-      break;
  }

  // If we're unable to compute the stub (not enough memory left), we
@@ -460,7 +447,7 @@ void CallIC::UpdateCaches(LookupResult* lookup,
 }


-Object* LoadIC::Load(Handle<Object> object, Handle<String> name) {
+Object* LoadIC::Load(State state, Handle<Object> object, Handle<String> name) {
  // If the object is undefined or null it's illegal to try to get any
  // of its properties; throw a TypeError in that case.
  if (object->IsUndefined() || object->IsNull()) {
@@ -533,7 +520,7 @@ Object* LoadIC::Load(Handle<Object> object, Handle<String> name) {

  // Update inline cache and stub cache.
  if (FLAG_use_ic && lookup.IsLoaded()) {
-    UpdateCaches(&lookup, object, name);
+    UpdateCaches(&lookup, state, object, name);
  }

  PropertyAttributes attr;
@@ -555,6 +542,7 @@ Object* LoadIC::Load(Handle<Object> object, Handle<String> name) {


 void LoadIC::UpdateCaches(LookupResult* lookup,
+                          State state,
                          Handle<Object> object,
                          Handle<String> name) {
  ASSERT(lookup->IsLoaded());
@@ -567,15 +555,13 @@ void LoadIC::UpdateCaches(LookupResult* lookup,
  Handle<JSObject> receiver = Handle<JSObject>::cast(object);

  // Compute the code stub for this load.
-  Object* code = Heap::undefined_value();
-  State state = ComputeCacheState(target(), *object, *name, &code);
-
+  Object* code = NULL;
  if (state == UNINITIALIZED) {
    // This is the first time we execute this inline cache.
    // Set the target to the pre monomorphic stub to delay
    // setting the monomorphic state.
    code = pre_monomorphic_stub();
-  } else if (state != MONOMORPHIC) {
+  } else {
    // Compute monomorphic stub.
    switch (lookup->type()) {
      case FIELD: {
@@ -616,20 +602,18 @@ void LoadIC::UpdateCaches(LookupResult* lookup,
      default:
        return;
    }
+  }

  // If we're unable to compute the stub (not enough memory left), we
  // simply avoid updating the caches.
  if (code->IsFailure()) return;
-  }

  // Patch the call site depending on the state of the cache.
  if (state == UNINITIALIZED || state == PREMONOMORPHIC ||
      state == MONOMORPHIC_PROTOTYPE_FAILURE) {
    set_target(Code::cast(code));
-  } else if (state == MONOMORPHIC && code->IsUndefined()) {
-    set_target(megamorphic_stub());
  } else if (state == MONOMORPHIC) {
-    set_target(Code::cast(code));
+    set_target(megamorphic_stub());
  }

 #ifdef DEBUG
@@ -638,7 +622,8 @@ void LoadIC::UpdateCaches(LookupResult* lookup,
 }


-Object* KeyedLoadIC::Load(Handle<Object> object,
+Object* KeyedLoadIC::Load(State state,
+                          Handle<Object> object,
                          Handle<Object> key) {
  if (key->IsSymbol()) {
    Handle<String> name = Handle<String>::cast(key);
@@ -666,7 +651,7 @@ Object* KeyedLoadIC::Load(Handle<Object> object,
        if (code->IsFailure()) return code;
        set_target(Code::cast(code));
 #ifdef DEBUG
-        if (FLAG_trace_ic) PrintF("[KeyedLoadIC : +#length /string]\n");
+        TraceIC("KeyedLoadIC", name, state, target());
 #endif
        return Smi::FromInt(string->length());
      }
@@ -678,7 +663,7 @@ Object* KeyedLoadIC::Load(Handle<Object> object,
        if (code->IsFailure()) return code;
        set_target(Code::cast(code));
 #ifdef DEBUG
-        if (FLAG_trace_ic) PrintF("[KeyedLoadIC : +#length /array]\n");
+        TraceIC("KeyedLoadIC", name, state, target());
 #endif
        return JSArray::cast(*object)->length();
      }
@@ -691,7 +676,7 @@ Object* KeyedLoadIC::Load(Handle<Object> object,
        if (code->IsFailure()) return code;
        set_target(Code::cast(code));
 #ifdef DEBUG
-        if (FLAG_trace_ic) PrintF("[KeyedLoadIC : +#prototype /function]\n");
+        TraceIC("KeyedLoadIC", name, state, target());
 #endif
        return Accessors::FunctionGetPrototype(*object, 0);
      }
@@ -720,7 +705,7 @@ Object* KeyedLoadIC::Load(Handle<Object> object,

