1. 05 Nov, 2012 1 commit
    • fpizlo@apple.com's avatar
      Reduce the verbosity of referring to QNaN in JavaScriptCore · 3494d02f
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=101174
      
      Reviewed by Geoffrey Garen.
      
      Introduces a #define QNaN in JSValue.h, and replaces all previous uses of
      std::numeric_limits<double>::quiet_NaN() with QNaN.
      
      * API/JSValueRef.cpp:
      (JSValueMakeNumber):
      (JSValueToNumber):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitFloatTypedArrayGetByVal):
      * runtime/CachedTranscendentalFunction.h:
      (JSC::CachedTranscendentalFunction::initialize):
      * runtime/DateConstructor.cpp:
      (JSC::constructDate):
      * runtime/DateInstanceCache.h:
      (JSC::DateInstanceData::DateInstanceData):
      (JSC::DateInstanceCache::reset):
      * runtime/ExceptionHelpers.cpp:
      (JSC::InterruptedExecutionError::defaultValue):
      (JSC::TerminatedExecutionError::defaultValue):
      * runtime/JSCell.h:
      (JSC::JSValue::getPrimitiveNumber):
      * runtime/JSDateMath.cpp:
      (JSC::parseDateFromNullTerminatedCharacters):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      (JSC::JSGlobalData::resetDateCache):
      * runtime/JSGlobalObjectFunctions.cpp:
      (JSC::parseInt):
      (JSC::jsStrDecimalLiteral):
      (JSC::toDouble):
      (JSC::jsToNumber):
      (JSC::parseFloat):
      * runtime/JSValue.cpp:
      (JSC::JSValue::toNumberSlowCase):
      * runtime/JSValue.h:
      (JSC):
      * runtime/JSValueInlineMethods.h:
      (JSC::jsNaN):
      * runtime/MathObject.cpp:
      (JSC::mathProtoFuncMax):
      (JSC::mathProtoFuncMin):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133493 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3494d02f
  2. 04 Nov, 2012 1 commit
  3. 02 Nov, 2012 2 commits
  4. 28 Oct, 2012 1 commit
  5. 18 Oct, 2012 2 commits
    • yuqiang.xian@intel.com's avatar
      Refactor MacroAssembler interfaces to differentiate the pointer operands from... · 5b1cb734
      yuqiang.xian@intel.com authored
      Refactor MacroAssembler interfaces to differentiate the pointer operands from the 64-bit integer operands
      https://bugs.webkit.org/show_bug.cgi?id=99154
      
      Reviewed by Gavin Barraclough.
      
      In current JavaScriptCore implementation for JSVALUE64 platform (i.e.,
      the X64 platform), we assume that the JSValue size is same to the
      pointer size, and thus EncodedJSValue is simply type defined as a
      "void*". In the JIT compiler, we also take this assumption and invoke
      the same macro assembler interfaces for both JSValue and pointer
      operands. We need to differentiate the operations on pointers from the
      operations on JSValues, and let them invoking different macro
      assembler interfaces. For example, we now use the interface of
      "loadPtr" to load either a pointer or a JSValue, and we need to switch
      to using "loadPtr" to load a pointer and some new "load64" interface
      to load a JSValue. This would help us supporting other JSVALUE64
      platforms where pointer size is not necessarily 64-bits, for example
      x32 (bug #99153).
      
      The major modification I made is to introduce the "*64" interfaces in
      the MacroAssembler for those operations on JSValues, keep the "*Ptr"
      interfaces for those operations on real pointers, and go through all
      the JIT compiler code to correct the usage.
      
      This is the second part of the work, i.e, to correct the usage of the
      new MacroAssembler interfaces in the JIT compilers, which also means
      that now EncodedJSValue is defined as a 64-bit integer, and the "*64"
      interfaces are used for it.
      
      * assembler/MacroAssembler.h: JSValue immediates should be in Imm64 instead of ImmPtr.
      (MacroAssembler):
      (JSC::MacroAssembler::shouldBlind):
      * dfg/DFGAssemblyHelpers.cpp: Correct the JIT compilers usage of the new interfaces.
      (JSC::DFG::AssemblyHelpers::jitAssertIsInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSInt32):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSNumber):
      (JSC::DFG::AssemblyHelpers::jitAssertIsJSDouble):
      (JSC::DFG::AssemblyHelpers::jitAssertIsCell):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
      (JSC::DFG::AssemblyHelpers::branchIfNotCell):
      (JSC::DFG::AssemblyHelpers::debugCall):
      (JSC::DFG::AssemblyHelpers::boxDouble):
      (JSC::DFG::AssemblyHelpers::unboxDouble):
      (JSC::DFG::AssemblyHelpers::emitExceptionCheck):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
      (CCallHelpers):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      * dfg/DFGScratchRegisterAllocator.h:
      (JSC::DFG::ScratchRegisterAllocator::preserveUsedRegistersToScratchBuffer):
      (JSC::DFG::ScratchRegisterAllocator::restoreUsedRegistersFromScratchBuffer):
      * dfg/DFGSilentRegisterSavePlan.h:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
      (JSC::DFG::SpeculativeJIT::compileInstanceOf):
      (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentSpill):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::spill):
      (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64):
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::branch64):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::convertToDouble):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compileContiguousGetByVal):
      (JSC::DFG::SpeculativeJIT::compileArrayStorageGetByVal):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compileArrayStoragePutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::osrExitGenerationThunkGenerator):
      (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
      (JSC::DFG::slowPathFor):
      (JSC::DFG::virtualForThunkGenerator):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JIT):
      * jit/JITArithmetic.cpp:
      (JSC::JIT::emit_op_negate):
      (JSC::JIT::emitSlow_op_negate):
      (JSC::JIT::emit_op_rshift):
      (JSC::JIT::emitSlow_op_urshift):
      (JSC::JIT::emit_compareAndJumpSlow):
      (JSC::JIT::emit_op_bitand):
      (JSC::JIT::compileBinaryArithOpSlowCase):
      (JSC::JIT::emit_op_div):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCall):
      * jit/JITInlineMethods.h: Have some clean-up work as well.
      (JSC):
      (JSC::JIT::emitPutCellToCallFrameHeader):
      (JSC::JIT::emitPutIntToCallFrameHeader):
      (JSC::JIT::emitPutToCallFrameHeader):
      (JSC::JIT::emitGetFromCallFrameHeader32):
      (JSC::JIT::emitGetFromCallFrameHeader64):
      (JSC::JIT::emitAllocateJSArray):
      (JSC::JIT::emitValueProfilingSite):
      (JSC::JIT::emitGetJITStubArg):
      (JSC::JIT::emitGetVirtualRegister):
      (JSC::JIT::emitPutVirtualRegister):
      (JSC::JIT::emitInitRegister):
      (JSC::JIT::emitJumpIfJSCell):
      (JSC::JIT::emitJumpIfBothJSCells):
      (JSC::JIT::emitJumpIfNotJSCell):
      (JSC::JIT::emitLoadInt32ToDouble):
      (JSC::JIT::emitJumpIfImmediateInteger):
      (JSC::JIT::emitJumpIfNotImmediateInteger):
      (JSC::JIT::emitJumpIfNotImmediateIntegers):
      (JSC::JIT::emitFastArithReTagImmediate):
      (JSC::JIT::emitFastArithIntToImmNoCheck):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_mov):
      (JSC::JIT::emit_op_instanceof):
      (JSC::JIT::emit_op_is_undefined):
      (JSC::JIT::emit_op_is_boolean):
      (JSC::JIT::emit_op_is_number):
      (JSC::JIT::emit_op_tear_off_activation):
      (JSC::JIT::emit_op_not):
      (JSC::JIT::emit_op_jfalse):
      (JSC::JIT::emit_op_jeq_null):
      (JSC::JIT::emit_op_jneq_null):
      (JSC::JIT::emit_op_jtrue):
      (JSC::JIT::emit_op_bitxor):
      (JSC::JIT::emit_op_bitor):
      (JSC::JIT::emit_op_get_pnames):
      (JSC::JIT::emit_op_next_pname):
      (JSC::JIT::compileOpStrictEq):
      (JSC::JIT::emit_op_catch):
      (JSC::JIT::emit_op_throw_reference_error):
      (JSC::JIT::emit_op_eq_null):
      (JSC::JIT::emit_op_neq_null):
      (JSC::JIT::emit_op_create_activation):
      (JSC::JIT::emit_op_create_arguments):
      (JSC::JIT::emit_op_init_lazy_reg):
      (JSC::JIT::emitSlow_op_convert_this):
      (JSC::JIT::emitSlow_op_not):
      (JSC::JIT::emit_op_get_argument_by_val):
      (JSC::JIT::emit_op_put_to_base):
      (JSC::JIT::emit_resolve_operations):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emitArrayStorageGetByVal):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::emit_op_get_by_pname):
      (JSC::JIT::emitContiguousPutByVal):
      (JSC::JIT::emitArrayStoragePutByVal):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::emit_op_init_global_const):
      (JSC::JIT::emit_op_init_global_const_check):
      (JSC::JIT::emitIntTypedArrayGetByVal):
      (JSC::JIT::emitFloatTypedArrayGetByVal):
      (JSC::JIT::emitFloatTypedArrayPutByVal):
      * jit/JITStubCall.h:
      (JITStubCall):
      (JSC::JITStubCall::JITStubCall):
      (JSC::JITStubCall::addArgument):
      (JSC::JITStubCall::call):
      (JSC::JITStubCall::callWithValueProfiling):
      * jit/JSInterfaceJIT.h:
      (JSC::JSInterfaceJIT::emitJumpIfImmediateNumber):
      (JSC::JSInterfaceJIT::emitJumpIfNotImmediateNumber):
      (JSC::JSInterfaceJIT::emitLoadJSCell):
      (JSC::JSInterfaceJIT::emitLoadInt32):
      (JSC::JSInterfaceJIT::emitLoadDouble):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::returnDouble):
      (JSC::SpecializedThunkJIT::tagReturnAsInt32):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h: Define JSVALUE64 EncodedJSValue as int64_t, which is also unified with JSVALUE32_64.
      (JSC):
      * runtime/JSValueInlineMethods.h: New implementation of some JSValue methods to make them more conformant
      with the new rule that "JSValue is a 64-bit integer rather than a pointer" for JSVALUE64 platforms.
      (JSC):
      (JSC::JSValue::JSValue):
      (JSC::JSValue::operator bool):
      (JSC::JSValue::operator==):
      (JSC::JSValue::operator!=):
      (JSC::reinterpretDoubleToInt64):
      (JSC::reinterpretInt64ToDouble):
      (JSC::JSValue::asDouble):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131858 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5b1cb734
    • oliver@apple.com's avatar
      Bytecode should not have responsibility for determining how to perform non-local resolves · c909f5f5
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=99349
      
      Reviewed by Gavin Barraclough.
      
      This patch removes lexical analysis from the bytecode generation.  This allows
      us to delay lookup of a non-local variables until the lookup is actually necessary,
      and simplifies a lot of the resolve logic in BytecodeGenerator.
      
      Once a lookup is performed we cache the lookup information in a set of out-of-line
      buffers in CodeBlock.  This allows subsequent lookups to avoid unnecessary hashing,
      etc, and allows the respective JITs to recreated optimal lookup code.
      
      This is currently still a performance regression in LLInt, but most of the remaining
      regression is caused by a lot of indirection that I'll remove in future work, as well
      as some work necessary to allow LLInt to perform in line instruction repatching.
      We will also want to improve the behaviour of the baseline JIT for some of the lookup
      operations, however this patch was getting quite large already so I'm landing it now
      that we've reached the bar of "performance-neutral".
      
      Basic browsing seems to work.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::visitStructures):
      (JSC):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::shrinkToFit):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::addResolve):
      (JSC::CodeBlock::addPutToBase):
      (CodeBlock):
      (JSC::CodeBlock::resolveOperations):
      (JSC::CodeBlock::putToBaseOperation):
      (JSC::CodeBlock::numberOfResolveOperations):
      (JSC::CodeBlock::numberOfPutToBaseOperations):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::globalObjectConstant):
      (JSC::CodeBlock::setGlobalObjectConstant):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      (JSC::ResolveGlobalStatus::computeFor):
      * bytecode/ResolveGlobalStatus.h:
      (JSC):
      (ResolveGlobalStatus):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveBase):
      (JSC::BytecodeGenerator::emitResolveBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetLocalVar):
      (JSC::BytecodeGenerator::emitInitGlobalConst):
      (JSC::BytecodeGenerator::emitPutToBase):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::ResolveResult::registerResolve):
      (JSC::ResolveResult::dynamicResolve):
      (ResolveResult):
      (JSC::ResolveResult::ResolveResult):
      (JSC):
      (NonlocalResolveInfo):
      (JSC::NonlocalResolveInfo::NonlocalResolveInfo):
      (JSC::NonlocalResolveInfo::~NonlocalResolveInfo):
      (JSC::NonlocalResolveInfo::resolved):
      (JSC::NonlocalResolveInfo::put):
      (BytecodeGenerator):
      (JSC::BytecodeGenerator::getResolveOperations):
      (JSC::BytecodeGenerator::getResolveWithThisOperations):
      (JSC::BytecodeGenerator::getResolveBaseOperations):
      (JSC::BytecodeGenerator::getResolveBaseForPutOperations):
      (JSC::BytecodeGenerator::getResolveWithBaseForPutOperations):
      (JSC::BytecodeGenerator::getPutToBaseOperation):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ResolveNode::isPure):
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixNode::emitResolve):
      (JSC::PrefixNode::emitResolve):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      (JSC::ForInNode::emitBytecode):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (InlineStackEntry):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (DFG):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canInlineResolveOperations):
      (DFG):
      (JSC::DFG::canCompileOpcode):
      (JSC::DFG::canInlineOpcode):
      * dfg/DFGGraph.h:
      (ResolveGlobalData):
      (ResolveOperationData):
      (DFG):
      (PutToBaseOperationData):
      (Graph):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifier):
      (JSC::DFG::Node::resolveOperationsDataIndex):
      (Node):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::resolveOperations):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::putToBaseOperation):
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      (JIT):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_put_to_base):
      (JSC):
      (JSC::JIT::emit_resolve_operations):
      (JSC::JIT::emitSlow_link_resolve_operations):
      (JSC::JIT::emit_op_resolve):
      (JSC::JIT::emitSlow_op_resolve):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emitSlow_op_resolve_base):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emitSlow_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_put_to_base):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_put_to_base):
      (JSC):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_init_global_const):
      (JSC::JIT::emit_op_init_global_const_check):
      (JSC::JIT::emitSlow_op_init_global_const_check):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_init_global_const):
      (JSC::JIT::emit_op_init_global_const_check):
      (JSC::JIT::emitSlow_op_init_global_const_check):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSScope.cpp:
      (JSC::LookupResult::base):
      (JSC::LookupResult::value):
      (JSC::LookupResult::setBase):
      (JSC::LookupResult::setValue):
      (LookupResult):
      (JSC):
      (JSC::setPutPropertyAccessOffset):
      (JSC::executeResolveOperations):
      (JSC::JSScope::resolveContainingScopeInternal):
      (JSC::JSScope::resolveContainingScope):
      (JSC::JSScope::resolve):
      (JSC::JSScope::resolveBase):
      (JSC::JSScope::resolveWithBase):
      (JSC::JSScope::resolveWithThis):
      (JSC::JSScope::resolvePut):
      (JSC::JSScope::resolveGlobal):
      * runtime/JSScope.h:
      (JSScope):
      * runtime/JSVariableObject.cpp:
      (JSC):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      * runtime/Structure.h:
      (JSC::Structure::propertyAccessesAreCacheable):
      (Structure):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131822 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c909f5f5
  6. 17 Oct, 2012 4 commits
    • oliver@apple.com's avatar
      Roll out r131645 as it causes random site crashes. · 6d0087f5
      oliver@apple.com authored
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131676 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      6d0087f5
    • oliver@apple.com's avatar
      Bytecode should not have responsibility for determining how to perform non-local resolves · 909fa319
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=99349
      
      Reviewed by Gavin Barraclough.
      
      This patch removes lexical analysis from the bytecode generation.  This allows
      us to delay lookup of a non-local variables until the lookup is actually necessary,
      and simplifies a lot of the resolve logic in BytecodeGenerator.
      
      Once a lookup is performed we cache the lookup information in a set of out-of-line
      buffers in CodeBlock.  This allows subsequent lookups to avoid unnecessary hashing,
      etc, and allows the respective JITs to recreated optimal lookup code.
      
