feat: add get property basic polyic

Author: ErosZy

include/quickjs/quickjs-opcode.h

@@ -361,6 +361,10 @@ DEF(typeof_is_undefined, 1, 1, 1, none)
 DEF( typeof_is_function, 1, 1, 1, none)
 #endif
 
+DEF(      get_field_ic, 5, 1, 1, atom)
+DEF(     get_field2_ic, 5, 1, 2, atom)
+DEF(      put_field_ic, 5, 2, 0, atom)
+
 #undef DEF
 #undef def
 #endif  /* DEF */

include/quickjs/quickjs.h

@@ -715,9 +715,11 @@ JS_BOOL JS_SetConstructorBit(JSContext *ctx, JSValueConst func_obj, JS_BOOL val)
 JSValue JS_NewArray(JSContext *ctx);
 int JS_IsArray(JSContext *ctx, JSValueConst val);
 
-JSValue JS_GetPropertyInternal(JSContext* ctx, JSValueConst obj, JSAtom prop, JSValueConst receiver, JS_BOOL throw_ref_error);
+typedef struct InlineCache InlineCache;
+JSValue JS_GetPropertyInternal(JSContext* ctx, JSValueConst obj, JSAtom prop, JSValueConst receiver, InlineCache *ic, JS_BOOL throw_ref_error);
+JSValue JS_GetPropertyInternalWithIC(JSContext* ctx, JSValueConst obj, JSAtom prop, JSValueConst receiver, InlineCache *ic, int32_t offset, JS_BOOL throw_ref_error);
 static js_force_inline JSValue JS_GetProperty(JSContext* ctx, JSValueConst this_obj, JSAtom prop) {
-  return JS_GetPropertyInternal(ctx, this_obj, prop, this_obj, 0);
+  return JS_GetPropertyInternal(ctx, this_obj, prop, this_obj, NULL, 0);
 }
 JSValue JS_GetPropertyStr(JSContext* ctx, JSValueConst this_obj, const char* prop);
 JSValue JS_GetPropertyUint32(JSContext* ctx, JSValueConst this_obj, uint32_t idx);

src/CMakeLists.txt

@@ -16,6 +16,7 @@ add_library(quickjs
     core/convertion.c
     core/runtime.c
     core/module.c
+    core/ic.c
     core/builtins/js-array.c
     core/builtins/js-async-function.c
     core/builtins/js-async-generator.c

src/core/builtins/js-proxy.c

@@ -286,7 +286,7 @@ JSValue js_proxy_get(JSContext *ctx, JSValueConst obj, JSAtom atom,
     return JS_EXCEPTION;
   /* Note: recursion is possible thru the prototype of s->target */
   if (JS_IsUndefined(method))
-    return JS_GetPropertyInternal(ctx, s->target, atom, receiver, FALSE);
+    return JS_GetPropertyInternal(ctx, s->target, atom, receiver, NULL, FALSE);
   atom_val = JS_AtomToValue(ctx, atom);
   if (JS_IsException(atom_val)) {
     JS_FreeValue(ctx, method);

src/core/builtins/js-reflect.c

@@ -99,7 +99,7 @@ JSValue js_reflect_get(JSContext *ctx, JSValueConst this_val,
   atom = JS_ValueToAtom(ctx, prop);
   if (unlikely(atom == JS_ATOM_NULL))
     return JS_EXCEPTION;
-  ret = JS_GetPropertyInternal(ctx, obj, atom, receiver, FALSE);
+  ret = JS_GetPropertyInternal(ctx, obj, atom, receiver, NULL, FALSE);
   JS_FreeAtom(ctx, atom);
   return ret;
 }

src/core/bytecode.c

@@ -73,6 +73,11 @@ void free_function_bytecode(JSRuntime* rt, JSFunctionBytecode* b) {
     js_free_rt(rt, b->debug.source);
   }
 
