1. 25 Jul, 2013 5 commits
    • oliver@apple.com's avatar
      fourthTier: DFG should separate link phase into things that must be done... · 90fce824
      oliver@apple.com authored
      fourthTier: DFG should separate link phase into things that must be done concurrently and things that must be done synchronously, and have a way of passing data from one to the other
      https://bugs.webkit.org/show_bug.cgi?id=116060
      
      Reviewed by Gavin Barraclough.
      
      This introduces the concept of a DFG::Plan, which corresponds to:
      
      - The data that the concurrent DFG or FTL need to start compiling a CodeBlock.
        This mostly includes basic things like CodeBlock*, but also a list of
        must-handle values for OSR entry.
      
      - The data that the synchronous linker need to link in code compiled by a
        concurrent compilation thread. This is further encapsulated by DFG::Finalizer,
        since the data, and the actions that need to be taken, are different in DFG
        versus FTL. This patch also institutes the policy that the concurrent
        compilation thread shall not use LinkBuffer::performFinalization(), since that
        code assumes that it's running on the same thread that will actually run the
        code.
      
      - The actions that need to be taken to compile code. In other words, most of the
        code that previously lived in DFGDriver.cpp now lives in
        DFG::Plan::compileInThread().
      
      - The actions that need to be taken when synchronously linking the code. This
        includes "really" adding watchpoints and identifiers, checking watchpoint and
        chain validity, and running the DFG::Finalizer.
      
      Currently, DFGDriver just creates a Plan and runs it synchronously. But in the
      future, we will be able to malloc some Plans and enqueue them, and have the
      concurrent thread dequeue them and call Plan::compileInThread().
      
      For now, this has no behavior or performance change.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/LinkBuffer.cpp:
      (JSC::LinkBuffer::performFinalization):
      * assembler/LinkBuffer.h:
      (LinkBuffer):
      (JSC::LinkBuffer::LinkBuffer):
      (JSC::LinkBuffer::~LinkBuffer):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::executeEffects):
      * dfg/DFGAbstractValue.cpp:
      (JSC::DFG::AbstractValue::setFuturePossibleStructure):
      (JSC::DFG::AbstractValue::filterFuturePossibleStructure):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
      * dfg/DFGDriver.cpp:
      (DFG):
      (JSC::DFG::compile):
      * dfg/DFGFailedFinalizer.cpp: Added.
      (DFG):
      (JSC::DFG::FailedFinalizer::FailedFinalizer):
      (JSC::DFG::FailedFinalizer::~FailedFinalizer):
      (JSC::DFG::FailedFinalizer::finalize):
      (JSC::DFG::FailedFinalizer::finalizeFunction):
      * dfg/DFGFailedFinalizer.h: Added.
      (DFG):
      (FailedFinalizer):
      * dfg/DFGFinalizer.cpp: Added.
      (DFG):
      (JSC::DFG::Finalizer::Finalizer):
      (JSC::DFG::Finalizer::~Finalizer):
      * dfg/DFGFinalizer.h: Added.
      (DFG):
      (Finalizer):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::dump):
      (DFG):
      * dfg/DFGGraph.h:
      (Graph):
      (JSC::DFG::Graph::masqueradesAsUndefinedWatchpointIsStillValid):
      (JSC::DFG::Graph::compilation):
      (JSC::DFG::Graph::identifiers):
      (JSC::DFG::Graph::watchpoints):
      (JSC::DFG::Graph::chains):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      (JSC::DFG::JITCompiler::linkFunction):
      (DFG):
      (JSC::DFG::JITCompiler::disassemble):
      * dfg/DFGJITCompiler.h:
      (JITCompiler):
      (JSC::DFG::JITCompiler::addLazily):
      * dfg/DFGJITFinalizer.cpp: Added.
      (DFG):
      (JSC::DFG::JITFinalizer::JITFinalizer):
      (JSC::DFG::JITFinalizer::~JITFinalizer):
      (JSC::DFG::JITFinalizer::finalize):
      (JSC::DFG::JITFinalizer::finalizeFunction):
      (JSC::DFG::JITFinalizer::finalizeCommon):
      * dfg/DFGJITFinalizer.h: Added.
      (DFG):
      (JITFinalizer):
      * dfg/DFGPlan.cpp: Added.
      (DFG):
      (JSC::DFG::dumpAndVerifyGraph):
      (JSC::DFG::Plan::Plan):
      (JSC::DFG::Plan::~Plan):
      (JSC::DFG::Plan::compileInThread):
      (JSC::DFG::Plan::isStillValid):
      (JSC::DFG::Plan::reallyAdd):
      (JSC::DFG::Plan::finalize):
      * dfg/DFGPlan.h: Added.
      (DFG):
      (Plan):
      (JSC::DFG::Plan::vm):
      * dfg/DFGPredictionInjectionPhase.cpp:
      (JSC::DFG::PredictionInjectionPhase::run):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::identifierUID):
      (JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
      * dfg/DFGTypeCheckHoistingPhase.cpp:
      (JSC::DFG::TypeCheckHoistingPhase::run):
      * ftl/FTLGeneratedFunction.h: Added.
      (FTL):
      * ftl/FTLJITFinalizer.cpp: Added.
      (FTL):
      (JSC::FTL::JITFinalizer::JITFinalizer):
      (JSC::FTL::JITFinalizer::~JITFinalizer):
      (JSC::FTL::JITFinalizer::finalize):
      (JSC::FTL::JITFinalizer::finalizeFunction):
      * ftl/FTLJITFinalizer.h: Added.
      (FTL):
      (JITFinalizer):
      (JSC::FTL::JITFinalizer::initializeExitThunksLinkBuffer):
      (JSC::FTL::JITFinalizer::initializeEntrypointLinkBuffer):
      (JSC::FTL::JITFinalizer::initializeCode):
      (JSC::FTL::JITFinalizer::initializeFunction):
      (JSC::FTL::JITFinalizer::initializeArityCheck):
      (JSC::FTL::JITFinalizer::initializeJITCode):
      * ftl/FTLLink.cpp:
      (JSC::FTL::link):
      * ftl/FTLLink.h:
      (FTL):
      * ftl/FTLLowerDFGToLLVM.cpp:
      (JSC::FTL::LowerDFGToLLVM::linkOSRExitsAndCompleteInitializationBlocks):
      * ftl/FTLState.cpp:
      (JSC::FTL::State::State):
      * ftl/FTLState.h:
      (FTL):
      (State):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153161 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      90fce824
    • oliver@apple.com's avatar
      fourthTier: ASSERT that commonly used not-thread-safe methods in the runtime... · 634a76a2
      oliver@apple.com authored
      fourthTier: ASSERT that commonly used not-thread-safe methods in the runtime are not being called during compilation
      https://bugs.webkit.org/show_bug.cgi?id=115297
      