      This is currently still a performance regression in LLInt, but most of the remaining
      regression is caused by a lot of indirection that I'll remove in future work, as well
      as some work necessary to allow LLInt to perform in line instruction repatching.
      We will also want to improve the behaviour of the baseline JIT for some of the lookup
      operations, however this patch was getting quite large already so I'm landing it now
      that we've reached the bar of "performance-neutral".
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::visitStructures):
      (JSC):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::shrinkToFit):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::addResolve):
      (JSC::CodeBlock::addPutToBase):
      (CodeBlock):
      (JSC::CodeBlock::resolveOperations):
      (JSC::CodeBlock::putToBaseOperation):
      (JSC::CodeBlock::numberOfResolveOperations):
      (JSC::CodeBlock::numberOfPutToBaseOperations):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::globalObjectConstant):
      (JSC::CodeBlock::setGlobalObjectConstant):
      * bytecode/GlobalResolveInfo.h: Removed.
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      (JSC::ResolveGlobalStatus::computeFor):
      * bytecode/ResolveGlobalStatus.h:
      (JSC):
      (ResolveGlobalStatus):
      * bytecode/ResolveOperation.h: Added.
        The new types and logic we use to perform the cached lookups.
      (JSC):
      (ResolveOperation):
      (JSC::ResolveOperation::getAndReturnScopedVar):
      (JSC::ResolveOperation::checkForDynamicEntriesBeforeGlobalScope):
      (JSC::ResolveOperation::getAndReturnGlobalVar):
      (JSC::ResolveOperation::getAndReturnGlobalProperty):
      (JSC::ResolveOperation::resolveFail):
      (JSC::ResolveOperation::skipTopScopeNode):
      (JSC::ResolveOperation::skipScopes):
      (JSC::ResolveOperation::returnGlobalObjectAsBase):
      (JSC::ResolveOperation::setBaseToGlobal):
      (JSC::ResolveOperation::setBaseToUndefined):
      (JSC::ResolveOperation::setBaseToScope):
      (JSC::ResolveOperation::returnScopeAsBase):
      (JSC::PutToBaseOperation::PutToBaseOperation):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveBase):
      (JSC::BytecodeGenerator::emitResolveBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetLocalVar):
      (JSC::BytecodeGenerator::emitInitGlobalConst):
      (JSC::BytecodeGenerator::emitPutToBase):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::ResolveResult::registerResolve):
      (JSC::ResolveResult::dynamicResolve):
      (ResolveResult):
      (JSC::ResolveResult::ResolveResult):
      (JSC):
      (NonlocalResolveInfo):
      (JSC::NonlocalResolveInfo::NonlocalResolveInfo):
      (JSC::NonlocalResolveInfo::~NonlocalResolveInfo):
      (JSC::NonlocalResolveInfo::resolved):
      (JSC::NonlocalResolveInfo::put):
      (BytecodeGenerator):
      (JSC::BytecodeGenerator::getResolveOperations):
      (JSC::BytecodeGenerator::getResolveWithThisOperations):
      (JSC::BytecodeGenerator::getResolveBaseOperations):
      (JSC::BytecodeGenerator::getResolveBaseForPutOperations):
      (JSC::BytecodeGenerator::getResolveWithBaseForPutOperations):
      (JSC::BytecodeGenerator::getPutToBaseOperation):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ResolveNode::isPure):
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixNode::emitResolve):
      (JSC::PrefixNode::emitResolve):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      (JSC::ForInNode::emitBytecode):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (InlineStackEntry):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (DFG):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileResolveOperations):
      (DFG):
      (JSC::DFG::canCompilePutToBaseOperation):
      (JSC::DFG::canCompileOpcode):
      (JSC::DFG::canInlineOpcode):
      * dfg/DFGGraph.h:
      (ResolveGlobalData):
      (ResolveOperationData):
      (DFG):
      (PutToBaseOperationData):
      (Graph):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifier):
      (JSC::DFG::Node::resolveOperationsDataIndex):
      (Node):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::resolveOperations):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::putToBaseOperation):
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      (JIT):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_put_to_base):
      (JSC):
      (JSC::JIT::emit_resolve_operations):
      (JSC::JIT::emitSlow_link_resolve_operations):
      (JSC::JIT::emit_op_resolve):
      (JSC::JIT::emitSlow_op_resolve):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emitSlow_op_resolve_base):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emitSlow_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_put_to_base):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_put_to_base):
      (JSC):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_init_global_const):
      (JSC::JIT::emit_op_init_global_const_check):
      (JSC::JIT::emitSlow_op_init_global_const_check):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_init_global_const):
      (JSC::JIT::emit_op_init_global_const_check):
      (JSC::JIT::emitSlow_op_init_global_const_check):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSScope.cpp:
      (JSC::LookupResult::base):
      (JSC::LookupResult::value):
      (JSC::LookupResult::setBase):
      (JSC::LookupResult::setValue):
      (LookupResult):
      (JSC):
      (JSC::setPutPropertyAccessOffset):
      (JSC::executeResolveOperations):
      (JSC::JSScope::resolveContainingScopeInternal):
      (JSC::JSScope::resolveContainingScope):
      (JSC::JSScope::resolve):
      (JSC::JSScope::resolveBase):
      (JSC::JSScope::resolveWithBase):
      (JSC::JSScope::resolveWithThis):
      (JSC::JSScope::resolvePut):
      (JSC::JSScope::resolveGlobal):
      * runtime/JSScope.h:
      (JSScope):
      * runtime/JSVariableObject.cpp:
      (JSC):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      * runtime/Structure.h:
      (JSC::Structure::propertyAccessesAreCacheable):
      (Structure):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131645 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      909fa319
    • fpizlo@apple.com's avatar
      JIT op_get_by_pname should call cti_get_by_val_generic and not cti_get_by_val · a2909633
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=99631
      <rdar://problem/12483221>
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      cti_get_by_val assumes that the return address has patching metadata associated with it, which won't
      be true for op_get_by_pname. cti_get_by_val_generic makes no such assumptions.
      
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitSlow_op_get_by_pname):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emitSlow_op_get_by_pname):
      
      LayoutTests: 
      
      * fast/js/get-by-pname-that-looks-like-a-patchable-get-by-val-expected.txt: Added.
      * fast/js/get-by-pname-that-looks-like-a-patchable-get-by-val.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/get-by-pname-that-looks-like-a-patchable-get-by-val.js: Added.
      (foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131642 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a2909633
    • ossy@webkit.org's avatar
      Unreviewed, rolling out r131516 and r131550. · 04bfe7a7
      ossy@webkit.org authored
      http://trac.webkit.org/changeset/131516
      http://trac.webkit.org/changeset/131550
      https://bugs.webkit.org/show_bug.cgi?id=99349
      
      It caused zillion different problem on different platforms
      
      Source/JavaScriptCore:
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::isGlobalResolve):
      (JSC::instructionOffsetForNth):
      (JSC::printGlobalResolveInfo):
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::visitStructures):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::hasGlobalResolveInfoAtBytecodeOffset):
      (JSC::CodeBlock::globalResolveInfoForBytecodeOffset):
      (JSC::CodeBlock::shrinkToFit):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::addGlobalResolveInstruction):
      (JSC::CodeBlock::addGlobalResolveInfo):
      (JSC::CodeBlock::globalResolveInfo):
      (JSC::CodeBlock::numberOfGlobalResolveInfos):
      (JSC::CodeBlock::globalResolveInfoCount):
      * bytecode/GlobalResolveInfo.h: Copied from Source/JavaScriptCore/bytecode/ResolveGlobalStatus.cpp.
      (JSC):
      (JSC::GlobalResolveInfo::GlobalResolveInfo):
      (GlobalResolveInfo):
      (JSC::getGlobalResolveInfoBytecodeOffset):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC):
      (JSC::computeForStructure):
      (JSC::computeForLLInt):
      (JSC::ResolveGlobalStatus::computeFor):
      * bytecode/ResolveGlobalStatus.h:
      (JSC):
      (ResolveGlobalStatus):
      * bytecode/ResolveOperation.h: Removed.
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::ResolveResult::registerPointer):
      (JSC):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveBase):
      (JSC::BytecodeGenerator::emitResolveBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitInitGlobalConst):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::ResolveResult::registerResolve):
      (JSC::ResolveResult::dynamicResolve):
      (JSC::ResolveResult::lexicalResolve):
      (JSC::ResolveResult::indexedGlobalResolve):
      (JSC::ResolveResult::dynamicIndexedGlobalResolve):
      (JSC::ResolveResult::globalResolve):
      (JSC::ResolveResult::dynamicGlobalResolve):
      (JSC::ResolveResult::type):
      (JSC::ResolveResult::index):
      (JSC::ResolveResult::depth):
      (JSC::ResolveResult::globalObject):
      (ResolveResult):
      (JSC::ResolveResult::isStatic):
      (JSC::ResolveResult::isIndexed):
      (JSC::ResolveResult::isScoped):
      (JSC::ResolveResult::isGlobal):
      (JSC::ResolveResult::ResolveResult):
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ResolveNode::isPure):
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixNode::emitResolve):
      (JSC::PrefixNode::emitResolve):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      (JSC::ForInNode::emitBytecode):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (InlineStackEntry):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      (JSC::DFG::canInlineOpcode):
      * dfg/DFGGraph.h:
      (ResolveGlobalData):
      (DFG):
      (Graph):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifier):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      (JSC):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      (JIT):
      (JSC::JIT::emit_op_get_global_var_watchable):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_resolve):
      (JSC):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emit_op_resolve_skip):
      (JSC::JIT::emit_op_resolve_global):
      (JSC::JIT::emitSlow_op_resolve_global):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      (JSC::JIT::emit_op_resolve_global_dynamic):
      (JSC::JIT::emitSlow_op_resolve_global_dynamic):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_resolve):
      (JSC):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emit_op_resolve_skip):
      (JSC::JIT::emit_op_resolve_global):
      (JSC::JIT::emitSlow_op_resolve_global):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_scoped_var):
      (JSC):
      (JSC::JIT::emit_op_put_scoped_var):
      (JSC::JIT::emit_op_get_global_var):
      (JSC::JIT::emit_op_put_global_var):
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_scoped_var):
      (JSC):
      (JSC::JIT::emit_op_put_scoped_var):
      (JSC::JIT::emit_op_get_global_var):
      (JSC::JIT::emit_op_put_global_var):
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSScope.cpp:
      (JSC::JSScope::resolve):
      (JSC::JSScope::resolveSkip):
      (JSC::JSScope::resolveGlobal):
      (JSC::JSScope::resolveGlobalDynamic):
      (JSC::JSScope::resolveBase):
      (JSC::JSScope::resolveWithBase):
      (JSC::JSScope::resolveWithThis):
      * runtime/JSScope.h:
      (JSScope):
      * runtime/JSVariableObject.cpp:
      * runtime/JSVariableObject.h:
      * runtime/Structure.h:
      
      LayoutTests:
      
      * fast/workers/resources/worker-event-listener.js:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131552 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      04bfe7a7
  7. 16 Oct, 2012 1 commit
    • oliver@apple.com's avatar
      Bytecode should not have responsibility for determining how to perform non-local resolves · c4da761e
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=99349
      
      Reviewed by Gavin Barraclough.
      
      This patch removes lexical analysis from the bytecode generation.  This allows
      us to delay lookup of a non-local variables until the lookup is actually necessary,
      and simplifies a lot of the resolve logic in BytecodeGenerator.
      
      Once a lookup is performed we cache the lookup information in a set of out-of-line
      buffers in CodeBlock.  This allows subsequent lookups to avoid unnecessary hashing,
      etc, and allows the respective JITs to recreated optimal lookup code.
      
      This is currently still a performance regression in LLInt, but most of the remaining
      regression is caused by a lot of indirection that I'll remove in future work, as well
      as some work necessary to allow LLInt to perform in line instruction repatching.
      We will also want to improve the behaviour of the baseline JIT for some of the lookup
      operations, however this patch was getting quite large already so I'm landing it now
      that we've reached the bar of "performance-neutral".
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::visitStructures):
      (JSC):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::shrinkToFit):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::addResolve):
      (JSC::CodeBlock::addPutToBase):
      (CodeBlock):
      (JSC::CodeBlock::resolveOperations):
      (JSC::CodeBlock::putToBaseOperation):
      (JSC::CodeBlock::numberOfResolveOperations):
      (JSC::CodeBlock::numberOfPutToBaseOperations):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::globalObjectConstant):
      (JSC::CodeBlock::setGlobalObjectConstant):
      * bytecode/GlobalResolveInfo.h: Removed.
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      (JSC::ResolveGlobalStatus::computeFor):
      * bytecode/ResolveGlobalStatus.h:
      (JSC):
      (ResolveGlobalStatus):
      * bytecode/ResolveOperation.h: Added.
        The new types and logic we use to perform the cached lookups.
      (JSC):
      (ResolveOperation):
      (JSC::ResolveOperation::getAndReturnScopedVar):
      (JSC::ResolveOperation::checkForDynamicEntriesBeforeGlobalScope):
      (JSC::ResolveOperation::getAndReturnGlobalVar):
      (JSC::ResolveOperation::getAndReturnGlobalProperty):
      (JSC::ResolveOperation::resolveFail):
      (JSC::ResolveOperation::skipTopScopeNode):
      (JSC::ResolveOperation::skipScopes):
      (JSC::ResolveOperation::returnGlobalObjectAsBase):
      (JSC::ResolveOperation::setBaseToGlobal):
      (JSC::ResolveOperation::setBaseToUndefined):
      (JSC::ResolveOperation::setBaseToScope):
      (JSC::ResolveOperation::returnScopeAsBase):
      (JSC::PutToBaseOperation::PutToBaseOperation):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::shouldAvoidResolveGlobal):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveBase):
      (JSC::BytecodeGenerator::emitResolveBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithBaseForPut):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetLocalVar):
      (JSC::BytecodeGenerator::emitInitGlobalConst):
      (JSC::BytecodeGenerator::emitPutToBase):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::ResolveResult::registerResolve):
      (JSC::ResolveResult::dynamicResolve):
      (ResolveResult):
      (JSC::ResolveResult::ResolveResult):
      (JSC):
      (NonlocalResolveInfo):
      (JSC::NonlocalResolveInfo::NonlocalResolveInfo):
      (JSC::NonlocalResolveInfo::~NonlocalResolveInfo):
      (JSC::NonlocalResolveInfo::resolved):
      (JSC::NonlocalResolveInfo::put):
      (BytecodeGenerator):
      (JSC::BytecodeGenerator::getResolveOperations):
      (JSC::BytecodeGenerator::getResolveWithThisOperations):
      (JSC::BytecodeGenerator::getResolveBaseOperations):
      (JSC::BytecodeGenerator::getResolveBaseForPutOperations):
      (JSC::BytecodeGenerator::getResolveWithBaseForPutOperations):
      (JSC::BytecodeGenerator::getPutToBaseOperation):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ResolveNode::isPure):
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixNode::emitResolve):
      (JSC::PrefixNode::emitResolve):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      (JSC::ForInNode::emitBytecode):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (InlineStackEntry):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (DFG):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileResolveOperations):
      (DFG):
      (JSC::DFG::canCompilePutToBaseOperation):
      (JSC::DFG::canCompileOpcode):
      (JSC::DFG::canInlineOpcode):
      * dfg/DFGGraph.h:
      (ResolveGlobalData):
      (ResolveOperationData):
      (DFG):
      (PutToBaseOperationData):
      (Graph):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifier):
      (JSC::DFG::Node::resolveOperationsDataIndex):
      (Node):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::resolveOperations):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::putToBaseOperation):
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      (JIT):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_put_to_base):
      (JSC):
      (JSC::JIT::emit_resolve_operations):
      (JSC::JIT::emitSlow_link_resolve_operations):
      (JSC::JIT::emit_op_resolve):
      (JSC::JIT::emitSlow_op_resolve):
      (JSC::JIT::emit_op_resolve_base):
      (JSC::JIT::emitSlow_op_resolve_base):
      (JSC::JIT::emit_op_resolve_with_base):
      (JSC::JIT::emitSlow_op_resolve_with_base):
      (JSC::JIT::emit_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_resolve_with_this):
      (JSC::JIT::emitSlow_op_put_to_base):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_put_to_base):
      (JSC):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_init_global_const):
      (JSC::JIT::emit_op_init_global_const_check):
      (JSC::JIT::emitSlow_op_init_global_const_check):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_init_global_const):
      (JSC::JIT::emit_op_init_global_const_check):
      (JSC::JIT::emitSlow_op_init_global_const_check):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSScope.cpp:
      (JSC::LookupResult::base):
      (JSC::LookupResult::value):
      (JSC::LookupResult::setBase):
      (JSC::LookupResult::setValue):
      (LookupResult):
      (JSC):
      (JSC::setPutPropertyAccessOffset):
      (JSC::executeResolveOperations):
      (JSC::JSScope::resolveContainingScopeInternal):
      (JSC::JSScope::resolveContainingScope):
      (JSC::JSScope::resolve):
      (JSC::JSScope::resolveBase):
      (JSC::JSScope::resolveWithBase):
      (JSC::JSScope::resolveWithThis):
      (JSC::JSScope::resolvePut):
      (JSC::JSScope::resolveGlobal):
      * runtime/JSScope.h:
      (JSScope):
      * runtime/JSVariableObject.cpp:
      (JSC):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      * runtime/Structure.h:
      (JSC::Structure::propertyAccessesAreCacheable):
      (Structure):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131516 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c4da761e
  8. 14 Oct, 2012 1 commit
    • fpizlo@apple.com's avatar
      IndexingType should not have a bit for each type · b9aa7ba0
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98997
      
      Reviewed by Oliver Hunt.
      
      Somewhat incidentally, the introduction of butterflies led to each indexing
      type being represented by a unique bit. This is superficially nice since it
      allows you to test if a structure corresponds to a particular indexing type
      by saying !!(structure->indexingType() & TheType). But the downside is that
      given the 8 bits we have for the m_indexingType field, that leaves only a
      small number of possible indexing types if we have one per bit.
              
      This changeset changes the indexing type to be:
              
      Bit #1: Tells you if you're an array.
              
      Bits #2 - #5: 16 possible indexing types, including the blank type for
          objects that don't have indexed properties.
              
      Bits #6-8: Auxiliary bits that we could use for other things. Currently we
          just use one of those bits, for MayHaveIndexedAccessors.
              
      This is performance-neutral, and is primarily intended to give us more
      breathing room for introducing new inferred array modes.
      