+  if (b->get_ic != NULL)
+    free_ic(b->get_ic);
+  if (b->set_ic != NULL)
+    free_ic(b->set_ic);
+
   remove_gc_object(&b->header);
   if (rt->gc_phase == JS_GC_PHASE_REMOVE_CYCLES && b->header.ref_count != 0) {
     list_add_tail(&b->header.link, &rt->gc_zero_ref_count_list);

src/core/function.c

@@ -220,11 +220,12 @@ JSValue JS_CallInternal(JSContext* caller_ctx,
   JSObject* p;
   JSFunctionBytecode* b;
   JSStackFrame sf_s, *sf = &sf_s;
-  const uint8_t* pc;
+  uint8_t* pc;
   int opcode, arg_allocated_size, i;
   JSValue *local_buf, *stack_buf, *var_buf, *arg_buf, *sp, ret_val, *pval;
   JSVarRef** var_refs;
   size_t alloca_size;
+  InlineCache *get_ic, *set_ic;
 
 #if !DIRECT_DISPATCH
 #define SWITCH(pc) switch (opcode = *pc++)
@@ -328,6 +329,8 @@ JSValue JS_CallInternal(JSContext* caller_ctx,
   sf->prev_frame = rt->current_stack_frame;
   rt->current_stack_frame = sf;
   ctx = b->realm; /* set the current realm */
+  get_ic = b->get_ic;
+  set_ic = b->set_ic;
 
 restart:
   for (;;) {
@@ -1479,7 +1482,29 @@ JSValue JS_CallInternal(JSContext* caller_ctx,
         atom = get_u32(pc);
         pc += 4;
 
-        val = JS_GetProperty(ctx, sp[-1], atom);
+        get_ic->updated = FALSE;
+        val = JS_GetPropertyInternal(ctx, sp[-1], atom, sp[-1], get_ic, FALSE);
+        if (unlikely(JS_IsException(val)))
+          goto exception;
+        if (get_ic->updated == TRUE) {
+          get_ic->updated = FALSE;
+          put_u8(pc - 5, OP_get_field_ic);
+          put_u32(pc - 4, get_ic->updated_offset);
+        }
+        JS_FreeValue(ctx, sp[-1]);
+        sp[-1] = val;
+      }
+      BREAK;
+
+      CASE(OP_get_field_ic): {
+        JSValue val;
+        JSAtom atom;
+        int32_t ic_offset;
+        ic_offset = get_u32(pc);
+        atom = get_ic_atom(get_ic, ic_offset);
+        pc += 4;
+        
+        val = JS_GetPropertyInternalWithIC(ctx, sp[-1], atom, sp[-1], get_ic, ic_offset, FALSE);
         if (unlikely(JS_IsException(val)))
           goto exception;
         JS_FreeValue(ctx, sp[-1]);
@@ -1493,7 +1518,28 @@ JSValue JS_CallInternal(JSContext* caller_ctx,
         atom = get_u32(pc);
         pc += 4;
 
-        val = JS_GetProperty(ctx, sp[-1], atom);
+        get_ic->updated = FALSE;
+        val = JS_GetPropertyInternal(ctx, sp[-1], atom, sp[-1], get_ic, FALSE);
+        if (unlikely(JS_IsException(val)))
+          goto exception;
+        if (get_ic->updated == TRUE) {
+          get_ic->updated = FALSE;
+          put_u8(pc - 5, OP_get_field2_ic);
+          put_u32(pc - 4, get_ic->updated_offset);
+        }
+        *sp++ = val;
+      }
+      BREAK;
+
+      CASE(OP_get_field2_ic): {
+        JSValue val;
+        JSAtom atom;
+        int32_t ic_offset;
+        ic_offset = get_u32(pc);
+        atom = get_ic_atom(get_ic, ic_offset);
+        pc += 4;
+        
+        val = JS_GetPropertyInternalWithIC(ctx, sp[-1], atom, sp[-1], get_ic, ic_offset, FALSE);
         if (unlikely(JS_IsException(val)))
           goto exception;
         *sp++ = val;
@@ -1514,6 +1560,11 @@ JSValue JS_CallInternal(JSContext* caller_ctx,
       }
       BREAK;
 
