• fpizlo@apple.com's avatar
    DFG should optimize out the NaN check on loads from double arrays if the array... · 94e84e9b
    fpizlo@apple.com authored
    DFG should optimize out the NaN check on loads from double arrays if the array prototype chain is having a great time
    https://bugs.webkit.org/show_bug.cgi?id=101718
    
    Reviewed by Geoffrey Garen.
    
    If we're reading from a JSArray in double mode, where the array's structure is
    primordial (all aspects of the structure are unchanged except for indexing type),
    and the result of the load is used in arithmetic that is known to not distinguish
    between NaN and undefined, then we should not emit a NaN check. Looks like a 5%
    win on navier-stokes.
            
    Also fixed an OpInfo initialization goof for String ops that was revealed by this
    change.
    
    * dfg/DFGAbstractState.cpp:
    (JSC::DFG::AbstractState::execute):
    * dfg/DFGArrayMode.cpp:
    (JSC::DFG::arraySpeculationToString):
    * dfg/DFGArrayMode.h:
    (JSC::DFG::ArrayMode::isSaneChain):
    (ArrayMode):
    (JSC::DFG::ArrayMode::isInBounds):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::handleIntrinsic):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    * dfg/DFGNodeFlags.cpp:
    (JSC::DFG::nodeFlagsAsString):
    * dfg/DFGNodeFlags.h:
    (DFG):
    * dfg/DFGPredictionPropagationPhase.cpp:
    (JSC::DFG::PredictionPropagationPhase::propagate):
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * runtime/JSGlobalObject.cpp:
    (JSC::JSGlobalObject::arrayPrototypeChainIsSane):
    (JSC):
    * runtime/JSGlobalObject.h:
    (JSGlobalObject):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@134168 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    94e84e9b
JSGlobalObject.h 24.7 KB