      * assembler/AbstractMacroAssembler.h:
      (JSC::AbstractMacroAssembler::JumpList::jumps):
      * assembler/MacroAssembler.h:
      (MacroAssembler):
      (JSC::MacroAssembler::patchableBranch32):
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::patchableBranch32):
      (MacroAssemblerARMv7):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::modeAlreadyChecked):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
      (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode):
      (DFG):
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::arrayify):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateJSArray):
      (JSC::JIT::chooseArrayMode):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emitArrayStorageGetByVal):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emitContiguousPutByVal):
      (JSC::JIT::emitArrayStoragePutByVal):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emitArrayStorageGetByVal):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emitContiguousPutByVal):
      (JSC::JIT::emitArrayStoragePutByVal):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/IndexingType.h:
      (JSC):
      (JSC::hasIndexedProperties):
      (JSC::hasContiguous):
      (JSC::hasFastArrayStorage):
      (JSC::hasArrayStorage):
      (JSC::shouldUseSlowPut):
      * runtime/JSGlobalObject.cpp:
      (JSC):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@131276 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b9aa7ba0
  9. 09 Oct, 2012 3 commits
    • fpizlo@apple.com's avatar
      Typed arrays should not be 20x slower in the baseline JIT than in the DFG JIT · c14c8d32
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98605
      
      Reviewed by Oliver Hunt and Gavin Barraclough.
      
      This adds typed array get_by_val/put_by_val patching to the baseline JIT. It's
      a big (~40%) win on benchmarks that have trouble staying in the DFG JIT. Even
      if we fix those benchmarks, this functionality gives us the insurance that we
      typically desire with all speculative optimizations: even if we bail to
      baseline, we're still reasonably performant.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/MacroAssembler.cpp: Added.
      (JSC):
      * assembler/MacroAssembler.h:
      (MacroAssembler):
      (JSC::MacroAssembler::patchableBranchPtr):
      * assembler/MacroAssemblerARMv7.h:
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::moveDoubleToInts):
      (JSC::MacroAssemblerARMv7::moveIntsToDouble):
      (JSC::MacroAssemblerARMv7::patchableBranchPtr):
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::moveDoubleToInts):
      (JSC::MacroAssemblerX86::moveIntsToDouble):
      * bytecode/ByValInfo.h:
      (JSC::hasOptimizableIndexingForClassInfo):
      (JSC):
      (JSC::hasOptimizableIndexing):
      (JSC::jitArrayModeForClassInfo):
      (JSC::jitArrayModeForStructure):
      (JSC::ByValInfo::ByValInfo):
      (ByValInfo):
      * dfg/DFGAssemblyHelpers.cpp:
      (DFG):
      * dfg/DFGAssemblyHelpers.h:
      (AssemblyHelpers):
      (JSC::DFG::AssemblyHelpers::boxDouble):
      (JSC::DFG::AssemblyHelpers::unboxDouble):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * jit/JIT.h:
      (JIT):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      (JSC::JIT::emitIntTypedArrayGetByVal):
      (JSC):
      (JSC::JIT::emitFloatTypedArrayGetByVal):
      (JSC::JIT::emitIntTypedArrayPutByVal):
      (JSC::JIT::emitFloatTypedArrayPutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * runtime/JSCell.h:
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      (JSC::JSGlobalData::typedArrayDescriptor):
      * runtime/TypedArrayDescriptor.h: Added.
      (JSC):
      (JSC::TypedArrayDescriptor::TypedArrayDescriptor):
      (TypedArrayDescriptor):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130839 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c14c8d32
    • fpizlo@apple.com's avatar
      JSC should infer when indexed storage is contiguous, and optimize for it · 0e9910a8
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97288
      
      Reviewed by Mark Hahnenberg.
      
      Source/JavaScriptCore: 
      
      This introduces a new kind of indexed property storage called Contiguous,
      which has the following properties:
              
      - No header bits beyond IndexedHeader. This results in a 16 byte reduction
        in memory usage per array versus an ArrayStorage array. It also means
        that the total memory usage for an empty array is now just 3 * 8 on both
        32-bit and 64-bit. Of that, only 8 bytes are array-specific; the rest is
        our standard object header overhead.
              
      - No need for hole checks on store. This results in a ~4% speed-up on
        Kraken and a ~1% speed-up on V8v7.
              
      - publicLength <= vectorLength. This means that doing new Array(blah)
        immediately allocates room for blah elements.
              
      - No sparse map or index bias.
              
      If you ever do things to an array that would require publicLength >
      vectorLength, a sparse map, or index bias, then we switch to ArrayStorage
      mode. This seems to never happen in any benchmark we track, and is unlikely
      to happen very frequently on any website.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/AbstractMacroAssembler.h:
      (JSC::AbstractMacroAssembler::JumpList::append):
      * assembler/MacroAssembler.h:
      (MacroAssembler):
      (JSC::MacroAssembler::patchableBranchTest32):
      * bytecode/ByValInfo.h: Added.
      (JSC):
      (JSC::isOptimizableIndexingType):
      (JSC::jitArrayModeForIndexingType):
      (JSC::ByValInfo::ByValInfo):
      (ByValInfo):
      (JSC::getByValInfoBytecodeIndex):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::getByValInfo):
      (JSC::CodeBlock::setNumberOfByValInfos):
      (JSC::CodeBlock::numberOfByValInfos):
      (JSC::CodeBlock::byValInfo):
      * bytecode/SamplingTool.h:
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::modeUsesButterfly):
      (JSC::DFG::modeIsJSArray):
      (JSC::DFG::isInBoundsAccess):
      (JSC::DFG::mayStoreToTail):
      (JSC::DFG::mayStoreToHole):
      (JSC::DFG::modeIsPolymorphic):
      (JSC::DFG::polymorphicIncludesContiguous):
      (JSC::DFG::polymorphicIncludesArrayStorage):
      (JSC::DFG::canCSEStorage):
      (JSC::DFG::modeSupportsLength):
      (JSC::DFG::benefitsFromStructureCheck):
      (JSC::DFG::isEffectful):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getArrayLengthElimination):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      (JSC::DFG::FixupPhase::blessArrayOperation):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::arrayify):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
      (DFG):
      * dfg/DFGSpeculativeJIT.h:
      (DFG):
      (JSC::DFG::SpeculativeJIT::callOperation):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::putByValWillNeedExtraRegister):
      (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compileContiguousGetByVal):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileArrayStorageGetByVal):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compileArrayStoragePutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compileContiguousGetByVal):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compileArrayStorageGetByVal):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compileArrayStoragePutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (SamplingScope):
      (JSC::SamplingScope::SamplingScope):
      (JSC::SamplingScope::~SamplingScope):
      (JSC):
      (JSC::Interpreter::execute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::ByValCompilationInfo::ByValCompilationInfo):
      (ByValCompilationInfo):
      (JSC):
      (JIT):
      (JSC::JIT::compileGetByVal):
      (JSC::JIT::compilePutByVal):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateJSArray):
      (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase):
      (JSC):
      (JSC::arrayProfileSaw):
      (JSC::JIT::chooseArrayMode):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      (JSC::JIT::emit_op_new_array):
      (JSC::JIT::emitSlow_op_new_array):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emitArrayStorageGetByVal):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emitContiguousPutByVal):
      (JSC::JIT::emitArrayStoragePutByVal):
      (JSC::JIT::emitSlow_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByVal):
      (JSC::JIT::privateCompilePutByVal):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC):
      (JSC::JIT::emitContiguousGetByVal):
      (JSC::JIT::emitArrayStorageGetByVal):
      (JSC::JIT::emitSlow_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::emitContiguousPutByVal):
      (JSC::JIT::emitArrayStoragePutByVal):
      (JSC::JIT::emitSlow_op_put_by_val):
      * jit/JITStubs.cpp:
      (JSC::getByVal):
      (JSC):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::putByVal):
      * jit/JITStubs.h:
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/ArrayConventions.h:
      (JSC::isDenseEnoughForVector):
      * runtime/ArrayPrototype.cpp:
      (JSC):
      (JSC::shift):
      (JSC::unshift):
      (JSC::arrayProtoFuncPush):
      (JSC::arrayProtoFuncShift):
      (JSC::arrayProtoFuncSplice):
      (JSC::arrayProtoFuncUnShift):
      * runtime/Butterfly.h:
      (Butterfly):
      (JSC::Butterfly::fromPointer):
      (JSC::Butterfly::pointer):
      (JSC::Butterfly::publicLength):
      (JSC::Butterfly::vectorLength):
      (JSC::Butterfly::setPublicLength):
      (JSC::Butterfly::setVectorLength):
      (JSC::Butterfly::contiguous):
      (JSC::Butterfly::fromContiguous):
      * runtime/ButterflyInlineMethods.h:
      (JSC::Butterfly::unshift):
      (JSC::Butterfly::shift):
      * runtime/IndexingHeaderInlineMethods.h:
      (JSC::IndexingHeader::indexingPayloadSizeInBytes):
      * runtime/IndexingType.cpp: Added.
      (JSC):
      (JSC::indexingTypeToString):
      * runtime/IndexingType.h:
      (JSC):
      (JSC::hasContiguous):
      * runtime/JSArray.cpp:
      (JSC::JSArray::setLengthWithArrayStorage):
      (JSC::JSArray::setLength):
      (JSC):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCountWithArrayStorage):
      (JSC::JSArray::shiftCountWithAnyIndexingType):
      (JSC::JSArray::unshiftCountWithArrayStorage):
      (JSC::JSArray::unshiftCountWithAnyIndexingType):
      (JSC::JSArray::sortNumericVector):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sortCompactedVector):
      (JSC::JSArray::sort):
      (JSC::JSArray::sortVector):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSC::JSArray::shiftCountForShift):
      (JSC::JSArray::shiftCountForSplice):
      (JSArray):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCountForShift):
      (JSC::JSArray::unshiftCountForSplice):
      (JSC::JSArray::unshiftCount):
      (JSC::JSArray::isLengthWritable):
      (JSC::createContiguousArrayButterfly):
      (JSC):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      (JSC):
      (JSC::JSGlobalObject::haveABadTime):
      (JSC::JSGlobalObject::visitChildren):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::arrayStructureWithArrayStorage):
      (JSC::JSGlobalObject::addressOfArrayStructureWithArrayStorage):
      (JSC::constructEmptyArray):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::createInitialContiguous):
      (JSC):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::convertContiguousToArrayStorage):
      (JSC::JSObject::ensureContiguousSlow):
      (JSC::JSObject::ensureArrayStorageSlow):
      (JSC::JSObject::ensureIndexedStorageSlow):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::switchToSlowPutArrayStorage):
      (JSC::JSObject::setPrototype):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::putByIndexBeyondVectorLengthContiguousWithoutAttributes):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::countElementsInContiguous):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::ensureContiguousLengthSlow):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSC::JSObject::getArrayLength):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::tryGetIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::canSetIndexQuicklyForPutDirect):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::hasSparseMap):
      (JSC::JSObject::inSparseIndexingMode):
      (JSObject):
      (JSC::JSObject::ensureContiguous):
      (JSC::JSObject::ensureIndexedStorage):
      (JSC::JSObject::ensureContiguousLength):
      (JSC::JSObject::indexingData):
      (JSC::JSObject::relevantLength):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/Options.cpp:
      (JSC::Options::initialize):
      * runtime/Structure.cpp:
      (JSC::Structure::needsSlowPutIndexing):
      (JSC):
      (JSC::Structure::suggestedArrayStorageTransition):
      * runtime/Structure.h:
      (Structure):
      * runtime/StructureTransitionTable.h:
      (JSC::newIndexingType):
      
      Source/WTF: 
      
      Moved out this helpful math utility to MathExtras, since we now use it in
      multiple places.
      
      * wtf/MathExtras.h:
      (timesThreePlusOneDividedByTwo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130826 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0e9910a8
    • mark.lam@apple.com's avatar
      Renamed RegisterFile to JSStack, and removed prototype of the · 4fbb9c33
      mark.lam@apple.com authored
      previously deleted Interpreter::privateExecute().
      https://bugs.webkit.org/show_bug.cgi?id=98717.
      
      Reviewed by Filip Pizlo.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.order:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/BytecodeConventions.h:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::nameForRegister):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::alreadyInJSStack):
      (JSC::ValueRecovery::alreadyInJSStackAsUnboxedInt32):
      (JSC::ValueRecovery::alreadyInJSStackAsUnboxedCell):
      (JSC::ValueRecovery::alreadyInJSStackAsUnboxedBoolean):
      (JSC::ValueRecovery::alreadyInJSStackAsUnboxedDouble):
      (JSC::ValueRecovery::displacedInJSStack):
      (JSC::ValueRecovery::isAlreadyInJSStack):
      (JSC::ValueRecovery::virtualRegister):
      (JSC::ValueRecovery::dump):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::resolveCallee):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      * bytecompiler/BytecodeGenerator.h:
      (JSC::BytecodeGenerator::registerFor):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::emitGetFromCallFrameHeaderPtr):
      (JSC::DFG::AssemblyHelpers::emitPutToCallFrameHeader):
      (JSC::DFG::AssemblyHelpers::emitPutImmediateToCallFrameHeader):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getDirect):
      (JSC::DFG::ByteCodeParser::findArgumentPositionForLocal):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::remapOperand):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGGenerationInfo.h:
      (GenerationInfo):
      (JSC::DFG::GenerationInfo::needsSpill):
      * dfg/DFGGraph.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileEntry):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::beginCall):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryBuildGetByIDList):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::spill):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::throwExceptionFromCallSlowPathGenerator):
      (JSC::DFG::slowPathFor):
      (JSC::DFG::virtualForThunkGenerator):
      * dfg/DFGValueSource.cpp:
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h:
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::valueSourceKindToDataFormat):
      (JSC::DFG::isInJSStack):
      (JSC::DFG::ValueSource::forSpeculation):
      (JSC::DFG::ValueSource::isInJSStack):
      (JSC::DFG::ValueSource::valueRecovery):
      * dfg/DFGVariableEventStream.cpp:
      (JSC::DFG::VariableEventStream::reconstruct):
      * heap/Heap.cpp:
      (JSC::Heap::stack):
      (JSC::Heap::getConservativeRegisterRoots):
      (JSC::Heap::markRoots):
      * heap/Heap.h:
      (JSC):
      (Heap):
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::stack):
      * interpreter/CallFrame.h:
      (JSC::ExecState::calleeAsValue):
      (JSC::ExecState::callee):
      (JSC::ExecState::codeBlock):
      (JSC::ExecState::scope):
      (JSC::ExecState::callerFrame):
      (JSC::ExecState::returnPC):
      (JSC::ExecState::hasReturnPC):
      (JSC::ExecState::clearReturnPC):
      (JSC::ExecState::bytecodeOffsetForNonDFGCode):
      (JSC::ExecState::setBytecodeOffsetForNonDFGCode):
      (JSC::ExecState::inlineCallFrame):
      (JSC::ExecState::codeOriginIndexForDFG):
      (JSC::ExecState::currentVPC):
      (JSC::ExecState::setCurrentVPC):
      (JSC::ExecState::setCallerFrame):
      (JSC::ExecState::setScope):
      (JSC::ExecState::init):
      (JSC::ExecState::argumentCountIncludingThis):
      (JSC::ExecState::offsetFor):
      (JSC::ExecState::setArgumentCountIncludingThis):
      (JSC::ExecState::setCallee):
      (JSC::ExecState::setCodeBlock):
      (JSC::ExecState::setReturnPC):
      (JSC::ExecState::setInlineCallFrame):
      (ExecState):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::slideRegisterWindowForCall):
      (JSC::eval):
      (JSC::loadVarargs):
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::throwException):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall):
      (JSC::Interpreter::endRepeatCall):
      * interpreter/Interpreter.h:
      (JSC::Interpreter::stack):
      (Interpreter):
      (JSC::Interpreter::execute):
      (JSC):
      * interpreter/JSStack.cpp: Copied from Source/JavaScriptCore/interpreter/RegisterFile.cpp.
      (JSC::stackStatisticsMutex):
      (JSC::JSStack::~JSStack):
      (JSC::JSStack::growSlowCase):
      (JSC::JSStack::gatherConservativeRoots):
      (JSC::JSStack::releaseExcessCapacity):
      (JSC::JSStack::initializeThreading):
      (JSC::JSStack::committedByteCount):
      (JSC::JSStack::addToCommittedByteCount):
      * interpreter/JSStack.h: Copied from Source/JavaScriptCore/interpreter/RegisterFile.h.
      (JSStack):
      (JSC::JSStack::JSStack):
      (JSC::JSStack::shrink):
      (JSC::JSStack::grow):
      * interpreter/RegisterFile.cpp: Removed.
      * interpreter/RegisterFile.h: Removed.
      * interpreter/VMInspector.cpp:
      (JSC::VMInspector::dumpFrame):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC):
      (JIT):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::emit_op_ret):
      (JSC::JIT::emit_op_ret_object_or_this):
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCall):
      * jit/JITCode.h:
      (JSC):
      (JSC::JITCode::execute):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitPutToCallFrameHeader):
      (JSC::JIT::emitPutCellToCallFrameHeader):
      (JSC::JIT::emitPutIntToCallFrameHeader):
      (JSC::JIT::emitPutImmediateToCallFrameHeader):
      (JSC::JIT::emitGetFromCallFrameHeaderPtr):
      (JSC::JIT::emitGetFromCallFrameHeader32):
      (JSC::JIT::updateTopCallFrame):
      (JSC::JIT::unmap):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_end):
      (JSC::JIT::emit_op_ret):
      (JSC::JIT::emit_op_ret_object_or_this):
      (JSC::JIT::emit_op_create_this):
      (JSC::JIT::emit_op_get_arguments_length):
      (JSC::JIT::emit_op_get_argument_by_val):
      (JSC::JIT::emit_op_resolve_global_dynamic):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::privateCompileCTINativeCall):
      (JSC::JIT::emit_op_end):
      (JSC::JIT::emit_op_create_this):
      (JSC::JIT::emit_op_get_arguments_length):
      (JSC::JIT::emit_op_get_argument_by_val):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_scoped_var):
      (JSC::JIT::emit_op_put_scoped_var):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_scoped_var):
      (JSC::JIT::emit_op_put_scoped_var):
      * jit/JITStubs.cpp:
      (JSC::ctiTrampoline):
      (JSC::JITThunks::JITThunks):
      (JSC):
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JITStubs.h:
      (JSC):
      (JITStackFrame):
      * jit/JSInterfaceJIT.h:
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::SpecializedThunkJIT):
      (JSC::SpecializedThunkJIT::returnJSValue):
      (JSC::SpecializedThunkJIT::returnDouble):
      (JSC::SpecializedThunkJIT::returnInt32):
      (JSC::SpecializedThunkJIT::returnJSCell):
      * llint/LLIntData.cpp:
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntOffsetsExtractor.cpp:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::genericCall):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter.asm:
      * runtime/Arguments.cpp:
      (JSC::Arguments::tearOffForInlineCallFrame):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::visitChildren):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::globalExec):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSGlobalObject):
      * runtime/JSLock.cpp:
      (JSC):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      * runtime/MemoryStatistics.cpp:
      (JSC::globalMemoryStatistics):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130726 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4fbb9c33
  10. 03 Oct, 2012 1 commit
    • ggaren@apple.com's avatar
      Removed the assumption that "final" objects have a fixed number of inline slots · 20b4bfc2
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=98332
      
      Reviewed by Filip Pizlo.
      
