Introduce FeedbackNexus for vector-based ics.

src/ic/ic.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #include "src/accessors.h"
 #include "src/api.h"
 #include "src/arguments.h"
 #include "src/base/bits.h"
@@ skipping 71 matching lines @@
       PrintF("[%s patching generic stub in ", type); \
       PrintF("(see below) (%s)]\n", reason);         \
     }                                                \
   } while (false)
 
 #endif  // DEBUG
 
 
 void IC::TraceIC(const char* type, Handle<Object> name) {
   if (FLAG_trace_ic) {
-    Code* new_target = raw_target();
-    State new_state = new_target->ic_state();
+    State new_state =
+        UseVector() ? nexus()->StateFromFeedback() : raw_target()->ic_state();
     TraceIC(type, name, state(), new_state);
   }
 }
 
 
 void IC::TraceIC(const char* type, Handle<Object> name, State old_state,
                  State new_state) {
   if (FLAG_trace_ic) {
     Code* new_target = raw_target();
     PrintF("[%s%s in ", new_target->is_keyed_stub() ? "Keyed" : "", type);
@@ skipping 23 matching lines @@
 #ifdef OBJECT_PRINT
     OFStream os(stdout);
     name->Print(os);
 #else
     name->ShortPrint(stdout);
 #endif
     PrintF("]\n");
   }
 }
 
+
 #define TRACE_IC(type, name) TraceIC(type, name)
-#define TRACE_VECTOR_IC(type, name, old_state, new_state) \
-  TraceIC(type, name, old_state, new_state)
 
-IC::IC(FrameDepth depth, Isolate* isolate)
-    : isolate_(isolate), target_set_(false), target_maps_set_(false) {
+
+IC::IC(FrameDepth depth, Isolate* isolate, FeedbackNexus* nexus,
+       bool for_queries_only)
+    : isolate_(isolate),
+      target_set_(false),
+      target_maps_set_(false),
+      nexus_(nexus) {
   // To improve the performance of the (much used) IC code, we unfold a few
   // levels of the stack frame iteration code. This yields a ~35% speedup when
   // running DeltaBlue and a ~25% speedup of gbemu with the '--nouse-ic' flag.
   const Address entry = Isolate::c_entry_fp(isolate->thread_local_top());
   Address constant_pool = NULL;
   if (FLAG_enable_ool_constant_pool) {
     constant_pool =
         Memory::Address_at(entry + ExitFrameConstants::kConstantPoolOffset);
   }
   Address* pc_address =
@@ skipping 18 matching lines @@
   DCHECK(fp == frame->fp() && pc_address == frame->pc_address());
 #endif
   fp_ = fp;
   if (FLAG_enable_ool_constant_pool) {
     raw_constant_pool_ = handle(
         ConstantPoolArray::cast(reinterpret_cast<Object*>(constant_pool)),
         isolate);
   }
   pc_address_ = StackFrame::ResolveReturnAddressLocation(pc_address);
   target_ = handle(raw_target(), isolate);
-  state_ = target_->ic_state();
   kind_ = target_->kind();
+  state_ = (!for_queries_only && UseVector()) ? nexus->StateFromFeedback()
+                                              : target_->ic_state();
+  old_state_ = state_;
   extra_ic_state_ = target_->extra_ic_state();
 }
 
 
 SharedFunctionInfo* IC::GetSharedFunctionInfo() const {
   // Compute the JavaScript frame for the frame pointer of this IC
   // structure. We need this to be able to find the function
   // corresponding to the frame.
   StackFrameIterator it(isolate());
   while (it.frame()->fp() != this->fp()) it.Advance();
@@ skipping 219 matching lines @@
     info->change_own_type_change_checksum();
   }
   host->set_profiler_ticks(0);
   isolate->runtime_profiler()->NotifyICChanged();
   // TODO(2029): When an optimized function is patched, it would
   // be nice to propagate the corresponding type information to its
   // unoptimized version for the benefit of later inlining.
 }
 
 
+// static
+void IC::OnTypeFeedbackChanged(Isolate* isolate, Code* host,
+                               TypeFeedbackVector* vector, State old_state,
+                               State new_state) {
+  if (host->kind() != Code::FUNCTION) return;
+
+  if (FLAG_type_info_threshold > 0) {
+    int polymorphic_delta = 0;  // "Polymorphic" here includes monomorphic.
+    int generic_delta = 0;      // "Generic" here includes megamorphic.
+    ComputeTypeInfoCountDelta(old_state, new_state, &polymorphic_delta,
+                              &generic_delta);
+    vector->change_ic_with_type_info_count(polymorphic_delta);
+    vector->change_ic_generic_count(generic_delta);
+  }
+  TypeFeedbackInfo* info = TypeFeedbackInfo::cast(host->type_feedback_info());
+  info->change_own_type_change_checksum();
+  host->set_profiler_ticks(0);
+  isolate->runtime_profiler()->NotifyICChanged();
+  // TODO(2029): When an optimized function is patched, it would
+  // be nice to propagate the corresponding type information to its
+  // unoptimized version for the benefit of later inlining.
+}
+
+
 void IC::PostPatching(Address address, Code* target, Code* old_target) {
   // Type vector based ICs update these statistics at a different time because
   // they don't always patch on state change.
   if (target->kind() == Code::CALL_IC) return;
 
