Skip to content
  • fpizlo@apple.com's avatar
    DFG should flush SetLocals to arguments · af8940bf
    fpizlo@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=83554
    
    Source/JavaScriptCore: 
    
    Reviewed by Gavin Barraclough.
            
    This is necessary to match baseline JIT argument capture behavior.
            
    But to make this work right we need to have a story for arguments into
    which we store values of different formats. This patch introduces the
    notion of an ArgumentPosition - i.e. an argument in a particular inline
    call frame - and forces unification of all data pertinent to selecting
    the argument's data format.
            
    Also fixed an amusing bug in the handling of OSR on SetLocals if there
    was any insertion/deletion of nodes in the basic block. This is benign
    for now but won't be eventually since the DFG is getting smarter. So
    better fix it now.
            
    Also fixed an amusing bug in the handling of OSR on SetLocals if they
    are immediately followed by a Flush. I think this bug might have always
    been there but now it'll happen more commonly, and it's covered by the
    run-javascriptcore-tests.
    
    * JavaScriptCore.xcodeproj/project.pbxproj:
    * dfg/DFGAbstractState.cpp:
    (JSC::DFG::AbstractState::execute):
    * dfg/DFGArgumentPosition.h: Added.
    (DFG):
    (ArgumentPosition):
    (JSC::DFG::ArgumentPosition::ArgumentPosition):
    (JSC::DFG::ArgumentPosition::addVariable):
    (JSC::DFG::ArgumentPosition::mergeArgumentAwareness):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::setLocal):
    (JSC::DFG::ByteCodeParser::setArgument):
    (InlineStackEntry):
    (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
    * dfg/DFGDoubleFormatState.h: Added.
    (DFG):
    (JSC::DFG::mergeDoubleFormatStates):
    (JSC::DFG::mergeDoubleFormatState):
    (JSC::DFG::doubleFormatStateToString):
    * dfg/DFGGraph.h:
    (Graph):
    * dfg/DFGPredictionPropagationPhase.cpp:
    (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGVariableAccessData.h:
    (JSC::DFG::VariableAccessData::VariableAccessData):
    (JSC::DFG::VariableAccessData::predict):
    (JSC::DFG::VariableAccessData::argumentAwarePrediction):
    (VariableAccessData):
    (JSC::DFG::VariableAccessData::mergeArgumentAwarePrediction):
    (JSC::DFG::VariableAccessData::doubleFormatState):
    (JSC::DFG::VariableAccessData::shouldUseDoubleFormat):
    (JSC::DFG::VariableAccessData::tallyVotesForShouldUseDoubleFormat):
    (JSC::DFG::VariableAccessData::mergeDoubleFormatState):
    (JSC::DFG::VariableAccessData::makePredictionForDoubleFormat):
    
    Source/WTF: 
    
    Reviewed by Gavin Barraclough.
            
    Added an isRoot() method that is a faster shorthand for saying
    find() == this.
    
    * wtf/UnionFind.h:
    (WTF::UnionFind::isRoot):
    (UnionFind):
    
    LayoutTests: 
    
    Rubber stamped by Gavin Barraclough.
            
    Added a variety of tests for reassigning arguments prior to function.arguments
    retrieval.
    
    * fast/js/dfg-inline-arguments-become-double-expected.txt: Added.
    * fast/js/dfg-inline-arguments-become-double.html: Added.
    * fast/js/dfg-inline-arguments-become-int32-expected.txt: Added.
    * fast/js/dfg-inline-arguments-become-int32.html: Added.
    * fast/js/dfg-inline-arguments-reset-changetype-expected.txt: Added.
    * fast/js/dfg-inline-arguments-reset-changetype.html: Added.
    * fast/js/dfg-inline-arguments-reset-expected.txt: Added.
    * fast/js/dfg-inline-arguments-reset.html: Added.
    * fast/js/script-tests/dfg-inline-arguments-become-double.js: Added.
    (foo):
    (bar):
    (baz):
    (argsToStr):
    * fast/js/script-tests/dfg-inline-arguments-become-int32.js: Added.
    (foo):
    (bar):
    (baz):
    (argsToStr):
    * fast/js/script-tests/dfg-inline-arguments-reset-changetype.js: Added.
    (foo):
    (bar):
    (baz):
    (argsToStr):
    * fast/js/script-tests/dfg-inline-arguments-reset.js: Added.
    (foo):
    (bar):
    (baz):
    (argsToStr):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113796 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    af8940bf