Commit 75c91a79 authored by fpizlo@apple.com's avatar fpizlo@apple.com

JSC should infer when indexed storage contains only integers or doubles

https://bugs.webkit.org/show_bug.cgi?id=98606

Reviewed by Oliver Hunt.

Source/JavaScriptCore: 

This adds two new indexing types: int32 and double. It also adds array allocation profiling,
which allows array allocations to converge to allocating arrays using those types to which
those arrays would have been converted.
        
20% speed-up on navier-stokes. 40% speed-up on various Kraken DSP tests. Some slow-downs too,
but a performance win overall on all benchmarks we track.

* API/JSObjectRef.cpp:
(JSObjectMakeArray):
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* Target.pri:
* assembler/AbstractMacroAssembler.h:
(JumpList):
(JSC::AbstractMacroAssembler::JumpList::JumpList):
* assembler/MacroAssemblerX86Common.h:
(JSC::MacroAssemblerX86Common::branchDouble):
* assembler/X86Assembler.h:
(JSC::X86Assembler::jnp):
(X86Assembler):
(JSC::X86Assembler::X86InstructionFormatter::emitRex):
* bytecode/ArrayAllocationProfile.cpp: Added.
(JSC):
(JSC::ArrayAllocationProfile::updateIndexingType):
* bytecode/ArrayAllocationProfile.h: Added.
(JSC):
(ArrayAllocationProfile):
(JSC::ArrayAllocationProfile::ArrayAllocationProfile):
(JSC::ArrayAllocationProfile::selectIndexingType):
(JSC::ArrayAllocationProfile::updateLastAllocation):
(JSC::ArrayAllocationProfile::selectIndexingTypeFor):
(JSC::ArrayAllocationProfile::updateLastAllocationFor):
* bytecode/ArrayProfile.cpp:
(JSC::ArrayProfile::updatedObservedArrayModes):
(JSC):
* bytecode/ArrayProfile.h:
(JSC):
(JSC::arrayModesInclude):
(JSC::shouldUseSlowPutArrayStorage):
(JSC::shouldUseFastArrayStorage):
(JSC::shouldUseContiguous):
(JSC::shouldUseDouble):
(JSC::shouldUseInt32):
(ArrayProfile):
* bytecode/ByValInfo.h:
(JSC::isOptimizableIndexingType):
(JSC::jitArrayModeForIndexingType):
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
(JSC):
(JSC::CodeBlock::updateAllValueProfilePredictions):
(JSC::CodeBlock::updateAllArrayPredictions):
(JSC::CodeBlock::updateAllPredictions):
(JSC::CodeBlock::shouldOptimizeNow):
* bytecode/CodeBlock.h:
(CodeBlock):
(JSC::CodeBlock::numberOfArrayAllocationProfiles):
(JSC::CodeBlock::addArrayAllocationProfile):
(JSC::CodeBlock::updateAllValueProfilePredictions):
(JSC::CodeBlock::updateAllArrayPredictions):
* bytecode/DFGExitProfile.h:
(JSC::DFG::exitKindToString):
* bytecode/Instruction.h:
(JSC):
(JSC::Instruction::Instruction):
* bytecode/Opcode.h:
(JSC):
(JSC::padOpcodeName):
* bytecode/SpeculatedType.h:
(JSC):
(JSC::isRealNumberSpeculation):
* bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
* bytecode/UnlinkedCodeBlock.h:
(JSC):
(JSC::UnlinkedCodeBlock::addArrayAllocationProfile):
(JSC::UnlinkedCodeBlock::numberOfArrayAllocationProfiles):
(UnlinkedCodeBlock):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::newArrayAllocationProfile):
(JSC):
(JSC::BytecodeGenerator::emitNewArray):
(JSC::BytecodeGenerator::emitExpectedFunctionSnippet):
* bytecompiler/BytecodeGenerator.h:
(BytecodeGenerator):
* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::fromObserved):
(JSC::DFG::ArrayMode::refine):
(DFG):
(JSC::DFG::ArrayMode::alreadyChecked):
(JSC::DFG::arrayTypeToString):
* dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::withType):
(ArrayMode):
(JSC::DFG::ArrayMode::withTypeAndConversion):
(JSC::DFG::ArrayMode::usesButterfly):
(JSC::DFG::ArrayMode::isSpecific):
(JSC::DFG::ArrayMode::supportsLength):
(JSC::DFG::ArrayMode::arrayModesThatPassFiltering):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getArrayMode):
(ByteCodeParser):
(JSC::DFG::ByteCodeParser::handleIntrinsic):
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCCallHelpers.h:
(JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
(CCallHelpers):
* dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
(JSC::DFG::CallArrayAllocatorSlowPathGenerator::generateInternal):
(JSC::DFG::CallArrayAllocatorWithVariableSizeSlowPathGenerator::generateInternal):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::checkArray):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::byValIsPure):
* dfg/DFGNode.h:
(NewArrayBufferData):
(JSC::DFG::Node::hasIndexingType):
(Node):
(JSC::DFG::Node::indexingType):
(JSC::DFG::Node::setIndexingType):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitAllocateJSArray):
(JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
(DFG):
(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::arrayify):
(JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
(JSC::DFG::SpeculativeJIT::compileGetArrayLength):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
(SpeculativeJIT):
(SpeculateIntegerOperand):
(JSC::DFG::SpeculateIntegerOperand::use):
(SpeculateDoubleOperand):
(JSC::DFG::SpeculateDoubleOperand::use):
* dfg/DFGSpeculativeJIT32_64.cpp:
(DFG):
(JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.h:
(JSC::JIT::emitInt32GetByVal):
(JIT):
(JSC::JIT::emitInt32PutByVal):
(JSC::JIT::emitDoublePutByVal):
(JSC::JIT::emitContiguousPutByVal):
* jit/JITExceptions.cpp:
(JSC::genericThrow):
* jit/JITInlineMethods.h:
(JSC::arrayProfileSaw):
(JSC::JIT::chooseArrayMode):
* jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_new_array):
(JSC::JIT::emit_op_new_array_with_size):
(JSC::JIT::emit_op_new_array_buffer):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitDoubleGetByVal):
(JSC):
(JSC::JIT::emitContiguousGetByVal):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emitGenericContiguousPutByVal):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::privateCompileGetByVal):
(JSC::JIT::privateCompilePutByVal):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitContiguousGetByVal):
(JSC::JIT::emitDoubleGetByVal):
(JSC):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emitGenericContiguousPutByVal):
(JSC::JIT::emitSlow_op_put_by_val):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
* jit/JITStubs.h:
(JSC):
* jsc.cpp:
(GlobalObject::finishCreation):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* offlineasm/x86.rb:
* runtime/ArrayConstructor.cpp:
(JSC::constructArrayWithSizeQuirk):
* runtime/ArrayConstructor.h:
(JSC):
* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
* runtime/Butterfly.h:
(JSC::Butterfly::contiguousInt32):
(JSC::Butterfly::contiguousDouble):
(JSC::Butterfly::fromContiguous):
* runtime/ButterflyInlineMethods.h:
(JSC::Butterfly::createUninitializedDuringCollection):
* runtime/FunctionPrototype.cpp:
(JSC::functionProtoFuncBind):
* runtime/IndexingHeaderInlineMethods.h:
(JSC::IndexingHeader::indexingPayloadSizeInBytes):
* runtime/IndexingType.cpp:
(JSC::leastUpperBoundOfIndexingTypes):
(JSC):
(JSC::leastUpperBoundOfIndexingTypeAndType):
(JSC::leastUpperBoundOfIndexingTypeAndValue):
(JSC::indexingTypeToString):
* runtime/IndexingType.h:
(JSC):
(JSC::hasUndecided):
(JSC::hasInt32):
(JSC::hasDouble):
* runtime/JSArray.cpp:
(JSC::JSArray::setLength):
(JSC::JSArray::pop):
(JSC::JSArray::push):
(JSC::JSArray::shiftCountWithAnyIndexingType):
(JSC::JSArray::unshiftCountWithAnyIndexingType):
(JSC::compareNumbersForQSortWithInt32):
(JSC):
(JSC::compareNumbersForQSortWithDouble):
(JSC::JSArray::sortNumericVector):
(JSC::JSArray::sortNumeric):
(JSC::JSArray::sortCompactedVector):
(JSC::JSArray::sort):
(JSC::JSArray::sortVector):
(JSC::JSArray::fillArgList):
(JSC::JSArray::copyToArguments):
(JSC::JSArray::compactForSorting):
* runtime/JSArray.h:
(JSArray):
(JSC::createContiguousArrayButterfly):
(JSC::JSArray::create):
(JSC::JSArray::tryCreateUninitialized):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::reset):
(JSC):
(JSC::JSGlobalObject::haveABadTime):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSGlobalObject):
(JSC::JSGlobalObject::originalArrayStructureForIndexingType):
(JSC::JSGlobalObject::arrayStructureForIndexingTypeDuringAllocation):
(JSC::JSGlobalObject::arrayStructureForProfileDuringAllocation):
(JSC::JSGlobalObject::isOriginalArrayStructure):
(JSC::constructEmptyArray):
(JSC::constructArray):
* runtime/JSObject.cpp:
(JSC::JSObject::copyButterfly):
(JSC::JSObject::getOwnPropertySlotByIndex):
(JSC::JSObject::putByIndex):
(JSC::JSObject::enterDictionaryIndexingMode):
(JSC::JSObject::createInitialIndexedStorage):
(JSC):
(JSC::JSObject::createInitialUndecided):
(JSC::JSObject::createInitialInt32):
(JSC::JSObject::createInitialDouble):
(JSC::JSObject::createInitialContiguous):
(JSC::JSObject::convertUndecidedToInt32):
(JSC::JSObject::convertUndecidedToDouble):
(JSC::JSObject::convertUndecidedToContiguous):
(JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
(JSC::JSObject::convertUndecidedToArrayStorage):
(JSC::JSObject::convertInt32ToDouble):
(JSC::JSObject::convertInt32ToContiguous):
(JSC::JSObject::convertInt32ToArrayStorage):
(JSC::JSObject::convertDoubleToContiguous):
