48 : native_context_(native_context),
50 Object* raw_info = code->type_feedback_info();
51 if (raw_info->IsTypeFeedbackInfo()) {
56 BuildDictionary(code);
57 ASSERT(dictionary_->IsDictionary());
62 return static_cast<uint32_t
>(ast_id.
ToInt());
66 Handle<Object> TypeFeedbackOracle::GetInfo(TypeFeedbackId ast_id) {
67 int entry = dictionary_->FindEntry(IdToKey(ast_id));
69 Object* value = dictionary_->ValueAt(entry);
70 if (value->IsCell()) {
74 return Handle<Object>(value,
isolate());
81 Handle<Object> TypeFeedbackOracle::GetInfo(
int slot) {
82 ASSERT(slot >= 0 && slot < feedback_vector_->length());
83 Object*
obj = feedback_vector_->get(slot);
84 if (!obj->IsJSFunction() ||
94 if (maybe_code->IsCode()) {
96 return code->is_inline_cache_stub() && code->ic_state() ==
UNINITIALIZED;
104 if (!maybe_code->IsCode())
return false;
112 if (maybe_code->IsCode()) {
114 return code->is_keyed_store_stub() &&
123 return FLAG_pretenuring_call_new
124 ? value->IsJSFunction()
125 : value->IsAllocationSite() || value->IsJSFunction();
131 return FLAG_pretenuring_call_new
132 ? info->IsJSFunction()
133 : info->IsAllocationSite() || info->IsJSFunction();
139 return value->IsSmi() &&
141 ? ForInStatement::FAST_FOR_IN : ForInStatement::SLOW_FOR_IN;
148 if (maybe_code->IsCode()) {
150 if (code->kind() == Code::KEYED_STORE_IC) {
160 if (FLAG_pretenuring_call_new || info->IsJSFunction()) {
164 ASSERT(info->IsAllocationSite());
171 if (FLAG_pretenuring_call_new || info->IsJSFunction()) {
175 ASSERT(info->IsAllocationSite());
182 if (FLAG_pretenuring_call_new || info->IsAllocationSite()) {
197 if (!object->IsCode())
return false;
199 if (!code->is_load_stub())
return false;
208 Type** combined_type) {
210 if (!info->IsCode()) {
218 Map* raw_map = code->FindFirstMap();
219 if (raw_map !=
NULL) {
226 if (code->is_compare_ic_stub()) {
227 int stub_minor_key = code->stub_info();
229 stub_minor_key, left_type, right_type, combined_type, map,
zone());
230 }
else if (code->is_compare_nil_ic_stub()) {
232 *combined_type = stub.GetType(
zone(), map);
233 *left_type = *right_type = stub.GetInputType(
zone(), map);
246 if (!object->IsCode()) {
249 ASSERT(op < BinaryOpIC::State::FIRST_TOKEN ||
250 op > BinaryOpIC::State::LAST_TOKEN);
257 ASSERT_EQ(Code::BINARY_OP_IC, code->kind());
261 *left = state.GetLeftType(
zone());
262 *right = state.GetRightType(
zone());
263 *result = state.GetResultType(
zone());
264 *fixed_right_arg = state.fixed_right_arg();
266 AllocationSite* first_allocation_site = code->FindFirstAllocationSite();
267 if (first_allocation_site !=
NULL) {
268 *allocation_site =
handle(first_allocation_site);
279 ASSERT_EQ(Code::BINARY_OP_IC, code->kind());
281 return state.GetLeftType(
zone());
287 SmallMapList* receiver_types,
bool* is_prototype) {
288 receiver_types->Clear();
291 if (!*is_prototype) {
299 TypeFeedbackId id, SmallMapList* receiver_types,
bool* is_string) {
300 receiver_types->Clear();
312 receiver_types->Clear();
321 receiver_types->Clear();
328 SmallMapList* receiver_types) {
329 receiver_types->Clear();
337 SmallMapList* types) {
339 if (object->
IsUndefined() ||
object->IsSmi())
return;
344 if (FLAG_collect_megamorphic_maps_from_stub_cache &&
346 types->Reserve(4,
zone());
348 types, name, flags, native_context_,
zone());
361 while (!map->prototype()->IsNull()) {
362 constructor = map->constructor();
363 if (!constructor->IsNull()) {
366 if (!constructor->IsJSFunction())
return true;
375 constructor = map->constructor();
376 if (constructor->IsNull())
return false;
384 return function->context()->global_object() != native_context->
global_object()
385 &&
function->context()->global_object() != native_context->
builtins();
390 SmallMapList* types) {
392 if (!object->IsCode())
return;
396 Map*
map = code->FindFirstMap();
399 code->FindAllMaps(&maps);
403 types->Reserve(maps.length(),
zone());
404 for (
int i = 0; i < maps.length(); i++) {
407 types->AddMapIfMissing(
map,
zone());
427 GetRelocInfos(code, &infos);
428 CreateDictionary(code, &infos);
429 ProcessRelocInfos(&infos);
431 dictionary_ = scope.CloseAndEscape(dictionary_);
435 void TypeFeedbackOracle::GetRelocInfos(
Handle<Code> code,
436 ZoneList<RelocInfo>* infos) {
437 int mask = RelocInfo::ModeMask(RelocInfo::CODE_TARGET_WITH_ID);
438 for (RelocIterator it(*code, mask); !it.done(); it.next()) {
439 infos->Add(*it.rinfo(),
zone());
444 void TypeFeedbackOracle::CreateDictionary(Handle<Code> code,
445 ZoneList<RelocInfo>* infos) {
447 Code* old_code = *
code;
450 RelocateRelocInfos(infos, old_code, *code);
454 void TypeFeedbackOracle::RelocateRelocInfos(ZoneList<RelocInfo>* infos,
457 for (
int i = 0; i < infos->length(); i++) {
458 RelocInfo*
info = &(*infos)[i];
459 info->set_host(new_code);
460 info->set_pc(new_code->instruction_start() +
461 (info->pc() - old_code->instruction_start()));
