diff --git a/JSTests/stress/get-private-name-cell.js b/JSTests/stress/get-private-name-cell.js new file mode 100644 index 0000000000000..c212cc6e70504 --- /dev/null +++ b/JSTests/stress/get-private-name-cell.js @@ -0,0 +1,19 @@ +function __f_0() {} +__v_0 = 0 +class __c_0 { + #field = this.init() + init() { + if (__v_0 % 2) + this.anotherField = 0 + return 0 + } + getField() { this.#field } +} +for (; ; __v_0++) { + __v_9 = new __c_0 + __f_0(__v_9.getField()) + __v_9.__proto__ = [] + __v_9.getField0 + if (__v_0 == 1000) + break; +} diff --git a/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp b/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp index d29241265a8f2..50b8b062e058f 100644 --- a/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp +++ b/Source/JavaScriptCore/bytecode/StructureStubInfo.cpp @@ -261,6 +261,9 @@ void StructureStubInfo::reset(const ConcurrentJSLockerBase& locker, CodeBlock* c case AccessType::GetPrivateName: resetGetBy(codeBlock, *this, GetByKind::PrivateName); break; + case AccessType::GetPrivateNameById: + resetGetBy(codeBlock, *this, GetByKind::PrivateNameById); + break; case AccessType::PutById: resetPutBy(codeBlock, *this, PutByKind::ById); break; @@ -440,6 +443,8 @@ static FunctionPtr slowOperationFromUnlinkedStructureStubInfo(c return operationHasPrivateBrandOptimize; case AccessType::GetPrivateName: return operationGetPrivateNameOptimize; + case AccessType::GetPrivateNameById: + return operationGetPrivateNameByIdOptimize; case AccessType::PutById: switch (unlinkedStubInfo.putKind) { case PutKind::NotDirect: @@ -584,6 +589,7 @@ void StructureStubInfo::initializeFromUnlinkedStructureStubInfo(const BaselineUn case AccessType::TryGetById: case AccessType::GetByIdDirect: case AccessType::GetById: + case AccessType::GetPrivateNameById: hasConstantIdentifier = true; m_extraGPR = InvalidGPRReg; m_baseGPR = BaselineJITRegisters::GetById::baseJSR.payloadGPR(); diff --git a/Source/JavaScriptCore/bytecode/StructureStubInfo.h b/Source/JavaScriptCore/bytecode/StructureStubInfo.h index d240fa25de88d..e839ab4dd349f 100644 --- a/Source/JavaScriptCore/bytecode/StructureStubInfo.h +++ b/Source/JavaScriptCore/bytecode/StructureStubInfo.h @@ -71,6 +71,7 @@ enum class AccessType : int8_t { DeleteByID, DeleteByVal, GetPrivateName, + GetPrivateNameById, CheckPrivateBrand, SetPrivateBrand, }; @@ -100,8 +101,8 @@ class StructureStubInfo { } StructureStubInfo() - : StructureStubInfo(AccessType::GetById, { }) - { } + { + } ~StructureStubInfo(); @@ -372,7 +373,7 @@ class StructureStubInfo { GPRReg propertyTagGPR() const { return m_extraTagGPR; } #endif - CodeOrigin codeOrigin; + CodeOrigin codeOrigin { }; PropertyOffset byIdSelfOffset; std::unique_ptr m_stub; WriteBarrierStructureID m_inlineAccessBaseStructureID; @@ -412,7 +413,7 @@ class StructureStubInfo { GPRReg m_extraTagGPR { InvalidGPRReg }; #endif - AccessType accessType; + AccessType accessType { AccessType::GetById }; private: CacheType m_cacheType { CacheType::Unset }; public: @@ -452,7 +453,7 @@ inline auto appropriateOptimizingGetByIdFunction(AccessType type) -> decltype(&o return operationTryGetByIdOptimize; case AccessType::GetByIdDirect: return operationGetByIdDirectOptimize; - case AccessType::GetPrivateName: + case AccessType::GetPrivateNameById: return operationGetPrivateNameByIdOptimize; case