    // Update the inline cache.
    if (FLAG_use_ic && lookup.IsLoaded()) {
-      UpdateCaches(&lookup, object, name);
+      UpdateCaches(&lookup, state, object, name);
    }

    PropertyAttributes attr;
@@ -750,9 +735,8 @@ Object* KeyedLoadIC::Load(Handle<Object> object,
 }


-void KeyedLoadIC::UpdateCaches(LookupResult* lookup,
-                               Handle<Object> object,
-                               Handle<String> name) {
+void KeyedLoadIC::UpdateCaches(LookupResult* lookup, State state,
+                               Handle<Object> object, Handle<String> name) {
  ASSERT(lookup->IsLoaded());
  // Bail out if we didn't find a result.
  if (!lookup->IsValid() || !lookup->IsCacheable()) return;
@@ -760,11 +744,9 @@ void KeyedLoadIC::UpdateCaches(LookupResult* lookup,
  if (!object->IsJSObject()) return;
  Handle<JSObject> receiver = Handle<JSObject>::cast(object);

-  // Compute the state of the current inline cache.
-  Object* code = Heap::undefined_value();
-  State state = ComputeCacheState(target(), *object, *name, &code);
-
  // Compute the code stub for this load.
+  Object* code = NULL;
+
  if (state == UNINITIALIZED) {
    // This is the first time we execute this inline cache.
    // Set the target to the pre monomorphic stub to delay
@@ -827,7 +809,8 @@ void KeyedLoadIC::UpdateCaches(LookupResult* lookup,
 }


-Object* StoreIC::Store(Handle<Object> object,
+Object* StoreIC::Store(State state,
+                       Handle<Object> object,
                       Handle<String> name,
                       Handle<Object> value) {
  // If the object is undefined or null it's illegal to try to set any
@@ -855,7 +838,7 @@ Object* StoreIC::Store(Handle<Object> object,

  // Update inline cache and stub cache.
  if (FLAG_use_ic && lookup.IsLoaded()) {
-    UpdateCaches(&lookup, receiver, name, value);
+    UpdateCaches(&lookup, state, receiver, name, value);
  }

  // Set the property.
@@ -864,6 +847,7 @@ Object* StoreIC::Store(Handle<Object> object,


 void StoreIC::UpdateCaches(LookupResult* lookup,
+                           State state,
                           Handle<JSObject> receiver,
                           Handle<String> name,
                           Handle<Object> value) {
@@ -880,13 +864,10 @@ void StoreIC::UpdateCaches(LookupResult* lookup,
  // current state.
  PropertyType type = lookup->type();

-  // Compute the state of the current inline cache.
-  Object* code = Heap::undefined_value();
-  State state = ComputeCacheState(target(), *receiver, *name, &code);
-
  // Compute the code stub for this store; used for rewriting to
  // monomorphic state and making sure that the code stub is in the
  // stub cache.
+  Object* code = NULL;
  switch (type) {
    case FIELD: {
      code = StubCache::ComputeStoreField(*name, *receiver,
@@ -936,7 +917,8 @@ void StoreIC::UpdateCaches(LookupResult* lookup,
 }


-Object* KeyedStoreIC::Store(Handle<Object> object,
+Object* KeyedStoreIC::Store(State state,
+                            Handle<Object> object,
                            Handle<Object> key,
                            Handle<Object> value) {
  if (key->IsSymbol()) {
@@ -967,7 +949,7 @@ Object* KeyedStoreIC::Store(Handle<Object> object,

    // Update inline cache and stub cache.
    if (FLAG_use_ic && lookup.IsLoaded()) {
-      UpdateCaches(&lookup, receiver, name, value);
+      UpdateCaches(&lookup, state, receiver, name, value);
    }

    // Set the property.
@@ -986,6 +968,7 @@ Object* KeyedStoreIC::Store(Handle<Object> object,


 void KeyedStoreIC::UpdateCaches(LookupResult* lookup,
+                                State state,
                                Handle<JSObject> receiver,
                                Handle<String> name,
                                Handle<Object> value) {
@@ -1005,8 +988,7 @@ void KeyedStoreIC::UpdateCaches(LookupResult* lookup,
  // Compute the code stub for this store; used for rewriting to
  // monomorphic state and making sure that the code stub is in the
  // stub cache.
-  Object* code = Heap::undefined_value();
-  State state = ComputeCacheState(target(), *receiver, *name, &code);
+  Object* code = NULL;

  switch (type) {
    case FIELD: {
@@ -1064,7 +1046,8 @@ Object* CallIC_Miss(Arguments args) {
  NoHandleAllocation na;
  ASSERT(args.length() == 2);
  CallIC ic;
-  return ic.LoadFunction(args.at<Object>(0), args.at<String>(1));
+  IC::State state = IC::StateFrom(ic.target(), args[0]);
+  return ic.LoadFunction(state, args.at<Object>(0), args.at<String>(1));
 }