466 void TypeFeedbackOracle::ProcessRelocInfos(ZoneList<RelocInfo>* infos) {
467 for (
int i = 0; i < infos->length(); i++) {
468 RelocInfo reloc_entry = (*infos)[i];
469 Address target_address = reloc_entry.target_address();
470 TypeFeedbackId ast_id =
471 TypeFeedbackId(static_cast<unsigned>((*infos)[i].data()));
473 switch (target->kind()) {
476 case Code::KEYED_LOAD_IC:
477 case Code::KEYED_STORE_IC:
478 case Code::BINARY_OP_IC:
479 case Code::COMPARE_IC:
480 case Code::TO_BOOLEAN_IC:
481 case Code::COMPARE_NIL_IC:
482 SetInfo(ast_id, target);
492 void TypeFeedbackOracle::SetInfo(TypeFeedbackId ast_id,
Object* target) {
493 ASSERT(dictionary_->FindEntry(IdToKey(ast_id)) ==
495 MaybeObject* maybe_result = dictionary_->AtNumberPut(IdToKey(ast_id), target);
500 ASSERT(maybe_result->ToObject(&result));
501 ASSERT(*dictionary_ == result);
enable upcoming ES6 features enable harmony block scoping enable harmony enable harmony proxies enable harmony generators enable harmony numeric enable harmony string enable harmony math functions harmony_scoping harmony_symbols harmony_collections harmony_iteration harmony_strings harmony_scoping harmony_maths tracks arrays with only smi values Optimize object Array DOM strings and string pretenure call new trace pretenuring decisions of HAllocate instructions track fields with only smi values track fields with heap values track_fields track_fields Enables optimizations which favor memory size over execution speed use string slices optimization filter maximum number of GVN fix point iterations use function inlining use allocation folding eliminate write barriers targeting allocations in optimized code maximum source size in bytes considered for a single inlining maximum cumulative number of AST nodes considered for inlining crankshaft harvests type feedback from stub cache trace check elimination phase hydrogen tracing filter NULL
bool CallNewIsMonomorphic(int slot)
Code * builtin(Name name)
static const int kForInFastCaseMarker
static const int kNotFound
byte ToBooleanTypes(TypeFeedbackId id)
Handle< AllocationSite > GetCallNewAllocationSite(int slot)
static Handle< Map > CurrentMapForDeprecated(Handle< Map > map)
Type * CountType(TypeFeedbackId id)
enable upcoming ES6 features enable harmony block scoping enable harmony enable harmony proxies enable harmony generators enable harmony numeric enable harmony string enable harmony math functions harmony_scoping harmony_symbols harmony_collections harmony_iteration harmony_strings harmony_scoping harmony_maths tracks arrays with only smi values Optimize object Array DOM strings and string pretenure call new trace pretenuring decisions of HAllocate instructions track fields with only smi values track fields with heap values track_fields track_fields Enables optimizations which favor memory size over execution speed use string slices optimization filter maximum number of GVN fix point iterations use function inlining use allocation folding eliminate write barriers targeting allocations in optimized code maximum source size in bytes considered for a single inlining maximum cumulative number of AST nodes considered for inlining crankshaft harvests type feedback from stub cache trace check elimination phase hydrogen tracing filter trace hydrogen to given file name trace inlining decisions trace store elimination trace all use positions trace global value numbering trace hydrogen escape analysis trace the tracking of allocation sites trace map generalization environment for every instruction deoptimize every n garbage collections put a break point before deoptimizing deoptimize uncommon cases use on stack replacement trace array bounds check elimination perform array index dehoisting use load elimination use store elimination use constant folding eliminate unreachable code number of stress runs when picking a function to watch for shared function not JSFunction itself flushes the cache of optimized code for closures on every GC functions with arguments object maximum number of escape analysis fix point iterations allow uint32 values on optimize frames if they are used only in safe operations track concurrent recompilation artificial compilation delay in ms concurrent on stack replacement do not emit check maps for constant values that have a leaf map
static TypeFeedbackInfo * cast(Object *obj)
static Flags ComputeHandlerFlags(Kind handler_kind, StubType type=NORMAL, InlineCacheHolderFlag holder=OWN_MAP)
static HeapObject * cast(Object *obj)
static Handle< T > cast(Handle< S > that)
static bool CanRetainOtherContext(Map *map, Context *native_context)
void CollectMatchingMaps(SmallMapList *types, Handle< Name > name, Code::Flags flags, Handle< Context > native_context, Zone *zone)
void AssignmentReceiverTypes(TypeFeedbackId id, Handle< String > name, SmallMapList *receiver_types)
