-
fpizlo@apple.com authored
The relationship between abstract values and structure transition watchpoints should be rationalized https://bugs.webkit.org/show_bug.cgi?id=94205 Reviewed by Geoffrey Garen. This patch does a number of things related to the handling of the abstract values arrising from values with structures known to be watchpointable: - This rationalizes the relationship between the structure that we know an object to have *right now* based on having executed a check against that structure, and the structure that we know the object could have *in the future* based on a type check executed in the past over a structure that was watchpointable. - We use the above to assert that structure transition watchpoints are being used soundly. - We use the above to strength reduce CheckStructure into StructureTransitionWatchpoint whenever possible. - This rationalizes the handling of CFA over constants that appeared in the bytecode. If at compile-time the constant has a watchpointable structure, then we can prove what structures it may have in the future. The analysis uses this to both assert that structure transition watchpoints are being used correctly, and to find opportunities for using them more aggressively. The net effect of all of these changes is that OSR entry should work more smoothly. It may also be a slight win due to strength reductions, though most of those strength reductions would have already been done by the parser and the structure check hoister. * GNUmakefile.list.am: * JavaScriptCore.xcodeproj/project.pbxproj: * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::beginBasicBlock): (JSC::DFG::AbstractState::execute): * dfg/DFGAbstractValue.h: (DFG): (JSC::DFG::AbstractValue::clear): (JSC::DFG::AbstractValue::isClear): (JSC::DFG::AbstractValue::makeTop): (JSC::DFG::AbstractValue::clobberStructures): (JSC::DFG::AbstractValue::isTop): (JSC::DFG::AbstractValue::setFuturePossibleStructure): (AbstractValue): (JSC::DFG::AbstractValue::filterFuturePossibleStructure): (JSC::DFG::AbstractValue::setMostSpecific): (JSC::DFG::AbstractValue::set): (JSC::DFG::AbstractValue::operator==): (JSC::DFG::AbstractValue::merge): (JSC::DFG::AbstractValue::filter): (JSC::DFG::AbstractValue::filterValueByType): (JSC::DFG::AbstractValue::validateType): (JSC::DFG::AbstractValue::validate): (JSC::DFG::AbstractValue::checkConsistency): (JSC::DFG::AbstractValue::dump): * dfg/DFGArgumentsSimplificationPhase.cpp: (JSC::DFG::ArgumentsSimplificationPhase::run): * dfg/DFGCSEPhase.cpp: (JSC::DFG::CSEPhase::checkStructureLoadElimination): (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination): (JSC::DFG::CSEPhase::performNodeCSE): * dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): * dfg/DFGNode.h: (JSC::DFG::Node::convertToStructureTransitionWatchpoint): (Node): (JSC::DFG::Node::hasStructure): * dfg/DFGNodeType.h: (DFG): * dfg/DFGOSREntry.cpp: (JSC::DFG::prepareOSREntry): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward): (JSC::DFG::SpeculativeJIT::forwardSpeculationWatchpoint): (DFG): (JSC::DFG::SpeculativeJIT::speculationWatchpointWithConditionalDirection): (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck): (JSC::DFG::SpeculativeJIT::speculateArray): * dfg/DFGSpeculativeJIT.h: (SpeculativeJIT): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGStructureAbstractValue.h: Added. (DFG): (StructureAbstractValue): (JSC::DFG::StructureAbstractValue::StructureAbstractValue): (JSC::DFG::StructureAbstractValue::clear): (JSC::DFG::StructureAbstractValue::makeTop): (JSC::DFG::StructureAbstractValue::top): (JSC::DFG::StructureAbstractValue::add): (JSC::DFG::StructureAbstractValue::addAll): (JSC::DFG::StructureAbstractValue::contains): (JSC::DFG::StructureAbstractValue::isSubsetOf): (JSC::DFG::StructureAbstractValue::doesNotContainAnyOtherThan): (JSC::DFG::StructureAbstractValue::isSupersetOf): (JSC::DFG::StructureAbstractValue::filter): (JSC::DFG::StructureAbstractValue::isClear): (JSC::DFG::StructureAbstractValue::isTop): (JSC::DFG::StructureAbstractValue::isClearOrTop): (JSC::DFG::StructureAbstractValue::isNeitherClearNorTop): (JSC::DFG::StructureAbstractValue::size): (JSC::DFG::StructureAbstractValue::at): (JSC::DFG::StructureAbstractValue::operator[]): (JSC::DFG::StructureAbstractValue::last): (JSC::DFG::StructureAbstractValue::speculationFromStructures): (JSC::DFG::StructureAbstractValue::hasSingleton): (JSC::DFG::StructureAbstractValue::singleton): (JSC::DFG::StructureAbstractValue::operator==): (JSC::DFG::StructureAbstractValue::dump): (JSC::DFG::StructureAbstractValue::topValue): * dfg/DFGStructureCheckHoistingPhase.cpp: (JSC::DFG::StructureCheckHoistingPhase::run): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125999 268f45cc-cd09-0410-ab3c-d52691b4dbfc
eb3323dd