@@ -1088,7 +1071,8 @@ Object* LoadIC_Miss(Arguments args) {
  NoHandleAllocation na;
  ASSERT(args.length() == 2);
  LoadIC ic;
-  return ic.Load(args.at<Object>(0), args.at<String>(1));
+  IC::State state = IC::StateFrom(ic.target(), args[0]);
+  return ic.Load(state, args.at<Object>(0), args.at<String>(1));
 }


@@ -1107,7 +1091,8 @@ Object* KeyedLoadIC_Miss(Arguments args) {
  NoHandleAllocation na;
  ASSERT(args.length() == 2);
  KeyedLoadIC ic;
-  return ic.Load(args.at<Object>(0), args.at<Object>(1));
+  IC::State state = IC::StateFrom(ic.target(), args[0]);
+  return ic.Load(state, args.at<Object>(0), args.at<Object>(1));
 }


@@ -1126,7 +1111,9 @@ Object* StoreIC_Miss(Arguments args) {
  NoHandleAllocation na;
  ASSERT(args.length() == 3);
  StoreIC ic;
-  return ic.Store(args.at<Object>(0), args.at<String>(1), args.at<Object>(2));
+  IC::State state = IC::StateFrom(ic.target(), args[0]);
+  return ic.Store(state, args.at<Object>(0), args.at<String>(1),
+                  args.at<Object>(2));
 }


@@ -1145,7 +1132,9 @@ Object* KeyedStoreIC_Miss(Arguments args) {
  NoHandleAllocation na;
  ASSERT(args.length() == 3);
  KeyedStoreIC ic;
-  return ic.Store(args.at<Object>(0), args.at<Object>(1), args.at<Object>(2));
+  IC::State state = IC::StateFrom(ic.target(), args[0]);
+  return ic.Store(state, args.at<Object>(0), args.at<Object>(1),
+                  args.at<Object>(2));
 }



--- a/src/ic.h
+++ b/src/ic.h
@@ -81,12 +81,8 @@ class IC {
  Code* target() { return GetTargetAtAddress(address()); }
  inline Address address();

-  // Compute the state of the current inline cache.  If the current
-  // inline cache is monomorphic, this might change the code cache in
-  // the receiver map and it might return a code object from the code
-  // cache in the receiver map that should be used as the new target.
-  static State ComputeCacheState(Code* target, Object* receiver,
-                                 Object* name, Object** new_target);
+  // Compute the current IC state based on the target stub and the receiver.
+  static State StateFrom(Code* target, Object* receiver);

  // Clear the inline cache to initial state.
  static void Clear(Address address);
@@ -165,7 +161,7 @@ class CallIC: public IC {
 public:
  CallIC() : IC(EXTRA_CALL_FRAME) { ASSERT(target()->is_call_stub()); }

-  Object* LoadFunction(Handle<Object> object, Handle<String> name);
+  Object* LoadFunction(State state, Handle<Object> object, Handle<String> name);


  // Code generator routines.
@@ -183,6 +179,7 @@ class CallIC: public IC {
  // Update the inline cache and the global stub cache based on the
  // lookup result.
  void UpdateCaches(LookupResult* lookup,
+                    State state,
                    Handle<Object> object,
                    Handle<String> name);

@@ -200,7 +197,7 @@ class LoadIC: public IC {
 public:
  LoadIC() : IC(NO_EXTRA_FRAME) { ASSERT(target()->is_load_stub()); }

-  Object* Load(Handle<Object> object, Handle<String> name);
+  Object* Load(State state, Handle<Object> object, Handle<String> name);

  // Code generator routines.
  static void GenerateInitialize(MacroAssembler* masm);
@@ -222,6 +219,7 @@ class LoadIC: public IC {
  // Update the inline cache and the global stub cache based on the
  // lookup result.
  void UpdateCaches(LookupResult* lookup,
+                    State state,
                    Handle<Object> object,
                    Handle<String> name);

@@ -245,7 +243,7 @@ class KeyedLoadIC: public IC {
 public:
  KeyedLoadIC() : IC(NO_EXTRA_FRAME) { ASSERT(target()->is_keyed_load_stub()); }

-  Object* Load(Handle<Object> object, Handle<Object> key);
+  Object* Load(State state, Handle<Object> object, Handle<Object> key);

  // Code generator routines.
  static void GenerateMiss(MacroAssembler* masm);
@@ -258,6 +256,7 @@ class KeyedLoadIC: public IC {