(JSC::JSObject::convertDoubleToArrayStorage):
(JSC::JSObject::convertContiguousToArrayStorage):
(JSC::JSObject::convertUndecidedForValue):
(JSC::JSObject::convertInt32ForValue):
(JSC::JSObject::setIndexQuicklyToUndecided):
(JSC::JSObject::convertInt32ToDoubleOrContiguousWhilePerformingSetIndex):
(JSC::JSObject::convertDoubleToContiguousWhilePerformingSetIndex):
(JSC::JSObject::ensureInt32Slow):
(JSC::JSObject::ensureDoubleSlow):
(JSC::JSObject::ensureContiguousSlow):
(JSC::JSObject::ensureArrayStorageSlow):
(JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
(JSC::JSObject::switchToSlowPutArrayStorage):
(JSC::JSObject::deletePropertyByIndex):
(JSC::JSObject::getOwnPropertyNames):
(JSC::JSObject::putByIndexBeyondVectorLengthWithoutAttributes):
(JSC::JSObject::putByIndexBeyondVectorLength):
(JSC::JSObject::putDirectIndexBeyondVectorLength):
(JSC::JSObject::getNewVectorLength):
(JSC::JSObject::countElements):
(JSC::JSObject::ensureLengthSlow):
(JSC::JSObject::getOwnPropertyDescriptor):
* runtime/JSObject.h:
(JSC::JSObject::getArrayLength):
(JSC::JSObject::getVectorLength):
(JSC::JSObject::canGetIndexQuickly):
(JSC::JSObject::getIndexQuickly):
(JSC::JSObject::tryGetIndexQuickly):
(JSC::JSObject::canSetIndexQuickly):
(JSC::JSObject::canSetIndexQuicklyForPutDirect):
(JSC::JSObject::setIndexQuickly):
(JSC::JSObject::initializeIndex):
(JSC::JSObject::hasSparseMap):
(JSC::JSObject::inSparseIndexingMode):
(JSObject):
(JSC::JSObject::ensureInt32):
(JSC::JSObject::ensureDouble):
(JSC::JSObject::ensureLength):
(JSC::JSObject::indexingData):
(JSC::JSObject::currentIndexingData):
(JSC::JSObject::getHolyIndexQuickly):
(JSC::JSObject::relevantLength):
(JSC::JSObject::currentRelevantLength):
* runtime/JSValue.cpp:
(JSC::JSValue::description):
* runtime/LiteralParser.cpp:
(JSC::::parse):
* runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetOwnPropertyNames):
(JSC::objectConstructorKeys):
* runtime/StringPrototype.cpp:
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSplit):
* runtime/Structure.cpp:
(JSC::Structure::nonPropertyTransition):
* runtime/StructureTransitionTable.h:
(JSC::newIndexingType):

Source/WebCore: 

Just refactoring WebCore to pass 0 for the ArrayAllocationProfile*.

* bindings/js/JSCanvasRenderingContext2DCustom.cpp:
(WebCore::JSCanvasRenderingContext2D::webkitLineDash):
* bindings/js/JSClipboardCustom.cpp:
(WebCore::JSClipboard::types):
* bindings/js/JSDOMBinding.cpp:
(WebCore::jsArray):
* bindings/js/JSDOMBinding.h:
(WebCore::jsArray):
* bindings/js/JSInjectedScriptHostCustom.cpp:
(WebCore::getJSListenerFunctions):
* bindings/js/JSJavaScriptCallFrameCustom.cpp:
(WebCore::JSJavaScriptCallFrame::scopeChain):
* bindings/js/JSMessageEventCustom.cpp:
(WebCore::JSMessageEvent::ports):
* bindings/js/JSMutationCallbackCustom.cpp:
(WebCore::JSMutationCallback::handleEvent):
* bindings/js/JSWebGLRenderingContextCustom.cpp:
(WebCore::toJS):
(WebCore::JSWebGLRenderingContext::getAttachedShaders):
(WebCore::JSWebGLRenderingContext::getSupportedExtensions):
* bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneDeserializer::deserialize):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133953 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent e00ad08c
......@@ -144,9 +144,9 @@ JSObjectRef JSObjectMakeArray(JSContextRef ctx, size_t argumentCount, const JSVa
for (size_t i = 0; i < argumentCount; ++i)
argList.append(toJS(exec, arguments[i]));
result = constructArray(exec, argList);
result = constructArray(exec, static_cast<ArrayAllocationProfile*>(0), argList);
} else
result = constructEmptyArray(exec);
result = constructEmptyArray(exec, 0);
if (exec->hadException()) {
if (exception)
......
......@@ -40,6 +40,7 @@ SET(JavaScriptCore_SOURCES
assembler/MacroAssembler.cpp
assembler/LinkBuffer.cpp
bytecode/ArrayAllocationProfile.cpp
bytecode/ArrayProfile.cpp
bytecode/CallLinkInfo.cpp
bytecode/CallLinkStatus.cpp
......
This diff is collapsed.
......@@ -83,6 +83,8 @@ javascriptcore_sources += \
Source/JavaScriptCore/assembler/RepatchBuffer.h \
Source/JavaScriptCore/assembler/SH4Assembler.h \
Source/JavaScriptCore/assembler/X86Assembler.h \
Source/JavaScriptCore/bytecode/ArrayAllocationProfile.cpp \
Source/JavaScriptCore/bytecode/ArrayAllocationProfile.h \
Source/JavaScriptCore/bytecode/ArrayProfile.cpp \
Source/JavaScriptCore/bytecode/ArrayProfile.h \
Source/JavaScriptCore/bytecode/ByValInfo.h \
......