kSerializedDataOffset Object
JSBuiltinsObject * builtins()
#define ASSERT(condition)
void CollectReceiverTypes(TypeFeedbackId id, SmallMapList *types)
PerThreadAssertScopeDebugOnly< HEAP_ALLOCATION_ASSERT, true > AllowHeapAllocation
static Smi * cast(Object *object)
static void StubInfoToType(int stub_minor_key, Type **left_type, Type **right_type, Type **overall_type, Handle< Map > map, Zone *zone)
GlobalObject * global_object()
bool LoadIsBuiltin(TypeFeedbackId id, Builtins::Name builtin_id)
Handle< JSFunction > GetCallNewTarget(int slot)
bool CallIsMonomorphic(int slot)
void CompareType(TypeFeedbackId id, Type **left, Type **right, Type **combined)
static Cell * cast(Object *obj)
enable upcoming ES6 features enable harmony block scoping enable harmony enable harmony proxies enable harmony generators enable harmony numeric enable harmony string enable harmony math functions harmony_scoping harmony_symbols harmony_collections harmony_iteration harmony_strings harmony_scoping harmony_maths tracks arrays with only smi values Optimize object Array DOM strings and string pretenure call new trace pretenuring decisions of HAllocate instructions track fields with only smi values track fields with heap values track_fields track_fields Enables optimizations which favor memory size over execution speed use string slices optimization filter maximum number of GVN fix point iterations use function inlining use allocation folding eliminate write barriers targeting allocations in optimized code maximum source size in bytes considered for a single inlining maximum cumulative number of AST nodes considered for inlining crankshaft harvests type feedback from stub cache trace check elimination phase hydrogen tracing filter trace hydrogen to given file name trace inlining decisions trace store elimination trace all use positions trace global value numbering trace hydrogen escape analysis trace the tracking of allocation sites trace map generalization environment for every instruction deoptimize every n garbage collections put a break point before deoptimizing deoptimize uncommon cases use on stack replacement trace array bounds check elimination perform array index dehoisting use load elimination use store elimination use constant folding eliminate unreachable code number of stress runs when picking a function to watch for shared function not JSFunction itself flushes the cache of optimized code for closures on every GC functions with arguments object maximum number of escape analysis fix point iterations allow uint32 values on optimize frames if they are used only in safe operations track concurrent recompilation artificial compilation delay in ms concurrent on stack replacement do not emit check maps for constant values that have a leaf deoptimize the optimized code if the layout of the maps changes number of stack frames inspected by the profiler percentage of ICs that must have type info to allow optimization extra verbose compilation tracing generate extra emit comments in code disassembly enable use of SSE3 instructions if available enable use of CMOV instruction if available enable use of VFP3 instructions if available enable use of NEON instructions if enable use of SDIV and UDIV instructions if enable loading bit constant by means of movw movt instruction enable unaligned accesses for enable use of d16 d31 registers on ARM this requires VFP3 force all emitted branches to be in long expose natives in global object expose freeBuffer extension expose gc extension under the specified name expose externalize string extension number of stack frames to capture disable builtin natives files print name of functions for which code is generated use random jit cookie to mask large constants trace lazy optimization use adaptive optimizations always try to OSR functions trace optimize function deoptimization minimum length for automatic enable preparsing maximum number of optimization attempts before giving up cache prototype transitions trace debugging JSON request response trace out of bounds accesses to external arrays trace_js_array_abuse automatically set the debug break flag when debugger commands are in the queue abort by crashing maximum length of function source code printed in a stack trace max size of the new max size of the old max size of executable always perform global GCs print one trace line following each garbage collection do not print trace line after scavenger collection print statistics of the maximum memory committed for the heap in only print modified registers Don t break for ASM_UNIMPLEMENTED_BREAK macros print stack trace when an illegal exception is thrown randomize hashes to avoid predictable hash Fixed seed to use to hash property Print the time it takes to deserialize the snapshot testing_bool_flag testing_int_flag string flag tmp file in which to serialize heap Print the time it takes to lazily compile hydrogen code stubs concurrent_recompilation concurrent_sweeping Print usage including flags
