Skip to content
  • fpizlo@apple.com's avatar
    Array accesses should remember what kind of array they are predicted to access · 7aed8d82
    fpizlo@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=94448
    
    Reviewed by Gavin Barraclough.
    
    Introduced the notion of DFG::Array::Mode, stored in node.arrayMode(), which allows nodes
    to remember how they decided to access arrays. This permits the bytecode parser to "lock in"
    the mode of access if it has profiling at its disposal, and it also allows the prediction
    propagator to do a fixup of the array mode later in the optimization fixpoint.
            
    This patch adds a healthy amount of new capability (specifically the ability of the parser
    to lock in an array mode regardless of type predictions) and it also blows away a lot of
    messy code.
    
    * CMakeLists.txt:
    * GNUmakefile.list.am:
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * Target.pri:
    * dfg/DFGAbstractState.cpp:
    (JSC::DFG::AbstractState::execute):
    * dfg/DFGArgumentsSimplificationPhase.cpp:
    (JSC::DFG::ArgumentsSimplificationPhase::run):
    * dfg/DFGArrayMode.cpp: Added.
    (DFG):
    (JSC::DFG::fromObserved):
    (JSC::DFG::refineArrayMode):
    (JSC::DFG::modeAlreadyChecked):
    (JSC::DFG::modeToString):
    * dfg/DFGArrayMode.h: Added.
    (DFG):
    (JSC::DFG::canCSEStorage):
    (JSC::DFG::modeForPut):
    (JSC::DFG::modesCompatibleForStorageLoad):
    (JSC::DFG::modeSupportsLength):
    * dfg/DFGByteCodeParser.cpp:
    (ByteCodeParser):
    (JSC::DFG::ByteCodeParser::getArrayModeWithoutOSRExit):
    (JSC::DFG::ByteCodeParser::getArrayMode):
    (JSC::DFG::ByteCodeParser::handleIntrinsic):
    (JSC::DFG::ByteCodeParser::parseBlock):
    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::CSEPhase::getByValLoadElimination):
    (JSC::DFG::CSEPhase::checkStructureLoadElimination):
    (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
    (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
    (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
    (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
    (JSC::DFG::CSEPhase::performNodeCSE):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::dump):
    * dfg/DFGGraph.h:
    (JSC::DFG::Graph::byValIsPure):
    (JSC::DFG::Graph::clobbersWorld):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::hasArrayMode):
    (Node):
    (JSC::DFG::Node::arrayMode):
    (JSC::DFG::Node::setArrayMode):
    * dfg/DFGNodeType.h:
    (DFG):
    * dfg/DFGPredictionPropagationPhase.cpp:
    (JSC::DFG::PredictionPropagationPhase::propagate):
    * dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::typedArrayDescriptor):
    (DFG):
    (JSC::DFG::SpeculativeJIT::speculateArray):
    (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
    (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
    (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
    (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
    (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
    (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
    (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
    * dfg/DFGSpeculativeJIT.h:
    (SpeculativeJIT):
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGStructureCheckHoistingPhase.cpp:
    (JSC::DFG::StructureCheckHoistingPhase::run):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126387 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    7aed8d82