+      CASE(OP_put_field_ic): {
+
+      }
+      BREAK;
+
       CASE(OP_private_symbol) : {
         JSAtom atom;
         JSValue val;
@@ -1715,7 +1766,7 @@ JSValue JS_CallInternal(JSContext* caller_ctx,
         atom = JS_ValueToAtom(ctx, sp[-1]);
         if (unlikely(atom == JS_ATOM_NULL))
           goto exception;
-        val = JS_GetPropertyInternal(ctx, sp[-2], atom, sp[-3], FALSE);
+        val = JS_GetPropertyInternal(ctx, sp[-2], atom, sp[-3], NULL, FALSE);
         JS_FreeAtom(ctx, atom);
         if (unlikely(JS_IsException(val)))
           goto exception;

src/core/gc.c

@@ -634,13 +634,30 @@ void mark_children(JSRuntime* rt, JSGCObjectHeader* gp, JS_MarkFunc* mark_func)
     case JS_GC_OBJ_TYPE_FUNCTION_BYTECODE:
       /* the template objects can be part of a cycle */
       {
+        int i, j;
+        InlineCacheRingItem *buffer;
         JSFunctionBytecode* b = (JSFunctionBytecode*)gp;
-        int i;
         for (i = 0; i < b->cpool_count; i++) {
           JS_MarkValue(rt, b->cpool[i], mark_func);
         }
         if (b->realm)
           mark_func(rt, &b->realm->header);
+        if (b->get_ic) {
+          for (i = 0; i < b->get_ic->count; i++) {
+            buffer = b->get_ic->cache[i].buffer;
+            for (j = 0; j < IC_CACHE_ITEM_CAPACITY; j++)
+              if (buffer[j].shape) 
+                mark_func(rt, &buffer[j].shape->header);
+          }
+        }
+        if (b->set_ic) {
+          for (i = 0; i < b->set_ic->count; i++) {
+            buffer = b->set_ic->cache[i].buffer;
+            for (j = 0; j < IC_CACHE_ITEM_CAPACITY; j++)
+              if (buffer[j].shape) 
+                mark_func(rt, &buffer[j].shape->header);
+          }
+        }
       }
       break;
     case JS_GC_OBJ_TYPE_VAR_REF: {