      Source/JavaScriptCore:
      
      Reviewed by Geoffrey Garen.
      
      Put in assertions that we're not doing bad things in compilation threads. Also
      factored compilation into compile+link so that even though we don't yet have
      concurrent compilation, we can be explicit about which parts of DFG work are
      meant to be concurrent, and which aren't.
      
      Also fix a handful of bugs found by these assertions.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/ResolveGlobalStatus.cpp:
      (JSC::computeForStructure):
      * bytecode/Watchpoint.cpp:
      (JSC::WatchpointSet::add):
      (JSC::InlineWatchpointSet::inflateSlow):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::~JITCompiler):
      (DFG):
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compileFunction):
      (JSC::DFG::JITCompiler::linkFunction):
      * dfg/DFGJITCompiler.h:
      (JITCompiler):
      * ftl/FTLCompile.cpp:
      (JSC::FTL::compile):
      * ftl/FTLCompile.h:
      (FTL):
      * ftl/FTLLink.cpp: Added.
      (FTL):
      (JSC::FTL::compileEntry):
      (JSC::FTL::link):
      * ftl/FTLLink.h: Added.
      (FTL):
      * ftl/FTLState.cpp:
      (JSC::FTL::State::State):
      * ftl/FTLState.h:
      (FTL):
      (State):
      * runtime/Structure.cpp:
      (JSC::Structure::get):
      (JSC::Structure::prototypeChainMayInterceptStoreTo):
      * runtime/Structure.h:
      (JSC::Structure::materializePropertyMapIfNecessary):
      * runtime/StructureInlines.h:
      (JSC::Structure::get):
      
      Source/WTF:
      
      Reviewed by Geoffrey Garen.
      
      Taught WTF the notion of compilation threads. This allows all parts of our stack
      to assert that we're not being called from a JSC compilation thread. This is in
      WTF because it will probably end up being used in StringImpl and WTFString.
      