......@@ -110,11 +110,12 @@ EXPORTS
?computeHash@SHA1@WTF@@QAEXAAV?$Vector@E$0BE@@2@@Z
?configurable@PropertyDescriptor@JSC@@QBE_NXZ
?construct@JSC@@YAPAVJSObject@1@PAVExecState@1@VJSValue@1@W4ConstructType@1@ABTConstructData@1@ABVArgList@1@@Z
?constructArray@JSC@@YAPAVJSArray@1@PAVExecState@1@ABVArgList@1@@Z
?constructEmptyObject@JSC@@YAPAVJSObject@1@PAVExecState@1@@Z
?constructFunctionSkippingEvalEnabledCheck@JSC@@YAPAVJSObject@1@PAVExecState@1@PAVJSGlobalObject@1@ABVArgList@1@ABVIdentifier@1@ABVString@WTF@@ABVTextPosition@8@@Z
?constructNumber@JSC@@YAPAVNumberObject@1@PAVExecState@1@PAVJSGlobalObject@1@VJSValue@1@@Z
?constructString@JSC@@YAPAVStringObject@1@PAVExecState@1@PAVJSGlobalObject@1@VJSValue@1@@Z
?convertDoubleToContiguousWhilePerformingSetIndex@JSObject@JSC@@AAEXAAVJSGlobalData@2@IVJSValue@2@@Z
?convertInt32ToDoubleOrContiguousWhilePerformingSetIndex@JSObject@JSC@@AAEXAAVJSGlobalData@2@IVJSValue@2@@Z
?convertLatin1ToUTF8@Unicode@WTF@@YA?AW4ConversionResult@12@PAPBEPBEPAPADPAD@Z
?convertUTF16ToUTF8@Unicode@WTF@@YA?AW4ConversionResult@12@PAPB_WPB_WPAPADPAD_N@Z
?convertUTF8ToUTF16@Unicode@WTF@@YA?AW4ConversionResult@12@PAPBDPBDPAPA_WPA_WPA_N_N@Z
......@@ -333,6 +334,7 @@ EXPORTS
?setGarbageCollectionTimerEnabled@Heap@JSC@@QAEX_N@Z
?setGetter@PropertyDescriptor@JSC@@QAEXVJSValue@2@@Z
?setGlobalThis@JSGlobalObject@JSC@@IAEXAAVJSGlobalData@2@PAVJSObject@2@@Z
?setIndexQuicklyToUndecided@JSObject@JSC@@AAEXAAVJSGlobalData@2@IVJSValue@2@@Z
?setLoc@StatementNode@JSC@@QAEXHH@Z
?setMainThreadCallbacksPaused@WTF@@YAX_N@Z
?setOption@Options@JSC@@SA_NPBD@Z
......@@ -402,6 +404,7 @@ EXPORTS
?unlock@Mutex@WTF@@QAEXXZ
?unlockAtomicallyInitializedStaticMutex@WTF@@YAXXZ
?unprotect@Heap@JSC@@QAE_NVJSValue@2@@Z
?updateIndexingType@ArrayAllocationProfile@JSC@@QAEXXZ
?validate@SlotVisitor@JSC@@CAXPAVJSCell@2@@Z
?visitChildren@JSGlobalObject@JSC@@SAXPAVJSCell@2@AAVSlotVisitor@2@@Z
?visitChildren@JSObject@JSC@@SAXPAVJSCell@2@AAVSlotVisitor@2@@Z
......
......@@ -1581,6 +1581,14 @@
<Filter
Name="bytecode"
>
<File
RelativePath="..\..\bytecode\ArrayAllocationProfile.cpp"
>
</File>
<File
RelativePath="..\..\bytecode\ArrayAllocationProfile.h"
>
</File>
<File
RelativePath="..\..\bytecode\ArrayProfile.cpp"
>
......
