DFG should optimize out the NaN check on loads from double arrays if the array...
DFG should optimize out the NaN check on loads from double arrays if the array prototype chain is having a great time https://bugs.webkit.org/show_bug.cgi?id=101718 Reviewed by Geoffrey Garen. If we're reading from a JSArray in double mode, where the array's structure is primordial (all aspects of the structure are unchanged except for indexing type), and the result of the load is used in arithmetic that is known to not distinguish between NaN and undefined, then we should not emit a NaN check. Looks like a 5% win on navier-stokes. Also fixed an OpInfo initialization goof for String ops that was revealed by this change. * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGArrayMode.cpp: (JSC::DFG::arraySpeculationToString): * dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::isSaneChain): (ArrayMode): (JSC::DFG::ArrayMode::isInBounds): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleIntrinsic): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * dfg/DFGNodeFlags.cpp: (JSC::DFG::nodeFlagsAsString): * dfg/DFGNodeFlags.h: (DFG): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::arrayPrototypeChainIsSane): (JSC): * runtime/JSGlobalObject.h: (JSGlobalObject): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@134168 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Showing with 147 additions and 25 deletions