      This is a step toward object size inference.
      
      I replaced the inline storage capacity constant with a data member per
      structure, set the the maximum supported value for the constant to 100,
      then fixed what broke. (Note that even though this patch increases the
      theoretical maximum inline capacity, it doesn't change any actual inline
      capacity.)
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::compileGetDirectOffset): These functions just get a rename:
      the constant they need is the first out of line offset along the offset
      number line, which is not necessarily the same thing (and is, in this
      patch, never the same thing) as the inline capacity of any given object.
      
      (JSC::JIT::emit_op_get_by_pname):
      * jit/JITPropertyAccess32_64.cpp: This function changes functionality,
      since it needs to convert from the abstract offset number line to an
      actual offset in memory, and it can't assume that inline and out-of-line
      offsets are contiguous on the number line.
      
      (JSC::JIT::compileGetDirectOffset): Updated for rename.
      
      (JSC::JIT::emit_op_get_by_pname): Same as emit_op_get_by_pname above.
      
      * llint/LowLevelInterpreter.asm: Updated to mirror changes in PropertyOffset.h,
      since we duplicate values from there.
      
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm: Just like the JIT, most things are just
      renames, and get_by_pname changes to do more math. I also standardized
      offset calculations to use a hard-coded "-2", to match the JIT. This
      isn't really better, but it makes global search and replace easier,
      should we choose to refactor this code not to hard-code constants.
      
      I also renamed loadPropertyAtVariableOffsetKnownNotFinal to
      loadPropertyAtVariableOffsetKnownNotInline in order to sever the assumption
      that inline capacity is tied to object type, and I changed the 64bit LLInt
      to use this -- not using this previously seems to have been an oversight.
      
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitChildren):
      (JSC::JSFinalObject::visitChildren):
      * runtime/JSObject.h:
      (JSC::JSObject::offsetForLocation):
      (JSNonFinalObject):
      (JSC::JSFinalObject::createStructure):
      (JSFinalObject):
      (JSC::JSFinalObject::finishCreation): Updated for above changes.
      
      * runtime/JSPropertyNameIterator.h:
      (JSPropertyNameIterator):
      (JSC::JSPropertyNameIterator::finishCreation): Store the inline capacity
      of our object, since it's not a constant.
      
      (JSC::JSPropertyNameIterator::getOffset): Removed. This function was
      wrong. Luckily, it was also unused, since the C++ interpreter is gone.
      
      * runtime/PropertyMapHashTable.h:
      (PropertyTable): Use a helper function instead of hard-coding assumptions
      about object types.
      
      (JSC::PropertyTable::nextOffset):
      * runtime/PropertyOffset.h:
      (JSC):
      (JSC::checkOffset):
      (JSC::validateOffset):
      (JSC::isInlineOffset):
      (JSC::numberOfSlotsForLastOffset):
      (JSC::propertyOffsetFor): Refactored these functions to take inline capacity
      as an argument, since it's not fixed at compile time anymore.
      
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::putSpecificValue):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::outOfLineCapacity):
      (JSC::Structure::hasInlineStorage):
      (JSC::Structure::inlineCapacity):
      (JSC::Structure::inlineSize):
      (JSC::Structure::firstValidOffset):
      (JSC::Structure::lastValidOffset):
      (JSC::Structure::create): Removed some hard-coded assumptions about inline
      capacity and object type, and replaced with more liberal use of helper functions.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@130359 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      20b4bfc2
  11. 19 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should not emit PutByVal hole case unless it has to · 69e2784d
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=97080
      
      Reviewed by Geoffrey Garen.
      
      This causes us to generate less code for typical PutByVal's. But if profiling tells us
      that the hole case is being hit, we generate the same code as we would have generated
      before. This seems like a slight speed-up across the board.
      
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::store8):
      (MacroAssemblerARMv7):
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::store8):
      * assembler/MacroAssemblerX86_64.h:
      (MacroAssemblerX86_64):
      (JSC::MacroAssemblerX86_64::store8):
      * assembler/X86Assembler.h:
      (X86Assembler):
      (JSC::X86Assembler::movb_i8m):
      * bytecode/ArrayProfile.h:
      (JSC::ArrayProfile::ArrayProfile):
      (JSC::ArrayProfile::addressOfMayStoreToHole):
      (JSC::ArrayProfile::mayStoreToHole):
      (ArrayProfile):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::mayStoreToHole):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.h:
      (JIT):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase):
      (JSC):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_put_by_val):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_put_by_val):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129045 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      69e2784d
  12. 17 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      Array profiling has convergence issues · c7be5be0
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=96891
      
      Reviewed by Gavin Barraclough.
      
      Source/JavaScriptCore: 
      
      Now each array profiling site merges in the indexing type it observed into
      the m_observedArrayModes bitset. The ArrayProfile also uses this to detect
      cases where the structure must have gone polymorphic (if the bitset is
      polymorphic then the structure must be). This achieves something like the
      best of both worlds: on the one hand, we get a probabilistic structure that
      we can use to optimize the monomorphic structure case, but on the other hand,
      we get an accurate view of the set of types that were encountered.
      
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::or32):
      (MacroAssemblerARMv7):
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::or32):
      (MacroAssemblerX86):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::or32):
      (MacroAssemblerX86_64):
      * assembler/X86Assembler.h:
      (X86Assembler):
      (JSC::X86Assembler::orl_rm):
      * bytecode/ArrayProfile.cpp:
      (JSC::ArrayProfile::computeUpdatedPrediction):
      * bytecode/ArrayProfile.h:
      (JSC::ArrayProfile::addressOfArrayModes):
      (JSC::ArrayProfile::structureIsPolymorphic):
      * jit/JIT.h:
      (JIT):
      * jit/JITInlineMethods.h:
      (JSC):
      (JSC::JIT::emitArrayProfilingSite):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      
      Source/WTF: 
      
      Added functions for testing if something is a power of 2.
      
      * wtf/MathExtras.h:
      (hasZeroOrOneBitsSet):
      (hasTwoOrMoreBitsSet):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128790 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c7be5be0
  13. 13 Sep, 2012 1 commit
  14. 12 Sep, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should have property butterflies · d8dd0535
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=91933
      
      Reviewed by Geoffrey Garen.
      
      Source/JavaScriptCore: 
      
      This changes the JSC object model. Previously, all objects had fast lookup for
      named properties. Integer indexed properties were only fast if you used a
      JSArray. With this change, all objects have fast indexed properties. This is
      accomplished without any space overhead by using a bidirectional object layout,
      aka butterflies. Each JSObject has a m_butterfly pointer where previously it
      had a m_outOfLineStorage pointer. To the left of the location pointed to by
      m_butterfly, we place all named out-of-line properties. To the right, we place
      all indexed properties along with indexing meta-data. Though, some indexing
      meta-data is placed in the 8-byte word immediately left of the pointed-to
      location; this is in anticipation of the indexing meta-data being small enough
      in the common case that m_butterfly always points to the first indexed
      property.
              
      This is performance neutral, except on tests that use indexed properties on
      plain objects, where the speed-up is in excess of an order of magnitude.
              
      One notable aspect of what this change brings is that it allows indexing
      storage to morph over time. Currently this is only used to allow all non-array
      objects to start out without any indexed storage. But it could be used for
      some kinds of array type inference in the future.
      
      * API/JSCallbackObject.h:
      (JSCallbackObject):
      * API/JSCallbackObjectFunctions.h:
      (JSC::::getOwnPropertySlotByIndex):
      (JSC):
      (JSC::::getOwnNonIndexPropertyNames):
      * API/JSObjectRef.cpp:
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ArrayProfile.h:
      (JSC):
      (JSC::arrayModeFromStructure):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitDirectPutById):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::AdjacencyList):
      (AdjacencyList):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::fromObserved):
      (JSC::DFG::modeAlreadyChecked):
      (JSC::DFG::modeToString):
      * dfg/DFGArrayMode.h:
      (DFG):
      (JSC::DFG::modeUsesButterfly):
      (JSC::DFG::modeIsJSArray):
      (JSC::DFG::isInBoundsAccess):
      (JSC::DFG::modeSupportsLength):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::addNode):
      (FixupPhase):
      (JSC::DFG::FixupPhase::checkArray):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::byValIsPure):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::Node):
      (Node):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOperations.cpp:
      (JSC::DFG::putByVal):
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryBuildPutByIdList):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      (JSC::JIT::emitAllocateBasicStorage):
      (JSC::JIT::emitAllocateJSArray):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      (JSC::JIT::emitSlow_op_new_array):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jsc.cpp:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/Arguments.cpp:
      (JSC::Arguments::deletePropertyByIndex):
      (JSC::Arguments::defineOwnProperty):
      * runtime/ArrayConstructor.cpp:
      * runtime/ArrayConventions.h: Added.
      (JSC):
      (JSC::isDenseEnoughForVector):
      (JSC::indexingHeaderForArray):
      (JSC::baseIndexingHeaderForArray):
      * runtime/ArrayPrototype.cpp:
      (JSC::ArrayPrototype::create):
      (JSC):
      (JSC::ArrayPrototype::ArrayPrototype):
      (JSC::arrayProtoFuncToString):
      (JSC::arrayProtoFuncJoin):
      (JSC::arrayProtoFuncSort):
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncMap):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncForEach):
      (JSC::arrayProtoFuncSome):
      (JSC::arrayProtoFuncReduce):
      (JSC::arrayProtoFuncReduceRight):
      * runtime/ArrayPrototype.h:
      (ArrayPrototype):
      (JSC::ArrayPrototype::createStructure):
      * runtime/ArrayStorage.h: Added.
      (JSC):
      (ArrayStorage):
      (JSC::ArrayStorage::ArrayStorage):
      (JSC::ArrayStorage::from):
      (JSC::ArrayStorage::butterfly):
      (JSC::ArrayStorage::indexingHeader):
      (JSC::ArrayStorage::length):
      (JSC::ArrayStorage::setLength):
      (JSC::ArrayStorage::vectorLength):
      (JSC::ArrayStorage::setVectorLength):
      (JSC::ArrayStorage::copyHeaderFromDuringGC):
      (JSC::ArrayStorage::inSparseMode):
      (JSC::ArrayStorage::lengthOffset):
      (JSC::ArrayStorage::vectorLengthOffset):
      (JSC::ArrayStorage::numValuesInVectorOffset):
      (JSC::ArrayStorage::vectorOffset):
      (JSC::ArrayStorage::indexBiasOffset):
      (JSC::ArrayStorage::sparseMapOffset):
      (JSC::ArrayStorage::sizeFor):
      * runtime/Butterfly.h: Added.
      (JSC):
      (Butterfly):
      (JSC::Butterfly::Butterfly):
      (JSC::Butterfly::totalSize):
      (JSC::Butterfly::fromBase):
      (JSC::Butterfly::offsetOfIndexingHeader):
      (JSC::Butterfly::offsetOfPublicLength):
      (JSC::Butterfly::offsetOfVectorLength):
      (JSC::Butterfly::indexingHeader):
      (JSC::Butterfly::propertyStorage):
      (JSC::Butterfly::indexingPayload):
      (JSC::Butterfly::arrayStorage):
      (JSC::Butterfly::offsetOfPropertyStorage):
      (JSC::Butterfly::indexOfPropertyStorage):
      (JSC::Butterfly::base):
      * runtime/ButterflyInlineMethods.h: Added.
      (JSC):
      (JSC::Butterfly::createUninitialized):
      (JSC::Butterfly::create):
      (JSC::Butterfly::createUninitializedDuringCollection):
      (JSC::Butterfly::base):
      (JSC::Butterfly::growPropertyStorage):
      (JSC::Butterfly::growArrayRight):
      (JSC::Butterfly::resizeArray):
      (JSC::Butterfly::unshift):
      (JSC::Butterfly::shift):
      * runtime/ClassInfo.h:
      (MethodTable):
      (JSC):
      * runtime/IndexingHeader.h: Added.
      (JSC):
      (IndexingHeader):
      (JSC::IndexingHeader::offsetOfIndexingHeader):
      (JSC::IndexingHeader::offsetOfPublicLength):
      (JSC::IndexingHeader::offsetOfVectorLength):
      (JSC::IndexingHeader::IndexingHeader):
      (JSC::IndexingHeader::vectorLength):
      (JSC::IndexingHeader::setVectorLength):
      (JSC::IndexingHeader::publicLength):
      (JSC::IndexingHeader::setPublicLength):
      (JSC::IndexingHeader::from):
      (JSC::IndexingHeader::fromEndOf):
      (JSC::IndexingHeader::propertyStorage):
      (JSC::IndexingHeader::arrayStorage):
      (JSC::IndexingHeader::butterfly):
      * runtime/IndexingHeaderInlineMethods.h: Added.
      (JSC):
      (JSC::IndexingHeader::preCapacity):
      (JSC::IndexingHeader::indexingPayloadSizeInBytes):
      * runtime/IndexingType.h: Added.
      (JSC):
      (JSC::hasIndexingHeader):
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::visitChildren):
      (JSC::JSActivation::getOwnNonIndexPropertyNames):
      * runtime/JSActivation.h:
      (JSActivation):
      (JSC::JSActivation::tearOff):
      * runtime/JSArray.cpp:
      (JSC):
      (JSC::createArrayButterflyInDictionaryIndexingMode):
      (JSC::JSArray::setLengthWritable):
      (JSC::JSArray::defineOwnProperty):
      (JSC::JSArray::getOwnPropertySlot):
      (JSC::JSArray::getOwnPropertyDescriptor):
      (JSC::JSArray::put):
      (JSC::JSArray::deleteProperty):
      (JSC::JSArray::getOwnNonIndexPropertyNames):
      (JSC::JSArray::unshiftCountSlowCase):
      (JSC::JSArray::setLength):
      (JSC::JSArray::pop):
      (JSC::JSArray::push):
      (JSC::JSArray::shiftCount):
      (JSC::JSArray::unshiftCount):
      (JSC::JSArray::sortNumeric):
      (JSC::JSArray::sort):
      (JSC::JSArray::fillArgList):
      (JSC::JSArray::copyToArguments):
      (JSC::JSArray::compactForSorting):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      (JSC::JSArray::JSArray):
      (JSC::JSArray::length):
      (JSC::JSArray::createStructure):
      (JSC::JSArray::isLengthWritable):
      (JSC::createArrayButterfly):
      (JSC::JSArray::create):
      (JSC::JSArray::tryCreateUninitialized):
      * runtime/JSBoundFunction.cpp:
      (JSC::boundFunctionCall):
      (JSC::boundFunctionConstruct):
      (JSC::JSBoundFunction::finishCreation):
      * runtime/JSCell.cpp:
      (JSC::JSCell::getOwnNonIndexPropertyNames):
      (JSC):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSFunction.cpp:
      (JSC::JSFunction::getOwnPropertySlot):
      (JSC::JSFunction::getOwnPropertyDescriptor):
      (JSC::JSFunction::getOwnNonIndexPropertyNames):
      (JSC::JSFunction::defineOwnProperty):
      * runtime/JSFunction.h:
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/JSGlobalObject.cpp:
      (JSC::JSGlobalObject::reset):
      * runtime/JSONObject.cpp:
      (JSC::Stringifier::Holder::appendNextProperty):
      (JSC::Walker::walk):
      * runtime/JSObject.cpp:
      (JSC):
      (JSC::JSObject::visitButterfly):
      (JSC::JSObject::visitChildren):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::getOwnPropertySlotByIndex):
      (JSC::JSObject::put):
      (JSC::JSObject::putByIndex):
      (JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
      (JSC::JSObject::enterDictionaryIndexingMode):
      (JSC::JSObject::createArrayStorage):
      (JSC::JSObject::createInitialArrayStorage):
      (JSC::JSObject::ensureArrayStorageExistsAndEnterDictionaryIndexingMode):
      (JSC::JSObject::putDirectAccessor):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::deletePropertyByIndex):
      (JSC::JSObject::getOwnPropertyNames):
      (JSC::JSObject::getOwnNonIndexPropertyNames):
      (JSC::JSObject::preventExtensions):
      (JSC::JSObject::fillGetterPropertySlot):
      (JSC::JSObject::putIndexedDescriptor):
      (JSC::JSObject::defineOwnIndexedProperty):
      (JSC::JSObject::allocateSparseIndexMap):
      (JSC::JSObject::deallocateSparseIndexMap):
      (JSC::JSObject::putByIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putByIndexBeyondVectorLength):
      (JSC::JSObject::putDirectIndexBeyondVectorLengthWithArrayStorage):
      (JSC::JSObject::putDirectIndexBeyondVectorLength):
      (JSC::JSObject::getNewVectorLength):
      (JSC::JSObject::increaseVectorLength):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      (JSC::putDescriptor):
      (JSC::JSObject::putDirectMayBeIndex):
      (JSC::JSObject::defineOwnNonIndexProperty):
      (JSC::JSObject::defineOwnProperty):
      (JSC::JSObject::getOwnPropertySlotSlow):
      * runtime/JSObject.h:
      (JSC::JSObject::getArrayLength):
      (JSObject):
      (JSC::JSObject::getVectorLength):
      (JSC::JSObject::putDirectIndex):
      (JSC::JSObject::canGetIndexQuickly):
      (JSC::JSObject::getIndexQuickly):
      (JSC::JSObject::canSetIndexQuickly):
      (JSC::JSObject::setIndexQuickly):
      (JSC::JSObject::initializeIndex):
      (JSC::JSObject::completeInitialization):
      (JSC::JSObject::inSparseIndexingMode):
      (JSC::JSObject::butterfly):
      (JSC::JSObject::outOfLineStorage):
      (JSC::JSObject::offsetForLocation):
      (JSC::JSObject::indexingShouldBeSparse):
      (JSC::JSObject::butterflyOffset):
      (JSC::JSObject::butterflyAddress):
      (JSC::JSObject::arrayStorage):
      (JSC::JSObject::arrayStorageOrZero):
      (JSC::JSObject::ensureArrayStorage):
      (JSC::JSObject::checkIndexingConsistency):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC):
      (JSC::JSObject::setButterfly):
      (JSC::JSObject::setButterflyWithoutChangingStructure):
      (JSC::JSObject::JSObject):
      (JSC::JSObject::inlineGetOwnPropertySlot):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::offsetInButterfly):
      (JSC::offsetRelativeToPatchedStorage):
      (JSC::indexRelativeToBase):
      (JSC::offsetRelativeToBase):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSSymbolTableObject.cpp:
      (JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
      * runtime/JSSymbolTableObject.h:
      (JSSymbolTableObject):
      * runtime/JSTypeInfo.h:
      (JSC):
      (JSC::TypeInfo::interceptsGetOwnPropertySlotByIndexEvenWhenLengthIsNotZero):
      (JSC::TypeInfo::overridesGetPropertyNames):
      * runtime/LiteralParser.cpp:
      (JSC::::parse):
      * runtime/ObjectConstructor.cpp:
      * runtime/ObjectPrototype.cpp:
      (JSC::ObjectPrototype::ObjectPrototype):
      (JSC):
      * runtime/ObjectPrototype.h:
      (ObjectPrototype):
      * runtime/PropertyOffset.h:
      (JSC::offsetInOutOfLineStorage):
      * runtime/PropertyStorage.h: Added.
      (JSC):
      * runtime/PutDirectIndexMode.h: Added.
      (JSC):
      * runtime/RegExpMatchesArray.cpp:
      (JSC::RegExpMatchesArray::RegExpMatchesArray):
      (JSC):
      (JSC::RegExpMatchesArray::create):
      (JSC::RegExpMatchesArray::finishCreation):
      * runtime/RegExpMatchesArray.h:
      (RegExpMatchesArray):
      (JSC::RegExpMatchesArray::createStructure):
      * runtime/RegExpObject.cpp:
      (JSC::RegExpObject::getOwnNonIndexPropertyNames):
      * runtime/RegExpObject.h:
      (RegExpObject):
      * runtime/Reject.h: Added.
      (JSC):
      (JSC::reject):
      * runtime/SparseArrayValueMap.cpp: Added.
      (JSC):
      * runtime/SparseArrayValueMap.h: Added.
      (JSC):
      (SparseArrayEntry):
      (JSC::SparseArrayEntry::SparseArrayEntry):
      (SparseArrayValueMap):
      (JSC::SparseArrayValueMap::sparseMode):
      (JSC::SparseArrayValueMap::setSparseMode):
      (JSC::SparseArrayValueMap::lengthIsReadOnly):
      (JSC::SparseArrayValueMap::setLengthIsReadOnly):
      (JSC::SparseArrayValueMap::find):
      (JSC::SparseArrayValueMap::remove):
      (JSC::SparseArrayValueMap::notFound):
      (JSC::SparseArrayValueMap::isEmpty):
      (JSC::SparseArrayValueMap::contains):
      (JSC::SparseArrayValueMap::size):
      (JSC::SparseArrayValueMap::begin):
      (JSC::SparseArrayValueMap::end):
      * runtime/SparseArrayValueMapInlineMethods.h: Added.
      (JSC):
      (JSC::SparseArrayValueMap::SparseArrayValueMap):
      (JSC::SparseArrayValueMap::~SparseArrayValueMap):
      (JSC::SparseArrayValueMap::finishCreation):
      (JSC::SparseArrayValueMap::create):
      (JSC::SparseArrayValueMap::destroy):
      (JSC::SparseArrayValueMap::createStructure):
      (JSC::SparseArrayValueMap::add):
      (JSC::SparseArrayValueMap::putEntry):
      (JSC::SparseArrayValueMap::putDirect):
      (JSC::SparseArrayEntry::get):
      (JSC::SparseArrayEntry::getNonSparseMode):
      (JSC::SparseArrayValueMap::visitChildren):
      * runtime/StorageBarrier.h: Removed.
      * runtime/StringObject.cpp:
      (JSC::StringObject::putByIndex):
      (JSC):
      (JSC::StringObject::deletePropertyByIndex):
      * runtime/StringObject.h:
      (StringObject):
      * runtime/StringPrototype.cpp:
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::Structure::nonPropertyTransition):
      (JSC):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::indexingType):
      (JSC::Structure::indexingTypeIncludingHistory):
      (JSC::Structure::indexingTypeOffset):
      (JSC::Structure::create):
      * runtime/StructureTransitionTable.h:
      (JSC):
      (JSC::toAttributes):
      (JSC::newIndexingType):
      (JSC::StructureTransitionTable::Hash::hash):
      * tests/mozilla/js1_6/Array/regress-304828.js:
      