......@@ -165,6 +165,8 @@
0F7B294C14C3CD43007C3DB1 /* DFGByteCodeCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F5F08CC146BE602000472A9 /* DFGByteCodeCache.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F7B294D14C3CD4C007C3DB1 /* DFGCommon.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FC0977E1469EBC400CF2442 /* DFGCommon.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F8023EA1613832B00A0BA45 /* ByValInfo.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8023E91613832300A0BA45 /* ByValInfo.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F8335B71639C1E6001443B5 /* ArrayAllocationProfile.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */; };
0F8335B81639C1EA001443B5 /* ArrayAllocationProfile.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F919D0C157EE09F004A4E7D /* JSSymbolTableObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F919D09157EE09D004A4E7D /* JSSymbolTableObject.cpp */; };
0F919D0D157EE0A2004A4E7D /* JSSymbolTableObject.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F919D0A157EE09D004A4E7D /* JSSymbolTableObject.h */; settings = {ATTRIBUTES = (Private, ); }; };
0F919D10157F3329004A4E7D /* JSSegmentedVariableObject.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0F919D0E157F3327004A4E7D /* JSSegmentedVariableObject.cpp */; };
......@@ -951,6 +953,8 @@
0F7700911402FF280078EB39 /* SamplingCounter.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SamplingCounter.cpp; sourceTree = "<group>"; };
0F7B294814C3CD23007C3DB1 /* DFGCCallHelpers.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCCallHelpers.h; path = dfg/DFGCCallHelpers.h; sourceTree = "<group>"; };
0F8023E91613832300A0BA45 /* ByValInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ByValInfo.h; sourceTree = "<group>"; };
0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArrayAllocationProfile.cpp; sourceTree = "<group>"; };
0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArrayAllocationProfile.h; sourceTree = "<group>"; };
0F919D09157EE09D004A4E7D /* JSSymbolTableObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSSymbolTableObject.cpp; sourceTree = "<group>"; };
0F919D0A157EE09D004A4E7D /* JSSymbolTableObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSSymbolTableObject.h; sourceTree = "<group>"; };
0F919D0E157F3327004A4E7D /* JSSegmentedVariableObject.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSSegmentedVariableObject.cpp; sourceTree = "<group>"; };
......@@ -2515,6 +2519,8 @@
969A078F0ED1D3AE00F1F681 /* bytecode */ = {
isa = PBXGroup;
children = (
0F8335B41639C1E3001443B5 /* ArrayAllocationProfile.cpp */,
0F8335B51639C1E3001443B5 /* ArrayAllocationProfile.h */,
0F63945115D07051006A597C /* ArrayProfile.cpp */,
0F63945215D07051006A597C /* ArrayProfile.h */,
0F21C27E14BEAA8000ADC64B /* BytecodeConventions.h */,
......@@ -3008,6 +3014,7 @@
0FEB3ECD16237F4D00AB67AD /* TypedArrayDescriptor.h in Headers */,
0F256C361627B0AD007F2783 /* DFGCallArrayAllocatorSlowPathGenerator.h in Headers */,
C2239D1B16262BDD005AC5FD /* GCThread.h in Headers */,
0F8335B81639C1EA001443B5 /* ArrayAllocationProfile.h in Headers */,
A7B601821639FD2A00372BA3 /* UnlinkedCodeBlock.h in Headers */,
A77F1822164088B200640A47 /* CodeCache.h in Headers */,
A77F1825164192C700640A47 /* ParserModes.h in Headers */,
......@@ -3587,6 +3594,7 @@
C24D31E2161CD695002AA4DB /* HeapStatistics.cpp in Sources */,
C2239D1716262BDD005AC5FD /* CopyVisitor.cpp in Sources */,
C2239D1A16262BDD005AC5FD /* GCThread.cpp in Sources */,
0F8335B71639C1E6001443B5 /* ArrayAllocationProfile.cpp in Sources */,
A76F279415F13C9600517D67 /* UnlinkedCodeBlock.cpp in Sources */,
A77F1821164088B200640A47 /* CodeCache.cpp in Sources */,
);
......
......@@ -50,6 +50,7 @@ SOURCES += \
assembler/MacroAssembler.cpp \
assembler/MacroAssemblerARM.cpp \
assembler/MacroAssemblerSH4.cpp \
bytecode/ArrayAllocationProfile.cpp \
bytecode/ArrayProfile.cpp \
bytecode/CallLinkInfo.cpp \
bytecode/CallLinkStatus.cpp \
......
......@@ -586,6 +586,13 @@ public:
public:
typedef Vector<Jump, 16> JumpVector;
JumpList() { }
JumpList(Jump jump)
{
append(jump);
}
void link(AbstractMacroAssembler<AssemblerType>* masm)
{
......
......@@ -826,11 +826,15 @@ public:
m_assembler.ucomisd_rr(right, left);
if (cond == DoubleEqual) {
if (left == right)
return Jump(m_assembler.jnp());
Jump isUnordered(m_assembler.jp());
Jump result = Jump(m_assembler.je());
isUnordered.link(this);
return result;
} else if (cond == DoubleNotEqualOrUnordered) {
if (left == right)
return Jump(m_assembler.jp());
Jump isUnordered(m_assembler.jp());
Jump isEqual(m_assembler.je());
isUnordered.link(this);
......
......@@ -1475,6 +1475,12 @@ public:
return m_formatter.immediateRel32();
}
AssemblerLabel jnp()
{
m_formatter.twoByteOp(jccRel32(ConditionNP));
return m_formatter.immediateRel32();
}
AssemblerLabel jp()
{
m_formatter.twoByteOp(jccRel32(ConditionP));
......@@ -2314,6 +2320,9 @@ private:
// Format a REX prefix byte.
inline void emitRex(bool w, int r, int x, int b)
{
ASSERT(r >= 0);
ASSERT(x >= 0);
ASSERT(b >= 0);
m_buffer.putByteUnchecked(PRE_REX | ((int)w << 3) | ((r>>3)<<2) | ((x>>3)<<1) | (b>>3));
}
......