AccessType::GetByIdWithThis: default: @@ -470,7 +471,7 @@ inline auto appropriateGenericGetByIdFunction(AccessType type) -> decltype(&oper return operationTryGetByIdGeneric; case AccessType::GetByIdDirect: return operationGetByIdDirectGeneric; - case AccessType::GetPrivateName: + case AccessType::GetPrivateNameById: return operationGetPrivateNameByIdGeneric; case AccessType::GetByIdWithThis: default: diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp index b1137cf9b64bb..e64cb98f65c3c 100644 --- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp +++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp @@ -4217,7 +4217,7 @@ void SpeculativeJIT::compileGetPrivateNameById(Node* node) JSValueRegs baseRegs = JSValueRegs::payloadOnly(base.gpr()); JSValueRegs resultRegs = result.regs(); - cachedGetById(node->origin.semantic, baseRegs, resultRegs, stubInfoGPR, scratchGPR, node->cacheableIdentifier(), JITCompiler::Jump(), NeedToSpill, AccessType::GetPrivateName); + cachedGetById(node->origin.semantic, baseRegs, resultRegs, stubInfoGPR, scratchGPR, node->cacheableIdentifier(), JITCompiler::Jump(), NeedToSpill, AccessType::GetPrivateNameById); jsValueResult(resultRegs, node, DataFormatJS); break; @@ -4242,7 +4242,7 @@ void SpeculativeJIT::compileGetPrivateNameById(Node* node) JITCompiler::Jump notCell = m_jit.branchIfNotCell(baseRegs); - cachedGetById(node->origin.semantic, baseRegs, resultRegs, stubInfoGPR, scratchGPR, node->cacheableIdentifier(), notCell, NeedToSpill, AccessType::GetPrivateName); + cachedGetById(node->origin.semantic, baseRegs, resultRegs, stubInfoGPR, scratchGPR, node->cacheableIdentifier(), notCell, NeedToSpill, AccessType::GetPrivateNameById); jsValueResult(resultRegs, node, DataFormatJS); break; diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp index 4cf974c0867e5..be0fd13d90f5c 100644 --- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp +++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp @@ -4128,7 +4128,7 @@ class LowerDFGToB3 { { JSGlobalObject* globalObject = m_graph.globalObjectFor(m_node->origin.semantic); if (m_node->child1().useKind() == CellUse) - setJSValue(getById(lowCell(m_node->child1()), AccessType::GetPrivateName)); + setJSValue(getById(lowCell(m_node->child1()), AccessType::GetPrivateNameById)); else { LValue base = lowJSValue(m_node->child1()); @@ -4141,7 +4141,7 @@ class LowerDFGToB3 { LBasicBlock lastNext = m_out.appendTo(baseCellCase, notCellCase); - ValueFromBlock cellResult = m_out.anchor(getById(base, AccessType::GetPrivateName)); + ValueFromBlock cellResult = m_out.anchor(getById(base, AccessType::GetPrivateNameById)); m_out.jump(continuation); m_out.appendTo(notCellCase, continuation); diff --git a/Source/JavaScriptCore/jit/GPRInfo.h b/Source/JavaScriptCore/jit/GPRInfo.h index 1a7eb05b51e34..f2b8e7a08c950 100644 --- a/Source/JavaScriptCore/jit/GPRInfo.h +++ b/Source/JavaScriptCore/jit/GPRInfo.h @@ -180,14 +180,14 @@ class JSValueRegs { { } - static constexpr JSValueRegs withTwoAvailableRegs(GPRReg gpr1, GPRReg gpr2) + static constexpr JSValueRegs withTwoAvailableRegs(GPRReg tagGPR, GPRReg payloadGPR) { - return JSValueRegs(gpr1, gpr2); + return JSValueRegs(tagGPR, payloadGPR); } - static constexpr JSValueRegs payloadOnly(GPRReg gpr) + static constexpr JSValueRegs payloadOnly(GPRReg payloadGPR) { - return JSValueRegs(InvalidGPRReg, gpr); + return JSValueRegs(InvalidGPRReg, payloadGPR); } bool operator!