      Source/WebCore: 
      
      Teach the DOM that to intercept get/put on indexed properties, you now have
      to override getOwnPropertySlotByIndex and putByIndex.
      
      No new tests because no new behavior. One test was rebased because indexed
      property iteration order now matches other engines (indexed properties always
      come first).
      
      * bindings/js/ArrayValue.cpp:
      (WebCore::ArrayValue::get):
      * bindings/js/JSBlobCustom.cpp:
      (WebCore::JSBlobConstructor::constructJSBlob):
      * bindings/js/JSCanvasRenderingContext2DCustom.cpp:
      (WebCore::JSCanvasRenderingContext2D::setWebkitLineDash):
      * bindings/js/JSDOMStringListCustom.cpp:
      (WebCore::toDOMStringList):
      * bindings/js/JSDOMStringMapCustom.cpp:
      (WebCore::JSDOMStringMap::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::getOwnPropertySlot):
      (WebCore::JSDOMWindow::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindow::putByIndex):
      (WebCore::JSDOMWindow::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.cpp:
      (WebCore::JSDOMWindowShell::getOwnPropertySlotByIndex):
      (WebCore):
      (WebCore::JSDOMWindowShell::putByIndex):
      (WebCore::JSDOMWindowShell::deletePropertyByIndex):
      * bindings/js/JSDOMWindowShell.h:
      (JSDOMWindowShell):
      * bindings/js/JSHistoryCustom.cpp:
      (WebCore::JSHistory::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::populateContextMenuItems):
      * bindings/js/JSLocationCustom.cpp:
      (WebCore::JSLocation::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSStorageCustom.cpp:
      (WebCore::JSStorage::deletePropertyByIndex):
      (WebCore):
      * bindings/js/JSWebSocketCustom.cpp:
      (WebCore::JSWebSocketConstructor::constructJSWebSocket):
      * bindings/js/ScriptValue.cpp:
      (WebCore::jsToInspectorValue):
      * bindings/js/SerializedScriptValue.cpp:
      (WebCore::CloneSerializer::serialize):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateHeader):
      (GenerateImplementation):
      * bridge/runtime_array.cpp:
      (JSC::RuntimeArray::RuntimeArray):
      * bridge/runtime_array.h:
      (JSC::RuntimeArray::createStructure):
      (RuntimeArray):
      
      LayoutTests: 
      
      Modify the JSON test to indicate that iterating over properties now returns
      indexed properties first. This is a behavior change that makes us more
      compliant with other implementations.
              
      Also check in new expected file for the edge cases of indexed property access
      with prototype accessors. This changeset introduces a known regression in that
      department, which is tracked here: https://bugs.webkit.org/show_bug.cgi?id=96596
      
      * fast/js/resources/JSON-stringify.js:
      * platform/mac/fast/js/primitive-property-access-edge-cases-expected.txt: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128400 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d8dd0535
  15. 30 Aug, 2012 1 commit
    • ggaren@apple.com's avatar
      Use one object instead of two for closures, eliminating ScopeChainNode · b11e7874
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95501
      
      Reviewed by Filip Pizlo.
      
      ../JavaScriptCore: 
      
      This patch removes ScopeChainNode, and moves all the data and related
      functions that used to be in ScopeChainNode into JSScope.
      
      Most of this patch is mechanical changes to use a JSScope* where we used
      to use a ScopeChainNode*. I've only specifically commented about items
      that were non-mechanical.
      
      * runtime/Completion.cpp:
      (JSC::evaluate):
      * runtime/Completion.h: Don't require an explicit scope chain argument
      when evaluating code. Clients never wanted anything other than the
      global scope, and other arbitrary scopes probably wouldn't work
      correctly, anyway.
      
      * runtime/JSScope.cpp:
      * runtime/JSScope.h:
      (JSC::JSScope::JSScope): JSScope now requires the data we used to pass to
      ScopeChainNode, so it can link itself into the scope chain correctly.
      
      * runtime/JSWithScope.h:
      (JSC::JSWithScope::create):
      (JSC::JSWithScope::JSWithScope): JSWithScope gets an extra constructor
      for specifically supplying your own scope chain. The DOM needs this
      interface for setting up the scope chain for certain event handlers.
      Other clients always just push the JSWithScope to the head of the current
      scope chain.
      
      ../WebCore: 
      
      Mechanical changes to update for JSC interface changes.
      
      ../WebKit/mac: 
      
      Mechanical change to update for JSC interface change.
      
      ../WebKit/qt: 
      
      Mechanical change to update for JSC interface change.
      
      * Api/qwebelement.cpp:
      (QWebElement::evaluateJavaScript):
      
      ../WebKit2: 
      
      Mechanical changes to update for JSC interface change.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127202 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b11e7874
  16. 29 Aug, 2012 1 commit
    • barraclough@apple.com's avatar
      PutById uses DataLabel32, not DataLabelCompact · 4c64ecd4
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=95245
      
      Reviewed by Geoff Garen.
      
      JIT::resetPatchPutById calls the the wrong thing on x86-64 – this is moot right now,
      since they currently both do the same thing, but if we were to ever make compact mean
      8-bit this could be a real problem. Also, relying on the object still being in eax
      on entry to the transition stub isn't very robust - added nonArgGPR1 to at least make
      this explicit.
      
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emitSlow_op_put_by_id):
          - copy regT0 to nonArgGPR1
      (JSC::JIT::privateCompilePutByIdTransition):
          - DataLabelCompact -> DataLabel32
      (JSC::JIT::resetPatchPutById):
          - reload regT0 from nonArgGPR1
      * jit/JSInterfaceJIT.h:
      (JSInterfaceJIT):
          - added nonArgGPR1
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@127066 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4c64ecd4
  17. 28 Aug, 2012 2 commits
  18. 14 Aug, 2012 2 commits
    • fpizlo@apple.com's avatar
      Unreviewed, build fix for !ENABLE(DFG_JIT) · a0c9a0ad
      fpizlo@apple.com authored
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125639 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a0c9a0ad
    • fpizlo@apple.com's avatar
      Array checks should use the structure, not the class info · f24804c6
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=93150
      
      Reviewed by Mark Hahnenberg.
      
      This changes all array checks used in array accesses (get, put, get length,
      push, pop) to use the structure, not the class info. Additionally, these
      checks in the LLInt and baseline JIT record the structure in an ArrayProfile,
      so that the DFG can know exactly what structure to check for.
              
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/ArrayProfile.cpp: Added.
      (JSC):
      (JSC::ArrayProfile::computeUpdatedPrediction):
      * bytecode/ArrayProfile.h: Added.
      (JSC):
      (JSC::arrayModeFromStructure):
      (ArrayProfile):
      (JSC::ArrayProfile::ArrayProfile):
      (JSC::ArrayProfile::bytecodeOffset):
      (JSC::ArrayProfile::addressOfLastSeenStructure):
      (JSC::ArrayProfile::observeStructure):
      (JSC::ArrayProfile::expectedStructure):
      (JSC::ArrayProfile::structureIsPolymorphic):
      (JSC::ArrayProfile::hasDefiniteStructure):
      (JSC::ArrayProfile::observedArrayModes):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::getArrayProfile):
      (JSC):
      (JSC::CodeBlock::getOrAddArrayProfile):
      (JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::executionEntryCount):
      (JSC::CodeBlock::numberOfArrayProfiles):
      (JSC::CodeBlock::arrayProfiles):
      (JSC::CodeBlock::addArrayProfile):
      (CodeBlock):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitGetArgumentByVal):
      (JSC::BytecodeGenerator::emitGetByVal):
      (JSC::BytecodeGenerator::emitPutByVal):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::StructureAbstractValue::hasSingleton):
      (StructureAbstractValue):
      (JSC::DFG::StructureAbstractValue::singleton):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::speculateArray):
      (DFG):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_val):
      (JSC::JIT::emit_op_put_by_val):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      * llint/LLIntOffsetsExtractor.cpp:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::classInfoOffset):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@125637 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      f24804c6
  19. 02 Aug, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Remove all uses of ClassInfo for JSStrings in JIT code · 85c200b2
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=92935
      
      Reviewed by Geoffrey Garen.
      
      This is the first step in removing our dependence on in-object ClassInfo pointers
      in JIT code. Most of the changes are to check the Structure, which is unique for 
      JSString primitives.
      
      * bytecode/SpeculatedType.cpp:
      (JSC::speculationFromClassInfo):
      (JSC::speculationFromStructure): Changed to check the TypeInfo in the Structure
      since there wasn't a JSGlobalData immediately available to grab the JSString 
      Structure out of.
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitLoadCharacterString):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emit_op_convert_this):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::emit_op_to_primitive):
      (JSC::JIT::emitSlow_op_eq):
      (JSC::JIT::emitSlow_op_neq):
      (JSC::JIT::compileOpStrictEq):
      (JSC::JIT::emit_op_convert_this):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::emitSlow_op_get_by_val):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::loadJSStringArgument):
      * jit/ThunkGenerators.cpp:
      (JSC::stringCharLoad):
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@124476 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      85c200b2
  20. 23 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      Property storage should grow in reverse address direction, to support butterflies · 961a9564
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=91788
      
      Reviewed by Geoffrey Garen.
      
      Changes property storage to grow to the left, and changes the property storage pointer to point
      one 8-byte word (i.e. JSValue) to the right of the first value in the storage.
              
      Also improved debug support somewhat, by adding a describe() function to the jsc command-line,
      and a slow mode of object access in LLInt.
      
      * assembler/ARMv7Assembler.h:
      (JSC::ARMv7Assembler::repatchCompact):
      * assembler/MacroAssemblerARMv7.h:
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::isCompactPtrAlignedAddressOffset):
      (JSC::MacroAssemblerARMv7::load32WithCompactAddressOffsetPatch):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::isCompactPtrAlignedAddressOffset):
      (JSC::MacroAssemblerX86Common::repatchCompact):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::repatchCompact):
      * bytecode/CodeBlock.cpp:
      (JSC::dumpStructure):
      * bytecode/GetByIdStatus.h:
      (JSC::GetByIdStatus::GetByIdStatus):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::emitPutTransitionStub):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/ConservativeRoots.cpp:
      (JSC::ConservativeRoots::genericAddPointer):
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * heap/CopiedSpaceInlineMethods.h:
      (JSC::CopiedSpace::pinIfNecessary):
      (JSC):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::compileGetDirectOffset):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::compileGetDirectOffset):
      * jit/JITStubs.cpp:
      (JSC::JITThunks::tryCacheGetByID):
      * jsc.cpp:
      (GlobalObject::finishCreation):
      (functionDescribe):
      * llint/LLIntCommon.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitChildren):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::growOutOfLineStorage):
      * runtime/JSObject.h:
      (JSC::JSObject::getDirectLocation):
      (JSC::JSObject::offsetForLocation):
      * runtime/JSValue.h:
      (JSValue):
      * runtime/PropertyOffset.h:
      (JSC::offsetInOutOfLineStorage):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@123417 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      961a9564
  21. 09 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      It should be possible to jettison JIT stub routines even if they are currently running · 746b8c5b
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90731
      
      Reviewed by Gavin Barraclough.
              