/*
* Copyright (C) 2012 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "config.h"
#include "ArrayAllocationProfile.h"
namespace JSC {
void ArrayAllocationProfile::updateIndexingType()
{
if (!m_lastArray)
return;
m_currentIndexingType = leastUpperBoundOfIndexingTypes(m_currentIndexingType, m_lastArray->structure()->indexingType());
m_lastArray = 0;
}
} // namespace JSC
/*
* Copyright (C) 2012 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
* OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef ArrayAllocationProfile_h
#define ArrayAllocationProfile_h
#include "IndexingType.h"
#include "JSArray.h"
namespace JSC {
class ArrayAllocationProfile {
public:
ArrayAllocationProfile()
: m_currentIndexingType(ArrayWithUndecided)
, m_lastArray(0)
{
}
IndexingType selectIndexingType()
{
if (m_lastArray && UNLIKELY(m_lastArray->structure()->indexingType() != m_currentIndexingType))
updateIndexingType();
return m_currentIndexingType;
}
JSArray* updateLastAllocation(JSArray* lastArray)
{
m_lastArray = lastArray;
return lastArray;
}
JS_EXPORT_PRIVATE void updateIndexingType();
static IndexingType selectIndexingTypeFor(ArrayAllocationProfile* profile)
{
if (!profile)
return ArrayWithUndecided;
return profile->selectIndexingType();
}
static JSArray* updateLastAllocationFor(ArrayAllocationProfile* profile, JSArray* lastArray)
{
if (profile)
profile->updateLastAllocation(lastArray);
return lastArray;
}
private:
IndexingType m_currentIndexingType;
JSArray* m_lastArray;
};
} // namespace JSC
#endif // ArrayAllocationProfile_h
......@@ -65,6 +65,13 @@ const char* arrayModesToString(ArrayModes arrayModes)
return result;
}
ArrayModes ArrayProfile::updatedObservedArrayModes() const
{
if (m_lastSeenStructure)
return m_observedArrayModes | arrayModeFromStructure(m_lastSeenStructure);
return m_observedArrayModes;
}
void ArrayProfile::computeUpdatedPrediction(CodeBlock* codeBlock, OperationInProgress operation)
{
if (m_lastSeenStructure) {
......
......@@ -45,15 +45,20 @@ typedef unsigned ArrayModes;
#define ALL_NON_ARRAY_ARRAY_MODES \
(asArrayModes(NonArray) \
| asArrayModes(NonArrayWithContiguous) \
| asArrayModes(NonArrayWithArrayStorage) \
| asArrayModes(NonArrayWithSlowPutArrayStorage))
| asArrayModes(NonArrayWithInt32) \
| asArrayModes(NonArrayWithDouble) \
| asArrayModes(NonArrayWithContiguous) \
| asArrayModes(NonArrayWithArrayStorage) \
| asArrayModes(NonArrayWithSlowPutArrayStorage))
#define ALL_ARRAY_ARRAY_MODES \
(asArrayModes(ArrayClass) \
| asArrayModes(ArrayWithContiguous) \
| asArrayModes(ArrayWithArrayStorage) \
| asArrayModes(ArrayWithSlowPutArrayStorage))
| asArrayModes(ArrayWithUndecided) \
| asArrayModes(ArrayWithInt32) \
| asArrayModes(ArrayWithDouble) \
| asArrayModes(ArrayWithContiguous) \
| asArrayModes(ArrayWithArrayStorage) \
| asArrayModes(ArrayWithSlowPutArrayStorage))
#define ALL_ARRAY_MODES (ALL_NON_ARRAY_ARRAY_MODES | ALL_ARRAY_ARRAY_MODES)
......@@ -79,6 +84,36 @@ inline bool arrayModesAlreadyChecked(ArrayModes proven, ArrayModes expected)
return (expected | proven) == expected;
}
inline bool arrayModesInclude(ArrayModes arrayModes, IndexingType shape)
{
return !!(arrayModes & (asArrayModes(NonArray | shape) | asArrayModes(ArrayClass | shape)));
}
inline bool shouldUseSlowPutArrayStorage(ArrayModes arrayModes)
{
return arrayModesInclude(arrayModes, SlowPutArrayStorageShape);
}
inline bool shouldUseFastArrayStorage(ArrayModes arrayModes)
{
return arrayModesInclude(arrayModes, ArrayStorageShape);
}
inline bool shouldUseContiguous(ArrayModes arrayModes)
{
return arrayModesInclude(arrayModes, ContiguousShape);
}
inline bool shouldUseDouble(ArrayModes arrayModes)
{
return arrayModesInclude(arrayModes, DoubleShape);
}
inline bool shouldUseInt32(ArrayModes arrayModes)
{
return arrayModesInclude(arrayModes, Int32Shape);
}
class ArrayProfile {
public:
ArrayProfile()
......@@ -128,6 +163,7 @@ public:
return !structureIsPolymorphic() && m_expectedStructure;
}
ArrayModes observedArrayModes() const { return m_observedArrayModes; }
ArrayModes updatedObservedArrayModes() const; // Computes the observed array modes without updating the profile.
bool mayInterceptIndexedAccesses() const { return m_mayInterceptIndexedAccesses; }
bool mayStoreToHole() const { return m_mayStoreToHole; }
......