() const { return !static_cast(*this); } diff --git a/Source/JavaScriptCore/jit/ICStats.h b/Source/JavaScriptCore/jit/ICStats.h index 5d0b2f31cc41f..1dc92b90ef338 100644 --- a/Source/JavaScriptCore/jit/ICStats.h +++ b/Source/JavaScriptCore/jit/ICStats.h @@ -65,8 +65,8 @@ namespace JSC { macro(OperationPutByIdDirectNonStrictOptimize) \ macro(OperationPutByIdStrictBuildList) \ macro(OperationPutByIdNonStrictBuildList) \ - macro(OperationPutByIdDefinePrivateFieldFieldStrictOptimize) \ - macro(OperationPutByIdPutPrivateFieldFieldStrictOptimize) \ + macro(OperationPutByIdDefinePrivateFieldStrictOptimize) \ + macro(OperationPutByIdPutPrivateFieldStrictOptimize) \ macro(PutByAddAccessCase) \ macro(PutByReplaceWithJump) \ macro(PutBySelfPatch) \ @@ -80,7 +80,8 @@ namespace JSC { macro(CheckPrivateBrandAddAccessCase) \ macro(SetPrivateBrandAddAccessCase) \ macro(CheckPrivateBrandReplaceWithJump) \ - macro(SetPrivateBrandReplaceWithJump) + macro(SetPrivateBrandReplaceWithJump) \ + macro(OperationPutByIdSetPrivateFieldStrictOptimize) class ICEvent { public: diff --git a/Source/JavaScriptCore/jit/JITOperations.cpp b/Source/JavaScriptCore/jit/JITOperations.cpp index f12a348b387bd..bf37a31959d7c 100644 --- a/Source/JavaScriptCore/jit/JITOperations.cpp +++ b/Source/JavaScriptCore/jit/JITOperations.cpp @@ -992,7 +992,7 @@ JSC_DEFINE_JIT_OPERATION(operationPutByIdDefinePrivateFieldStrictOptimize, void, definePrivateField(vm, globalObject, callFrame, baseValue, identifier, value, [=](VM& vm, CodeBlock* codeBlock, Structure* oldStructure, PutPropertySlot& putSlot, const Identifier& ident) { JSObject* baseObject = asObject(baseValue); - LOG_IC((ICEvent::OperationPutByIdDefinePrivateFieldFieldStrictOptimize, baseObject->classInfo(), ident, putSlot.base() == baseObject)); + LOG_IC((ICEvent::OperationPutByIdDefinePrivateFieldStrictOptimize, baseObject->classInfo(), ident, putSlot.base() == baseObject)); ASSERT_UNUSED(accessType, accessType == static_cast(stubInfo->accessType)); @@ -1028,7 +1028,7 @@ JSC_DEFINE_JIT_OPERATION(operationPutByIdSetPrivateFieldStrictOptimize, void, (J setPrivateField(vm, globalObject, callFrame, baseValue, identifier, value, [&](VM& vm, CodeBlock* codeBlock, Structure* oldStructure, PutPropertySlot& putSlot, const Identifier& ident) { JSObject* baseObject = asObject(baseValue); - LOG_IC((ICEvent::OperationPutByIdPutPrivateFieldFieldStrictOptimize, baseObject->classInfo(), ident, putSlot.base() == baseObject)); + LOG_IC((ICEvent::OperationPutByIdSetPrivateFieldStrictOptimize, baseObject->classInfo(), ident, putSlot.base() == baseObject)); ASSERT_UNUSED(accessType, accessType == static_cast(stubInfo->accessType)); @@ -2514,7 +2514,7 @@ JSC_DEFINE_JIT_OPERATION(operationGetPrivateNameByIdOptimize, EncodedJSValue, (J base->getPrivateField(globalObject, fieldName, slot); RETURN_IF_EXCEPTION(scope, encodedJSValue()); - LOG_IC((ICEvent::OperationGetPrivateNameOptimize, baseValue.classInfoOrNull(), fieldName, true)); + LOG_IC((ICEvent::OperationGetPrivateNameByIdOptimize, baseValue.classInfoOrNull(), fieldName, true)); CodeBlock* codeBlock = callFrame->codeBlock(); if (stubInfo->considerCachingBy(vm, codeBlock, baseValue.structureOrNull(), identifier))