src/core/ic.c

@@ -0,0 +1,180 @@
+/*
+ * QuickJS Javascript Engine
+ *
+ * Copyright (c) 2017-2021 Fabrice Bellard
+ * Copyright (c) 2017-2021 Charlie Gordon
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
+ * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+#include "ic.h"
+
+uint32_t get_index_hash(JSAtom atom, int hash_bits) {
+  return (atom * 0x9e370001) >> (32 - hash_bits);
+}
+
+InlineCache *init_ic(JSRuntime *rt) {
+  InlineCache *ic;
+  ic = js_malloc_rt(rt, sizeof(InlineCache));
+  if (unlikely(!ic))
+    goto fail;
+  ic->count = 0;
+  ic->hash_bits = 4;
+  ic->capacity = 1 << ic->hash_bits;
+  ic->rt = rt;
+  ic->hash = js_malloc_rt(rt, sizeof(ic->hash[0]) * ic->capacity);
+  if (unlikely(!ic->hash))
+    goto fail;
+  memset(ic->hash, 0, sizeof(ic->hash[0]) * ic->capacity);
+  ic->cache = NULL;
+  ic->updated = FALSE;
+  ic->updated_offset = 0;
+  return ic;
+fail:
+  return NULL;
+}
+
+int rebuild_ic(InlineCache *ic) {
+  uint32_t i, count;
+  InlineCacheHashSlot *ch;
+  if (ic->count == 0)
+    goto end;
+  count = 0;
+  ic->cache = js_malloc_rt(ic->rt, sizeof(InlineCacheRingSlot) * ic->count);
+  if (unlikely(!ic->cache))
+    goto fail;
+  memset(ic->cache, 0, sizeof(InlineCacheRingSlot) * ic->count);
+  for (i = 0; i < ic->capacity; i++) {
+    for (ch = ic->hash[i]; ch != NULL; ch = ch->next) {
+      ch->index = count++;
+      ic->cache[ch->index].atom = ch->atom;
+      ic->cache[ch->index].index = 0;
+    }
+  }
+end:
+  return 0;
+fail:
+  return -1;
+}
+
+int resize_ic_hash(InlineCache *ic) {
+  uint32_t new_capacity, i, h;
+  InlineCacheHashSlot *ch, *ch_next;
+  InlineCacheHashSlot **new_hash;
+  ic->hash_bits += 1;
+  new_capacity = 1 << ic->hash_bits;
+  new_hash = js_malloc_rt(ic->rt, sizeof(ic->hash[0]) * new_capacity);
+  if (unlikely(!new_hash))
+    goto fail;
+  memset(new_hash, 0, sizeof(ic->hash[0]) * new_capacity);
+  for (i = 0; i < ic->capacity; i++) {
+    for (ch = ic->hash[i]; ch != NULL; ch = ch_next) {
+      h = get_index_hash(ch->atom, ic->hash_bits);
+      ch_next = ch->next;
+      ch->next = new_hash[h];
+      new_hash[h] = ch;
+    }
+  }
+  js_free_rt(ic->rt, ic->hash);
+  ic->hash = new_hash;
+  ic->capacity = new_capacity;
+  return 0;
+fail:
+  return -1;
+}
+
+int free_ic(InlineCache *ic) {
+  uint32_t i, j;
+  InlineCacheHashSlot *ch, *ch_next;
+  InlineCacheRingItem *buffer;
+  for (i = 0; i < ic->count; i++) {
+    buffer = ic->cache[i].buffer;
+    for (j = 0; j < IC_CACHE_ITEM_CAPACITY; j++) {
+      js_free_shape_null(ic->rt, buffer[j].shape);
+    }
+  }
+  for (i = 0; i < ic->capacity; i++) {
+    for (ch = ic->hash[i]; ch != NULL; ch = ch_next) {
+      ch_next = ch->next;
+      js_free_rt(ic->rt, ch);
+    }
+  }
+  if (ic->count > 0)
+    js_free_rt(ic->rt, ic->cache);
+  js_free_rt(ic->rt, ic->hash);
+  js_free_rt(ic->rt, ic);
+  return 0;
+}
+
+uint32_t add_ic_slot(InlineCache *ic, JSAtom atom, JSObject *object,
+                    uint32_t prop_offset) {
+  int32_t i;
+  uint32_t h;
+  InlineCacheHashSlot *ch;
+  InlineCacheRingSlot *cr;
+  JSShape* sh;
+  cr = NULL;
+  h = get_index_hash(atom, ic->hash_bits);
+  for (ch = ic->hash[h]; ch != NULL; ch = ch->next)
+    if (ch->atom == atom) {
+      cr = ic->cache + ch->index;
+      break;
+    }
+
+  assert(cr != NULL);
+  i = cr->index;
+  for (;;) {
+    if (object->shape == cr->buffer[i].shape) {
+      cr->buffer[i].prop_offset = prop_offset;
+      goto end;
+    }
+
+    i = (i + 1) % IC_CACHE_ITEM_CAPACITY;
+    if (i == cr->index)
+      break;
+  }
+
+  sh = cr->buffer[i].shape;
+  cr->buffer[i].shape = js_dup_shape(object->shape);
+  js_free_shape_null(ic->rt, sh);
+  cr->buffer[i].prop_offset = prop_offset;
+end:
+  return ch->index;
+}
+
+uint32_t add_ic_slot1(InlineCache *ic, JSAtom atom) {
+  uint32_t h;
+  InlineCacheHashSlot *ch;
+  if (ic->count + 1 >= ic->capacity && resize_ic_hash(ic))
+    goto end;
+  h = get_index_hash(atom, ic->hash_bits);
+  for (ch = ic->hash[h]; ch != NULL; ch = ch->next)
+    if (ch->atom == atom)
+      goto end;
+  ch = js_malloc_rt(ic->rt, sizeof(InlineCacheHashSlot));
+  if (unlikely(!ch))
+    goto end;
+  ch->atom = atom;
+  ch->index = 0;
+  ch->next = ic->hash[h];
+  ic->hash[h] = ch;
+  ic->count += 1;
+end:
+  return 0;
+}