......@@ -39,6 +39,8 @@
namespace JSC {
enum JITArrayMode {
JITInt32,
JITDouble,
JITContiguous,
JITArrayStorage,
JITInt8Array,
......@@ -55,6 +57,8 @@ enum JITArrayMode {
inline bool isOptimizableIndexingType(IndexingType indexingType)
{
switch (indexingType) {
case ALL_INT32_INDEXING_TYPES:
case ALL_DOUBLE_INDEXING_TYPES:
case ALL_CONTIGUOUS_INDEXING_TYPES:
case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES:
return true;
......@@ -77,6 +81,10 @@ inline bool hasOptimizableIndexing(Structure* structure)
inline JITArrayMode jitArrayModeForIndexingType(IndexingType indexingType)
{
switch (indexingType) {
case ALL_INT32_INDEXING_TYPES:
return JITInt32;
case ALL_DOUBLE_INDEXING_TYPES:
return JITDouble;
case ALL_CONTIGUOUS_INDEXING_TYPES:
return JITContiguous;
case ARRAY_WITH_ARRAY_STORAGE_INDEXING_TYPES:
......
......@@ -654,6 +654,7 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
int argc = (++it)->u.operand;
dataLog("[%4d] new_array\t %s, %s, %d", location, registerName(exec, dst).data(), registerName(exec, argv).data(), argc);
dumpBytecodeCommentAndNewLine(location);
++it; // Skip array allocation profile.
break;
}
case op_new_array_with_size: {
......@@ -661,6 +662,7 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
int length = (++it)->u.operand;
dataLog("[%4d] new_array_with_size\t %s, %s", location, registerName(exec, dst).data(), registerName(exec, length).data());
dumpBytecodeCommentAndNewLine(location);
++it; // Skip array allocation profile.
break;
}
case op_new_array_buffer: {
......@@ -669,6 +671,7 @@ void CodeBlock::dump(ExecState* exec, const Vector<Instruction>::const_iterator&
int argc = (++it)->u.operand;
dataLog("[%4d] new_array_buffer\t %s, %d, %d", location, registerName(exec, dst).data(), argv, argc);
dumpBytecodeCommentAndNewLine(location);
++it; // Skip array allocation profile.
break;
}
case op_new_regexp: {
......@@ -1746,6 +1749,8 @@ CodeBlock::CodeBlock(ScriptExecutable* ownerExecutable, UnlinkedCodeBlock* unlin
#if ENABLE(DFG_JIT)
if (size_t size = unlinkedCodeBlock->numberOfArrayProfiles())
m_arrayProfiles.grow(size);
if (size_t size = unlinkedCodeBlock->numberOfArrayAllocationProfiles())
m_arrayAllocationProfiles.grow(size);
if (size_t size = unlinkedCodeBlock->numberOfValueProfiles())
m_valueProfiles.grow(size);
#endif
......@@ -1800,6 +1805,14 @@ CodeBlock::CodeBlock(ScriptExecutable* ownerExecutable, UnlinkedCodeBlock* unlin
break;
}
case op_new_array:
case op_new_array_buffer:
case op_new_array_with_size: {
int arrayAllocationProfileIndex = pc[i + opLength - 1].u.operand;
instructions[i + opLength - 1] = &m_arrayAllocationProfiles[arrayAllocationProfileIndex];
break;
}
case op_call:
case op_call_eval: {
int arrayProfileIndex = pc[i + opLength - 1].u.operand;
......@@ -2790,18 +2803,28 @@ void CodeBlock::updateAllPredictionsAndCountLiveness(
#if ENABLE(DFG_JIT)
m_lazyOperandValueProfiles.computeUpdatedPredictions(operation);
#endif
// Don't count the array profiles towards statistics, since each array profile
// site also has a value profile site - so we already know whether or not it's
// live.
}
void CodeBlock::updateAllValueProfilePredictions(OperationInProgress operation)
{
unsigned ignoredValue1, ignoredValue2;
updateAllPredictionsAndCountLiveness(operation, ignoredValue1, ignoredValue2);
}
void CodeBlock::updateAllArrayPredictions(OperationInProgress operation)
{
for (unsigned i = m_arrayProfiles.size(); i--;)
m_arrayProfiles[i].computeUpdatedPrediction(this, operation);
// Don't count these either, for similar reasons.
for (unsigned i = m_arrayAllocationProfiles.size(); i--;)
m_arrayAllocationProfiles[i].updateIndexingType();
}
void CodeBlock::updateAllPredictions(OperationInProgress operation)
{
unsigned ignoredValue1, ignoredValue2;
updateAllPredictionsAndCountLiveness(operation, ignoredValue1, ignoredValue2);
updateAllValueProfilePredictions(operation);
updateAllArrayPredictions(operation);
}
bool CodeBlock::shouldOptimizeNow()
......@@ -2817,12 +2840,14 @@ bool CodeBlock::shouldOptimizeNow()
if (m_optimizationDelayCounter >= Options::maximumOptimizationDelay())
return true;
updateAllArrayPredictions();
unsigned numberOfLiveNonArgumentValueProfiles;
unsigned numberOfSamplesInProfiles;
updateAllPredictionsAndCountLiveness(NoOperation, numberOfLiveNonArgumentValueProfiles, numberOfSamplesInProfiles);
#if ENABLE(JIT_VERBOSE_OSR)
dataLog("Profile hotness: %lf, %lf\n", (double)numberOfLiveNonArgumentValueProfiles / numberOfValueProfiles(), (double)numberOfSamplesInProfiles / ValueProfile::numberOfBuckets / numberOfValueProfiles());
dataLog("Profile hotness: %lf (%u / %u), %lf (%u / %u)\n", (double)numberOfLiveNonArgumentValueProfiles / numberOfValueProfiles(), numberOfLiveNonArgumentValueProfiles, numberOfValueProfiles(), (double)numberOfSamplesInProfiles / ValueProfile::numberOfBuckets / numberOfValueProfiles(), numberOfSamplesInProfiles, ValueProfile::numberOfBuckets * numberOfValueProfiles());
#endif
if ((!numberOfValueProfiles() || (double)numberOfLiveNonArgumentValueProfiles / numberOfValueProfiles() >= Options::desiredProfileLivenessRate())
......