      This gives the GC awareness of all JIT-generated stubs for inline caches. That
      means that if you want to delete a JIT-generated stub, you don't have to worry
      about whether or not it is currently running: if there is a chance that it might
      be, the GC will kindly defer deletion until non-running-ness is proved.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/Instruction.h:
      (JSC):
      (PolymorphicStubInfo):
      (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
      (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList):
      * bytecode/PolymorphicPutByIdList.cpp:
      (JSC::PutByIdAccess::fromStructureStubInfo):
      * bytecode/PolymorphicPutByIdList.h:
      (JSC::PutByIdAccess::transition):
      (JSC::PutByIdAccess::replace):
      (JSC::PutByIdAccess::stubRoutine):
      (PutByIdAccess):
      (JSC::PolymorphicPutByIdList::currentSlowPathTarget):
      * bytecode/StructureStubInfo.h:
      (JSC::StructureStubInfo::reset):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::tryBuildPutByIdList):
      * heap/ConservativeRoots.cpp:
      (JSC):
      (DummyMarkHook):
      (JSC::DummyMarkHook::mark):
      (JSC::ConservativeRoots::add):
      (CompositeMarkHook):
      (JSC::CompositeMarkHook::CompositeMarkHook):
      (JSC::CompositeMarkHook::mark):
      * heap/ConservativeRoots.h:
      (JSC):
      (ConservativeRoots):
      * heap/Heap.cpp:
      (JSC::Heap::markRoots):
      (JSC::Heap::deleteUnmarkedCompiledCode):
      * heap/Heap.h:
      (JSC):
      (Heap):
      * heap/JITStubRoutineSet.cpp: Added.
      (JSC):
      (JSC::JITStubRoutineSet::JITStubRoutineSet):
      (JSC::JITStubRoutineSet::~JITStubRoutineSet):
      (JSC::JITStubRoutineSet::add):
      (JSC::JITStubRoutineSet::clearMarks):
      (JSC::JITStubRoutineSet::markSlow):
      (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
      (JSC::JITStubRoutineSet::traceMarkedStubRoutines):
      * heap/JITStubRoutineSet.h: Added.
      (JSC):
      (JITStubRoutineSet):
      (JSC::JITStubRoutineSet::mark):
      * heap/MachineStackMarker.h:
      (JSC):
      * interpreter/RegisterFile.cpp:
      (JSC::RegisterFile::gatherConservativeRoots):
      * interpreter/RegisterFile.h:
      (JSC):
      * jit/ExecutableAllocator.cpp:
      (JSC::DemandExecutableAllocator::DemandExecutableAllocator):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC):
      (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator):
      * jit/GCAwareJITStubRoutine.cpp: Added.
      (JSC):
      (JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
      (JSC::GCAwareJITStubRoutine::~GCAwareJITStubRoutine):
      (JSC::GCAwareJITStubRoutine::observeZeroRefCount):
      (JSC::GCAwareJITStubRoutine::deleteFromGC):
      (JSC::GCAwareJITStubRoutine::markRequiredObjectsInternal):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::~MarkingGCAwareJITStubRoutineWithOneObject):
      (JSC::MarkingGCAwareJITStubRoutineWithOneObject::markRequiredObjectsInternal):
      (JSC::createJITStubRoutine):
      * jit/GCAwareJITStubRoutine.h: Added.
      (JSC):
      (GCAwareJITStubRoutine):
      (JSC::GCAwareJITStubRoutine::markRequiredObjects):
      (MarkingGCAwareJITStubRoutineWithOneObject):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubRoutine.cpp: Added.
      (JSC):
      (JSC::JITStubRoutine::~JITStubRoutine):
      (JSC::JITStubRoutine::observeZeroRefCount):
      * jit/JITStubRoutine.h: Added.
      (JSC):
      (JITStubRoutine):
      (JSC::JITStubRoutine::JITStubRoutine):
      (JSC::JITStubRoutine::createSelfManagedRoutine):
      (JSC::JITStubRoutine::code):
      (JSC::JITStubRoutine::asCodePtr):
      (JSC::JITStubRoutine::ref):
      (JSC::JITStubRoutine::deref):
      (JSC::JITStubRoutine::startAddress):
      (JSC::JITStubRoutine::endAddress):
      (JSC::JITStubRoutine::addressStep):
      (JSC::JITStubRoutine::canPerformRangeFilter):
      (JSC::JITStubRoutine::filteringStartAddress):
      (JSC::JITStubRoutine::filteringExtentSize):
      (JSC::JITStubRoutine::passesFilter):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC::getPolymorphicAccessStructureListSlot):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@122166 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      746b8c5b
  22. 06 Jul, 2012 1 commit
  23. 05 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      Inline property storage should not be wasted when it is exhausted · d68b1f84
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=90347
      
      Reviewed by Gavin Barraclough.
              
      Previously, if we switched an object from using inline storage to out-of-line
      storage, we would abandon the inline storage. This would have two main implications:
      (i) all accesses to the object, even for properties that were previously in inline
      storage, must now take an extra indirection; and (ii) we waste a non-trivial amount
      of space since we must allocate additional out-of-line storage to hold properties
      that would have fit in the inline storage. There's also the copying cost when
      switching to out-of-line storage - we must copy all inline properties into ouf-of-line
      storage.
              
      This patch changes the way that object property storage works so that we can use both
      inline and out-of-line storage concurrently. This is accomplished by introducing a
      new notion of property offset. This PropertyOffset is a 32-bit signed integer and it
      behaves as follows:
              
      offset == -1: invalid offset, indicating a property that does not exist.
              
      0 <= offset <= inlineStorageCapacity: offset into inline storage.
              
      inlineStorageCapacity < offset: offset into out-of-line storage.
              
      Because non-final objects don't have inline storage, the only valid PropertyOffsets
      for those objects' properties are -1 or > inlineStorageCapacity.
              
      This now means that the decision to use inline or out-of-line storage for an access is
      made based on the offset, rather than the structure. It also means that any access
      where the offset is a variable must have an extra branch, unless the type of the
      object is also known (if it's known to be a non-final object then we can just assert
      that the offset is >= inlineStorageCapacity).
              
      This looks like a big Kraken speed-up and a slight V8 speed-up.
      
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/ARMv7Assembler.h:
      (ARMv7Assembler):
      (JSC::ARMv7Assembler::ldrWide8BitImmediate):
      (JSC::ARMv7Assembler::replaceWithLoad):
      (JSC::ARMv7Assembler::replaceWithAddressComputation):
      * assembler/AbstractMacroAssembler.h:
      (AbstractMacroAssembler):
      (ConvertibleLoadLabel):
      (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::ConvertibleLoadLabel):
      (JSC::AbstractMacroAssembler::ConvertibleLoadLabel::isSet):
      (JSC::AbstractMacroAssembler::labelIgnoringWatchpoints):
      (JSC::AbstractMacroAssembler::replaceWithLoad):
      (JSC::AbstractMacroAssembler::replaceWithAddressComputation):
      * assembler/CodeLocation.h:
      (JSC):
      (CodeLocationCommon):
      (CodeLocationConvertibleLoad):
      (JSC::CodeLocationConvertibleLoad::CodeLocationConvertibleLoad):
      (JSC::CodeLocationCommon::convertibleLoadAtOffset):
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::finalizeCodeWithDisassembly):
      * assembler/LinkBuffer.h:
      (LinkBuffer):
      (JSC::LinkBuffer::locationOf):
      * assembler/MacroAssemblerARMv7.h:
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::convertibleLoadPtr):
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::convertibleLoadPtr):
      (MacroAssemblerX86):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::convertibleLoadPtr):
      (MacroAssemblerX86_64):
      * assembler/RepatchBuffer.h:
      (RepatchBuffer):
      (JSC::RepatchBuffer::replaceWithLoad):
      (JSC::RepatchBuffer::replaceWithAddressComputation):
      (JSC::RepatchBuffer::setLoadInstructionIsActive):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::replaceWithLoad):
      (X86Assembler):
      (JSC::X86Assembler::replaceWithAddressComputation):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::finalizeUnconditionally):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC::GetByIdStatus::computeForChain):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (JSC::GetByIdStatus::GetByIdStatus):
      (JSC::GetByIdStatus::offset):
      (GetByIdStatus):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (JSC::PutByIdStatus::PutByIdStatus):
      (JSC::PutByIdStatus::offset):
      (PutByIdStatus):
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC):
      (JSC::computeForStructure):
      * bytecode/ResolveGlobalStatus.h:
      (JSC::ResolveGlobalStatus::ResolveGlobalStatus):
      (JSC::ResolveGlobalStatus::offset):
      (ResolveGlobalStatus):
      * bytecode/StructureSet.h:
      (StructureSet):
      * bytecode/StructureStubInfo.h:
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
      (PropertyAccessRecord):
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::dfgRepatchByIdSelfAccess):
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryBuildGetByIDProtoList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      (JSC::DFG::tryCachePutByID):
      (JSC::DFG::tryBuildPutByIdList):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/MarkStack.cpp:
      (JSC::visitChildren):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::tryCacheGetByID):
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::PropertyStubCompilationInfo::copyToStubInfo):
      * jit/JIT.h:
      (JSC::PropertyStubCompilationInfo::PropertyStubCompilationInfo):
      (JSC::JIT::compileGetByIdProto):
      (JSC::JIT::compileGetByIdSelfList):
      (JSC::JIT::compileGetByIdProtoList):
      (JSC::JIT::compileGetByIdChainList):
      (JSC::JIT::compileGetByIdChain):
      (JSC::JIT::compilePutByIdTransition):
      (JIT):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicJSObject):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_resolve_global):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_resolve_global):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::emit_op_method_check):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::patchGetByIdSelf):
      (JSC::JIT::patchPutByIdReplace):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_method_check):
      (JSC::JIT::compileGetByIdHotPath):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::compilePutDirectOffset):
      (JSC::JIT::compileGetDirectOffset):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::patchGetByIdSelf):
      (JSC::JIT::patchPutByIdReplace):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      (JSC::JIT::emit_op_get_by_pname):
      * jit/JITStubs.cpp:
      (JSC::JITThunks::tryCacheGetByID):
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * llint/LowLevelInterpreter.asm:
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * offlineasm/x86.rb:
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::functionNameOffset):
      * runtime/JSObject.cpp:
      (JSC::JSObject::visitChildren):
      (JSC):
      (JSC::JSFinalObject::visitChildren):
      (JSC::JSObject::put):
      (JSC::JSObject::deleteProperty):
      (JSC::JSObject::getPropertySpecificValue):
      (JSC::JSObject::removeDirect):
      (JSC::JSObject::growOutOfLineStorage):
      (JSC::JSObject::getOwnPropertyDescriptor):
      * runtime/JSObject.h:
      (JSObject):
      (JSC::JSObject::getDirect):
      (JSC::JSObject::getDirectLocation):
      (JSC::JSObject::hasInlineStorage):
      (JSC::JSObject::inlineStorageUnsafe):
      (JSC::JSObject::inlineStorage):
      (JSC::JSObject::outOfLineStorage):
      (JSC::JSObject::locationForOffset):
      (JSC::JSObject::offsetForLocation):
      (JSC::JSObject::getDirectOffset):
      (JSC::JSObject::putDirectOffset):
      (JSC::JSObject::putUndefinedAtDirectOffset):
      (JSC::JSObject::addressOfOutOfLineStorage):
      (JSC::JSObject::finishCreation):
      (JSC::JSNonFinalObject::JSNonFinalObject):
      (JSC::JSNonFinalObject::finishCreation):
      (JSFinalObject):
      (JSC::JSFinalObject::finishCreation):
      (JSC::JSFinalObject::JSFinalObject):
      (JSC::JSObject::offsetOfOutOfLineStorage):
      (JSC::JSObject::setOutOfLineStorage):
      (JSC::JSObject::JSObject):
      (JSC):
      (JSC::JSCell::fastGetOwnProperty):
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::setStructureAndReallocateStorageIfNecessary):
      (JSC::JSObject::putDirectWithoutTransition):
      (JSC::offsetRelativeToPatchedStorage):
      (JSC::indexRelativeToBase):
      (JSC::offsetRelativeToBase):
      * runtime/JSPropertyNameIterator.cpp:
      (JSC::JSPropertyNameIterator::create):
      * runtime/JSPropertyNameIterator.h:
      (JSPropertyNameIterator):
      (JSC::JSPropertyNameIterator::getOffset):
      (JSC::JSPropertyNameIterator::finishCreation):
      * runtime/JSValue.cpp:
      (JSC::JSValue::putToPrimitive):
      * runtime/Operations.h:
      (JSC::normalizePrototypeChain):
      * runtime/Options.cpp:
      (JSC):
      (JSC::Options::initialize):
      * runtime/PropertyMapHashTable.h:
      (PropertyMapEntry):
      (JSC::PropertyMapEntry::PropertyMapEntry):
      (PropertyTable):
      (JSC::PropertyTable::PropertyTable):
      (JSC::PropertyTable::getDeletedOffset):
      (JSC::PropertyTable::addDeletedOffset):
      (JSC::PropertyTable::nextOffset):
      (JSC):
      (JSC::PropertyTable::sizeInMemory):
      * runtime/PropertyOffset.h: Added.
      (JSC):
      (JSC::checkOffset):
      (JSC::validateOffset):
      (JSC::isValidOffset):
      (JSC::isInlineOffset):
      (JSC::isOutOfLineOffset):
      (JSC::offsetInInlineStorage):
      (JSC::offsetInOutOfLineStorage):
      (JSC::offsetInRespectiveStorage):
      (JSC::numberOfOutOfLineSlotsForLastOffset):
      (JSC::numberOfSlotsForLastOffset):
      (JSC::nextPropertyOffsetFor):
      (JSC::firstPropertyOffsetFor):
      * runtime/PropertySlot.h:
      (JSC::PropertySlot::cachedOffset):
      (JSC::PropertySlot::setValue):
      (JSC::PropertySlot::setCacheableGetterSlot):
      (JSC::PropertySlot::clearOffset):
      * runtime/PutPropertySlot.h:
      (JSC::PutPropertySlot::setExistingProperty):
      (JSC::PutPropertySlot::setNewProperty):
      (JSC::PutPropertySlot::cachedOffset):
      (PutPropertySlot):
      * runtime/Structure.cpp:
      (JSC::Structure::Structure):
      (JSC::Structure::materializePropertyMap):
      (JSC::nextOutOfLineStorageCapacity):
      (JSC::Structure::growOutOfLineCapacity):
      (JSC::Structure::suggestedNewOutOfLineStorageCapacity):
      (JSC::Structure::addPropertyTransitionToExistingStructure):
      (JSC::Structure::addPropertyTransition):
      (JSC::Structure::removePropertyTransition):
      (JSC::Structure::flattenDictionaryStructure):
      (JSC::Structure::addPropertyWithoutTransition):
      (JSC::Structure::removePropertyWithoutTransition):
      (JSC::Structure::copyPropertyTableForPinning):
      (JSC::Structure::get):
      (JSC::Structure::putSpecificValue):
      (JSC::Structure::remove):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::putWillGrowOutOfLineStorage):
      (JSC::Structure::previousID):
      (JSC::Structure::outOfLineCapacity):
      (JSC::Structure::outOfLineSizeForKnownFinalObject):
      (JSC::Structure::outOfLineSizeForKnownNonFinalObject):
      (JSC::Structure::outOfLineSize):
      (JSC::Structure::hasInlineStorage):
      (JSC::Structure::inlineCapacity):
      (JSC::Structure::inlineSizeForKnownFinalObject):
      (JSC::Structure::inlineSize):
      (JSC::Structure::totalStorageSize):
      (JSC::Structure::totalStorageCapacity):
      (JSC::Structure::firstValidOffset):
      (JSC::Structure::lastValidOffset):
      (JSC::Structure::isValidOffset):
      (JSC::Structure::isEmpty):
      (JSC::Structure::transitionCount):
      (JSC::Structure::get):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121925 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d68b1f84
  24. 19 Jun, 2012 1 commit
    • fpizlo@apple.com's avatar
      JSC should be able to show disassembly for all generated JIT code · 2adf527e
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=89536
      
      Reviewed by Gavin Barraclough.
              
      Now instead of doing linkBuffer.finalizeCode(), you do
      FINALIZE_CODE(linkBuffer, (... explanation ...)). FINALIZE_CODE() then
      prints your explanation and the disassembled code, if
      Options::showDisassembly is set to true.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.cpp: Added.
      (JSC):
      (JSC::LinkBuffer::finalizeCodeWithoutDisassembly):
      (JSC::LinkBuffer::finalizeCodeWithDisassembly):
      (JSC::LinkBuffer::linkCode):
      (JSC::LinkBuffer::performFinalization):
      (JSC::LinkBuffer::dumpLinkStatistics):
      (JSC::LinkBuffer::dumpCode):
      * assembler/LinkBuffer.h:
      (LinkBuffer):
      (JSC):
      * assembler/MacroAssemblerCodeRef.h:
      (JSC::MacroAssemblerCodeRef::tryToDisassemble):
      (MacroAssemblerCodeRef):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::emitPutReplaceStub):
      (JSC::DFG::emitPutTransitionStub):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::osrExitGenerationThunkGenerator):
      * disassembler/Disassembler.h:
      (JSC):
      (JSC::tryToDisassemble):
      * disassembler/UDis86Disassembler.cpp:
      (JSC::tryToDisassemble):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JITCode.h:
      (JSC::JITCode::tryToDisassemble):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::privateCompileCTINativeCall):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::finalize):
      * jit/ThunkGenerators.cpp:
      (JSC::charCodeAtThunkGenerator):
      (JSC::charAtThunkGenerator):
      (JSC::fromCharCodeThunkGenerator):
      (JSC::sqrtThunkGenerator):
      (JSC::floorThunkGenerator):
      (JSC::ceilThunkGenerator):
      (JSC::roundThunkGenerator):
      (JSC::expThunkGenerator):
      (JSC::logThunkGenerator):
      (JSC::absThunkGenerator):
      (JSC::powThunkGenerator):
      * llint/LLIntThunks.cpp:
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * yarr/YarrJIT.cpp:
      (JSC::Yarr::YarrGenerator::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120786 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      2adf527e
  25. 13 Jun, 2012 3 commits
    • fpizlo@apple.com's avatar
      DFG should be able to set watchpoints on global variables · b75911b2
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88692
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      Rolling back in after fixing Windows build issues, and implementing
      branchTest8 for the Qt port's strange assemblers.
              