   Isolate* isolate = target->GetHeap()->isolate();
   State old_state = UNINITIALIZED;
   State new_state = UNINITIALIZED;
   bool target_remains_ic_stub = false;
   if (old_target->is_inline_cache_stub() && target->is_inline_cache_stub()) {
@@ skipping 69 matching lines @@
       // Clearing these is tricky and does not
       // make any performance difference.
       return;
     default:
       UNREACHABLE();
   }
 }
 
 
 void IC::Clear(Isolate* isolate, Code::Kind kind, Code* host,
-               TypeFeedbackVector* vector, FeedbackVectorICSlot slot) {
+               FeedbackNexus* nexus) {
   switch (kind) {
     case Code::CALL_IC:
-      return CallIC::Clear(isolate, host, vector, slot);
+      return CallIC::Clear(isolate, host,
+                           reinterpret_cast<CallICNexus*>(nexus));

[Igor Sheludko, 2014/10/28 11:12:36]

static_cast?

[mvstanton, 2014/10/28 13:23:28]

I hated the cast anyway, so I've changed this to a template method where you
need to pass the appropriate kind of FeedbackNexus in order to compile. That
should be better, at least.

     default:
       UNREACHABLE();
   }
 }
 
 
 void KeyedLoadIC::Clear(Isolate* isolate, Address address, Code* target,
                         ConstantPoolArray* constant_pool) {
   if (IsCleared(target)) return;
 
   // Make sure to also clear the map used in inline fast cases.  If we
   // do not clear these maps, cached code can keep objects alive
   // through the embedded maps.
   SetTargetAtAddress(address, *pre_monomorphic_stub(isolate), constant_pool);
 }
 
 
-void CallIC::Clear(Isolate* isolate, Code* host, TypeFeedbackVector* vector,
-                   FeedbackVectorICSlot slot) {
-  DCHECK(vector != NULL && !slot.IsInvalid());
-  Object* feedback = vector->Get(slot);
+void CallIC::Clear(Isolate* isolate, Code* host, CallICNexus* nexus) {
   // Determine our state.
-  State state = FeedbackToState(isolate, vector, slot);
+  Object* feedback = nexus->vector()->Get(nexus->slot());
+  State state = nexus->StateFromFeedback();
 
   if (state != UNINITIALIZED && !feedback->IsAllocationSite()) {
-    vector->Set(slot, isolate->heap()->uninitialized_symbol(),
-                SKIP_WRITE_BARRIER);
+    nexus->ConfigureUninitialized();

[Igor Sheludko, 2014/10/28 11:12:36]

Does it make sense to proceed skipping write barriers for Uninitialized and
Generic sentinels?

[mvstanton, 2014/10/28 13:23:28]

It does indeed, I've make that fix in type-feedback-vector.cc, thanks!

     // The change in state must be processed.
-    OnTypeFeedbackChanged(isolate, host, vector, state, UNINITIALIZED);
+    OnTypeFeedbackChanged(isolate, host, nexus->vector(), state, UNINITIALIZED);
   }
 }
 
 
 void LoadIC::Clear(Isolate* isolate, Address address, Code* target,
                    ConstantPoolArray* constant_pool) {
   if (IsCleared(target)) return;
   Code* code = PropertyICCompiler::FindPreMonomorphic(isolate, Code::LOAD_IC,
                                                       target->extra_ic_state());
   SetTargetAtAddress(address, code, constant_pool);
@@ skipping 1379 matching lines @@
     TRACE_GENERIC_IC(isolate(), "KeyedStoreIC", "slow stub");
   }
   DCHECK(!stub.is_null());
   set_target(*stub);
   TRACE_IC("StoreIC", key);
 
