• oliver@apple.com's avatar
    Spread operator should be performing direct "puts" and not triggering setters · e050d642
    oliver@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=123047
    
    Reviewed by Geoffrey Garen.
    
    Source/JavaScriptCore:
    
    Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
    to array construct.  This required a new PutByValDirect node to be introduced to
    the DFG.  The current implementation simply changes the slow path function that
    is called, but in future this could be made faster as it does not need to check
    the prototype chain.
    
    * bytecode/CodeBlock.cpp:
    (JSC::CodeBlock::dumpBytecode):
    (JSC::CodeBlock::CodeBlock):
    * bytecode/Opcode.h:
    (JSC::padOpcodeName):
    * bytecompiler/BytecodeGenerator.cpp:
    (JSC::BytecodeGenerator::emitDirectPutByVal):
    * bytecompiler/BytecodeGenerator.h:
    * bytecompiler/NodesCodegen.cpp:
    (JSC::ArrayNode::emitBytecode):
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::::executeEffects):
    * dfg/DFGBackwardsPropagationPhase.cpp:
    (JSC::DFG::BackwardsPropagationPhase::propagate):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::parseBlock):
    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::CSEPhase::getArrayLengthElimination):
    (JSC::DFG::CSEPhase::getByValLoadElimination):
    (JSC::DFG::CSEPhase::checkStructureElimination):
    (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
    (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
    (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
    (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
    (JSC::DFG::CSEPhase::performNodeCSE):
    * dfg/DFGCapabilities.cpp:
    (JSC::DFG::capabilityLevel):
    * dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    * dfg/DFGGraph.h:
    (JSC::DFG::Graph::clobbersWorld):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::hasArrayMode):
    * dfg/DFGNodeType.h:
    * dfg/DFGOperations.cpp:
    (JSC::DFG::putByVal):
    (JSC::DFG::operationPutByValInternal):
    * dfg/DFGOperations.h:
    * dfg/DFGPredictionPropagationPhase.cpp:
    (JSC::DFG::PredictionPropagationPhase::propagate):
    (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
    * dfg/DFGSafeToExecute.h:
    (JSC::DFG::safeToExecute):
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGTypeCheckHoistingPhase.cpp:
    (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
    (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
    * jit/JIT.cpp:
    (JSC::JIT::privateCompileMainPass):
    (JSC::JIT::privateCompileSlowCases):
    * jit/JIT.h:
    (JSC::JIT::compileDirectPutByVal):
    * jit/JITOperations.cpp:
    * jit/JITOperations.h:
    * jit/JITPropertyAccess.cpp:
    (JSC::JIT::emitSlow_op_put_by_val):
    (JSC::JIT::privateCompilePutByVal):
    * jit/JITPropertyAccess32_64.cpp:
    (JSC::JIT::emitSlow_op_put_by_val):
    * llint/LLIntSlowPaths.cpp:
    (JSC::LLInt::LLINT_SLOW_PATH_DECL):
    * llint/LLIntSlowPaths.h:
    * llint/LowLevelInterpreter32_64.asm:
    * llint/LowLevelInterpreter64.asm:
    
    LayoutTests:
    
    Add a new testcase for the setter case.  run-javascriptcore-tests hits this with
    the llint, baseline, and dfg.
    
    * js/basic-spread-expected.txt:
    * js/script-tests/basic-spread.js:
    (Array):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157656 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    e050d642
DFGByteCodeParser.cpp 160 KB