      This implements global variable constant folding by allowing the optimizing
      compiler to set a "watchpoint" on globals that it wishes to constant fold.
      If the watchpoint fires, then an OSR exit is forced by overwriting the
      machine code that the optimizing compiler generated with a jump.
              
      As such, this patch is adding quite a bit of stuff:
              
      - Jump replacement on those hardware targets supported by the optimizing
        JIT. It is now possible to patch in a jump instruction over any recorded
        watchpoint label. The jump must be "local" in the sense that it must be
        within the range of the largest jump distance supported by a one
        instruction jump.
                
      - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
        that records the location where a jump must be inserted and the
        destination to which it should jump. Watchpoints can be added to a
        WatchpointSet. The WatchpointSet can be fired all at once, which plants
        all jumps. WatchpointSet also remembers if it had ever been invalidated,
        which allows for monotonicity: we typically don't want to optimize using
        watchpoints on something for which watchpoints had previously fired. The
        act of notifying a WatchpointSet has a trivial fast path in case no
        Watchpoints are registered (one-byte load+branch).
              
      - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
        except that you don't have to emit branches. But, you need to know what
        WatchpointSet to add the resulting Watchpoint to. Not everything that
        you could write a speculationCheck() for will have a WatchpointSet that
        would get notified if the condition you were speculating against became
        invalid.
                
      - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
        do so without incurring any space overhead for those entries that don't
        have WatchpointSets.
                
      - The bytecode generator infers all global function variables to be
        watchable, and makes all stores perform the WatchpointSet's write check,
        and marks all loads as being potentially watchable (i.e. you can compile
        them to a watchpoint and a constant).
              
      Put together, this allows for fully sleazy inlining of calls to globally
      declared functions. The inline prologue will no longer contain the load of
      the function, or any checks of the function you're calling. I.e. it's
      pretty much like the kind of inlining you would see in Java or C++.
      Furthermore, the watchpointing functionality is built to be fairly general,
      and should allow setting watchpoints on all sorts of interesting things
      in the future.
              
      The sleazy inlining means that we will now sometimes inline in code paths
      that have never executed. Previously, to inline we would have either had
      to have executed the call (to read the call's inline cache) or have
      executed the method check (to read the method check's inline cache). Now,
      we might inline when the callee is a watched global variable. This
      revealed some humorous bugs. First, constant folding disagreed with CFA
      over what kinds of operations can clobber (example: code path A is dead
      but stores a String into variable X, all other code paths store 0 into
      X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
      clobbering constant, but constant folding thought it was clobbering
      because it saw the String prediction). Second, inlining would crash if
      the inline callee had not been compiled. This patch fixes both bugs,
      since otherwise run-javascriptcore-tests would report regressions.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/ARMv7Assembler.h:
      (ARMv7Assembler):
      (JSC::ARMv7Assembler::ARMv7Assembler):
      (JSC::ARMv7Assembler::labelForWatchpoint):
      (JSC::ARMv7Assembler::label):
      (JSC::ARMv7Assembler::replaceWithJump):
      (JSC::ARMv7Assembler::maxJumpReplacementSize):
      * assembler/AbstractMacroAssembler.h:
      (JSC):
      (AbstractMacroAssembler):
      (Label):
      (JSC::AbstractMacroAssembler::watchpointLabel):
      (JSC::AbstractMacroAssembler::readPointer):
      * assembler/AssemblerBuffer.h:
      * assembler/MacroAssemblerARM.h:
      (JSC::MacroAssemblerARM::branchTest8):
      (MacroAssemblerARM):
      (JSC::MacroAssemblerARM::replaceWithJump):
      (JSC::MacroAssemblerARM::maxJumpReplacementSize):
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::load8Signed):
      (JSC::MacroAssemblerARMv7::load16Signed):
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::replaceWithJump):
      (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
      (JSC::MacroAssemblerARMv7::branchTest8):
      (JSC::MacroAssemblerARMv7::jump):
      (JSC::MacroAssemblerARMv7::makeBranch):
      * assembler/MacroAssemblerMIPS.h:
      (JSC::MacroAssemblerMIPS::branchTest8):
      (MacroAssemblerMIPS):
      (JSC::MacroAssemblerMIPS::replaceWithJump):
      (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
      * assembler/MacroAssemblerSH4.h:
      (JSC::MacroAssemblerSH4::branchTest8):
      (MacroAssemblerSH4):
      (JSC::MacroAssemblerSH4::replaceWithJump):
      (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::branchTest8):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::replaceWithJump):
      (MacroAssemblerX86Common):
      (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86_64.h:
      (MacroAssemblerX86_64):
      (JSC::MacroAssemblerX86_64::branchTest8):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::X86Assembler):
      (X86Assembler):
      (JSC::X86Assembler::cmpb_im):
      (JSC::X86Assembler::testb_im):
      (JSC::X86Assembler::labelForWatchpoint):
      (JSC::X86Assembler::label):
      (JSC::X86Assembler::replaceWithJump):
      (JSC::X86Assembler::maxJumpReplacementSize):
      (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::printGetByIdCacheStatus):
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (CodeBlock):
      (JSC::CodeBlock::appendWatchpoint):
      (JSC::CodeBlock::numberOfWatchpoints):
      (JSC::CodeBlock::watchpoint):
      (DFGData):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      (JSC::DFG::exitKindIsCountable):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeForChain):
      * bytecode/Instruction.h:
      (Instruction):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.cpp: Added.
      (JSC):
      (JSC::Watchpoint::~Watchpoint):
      (JSC::Watchpoint::correctLabels):
      (JSC::Watchpoint::fire):
      (JSC::WatchpointSet::WatchpointSet):
      (JSC::WatchpointSet::~WatchpointSet):
      (JSC::WatchpointSet::add):
      (JSC::WatchpointSet::notifyWriteSlow):
      (JSC::WatchpointSet::fireAllWatchpoints):
      * bytecode/Watchpoint.h: Added.
      (JSC):
      (Watchpoint):
      (JSC::Watchpoint::Watchpoint):
      (JSC::Watchpoint::setDestination):
      (WatchpointSet):
      (JSC::WatchpointSet::isStillValid):
      (JSC::WatchpointSet::hasBeenInvalidated):
      (JSC::WatchpointSet::startWatching):
      (JSC::WatchpointSet::notifyWrite):
      (JSC::WatchpointSet::addressOfIsWatched):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::addGlobalVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixResolveNode::emitBytecode):
      (JSC::PrefixResolveNode::emitBytecode):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::clobberStructures):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      (JSC::DFG::AbstractState::didClobber):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (CCallHelpers):
      (JSC::DFG::CCallHelpers::setupArguments):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
      (CSEPhase):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      * dfg/DFGCorrectableJumpPoint.h:
      (JSC::DFG::CorrectableJumpPoint::isSet):
      (CorrectableJumpPoint):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifierNumberForCheck):
      (Node):
      (JSC::DFG::Node::identifierNumberForCheck):
      (JSC::DFG::Node::hasRegisterPointer):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::appendCall):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (LLInt):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSObject.cpp:
      (JSC::JSObject::removeDirect):
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp: Added.
      (JSC):
      (JSC::SymbolTableEntry::copySlow):
      (JSC::SymbolTableEntry::freeFatEntrySlow):
      (JSC::SymbolTableEntry::couldBeWatched):
      (JSC::SymbolTableEntry::attemptToWatch):
      (JSC::SymbolTableEntry::addressOfIsWatched):
      (JSC::SymbolTableEntry::addWatchpoint):
      (JSC::SymbolTableEntry::notifyWriteSlow):
      (JSC::SymbolTableEntry::inflateSlow):
      * runtime/SymbolTable.h:
      (JSC):
      (SymbolTableEntry):
      (Fast):
      (JSC::SymbolTableEntry::Fast::Fast):
      (JSC::SymbolTableEntry::Fast::isNull):
      (JSC::SymbolTableEntry::Fast::getIndex):
      (JSC::SymbolTableEntry::Fast::isReadOnly):
      (JSC::SymbolTableEntry::Fast::getAttributes):
      (JSC::SymbolTableEntry::Fast::isFat):
      (JSC::SymbolTableEntry::SymbolTableEntry):
      (JSC::SymbolTableEntry::~SymbolTableEntry):
      (JSC::SymbolTableEntry::operator=):
      (JSC::SymbolTableEntry::isNull):
      (JSC::SymbolTableEntry::getIndex):
      (JSC::SymbolTableEntry::getFast):
      (JSC::SymbolTableEntry::getAttributes):
      (JSC::SymbolTableEntry::isReadOnly):
      (JSC::SymbolTableEntry::watchpointSet):
      (JSC::SymbolTableEntry::notifyWrite):
      (FatEntry):
      (JSC::SymbolTableEntry::FatEntry::FatEntry):
      (JSC::SymbolTableEntry::isFat):
      (JSC::SymbolTableEntry::fatEntry):
      (JSC::SymbolTableEntry::inflate):
      (JSC::SymbolTableEntry::bits):
      (JSC::SymbolTableEntry::freeFatEntry):
      (JSC::SymbolTableEntry::pack):
      (JSC::SymbolTableEntry::isValidIndex):
      
      Source/WTF: 
      
      Reviewed by Geoffrey Garen.
              
      Added ability to set the inline capacity of segmented vectors.
              
      Also added the ability ot ASSERT_NOT_REACHED() without having to
      propagate NO_RETURN macros, which would be a show-stopper for code
      that is conditionally unreachable.
      
      * wtf/Assertions.h:
      (UNREACHABLE_FOR_PLATFORM):
      * wtf/SegmentedVector.h:
      (WTF):
      (SegmentedVectorIterator):
      (WTF::SegmentedVectorIterator::operator=):
      (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
      (SegmentedVector):
      
      LayoutTests: 
      
      Rubber stamped by Geoffrey Garen.
              
      Added a test for watchpoints. Also updated the jsc-test-list to include the latest
      tests.
      
      * fast/js/dfg-call-function-hit-watchpoint-expected.txt: Added.
      * fast/js/dfg-call-function-hit-watchpoint.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-call-function-hit-watchpoint.js: Added.
      (foo):
      (bar):
      (.foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120244 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b75911b2
    • zandobersek@gmail.com's avatar
      Unreviewed, rolling out r120172. · 88d53735
      zandobersek@gmail.com authored
      http://trac.webkit.org/changeset/120172
      https://bugs.webkit.org/show_bug.cgi?id=88976
      
      The patch causes compilation failures on Gtk, Qt and Apple Win
      bots (Requested by zdobersek on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-06-13
      
      Source/JavaScriptCore: 
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/ARMv7Assembler.h:
      (JSC::ARMv7Assembler::nop):
      (JSC::ARMv7Assembler::label):
      (JSC::ARMv7Assembler::readPointer):
      (ARMv7Assembler):
      * assembler/AbstractMacroAssembler.h:
      (JSC):
      (AbstractMacroAssembler):
      (Label):
      * assembler/AssemblerBuffer.h:
      * assembler/MacroAssemblerARM.h:
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::nop):
      (JSC::MacroAssemblerARMv7::jump):
      (JSC::MacroAssemblerARMv7::makeBranch):
      * assembler/MacroAssemblerMIPS.h:
      * assembler/MacroAssemblerSH4.h:
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::moveWithPatch):
      * assembler/MacroAssemblerX86Common.h:
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::branchTest8):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::cmpb_im):
      (JSC::X86Assembler::codeSize):
      (JSC::X86Assembler::label):
      (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (DFGData):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      (JSC::DFG::exitKindIsCountable):
      * bytecode/Instruction.h:
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.cpp: Removed.
      * bytecode/Watchpoint.h: Removed.
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::addGlobalVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixResolveNode::emitBytecode):
      (JSC::PrefixResolveNode::emitBytecode):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::clobberStructures):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (JSC::DFG::CCallHelpers::setupArguments):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      * dfg/DFGCorrectableJumpPoint.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasRegisterPointer):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::appendCallSetResult):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      * jit/JITPropertyAccess32_64.cpp:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSObject.cpp:
      (JSC::JSObject::removeDirect):
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp: Removed.
      * runtime/SymbolTable.h:
      (JSC):
      (JSC::SymbolTableEntry::isNull):
      (JSC::SymbolTableEntry::getIndex):
      (SymbolTableEntry):
      (JSC::SymbolTableEntry::getAttributes):
      (JSC::SymbolTableEntry::isReadOnly):
      (JSC::SymbolTableEntry::pack):
      (JSC::SymbolTableEntry::isValidIndex):
      
      Source/WTF: 
      
      * wtf/SegmentedVector.h:
      (WTF):
      (SegmentedVectorIterator):
      (WTF::SegmentedVectorIterator::operator=):
      (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
      (SegmentedVector):
      
      LayoutTests: 
      
      * fast/js/dfg-call-function-hit-watchpoint-expected.txt: Removed.
      * fast/js/dfg-call-function-hit-watchpoint.html: Removed.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-call-function-hit-watchpoint.js: Removed.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120175 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      88d53735
    • fpizlo@apple.com's avatar
      DFG should be able to set watchpoints on global variables · b6c5eeb7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88692
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoffrey Garen.
              
      This implements global variable constant folding by allowing the optimizing
      compiler to set a "watchpoint" on globals that it wishes to constant fold.
      If the watchpoint fires, then an OSR exit is forced by overwriting the
      machine code that the optimizing compiler generated with a jump.
              
      As such, this patch is adding quite a bit of stuff:
              
      - Jump replacement on those hardware targets supported by the optimizing
        JIT. It is now possible to patch in a jump instruction over any recorded
        watchpoint label. The jump must be "local" in the sense that it must be
        within the range of the largest jump distance supported by a one
        instruction jump.
                
      - WatchpointSets and Watchpoints. A Watchpoint is a doubly-linked list node
        that records the location where a jump must be inserted and the
        destination to which it should jump. Watchpoints can be added to a
        WatchpointSet. The WatchpointSet can be fired all at once, which plants
        all jumps. WatchpointSet also remembers if it had ever been invalidated,
        which allows for monotonicity: we typically don't want to optimize using
        watchpoints on something for which watchpoints had previously fired. The
        act of notifying a WatchpointSet has a trivial fast path in case no
        Watchpoints are registered (one-byte load+branch).
              
      - SpeculativeJIT::speculationWatchpoint(). It's like speculationCheck(),
        except that you don't have to emit branches. But, you need to know what
        WatchpointSet to add the resulting Watchpoint to. Not everything that
        you could write a speculationCheck() for will have a WatchpointSet that
        would get notified if the condition you were speculating against became
        invalid.
                
      - SymbolTableEntry now has the ability to refer to a WatchpointSet. It can
        do so without incurring any space overhead for those entries that don't
        have WatchpointSets.
                
      - The bytecode generator infers all global function variables to be
        watchable, and makes all stores perform the WatchpointSet's write check,
        and marks all loads as being potentially watchable (i.e. you can compile
        them to a watchpoint and a constant).
              
      Put together, this allows for fully sleazy inlining of calls to globally
      declared functions. The inline prologue will no longer contain the load of
      the function, or any checks of the function you're calling. I.e. it's
      pretty much like the kind of inlining you would see in Java or C++.
      Furthermore, the watchpointing functionality is built to be fairly general,
      and should allow setting watchpoints on all sorts of interesting things
      in the future.
              