   return store_handle;
 }
 
 
-// static
-void CallIC::OnTypeFeedbackChanged(Isolate* isolate, Code* host,
-                                   TypeFeedbackVector* vector, State old_state,
-                                   State new_state) {
-  if (host->kind() != Code::FUNCTION) return;
-
-  if (FLAG_type_info_threshold > 0) {
-    int polymorphic_delta = 0;  // "Polymorphic" here includes monomorphic.
-    int generic_delta = 0;      // "Generic" here includes megamorphic.
-    ComputeTypeInfoCountDelta(old_state, new_state, &polymorphic_delta,
-                              &generic_delta);
-    vector->change_ic_with_type_info_count(polymorphic_delta);
-    vector->change_ic_generic_count(generic_delta);
-  }
-  TypeFeedbackInfo* info = TypeFeedbackInfo::cast(host->type_feedback_info());
-  info->change_own_type_change_checksum();
-  host->set_profiler_ticks(0);
-  isolate->runtime_profiler()->NotifyICChanged();
-  // TODO(2029): When an optimized function is patched, it would
-  // be nice to propagate the corresponding type information to its
-  // unoptimized version for the benefit of later inlining.
-}
-
-
 bool CallIC::DoCustomHandler(Handle<Object> receiver, Handle<Object> function,
-                             Handle<TypeFeedbackVector> vector,
-                             FeedbackVectorICSlot slot,
-                             const CallICState& state) {
+                             const CallICState& callic_state) {
   DCHECK(FLAG_use_ic && function->IsJSFunction());
 
   // Are we the array function?
   Handle<JSFunction> array_function =
       Handle<JSFunction>(isolate()->native_context()->array_function());
   if (array_function.is_identical_to(Handle<JSFunction>::cast(function))) {
     // Alter the slot.
-    IC::State old_state = FeedbackToState(isolate(), *vector, slot);
-    Object* feedback = vector->Get(slot);
-    if (!feedback->IsAllocationSite()) {
-      Handle<AllocationSite> new_site =
-          isolate()->factory()->NewAllocationSite();
-      vector->Set(slot, *new_site);
-    }
+    CallICNexus* nexus = casted_nexus<CallICNexus>();
+    nexus->ConfigureMonomorphicArray();
 
-    CallIC_ArrayStub stub(isolate(), state);
+    CallIC_ArrayStub stub(isolate(), callic_state);
     set_target(*stub.GetCode());
     Handle<String> name;
     if (array_function->shared()->name()->IsString()) {
       name = Handle<String>(String::cast(array_function->shared()->name()),
                             isolate());
     }
-
-    IC::State new_state = FeedbackToState(isolate(), *vector, slot);
-    OnTypeFeedbackChanged(isolate(), get_host(), *vector, old_state, new_state);
-    TRACE_VECTOR_IC("CallIC (custom handler)", name, old_state, new_state);
+    TRACE_IC("CallIC", name);
+    OnTypeFeedbackChanged(isolate(), get_host(), nexus->vector(), state(),
+                          MONOMORPHIC);
     return true;
   }
   return false;
 }
 
 
-void CallIC::PatchMegamorphic(Handle<Object> function,
-                              Handle<TypeFeedbackVector> vector,
-                              FeedbackVectorICSlot slot) {
-  CallICState state(target()->extra_ic_state());
-  IC::State old_state = FeedbackToState(isolate(), *vector, slot);
+void CallIC::PatchMegamorphic(Handle<Object> function) {
+  CallICState callic_state(target()->extra_ic_state());
 
   // We are going generic.
-  vector->Set(slot, *TypeFeedbackVector::MegamorphicSentinel(isolate()),
-              SKIP_WRITE_BARRIER);
+  CallICNexus* nexus = casted_nexus<CallICNexus>();
+  nexus->ConfigureGeneric();
 
-  CallICStub stub(isolate(), state);
+  CallICStub stub(isolate(), callic_state);
   Handle<Code> code = stub.GetCode();
   set_target(*code);
 
   Handle<Object> name = isolate()->factory()->empty_string();
   if (function->IsJSFunction()) {
     Handle<JSFunction> js_function = Handle<JSFunction>::cast(function);
     name = handle(js_function->shared()->name(), isolate());
   }
 
-  IC::State new_state = FeedbackToState(isolate(), *vector, slot);
-  OnTypeFeedbackChanged(isolate(), get_host(), *vector, old_state, new_state);
-  TRACE_VECTOR_IC("CallIC", name, old_state, new_state);
+  TRACE_IC("CallIC", name);
+  OnTypeFeedbackChanged(isolate(), get_host(), nexus->vector(), state(),
+                        GENERIC);
 }
 
 
-void CallIC::HandleMiss(Handle<Object> receiver, Handle<Object> function,
-                        Handle<TypeFeedbackVector> vector,
-                        FeedbackVectorICSlot slot) {
-  CallICState state(target()->extra_ic_state());
-  IC::State old_state = FeedbackToState(isolate(), *vector, slot);
+void CallIC::HandleMiss(Handle<Object> receiver, Handle<Object> function) {
+  CallICState callic_state(target()->extra_ic_state());
   Handle<Object> name = isolate()->factory()->empty_string();
-  Object* feedback = vector->Get(slot);
+  CallICNexus* nexus = casted_nexus<CallICNexus>();
+  Object* feedback = nexus->GetFeedback();
 
