Source/JavaScriptCore/dfg/DFGPropagator.cpp · d711364025793dc225f56730bbcf59f3d4865924 · App_Technologies / webkit

DFG does not speculate aggressively enough on put_by_id · d7113640

fpizlo@apple.com authored Oct 01, 2011

https://bugs.webkit.org/show_bug.cgi?id=69114

Reviewed by Oliver Hunt.

This adds new nodes along with optimizations for those nodes:
        
GetPropertyStorage: CheckStructure used to do both the structure
check and retrieve the storage pointer. Now CheckStructure just
checks the structure, and GetPropertyStorage retrieves the
storage pointer.
        
PutStructure: Changes the structure, and has the expected store
to load optimization with CheckStructure.
        
PutByOffset: Directly sets the value. Has store to load
optimization with GetByOffset.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::cellConstant):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::writeBarrier):
* dfg/DFGJITCodeGenerator.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasStructure):
(JSC::DFG::Node::hasStorageAccessData):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::impureCSE):
(JSC::DFG::Propagator::checkStructureLoadElimination):
(JSC::DFG::Propagator::getByOffsetLoadElimination):
(JSC::DFG::Propagator::getPropertyStorageLoadElimination):
(JSC::DFG::Propagator::eliminate):
(JSC::DFG::Propagator::performNodeCSE):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96443 268f45cc-cd09-0410-ab3c-d52691b4dbfc

d7113640