bool Describes(Code *code)
static KeyedAccessStoreMode GetKeyedAccessStoreMode(ExtraICState extra_state)
void PropertyReceiverTypes(TypeFeedbackId id, Handle< String > name, SmallMapList *receiver_types, bool *is_prototype)
void CountReceiverTypes(TypeFeedbackId id, SmallMapList *receiver_types)
enable upcoming ES6 features enable harmony block scoping enable harmony enable harmony proxies enable harmony generators enable harmony numeric enable harmony string enable harmony math functions harmony_scoping harmony_symbols harmony_collections harmony_iteration harmony_strings harmony_scoping harmony_maths tracks arrays with only smi values Optimize object Array DOM strings and string pretenure call new trace pretenuring decisions of HAllocate instructions track fields with only smi values track fields with heap values track_fields track_fields Enables optimizations which favor memory size over execution speed use string slices optimization filter maximum number of GVN fix point iterations use function inlining use allocation folding eliminate write barriers targeting allocations in optimized code maximum source size in bytes considered for a single inlining maximum cumulative number of AST nodes considered for inlining crankshaft harvests type feedback from stub cache trace check elimination phase hydrogen tracing filter trace hydrogen to given file name trace inlining decisions trace store elimination trace all use positions trace global value numbering trace hydrogen escape analysis trace the tracking of allocation sites trace map generalization environment for every instruction deoptimize every n garbage collections put a break point before deoptimizing deoptimize uncommon cases use on stack replacement trace array bounds check elimination perform array index dehoisting use load elimination use store elimination use constant folding eliminate unreachable code number of stress runs when picking a function to watch for shared function not JSFunction itself flushes the cache of optimized code for closures on every GC functions with arguments object maximum number of escape analysis fix point iterations allow uint32 values on optimize frames if they are used only in safe operations track concurrent recompilation artificial compilation delay in ms concurrent on stack replacement do not emit check maps for constant values that have a leaf deoptimize the optimized code if the layout of the maps changes number of stack frames inspected by the profiler percentage of ICs that must have type info to allow optimization extra verbose compilation tracing generate extra code(assertions) for debugging") DEFINE_bool(code_comments
static Code * GetCodeFromTargetAddress(Address address)
byte ForInType(int feedback_vector_slot)
V8_INLINE bool IsUndefined() const
bool LoadIsStub(TypeFeedbackId id, ICStub *stub)
Handle< T > handle(T *t, Isolate *isolate)
TypeFeedbackOracle(Handle< Code > code, Handle< Context > native_context, Zone *zone)
bool LoadIsUninitialized(TypeFeedbackId id)
enable upcoming ES6 features enable harmony block scoping enable harmony enable harmony proxies enable harmony generators enable harmony numeric enable harmony string enable harmony math functions harmony_scoping harmony_symbols harmony_collections harmony_iteration harmony_strings harmony_scoping harmony_maths tracks arrays with only smi values Optimize object Array DOM strings and string pretenure call new trace pretenuring decisions of HAllocate instructions track fields with only smi values track fields with heap values track_fields track_fields Enables optimizations which favor memory size over execution speed use string slices optimization filter maximum number of GVN fix point iterations use function inlining use allocation folding eliminate write barriers targeting allocations in optimized code maximum source size in bytes considered for a single inlining maximum cumulative number of AST nodes considered for inlining crankshaft harvests type feedback from stub cache trace check elimination phase hydrogen tracing filter trace hydrogen to given file name trace inlining decisions trace store elimination trace all use positions trace global value numbering trace hydrogen escape analysis trace the tracking of allocation sites trace map generalization environment for every instruction deoptimize every n garbage collections put a break point before deoptimizing deoptimize uncommon cases use on stack replacement trace array bounds check elimination perform array index dehoisting use load elimination use store elimination use constant folding eliminate unreachable code number of stress runs when picking a function to watch for shared function info