  // Update the inline cache.
  void UpdateCaches(LookupResult* lookup,
+                    State state,
                    Handle<Object> object,
                    Handle<String> name);

@@ -284,7 +283,8 @@ class StoreIC: public IC {
 public:
  StoreIC() : IC(NO_EXTRA_FRAME) { ASSERT(target()->is_store_stub()); }

-  Object* Store(Handle<Object> object,
+  Object* Store(State state,
+                Handle<Object> object,
                Handle<String> name,
                Handle<Object> value);

@@ -299,7 +299,7 @@ class StoreIC: public IC {
  // Update the inline cache and the global stub cache based on the
  // lookup result.
  void UpdateCaches(LookupResult* lookup,
-                    Handle<JSObject> receiver,
+                    State state, Handle<JSObject> receiver,
                    Handle<String> name,
                    Handle<Object> value);

@@ -320,7 +320,8 @@ class KeyedStoreIC: public IC {
 public:
  KeyedStoreIC() : IC(NO_EXTRA_FRAME) { }

-  Object* Store(Handle<Object> object,
+  Object* Store(State state,
+                Handle<Object> object,
                Handle<Object> name,
                Handle<Object> value);

@@ -334,6 +335,7 @@ class KeyedStoreIC: public IC {

  // Update the inline cache.
  void UpdateCaches(LookupResult* lookup,
+                    State state,
                    Handle<JSObject> receiver,
                    Handle<String> name,
                    Handle<Object> value);

--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -2109,20 +2109,6 @@ void Map::ClearCodeCache() {
 }


-Object* Map::FindInCodeCache(String* name, Code::Flags flags) {
-  int index;
-  return FindIndexInCodeCache(name, flags, &index);
-}
-
-
-void Map::RemoveFromCodeCache(int index) {
-  FixedArray* array = code_cache();
-  ASSERT(array->length() >= index && array->get(index)->IsCode());
-  array->set_undefined(index - 1);  // key
-  array->set_undefined(index);  // code
-}
-
-
 #undef CAST_ACCESSOR
 #undef INT_ACCESSORS
 #undef SMI_ACCESSORS

--- a/src/objects.cc
+++ b/src/objects.cc
@@ -2410,27 +2410,41 @@ Object* Map::UpdateCodeCache(String* name, Code* code) {
 }


-Object* Map::FindIndexInCodeCache(String* name, Code::Flags flags, int* index) {
+Object* Map::FindInCodeCache(String* name, Code::Flags flags) {
  FixedArray* cache = code_cache();
  int length = cache->length();
  for (int i = 0; i < length; i += 2) {
    Object* key = cache->get(i);
    if (key->IsUndefined()) {
-      continue;
+      return key;
    }
    if (name->Equals(String::cast(key))) {
      Code* code = Code::cast(cache->get(i + 1));
-      if (code->flags() == flags) {
-        *index = i + 1;
-        return code;
-      }
+      if (code->flags() == flags) return code;
    }
  }
-  *index = -1;
  return Heap::undefined_value();
 }


+int Map::IndexInCodeCache(Code* code) {
+  FixedArray* array = code_cache();
+  int len = array->length();
+  for (int i = 0; i < len; i += 2) {
+    if (array->get(i + 1) == code) return i + 1;
+  }
+  return -1;
+}
+
+
+void Map::RemoveFromCodeCache(int index) {
+  FixedArray* array = code_cache();
+  ASSERT(array->length() >= index && array->get(index)->IsCode());
+  array->set_undefined(index - 1);  // key
+  array->set_undefined(index);  // code
+}
+
+
 void FixedArray::FixedArrayIterateBody(ObjectVisitor* v) {
  IteratePointers(v, kHeaderSize, kHeaderSize + length() * kPointerSize);
 }

--- a/src/objects.h
+++ b/src/objects.h
@@ -2342,14 +2342,14 @@ class Map: public HeapObject {
  Object* UpdateCodeCache(String* name, Code* code);

  // Returns the found code or undefined if absent.
-  inline Object* FindInCodeCache(String* name, Code::Flags flags);
+  Object* FindInCodeCache(String* name, Code::Flags flags);

-  // Returns the found code or undefined if absent.  Also returns the
-  // index at which the code was found or -1 if absent.
-  Object* FindIndexInCodeCache(String* name, Code::Flags flags, int* index);
+  // Returns the non-negative index of the code object if it is in the
+  // cache and -1 otherwise.
+  int IndexInCodeCache(Code* code);

  // Removes a code object from the code cache at the given index.
-  inline void RemoveFromCodeCache(int index);
+  void RemoveFromCodeCache(int index);

  // Dispatched behavior.
  void MapIterateBody(ObjectVisitor* v);