-
fpizlo@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=94448 Reviewed by Gavin Barraclough. Introduced the notion of DFG::Array::Mode, stored in node.arrayMode(), which allows nodes to remember how they decided to access arrays. This permits the bytecode parser to "lock in" the mode of access if it has profiling at its disposal, and it also allows the prediction propagator to do a fixup of the array mode later in the optimization fixpoint. This patch adds a healthy amount of new capability (specifically the ability of the parser to lock in an array mode regardless of type predictions) and it also blows away a lot of messy code. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.xcodeproj/project.pbxproj: * Target.pri: * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGArgumentsSimplificationPhase.cpp: (JSC::DFG::ArgumentsSimplificationPhase::run): * dfg/DFGArrayMode.cpp: Added. (DFG): (JSC::DFG::fromObserved): (JSC::DFG::refineArrayMode): (JSC::DFG::modeAlreadyChecked): (JSC::DFG::modeToString): * dfg/DFGArrayMode.h: Added. (DFG): (JSC::DFG::canCSEStorage): (JSC::DFG::modeForPut): (JSC::DFG::modesCompatibleForStorageLoad): (JSC::DFG::modeSupportsLength): * dfg/DFGByteCodeParser.cpp: (ByteCodeParser): (JSC::DFG::ByteCodeParser::getArrayModeWithoutOSRExit): (JSC::DFG::ByteCodeParser::getArrayMode): (JSC::DFG::ByteCodeParser::handleIntrinsic): (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::getByValLoadElimination): (JSC::DFG::CSEPhase::checkStructureLoadElimination): (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination): (JSC::DFG::CSEPhase::getByOffsetLoadElimination): (JSC::DFG::CSEPhase::putByOffsetStoreElimination): (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination): (JSC::DFG::CSEPhase::performNodeCSE): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::dump): * dfg/DFGGraph.h: (JSC::DFG::Graph::byValIsPure): (JSC::DFG::Graph::clobbersWorld): * dfg/DFGNode.h: (JSC::DFG::Node::hasArrayMode): (Node): (JSC::DFG::Node::arrayMode): (JSC::DFG::Node::setArrayMode): * dfg/DFGNodeType.h: (DFG): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::typedArrayDescriptor): (DFG): (JSC::DFG::SpeculativeJIT::speculateArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnString): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray): (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray): (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage): (JSC::DFG::SpeculativeJIT::compileGetArrayLength): * dfg/DFGSpeculativeJIT.h: (SpeculativeJIT): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGStructureCheckHoistingPhase.cpp: (JSC::DFG::StructureCheckHoistingPhase::run): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126387 268f45cc-cd09-0410-ab3c-d52691b4dbfc
7aed8d82