-
fpizlo@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=120916 Reviewed by Oliver Hunt. This adds support for Call/Construct by just calling out to C code that uses the JSC::call/JSC::construct runtime functions for making calls. This is slow and terrible, but it dramatically extends FTL coverage. Supporting calls in a meaningful way meant also supporting GlobalVarWatchpoint. The extension of coverage helped to find a bunch of bugs: - ObjectOrOtherUse was claimed to be supported in the FTL but speculate() didn't support it. That means that any node with an ObjectOrOtherUse edge that got DCE'd would cause the FTL to ICE. - There was a bad fall-through compileCompareStrictEq() that led to ICE. - The OSR exit reconstruction code was assuming it could do fast checks on node->child1() before even determining the type of node; that crashes if the node is HasVarArgs. Fixed by checking HasVarArgs first. - The OSR exit compiler was using the wrong peekOffset for CArgumentGetter. The default is 1, which assumes that you didn't push anything onto the stack after getting called. The OSR exit thunks push FP, so the offset should be 2. This passes stress tests and is probably huge performance regression if you --useExperimentalFTL=true. The regression will be fixed in https://bugs.webkit.org/show_bug.cgi?id=113621. * dfg/DFGOperations.cpp: * dfg/DFGOperations.h: * ftl/FTLCapabilities.cpp: (JSC::FTL::canCompile): * ftl/FTLIntrinsicRepository.h: * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::compileNode): (JSC::FTL::LowerDFGToLLVM::compileGlobalVarWatchpoint): (JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq): (JSC::FTL::LowerDFGToLLVM::compileCallOrConstruct): (JSC::FTL::LowerDFGToLLVM::speculate): (JSC::FTL::LowerDFGToLLVM::speculateObjectOrOther): (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode): * ftl/FTLOSRExitCompiler.cpp: (JSC::FTL::compileStub): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155243 268f45cc-cd09-0410-ab3c-d52691b4dbfc
fa258dc0