      The sleazy inlining means that we will now sometimes inline in code paths
      that have never executed. Previously, to inline we would have either had
      to have executed the call (to read the call's inline cache) or have
      executed the method check (to read the method check's inline cache). Now,
      we might inline when the callee is a watched global variable. This
      revealed some humorous bugs. First, constant folding disagreed with CFA
      over what kinds of operations can clobber (example: code path A is dead
      but stores a String into variable X, all other code paths store 0 into
      X, and then you do CompareEq(X, 0) - CFA will say that this is a non-
      clobbering constant, but constant folding thought it was clobbering
      because it saw the String prediction). Second, inlining would crash if
      the inline callee had not been compiled. This patch fixes both bugs,
      since otherwise run-javascriptcore-tests would report regressions.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/ARMv7Assembler.h:
      (ARMv7Assembler):
      (JSC::ARMv7Assembler::ARMv7Assembler):
      (JSC::ARMv7Assembler::labelForWatchpoint):
      (JSC::ARMv7Assembler::label):
      (JSC::ARMv7Assembler::replaceWithJump):
      (JSC::ARMv7Assembler::maxJumpReplacementSize):
      * assembler/AbstractMacroAssembler.h:
      (JSC):
      (AbstractMacroAssembler):
      (Label):
      (JSC::AbstractMacroAssembler::watchpointLabel):
      * assembler/AssemblerBuffer.h:
      * assembler/MacroAssemblerARM.h:
      (JSC::MacroAssemblerARM::replaceWithJump):
      (MacroAssemblerARM):
      (JSC::MacroAssemblerARM::maxJumpReplacementSize):
      * assembler/MacroAssemblerARMv7.h:
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::replaceWithJump):
      (JSC::MacroAssemblerARMv7::maxJumpReplacementSize):
      (JSC::MacroAssemblerARMv7::branchTest8):
      (JSC::MacroAssemblerARMv7::jump):
      (JSC::MacroAssemblerARMv7::makeBranch):
      * assembler/MacroAssemblerMIPS.h:
      (JSC::MacroAssemblerMIPS::replaceWithJump):
      (MacroAssemblerMIPS):
      (JSC::MacroAssemblerMIPS::maxJumpReplacementSize):
      * assembler/MacroAssemblerSH4.h:
      (JSC::MacroAssemblerSH4::replaceWithJump):
      (MacroAssemblerSH4):
      (JSC::MacroAssemblerSH4::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
      (JSC::MacroAssemblerX86::branchTest8):
      * assembler/MacroAssemblerX86Common.h:
      (JSC::MacroAssemblerX86Common::replaceWithJump):
      (MacroAssemblerX86Common):
      (JSC::MacroAssemblerX86Common::maxJumpReplacementSize):
      * assembler/MacroAssemblerX86_64.h:
      (MacroAssemblerX86_64):
      (JSC::MacroAssemblerX86_64::branchTest8):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::X86Assembler):
      (X86Assembler):
      (JSC::X86Assembler::cmpb_im):
      (JSC::X86Assembler::testb_im):
      (JSC::X86Assembler::labelForWatchpoint):
      (JSC::X86Assembler::label):
      (JSC::X86Assembler::replaceWithJump):
      (JSC::X86Assembler::maxJumpReplacementSize):
      (JSC::X86Assembler::X86InstructionFormatter::memoryModRM):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (CodeBlock):
      (JSC::CodeBlock::appendWatchpoint):
      (JSC::CodeBlock::numberOfWatchpoints):
      (JSC::CodeBlock::watchpoint):
      (DFGData):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      (JSC::DFG::exitKindIsCountable):
      * bytecode/Instruction.h:
      (Instruction):
      (JSC::Instruction::Instruction):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/Watchpoint.cpp: Added.
      (JSC):
      (JSC::Watchpoint::~Watchpoint):
      (JSC::Watchpoint::correctLabels):
      (JSC::Watchpoint::fire):
      (JSC::WatchpointSet::WatchpointSet):
      (JSC::WatchpointSet::~WatchpointSet):
      (JSC::WatchpointSet::add):
      (JSC::WatchpointSet::notifyWriteSlow):
      (JSC::WatchpointSet::fireAllWatchpoints):
      * bytecode/Watchpoint.h: Added.
      (JSC):
      (Watchpoint):
      (JSC::Watchpoint::Watchpoint):
      (JSC::Watchpoint::setDestination):
      (WatchpointSet):
      (JSC::WatchpointSet::isStillValid):
      (JSC::WatchpointSet::hasBeenInvalidated):
      (JSC::WatchpointSet::startWatching):
      (JSC::WatchpointSet::notifyWrite):
      (JSC::WatchpointSet::addressOfIsWatched):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::checkValidity):
      (JSC::BytecodeGenerator::addGlobalVar):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitResolveWithThis):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::FunctionCallResolveNode::emitBytecode):
      (JSC::PostfixResolveNode::emitBytecode):
      (JSC::PrefixResolveNode::emitBytecode):
      (JSC::ReadModifyResolveNode::emitBytecode):
      (JSC::AssignResolveNode::emitBytecode):
      (JSC::ConstDeclNode::emitCodeSingle):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::clobberStructures):
      * dfg/DFGAbstractState.h:
      (AbstractState):
      (JSC::DFG::AbstractState::didClobber):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCCallHelpers.h:
      (CCallHelpers):
      (JSC::DFG::CCallHelpers::setupArguments):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
      (CSEPhase):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      * dfg/DFGCorrectableJumpPoint.h:
      (JSC::DFG::CorrectableJumpPoint::isSet):
      (CorrectableJumpPoint):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasIdentifierNumberForCheck):
      (Node):
      (JSC::DFG::Node::identifierNumberForCheck):
      (JSC::DFG::Node::hasRegisterPointer):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      (JSC::DFG::SpeculativeJIT::appendCall):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_put_global_var_check):
      (JSC):
      (JSC::JIT::emitSlow_op_put_global_var_check):
      * jit/JITStubs.cpp:
      (JSC::JITThunks::JITThunks):
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (LLInt):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSObject.cpp:
      (JSC::JSObject::removeDirect):
      * runtime/JSObject.h:
      (JSObject):
      * runtime/JSSymbolTableObject.h:
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/SymbolTable.cpp: Added.
      (JSC):
      (JSC::SymbolTableEntry::copySlow):
      (JSC::SymbolTableEntry::freeFatEntrySlow):
      (JSC::SymbolTableEntry::couldBeWatched):
      (JSC::SymbolTableEntry::attemptToWatch):
      (JSC::SymbolTableEntry::addressOfIsWatched):
      (JSC::SymbolTableEntry::addWatchpoint):
      (JSC::SymbolTableEntry::notifyWriteSlow):
      (JSC::SymbolTableEntry::inflateSlow):
      * runtime/SymbolTable.h:
      (JSC):
      (SymbolTableEntry):
      (Fast):
      (JSC::SymbolTableEntry::Fast::Fast):
      (JSC::SymbolTableEntry::Fast::isNull):
      (JSC::SymbolTableEntry::Fast::getIndex):
      (JSC::SymbolTableEntry::Fast::isReadOnly):
      (JSC::SymbolTableEntry::Fast::getAttributes):
      (JSC::SymbolTableEntry::Fast::isFat):
      (JSC::SymbolTableEntry::SymbolTableEntry):
      (JSC::SymbolTableEntry::~SymbolTableEntry):
      (JSC::SymbolTableEntry::operator=):
      (JSC::SymbolTableEntry::isNull):
      (JSC::SymbolTableEntry::getIndex):
      (JSC::SymbolTableEntry::getFast):
      (JSC::SymbolTableEntry::getAttributes):
      (JSC::SymbolTableEntry::isReadOnly):
      (JSC::SymbolTableEntry::watchpointSet):
      (JSC::SymbolTableEntry::notifyWrite):
      (FatEntry):
      (JSC::SymbolTableEntry::FatEntry::FatEntry):
      (JSC::SymbolTableEntry::isFat):
      (JSC::SymbolTableEntry::fatEntry):
      (JSC::SymbolTableEntry::inflate):
      (JSC::SymbolTableEntry::bits):
      (JSC::SymbolTableEntry::freeFatEntry):
      (JSC::SymbolTableEntry::pack):
      (JSC::SymbolTableEntry::isValidIndex):
      
      Source/WTF: 
      
      Reviewed by Geoffrey Garen.
              
      Added ability to set the inline capacity of segmented vectors.
      
      * wtf/SegmentedVector.h:
      (WTF):
      (SegmentedVectorIterator):
      (WTF::SegmentedVectorIterator::operator=):
      (WTF::SegmentedVectorIterator::SegmentedVectorIterator):
      (SegmentedVector):
      
      LayoutTests: 
      
      Rubber stamped by Geoffrey Garen.
              
      Added a test for watchpoints. Also updated the jsc-test-list to include the latest
      tests.
      
      * fast/js/dfg-call-function-hit-watchpoint-expected.txt: Added.
      * fast/js/dfg-call-function-hit-watchpoint.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-call-function-hit-watchpoint.js: Added.
      (foo):
      (bar):
      (.foo):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@120172 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b6c5eeb7
  26. 06 Jun, 2012 1 commit
    • fpizlo@apple.com's avatar
      Global object variable accesses should not require an extra load · 26af9b61
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88385
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough and Geoffrey Garen.
              
      Previously, if you wanted to access a global variable, you'd first have
      to load the register array from the appropriate global object and then
      either load or store at an offset to the register array. This is because
      JSGlobalObject inherited from JSVariableObject, and JSVariableObject is
      designed with the pessimistic assumption that its register array may
      point into the call stack. This is never the case for global objects.
      Hence, even though the global object may add more registers at any time,
      it does not need to store them in a contiguous array. It can use a
      SegmentedVector or similar.
              
      This patch refactors global objects and variable objects as follows:
              
      - The functionality to track variables in an indexable array using a
        SymbolTable to map names to indices is moved into JSSymbolTableObject,
        which is now a supertype of JSVariableObject. JSVariableObject is now
        just a holder for a registers array and implements the registerAt()
        method that is left abstract in JSSymbolTableObject. Because all users
        of JSVariableObject know whether they are a JSStaticScopeObject,
        JSActivation, or JSGlobalObject, this "abstract" method is not virtual;
        instead the utility methods that would call registerAt() are now
        template functions that require you to know statically what subtype of
        JSSymbolTableObject you're using (JSVariableObject or something else),
        so that registerAt() can be statically bound.
              
      - A new class is added called JSSegmentedVariableObject, which only
        differs from JSVariableObject in how it allocates registers. It uses a
        SegmentedVector instead of manually managing a pointer to a contiguous
        slab of registers. This changes the interface somewhat; for example
        with JSVariableObject if you wanted to add a register you had to do
        it yourself since the JSVariableObject didn't know how the registers
        array ought to be allocated. With JSSegmentedVariableObject you can
        just call addRegisters(). JSSegmentedVariableObject preserves the
        invariant that once you get a pointer into a register, that pointer
        will continue to be valid so long as the JSSegmentedVariableObject is
        alive. This allows the JITs and interpreters to skip the extra load.
              
      - JSGlobalObject now inherits from JSSegmentedVariableObject. For now
        (and possibly forever) it is the only subtype of this new class.
              
      - The bytecode format is changed so that get_global_var and
        put_global_var have a pointer to the register directly rather than
        having an index. A convenience method is provided in
        JSSegmentedVariableObject to get the index given a a pointer, which is
        used for assertions and debug dumps.
              
      This appears to be a 1% across the board win.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/Instruction.h:
      (Instruction):
      (JSC::Instruction::Instruction):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::ResolveResult::registerPointer):
      (JSC):
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::retrieveLastUnaryOp):
      (JSC::BytecodeGenerator::resolve):
      (JSC::BytecodeGenerator::resolveConstDecl):
      (JSC::BytecodeGenerator::emitGetStaticVar):
      (JSC::BytecodeGenerator::emitPutStaticVar):
      * bytecompiler/BytecodeGenerator.h:
      (ResolveResult):
      (BytecodeGenerator):
      * dfg/DFGAssemblyHelpers.h:
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::globalVarLoadElimination):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::globalObjectFor):
      (Graph):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasVarNumber):
      (Node):
      (JSC::DFG::Node::hasRegisterPointer):
      (JSC::DFG::Node::registerPointer):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * heap/Heap.h:
      (Heap):
      (JSC::Heap::isWriteBarrierEnabled):
      (JSC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::execute):
      (JSC::Interpreter::privateExecute):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_global_var):
      (JSC::JIT::emit_op_put_global_var):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_global_var):
      (JSC::JIT::emit_op_put_global_var):
      * llint/LowLevelInterpreter32_64.asm:
      * llint/LowLevelInterpreter64.asm:
      * runtime/JSGlobalObject.cpp:
      (JSC):
      (JSC::JSGlobalObject::put):
      (JSC::JSGlobalObject::putDirectVirtual):
      (JSC::JSGlobalObject::defineOwnProperty):
      (JSC::JSGlobalObject::visitChildren):
      (JSC::JSGlobalObject::addStaticGlobals):
      (JSC::JSGlobalObject::getOwnPropertySlot):
      (JSC::JSGlobalObject::getOwnPropertyDescriptor):
      * runtime/JSGlobalObject.h:
      (JSGlobalObject):
      (JSC::JSGlobalObject::JSGlobalObject):
      (JSC):
      (JSC::JSGlobalObject::hasOwnPropertyForWrite):
      * runtime/JSSegmentedVariableObject.cpp: Added.
      (JSC):
      (JSC::JSSegmentedVariableObject::findRegisterIndex):
      (JSC::JSSegmentedVariableObject::addRegisters):
      (JSC::JSSegmentedVariableObject::visitChildren):
      * runtime/JSSegmentedVariableObject.h: Added.
      (JSC):
      (JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::registerAt):
      (JSC::JSSegmentedVariableObject::assertRegisterIsInThisObject):
      (JSC::JSSegmentedVariableObject::JSSegmentedVariableObject):
      (JSC::JSSegmentedVariableObject::finishCreation):
      * runtime/JSStaticScopeObject.cpp:
      (JSC::JSStaticScopeObject::put):
      (JSC::JSStaticScopeObject::putDirectVirtual):
      (JSC::JSStaticScopeObject::getOwnPropertySlot):
      * runtime/JSSymbolTableObject.cpp: Added.
      (JSC):
      (JSC::JSSymbolTableObject::destroy):
      (JSC::JSSymbolTableObject::deleteProperty):
      (JSC::JSSymbolTableObject::getOwnPropertyNames):
      (JSC::JSSymbolTableObject::putDirectVirtual):
      (JSC::JSSymbolTableObject::isDynamicScope):
      * runtime/JSSymbolTableObject.h: Added.
      (JSC):
      (JSSymbolTableObject):
      (JSC::JSSymbolTableObject::symbolTable):
      (JSC::JSSymbolTableObject::JSSymbolTableObject):
      (JSC::JSSymbolTableObject::finishCreation):
      (JSC::symbolTableGet):
      (JSC::symbolTablePut):
      (JSC::symbolTablePutWithAttributes):
      * runtime/JSVariableObject.cpp:
      (JSC):
      * runtime/JSVariableObject.h:
      (JSVariableObject):
      (JSC::JSVariableObject::JSVariableObject):
      (JSC::JSVariableObject::finishCreation):
      (JSC):
      * runtime/WriteBarrier.h:
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough and Geoffrey Garen.
      
      Updated JSDOMWindowBase.cpp to use the new symbol table API. this->symbolTableFoo(...)
      becomes symbolTableFoo(this, ...).
                      
      No new tests because no change in behavior.
      
      * bindings/js/JSDOMWindowBase.cpp:
      (WebCore::JSDOMWindowBase::updateDocument):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119655 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      26af9b61
  27. 23 May, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should be able to optimize foo.apply(bar, arguments) · 5e3852dd
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86306
      
      Reviewed by Gavin Barraclough.
              
      Merge r116912 from dfgopt.
              
      Enables compilation of op_jneq_ptr and some forms of op_call_varargs.
              
      Also includes a bunch of bug fixes that were made necessary by the increased
      pressure on the CFG simplifier.
              
      This is a 1-2% win on V8.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printCallOp):
      (JSC::CodeBlock::CodeBlock):
      (JSC::ProgramCodeBlock::canCompileWithDFGInternal):
      (JSC::EvalCodeBlock::canCompileWithDFGInternal):
      (JSC::FunctionCodeBlock::canCompileWithDFGInternal):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::canCompileWithDFG):
      (JSC::CodeBlock::canCompileWithDFGState):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (CSEPhase):
      (JSC::DFG::CSEPhase::setReplacement):
      (JSC::DFG::CSEPhase::performNodeCSE):
      * dfg/DFGCapabilities.cpp:
      (JSC::DFG::debugFail):
      (DFG):
      (JSC::DFG::canHandleOpcodes):
      (JSC::DFG::canCompileOpcodes):
      (JSC::DFG::canInlineOpcodes):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      (JSC::DFG::canInlineOpcode):
      (DFG):
      (JSC::DFG::canCompileOpcodes):
      (JSC::DFG::canCompileEval):
      (JSC::DFG::canCompileProgram):
      (JSC::DFG::canCompileFunctionForCall):
      (JSC::DFG::canCompileFunctionForConstruct):
      * dfg/DFGCommon.h:
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValidate.cpp:
      (Validate):
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::checkOperand):
      (JSC::DFG::Validate::reportValidationContext):
      * jit/JIT.cpp:
      (JSC::JIT::emitOptimizationCheck):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      * jit/JITArithmetic.cpp:
      (JSC::JIT::compileBinaryArithOp):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::privateCompilePutByIdTransition):
      * tools/CodeProfile.cpp:
      (JSC::CodeProfile::sample):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118270 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5e3852dd
  28. 24 Apr, 2012 1 commit
    • barraclough@apple.com's avatar
      Add explicit patchableBranchPtrWithPatch/patchableJump methods · 959b92e2
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=84498
      
      Reviewed by Filip Pizlo.
      
      Don't rely on inUninterruptedSequence to distinguish which jumps we need to be able to repatch.
      
      * assembler/AbstractMacroAssembler.h:
      (JSC::AbstractMacroAssembler::PatchableJump::PatchableJump):
      (PatchableJump):
      (JSC::AbstractMacroAssembler::PatchableJump::operator Jump&):
      (AbstractMacroAssembler):
      (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
          - Added PatchableJump type, removed inUninterruptedSequence.
      * assembler/LinkBuffer.h:
      (LinkBuffer):
      (JSC::LinkBuffer::locationOf):
          - Only allow the location to be taken of patchable branches
      * assembler/MacroAssembler.h:
      (MacroAssembler):
      (JSC::MacroAssembler::patchableBranchPtrWithPatch):
      (JSC::MacroAssembler::patchableJump):
      (JSC::MacroAssembler::shouldBlind):
          - Added default implementation of patchableBranchPtrWithPatch, patchableJump.
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::MacroAssemblerARMv7):
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::patchableBranchPtrWithPatch):
      (JSC::MacroAssemblerARMv7::patchableJump):
      (JSC::MacroAssemblerARMv7::jump):
      (JSC::MacroAssemblerARMv7::makeBranch):
          - Added ARMv7 implementation of patchableBranchPtrWithPatch, patchableJump.
      * dfg/DFGCorrectableJumpPoint.h:
      (DFG):
      (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
          - Late jumps are PatchableJumps.
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
          - replace use of inUninterruptedSequence
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::PropertyAccessRecord::PropertyAccessRecord):
      (PropertyAccessRecord):
          - replace use of inUninterruptedSequence
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
          - replace use of inUninterruptedSequence
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
          - replace use of inUninterruptedSequence
      * jit/JIT.h:
      (PropertyStubCompilationInfo):
          - replace use of inUninterruptedSequence
      * jit/JITInlineMethods.h:
      (JSC::JIT::beginUninterruptedSequence):
      (JSC::JIT::endUninterruptedSequence):
          - replace use of inUninterruptedSequence
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::compileGetByIdHotPath):
          - replace use of inUninterruptedSequence
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::compileGetByIdHotPath):
          - replace use of inUninterruptedSequence
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@115141 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      959b92e2
  29. 13 Apr, 2012 1 commit