......@@ -755,6 +755,13 @@ namespace JSC {
}
ArrayProfile* getArrayProfile(unsigned bytecodeOffset);
ArrayProfile* getOrAddArrayProfile(unsigned bytecodeOffset);
unsigned numberOfArrayAllocationProfiles() const { return m_arrayAllocationProfiles.size(); }
ArrayAllocationProfile* addArrayAllocationProfile()
{
m_arrayAllocationProfiles.append(ArrayAllocationProfile());
return &m_arrayAllocationProfiles.last();
}
#endif
// Exception handling support
......@@ -1145,9 +1152,13 @@ namespace JSC {
#if ENABLE(VALUE_PROFILER)
bool shouldOptimizeNow();
void updateAllValueProfilePredictions(OperationInProgress = NoOperation);
void updateAllArrayPredictions(OperationInProgress = NoOperation);
void updateAllPredictions(OperationInProgress = NoOperation);
#else
bool shouldOptimizeNow() { return false; }
void updateAllValueProfilePredictions(OperationInProgress = NoOperation) { }
void updateAllArrayPredictions(OperationInProgress = NoOperation) { }
void updateAllPredictions(OperationInProgress = NoOperation) { }
#endif
......@@ -1330,6 +1341,7 @@ namespace JSC {
SegmentedVector<ValueProfile, 8> m_valueProfiles;
SegmentedVector<RareCaseProfile, 8> m_rareCaseProfiles;
SegmentedVector<RareCaseProfile, 8> m_specialFastCaseProfiles;
SegmentedVector<ArrayAllocationProfile, 8> m_arrayAllocationProfiles;
ArrayProfileVector m_arrayProfiles;
unsigned m_executionEntryCount;
#endif
......
......@@ -58,6 +58,8 @@ inline const char* exitKindToString(ExitKind kind)
return "BadCache";
case BadWeakConstantCache:
return "BadWeakConstantCache";
case BadIndexingType:
return "BadIndexingType";
case Overflow:
return "Overflow";
case NegativeZero:
......
/*
* Copyright (C) 2008 Apple Inc. All rights reserved.
* Copyright (C) 2008, 2012 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
......@@ -47,6 +47,7 @@ namespace JSC {
// curently actually use PolymorphicAccessStructureLists, which we should). Anyway, this seems like the best
// solution for now - will need to something smarter if/when we actually want mixed-mode operation.
class ArrayAllocationProfile;
class ArrayProfile;
class JSCell;
class Structure;
......@@ -193,6 +194,7 @@ namespace JSC {
Instruction(ValueProfile* profile) { u.profile = profile; }
Instruction(ArrayProfile* profile) { u.arrayProfile = profile; }
Instruction(ArrayAllocationProfile* profile) { u.arrayAllocationProfile = profile; }
Instruction(WriteBarrier<Unknown>* registerPointer) { u.registerPointer = registerPointer; }
......@@ -212,6 +214,7 @@ namespace JSC {
LLIntCallLinkInfo* callLinkInfo;
ValueProfile* profile;
ArrayProfile* arrayProfile;
ArrayAllocationProfile* arrayAllocationProfile;
void* pointer;
bool* predicatePointer;
} u;
......
......@@ -48,9 +48,9 @@ namespace JSC {
macro(op_convert_this, 3) \
\
macro(op_new_object, 2) \
macro(op_new_array, 4) \
macro(op_new_array_with_size, 3) \
macro(op_new_array_buffer, 4) \
macro(op_new_array, 5) \
macro(op_new_array_with_size, 4) \
macro(op_new_array_buffer, 5) \
macro(op_new_regexp, 3) \
macro(op_mov, 3) \
\
......
......@@ -61,6 +61,7 @@ static const SpeculatedType SpecInt32 = 0x00800000; // It's definite
static const SpeculatedType SpecDoubleReal = 0x01000000; // It's definitely a non-NaN double.
static const SpeculatedType SpecDoubleNaN = 0x02000000; // It's definitely a NaN.
static const SpeculatedType SpecDouble = 0x03000000; // It's either a non-NaN or a NaN double.
static const SpeculatedType SpecRealNumber = 0x01800000; // It's either an Int32 or a DoubleReal.
static const SpeculatedType SpecNumber = 0x03800000; // It's either an Int32 or a Double.