   // Hand-coded MISS handling is easier if CallIC slots don't contain smis.
   DCHECK(!feedback->IsSmi());
 
   if (feedback->IsJSFunction() || !function->IsJSFunction()) {
     // We are going generic.
-    vector->Set(slot, *TypeFeedbackVector::MegamorphicSentinel(isolate()),
-                SKIP_WRITE_BARRIER);
+    nexus->ConfigureGeneric();
   } else {
     // The feedback is either uninitialized or an allocation site.
     // It might be an allocation site because if we re-compile the full code
     // to add deoptimization support, we call with the default call-ic, and
     // merely need to patch the target to match the feedback.
     // TODO(mvstanton): the better approach is to dispense with patching
     // altogether, which is in progress.
     DCHECK(feedback == *TypeFeedbackVector::UninitializedSentinel(isolate()) ||
            feedback->IsAllocationSite());
 
     // Do we want to install a custom handler?
-    if (FLAG_use_ic &&
-        DoCustomHandler(receiver, function, vector, slot, state)) {
+    if (FLAG_use_ic && DoCustomHandler(receiver, function, callic_state)) {
       return;
     }
 
-    vector->Set(slot, *function);
+    nexus->ConfigureMonomorphic(Handle<JSFunction>::cast(function));
   }
 
   if (function->IsJSFunction()) {
     Handle<JSFunction> js_function = Handle<JSFunction>::cast(function);
     name = handle(js_function->shared()->name(), isolate());
   }
 
-  IC::State new_state = FeedbackToState(isolate(), *vector, slot);
-  OnTypeFeedbackChanged(isolate(), get_host(), *vector, old_state, new_state);
-  TRACE_VECTOR_IC("CallIC", name, old_state, new_state);
+  IC::State new_state = nexus->StateFromFeedback();
+  OnTypeFeedbackChanged(isolate(), get_host(), *vector(), state(), new_state);
+  TRACE_IC("CallIC", name);
 }
 
 
 #undef TRACE_IC
 
 
 // ----------------------------------------------------------------------------
 // Static IC stub generators.
 //
 
 // Used from ic-<arch>.cc.
 RUNTIME_FUNCTION(CallIC_Miss) {
   TimerEventScope<TimerEventIcMiss> timer(isolate);
   HandleScope scope(isolate);
   DCHECK(args.length() == 4);
-  CallIC ic(isolate);
   Handle<Object> receiver = args.at<Object>(0);
   Handle<Object> function = args.at<Object>(1);
   Handle<TypeFeedbackVector> vector = args.at<TypeFeedbackVector>(2);
   Handle<Smi> slot = args.at<Smi>(3);
   FeedbackVectorICSlot vector_slot = vector->ToICSlot(slot->value());
-  ic.HandleMiss(receiver, function, vector, vector_slot);
+  CallICNexus nexus(vector, vector_slot);
+  CallIC ic(isolate, &nexus);
+  ic.HandleMiss(receiver, function);
   return *function;
 }
 
 
 RUNTIME_FUNCTION(CallIC_Customization_Miss) {
   TimerEventScope<TimerEventIcMiss> timer(isolate);
   HandleScope scope(isolate);
   DCHECK(args.length() == 4);
   // A miss on a custom call ic always results in going megamorphic.

[Igor Sheludko, 2014/10/28 11:12:36]

This comment can be removed from here.

[mvstanton, 2014/10/28 13:23:28]

Done.

-  CallIC ic(isolate);
   Handle<Object> function = args.at<Object>(1);
   Handle<TypeFeedbackVector> vector = args.at<TypeFeedbackVector>(2);
   Handle<Smi> slot = args.at<Smi>(3);
   FeedbackVectorICSlot vector_slot = vector->ToICSlot(slot->value());
-  ic.PatchMegamorphic(function, vector, vector_slot);
+  CallICNexus nexus(vector, vector_slot);
+  // A miss on a custom call ic always results in going megamorphic.
+  CallIC ic(isolate, &nexus);
+  ic.PatchMegamorphic(function);
   return *function;
 }
 
 
 // Used from ic-<arch>.cc.
 RUNTIME_FUNCTION(LoadIC_Miss) {
   TimerEventScope<TimerEventIcMiss> timer(isolate);
   HandleScope scope(isolate);
   DCHECK(args.length() == 2);
   LoadIC ic(IC::NO_EXTRA_FRAME, isolate);
@@ skipping 618 matching lines @@
 static const Address IC_utilities[] = {
 #define ADDR(name) FUNCTION_ADDR(name),
     IC_UTIL_LIST(ADDR) NULL
 #undef ADDR
 };
 
 
 Address IC::AddressFromUtilityId(IC::UtilityId id) { return IC_utilities[id]; }
 }
 }  // namespace v8::internal