void KeyedPropertyReceiverTypes(TypeFeedbackId id, SmallMapList *receiver_types, bool *is_string)
static Handle< T > null()
#define ASSERT_EQ(v1, v2)
bool StoreIsUninitialized(TypeFeedbackId id)
Handle< JSFunction > GetCallTarget(int slot)
void Add(const T &element, AllocationPolicy allocator=AllocationPolicy())
void KeyedAssignmentReceiverTypes(TypeFeedbackId id, SmallMapList *receiver_types, KeyedAccessStoreMode *store_mode)
Handle< Context > native_context()
KeyedAccessStoreMode GetStoreMode(TypeFeedbackId id)
void BinaryType(TypeFeedbackId id, Type **left, Type **right, Type **result, Maybe< int > *fixed_right_arg, Handle< AllocationSite > *allocation_site, Token::Value operation)
enable upcoming ES6 features enable harmony block scoping enable harmony enable harmony proxies enable harmony generators enable harmony numeric enable harmony string enable harmony math functions harmony_scoping harmony_symbols harmony_collections harmony_iteration harmony_strings harmony_scoping harmony_maths tracks arrays with only smi values Optimize object Array DOM strings and string pretenure call new trace pretenuring decisions of HAllocate instructions track fields with only smi values track fields with heap values track_fields track_fields Enables optimizations which favor memory size over execution speed use string slices optimization filter maximum number of GVN fix point iterations use function inlining use allocation folding eliminate write barriers targeting allocations in optimized code maximum source size in bytes considered for a single inlining maximum cumulative number of AST nodes considered for inlining crankshaft harvests type feedback from stub cache trace check elimination phase hydrogen tracing filter trace hydrogen to given file name trace inlining decisions trace store elimination trace all use positions trace global value numbering trace hydrogen escape analysis trace the tracking of allocation sites trace map generalization environment for every instruction deoptimize every n garbage collections put a break point before deoptimizing deoptimize uncommon cases use on stack replacement trace array bounds check elimination perform array index dehoisting use load elimination use store elimination use constant folding eliminate unreachable code number of stress runs when picking a function to watch for shared function not JSFunction itself flushes the cache of optimized code for closures on every GC functions with arguments object maximum number of escape analysis fix point iterations allow uint32 values on optimize frames if they are used only in safe operations track concurrent recompilation artificial compilation delay in ms concurrent on stack replacement do not emit check maps for constant values that have a leaf deoptimize the optimized code if the layout of the maps changes number of stack frames inspected by the profiler percentage of ICs that must have type info to allow optimization extra verbose compilation tracing generate extra emit comments in code disassembly enable use of SSE3 instructions if available enable use of CMOV instruction if available enable use of VFP3 instructions if available enable use of NEON instructions if enable use of SDIV and UDIV instructions if enable loading bit constant by means of movw movt instruction enable unaligned accesses for enable use of d16 d31 registers on ARM this requires VFP3 force all emitted branches to be in long expose natives in global object expose freeBuffer extension expose gc extension under the specified name expose externalize string extension number of stack frames to capture disable builtin natives files print name of functions for which code is generated use random jit cookie to mask large constants trace lazy optimization use adaptive optimizations always try to OSR functions trace optimize function deoptimization minimum length for automatic enable preparsing maximum number of optimization attempts before giving up cache prototype transitions trace debugging JSON request response trace out of bounds accesses to external arrays trace_js_array_abuse automatically set the debug break flag when debugger commands are in the queue abort by crashing maximum length of function source code printed in a stack trace max size of the new max size of the old max size of executable always perform global GCs print one trace line following each garbage collection do not print trace line after scavenger collection print statistics of the maximum memory committed for the heap in name
bool StoreIsKeyedPolymorphic(TypeFeedbackId id)
Handle< UnseededNumberDictionary > NewUnseededNumberDictionary(int at_least_space_for)
Isolate * isolate() const
static JSFunction * cast(Object *obj)
1.8.6 