      * WTF.xcodeproj/project.pbxproj:
      * wtf/CompilationThread.cpp: Added.
      (WTF):
      (WTF::initializeCompilationThreadsOnce):
      (WTF::initializeCompilationThreads):
      (WTF::isCompilationThread):
      (WTF::exchangeIsCompilationThread):
      * wtf/CompilationThread.h: Added.
      (WTF):
      (CompilationScope):
      (WTF::CompilationScope::CompilationScope):
      (WTF::CompilationScope::~CompilationScope):
      (WTF::CompilationScope::leaveEarly):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153134 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      634a76a2
    • oliver@apple.com's avatar
      fourthTier: It should be possible to query WatchpointSets, and add... · 9397e00c
      oliver@apple.com authored
      fourthTier: It should be possible to query WatchpointSets, and add Watchpoints, even if the compiler is running in another thread
      https://bugs.webkit.org/show_bug.cgi?id=114909
      
      Source/JavaScriptCore:
      
      Reviewed by Oliver Hunt.
      
      The idea here is that a concurrent compiler will use watchpoint sets as follows:
      
      During concurrent compilation: It will create Watchpoints, and query WatchpointSets only
      for the purpose of profiling. That is, it will use decide whether it is profitable to
      compile the code "as if" the watchpoint sets are valid.
      
      During synchronous linking: By "linking" I don't necessarily mean the LinkBuffer stuff,
      but just the very bitter end of compilation where we make the JIT code callable. This
      can happen after LinkBuffer stuff. Anyway, this will have to happen synchronously, and
      at that point we can (a) check that all WatchpointSets that we assumed were valid are
      still valid and (b) if they are then we add the watchpoints to those sets. If any of the
      sets are invalid, we give up on this compilation and try again later.
      
      The querying of WatchpointSets is engineered to say that the set is still valid if it
      is so *right now*, but this is done in a racy way and so it may say so spuriously: we
      may, with hopefully low probability, have a set that says it is valid even though it was
      just invalidated. The goal is only to ensure that (i) a set never claims to be invalid
      if it is actually valid, (ii) a set doesn't claim to be valid if it was invalidated
      before compilation even began, and (iii) querying the validity of a set doesn't cause us
      to crash.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/Watchpoint.cpp:
      (JSC::InlineWatchpointSet::inflateSlow):
      * bytecode/Watchpoint.h:
      (WatchpointSet):
      (InlineWatchpointSet):
      (JSC::InlineWatchpointSet::hasBeenInvalidated):
      (JSC::InlineWatchpointSet::isThin):
      (JSC::InlineWatchpointSet::isFat):
      (JSC::InlineWatchpointSet::fat):
      * dfg/DFGDesiredWatchpoints.cpp: Added.
      (DFG):
      (JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
      (JSC::DFG::DesiredWatchpoints::~DesiredWatchpoints):
      (JSC::DFG::DesiredWatchpoints::addLazily):
      (JSC::DFG::DesiredWatchpoints::reallyAdd):
      (JSC::DFG::DesiredWatchpoints::areStillValid):
      * dfg/DFGDesiredWatchpoints.h: Added.
      (DFG):
      (JSC::DFG::WatchpointForGenericWatchpointSet::WatchpointForGenericWatchpointSet):
      (WatchpointForGenericWatchpointSet):
      (GenericDesiredWatchpoints):
      (JSC::DFG::GenericDesiredWatchpoints::GenericDesiredWatchpoints):
      (JSC::DFG::GenericDesiredWatchpoints::addLazily):
      (JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
      (JSC::DFG::GenericDesiredWatchpoints::areStillValid):
      (DesiredWatchpoints):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::addLazily):
      (JITCompiler):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * ftl/FTLCompile.cpp:
      (JSC::FTL::compile):
      * ftl/FTLCompile.h:
      (FTL):
      * ftl/FTLState.h:
      (State):
      * runtime/JSFunction.h:
      (JSFunction):
      (JSC::JSFunction::allocationProfileWatchpointSet):
      * runtime/Structure.h:
      (Structure):
      (JSC::Structure::transitionWatchpointSet):
      
      Source/WTF:
      
      Reviewed by Oliver Hunt.
      
      Harden our notions of memory fences, now that we're doing racy algorithms.
      
      * wtf/Atomics.h:
      (WTF):
      (WTF::compilerFence):
      (WTF::armV7_dmb):
      (WTF::armV7_dmb_st):
      (WTF::loadLoadFence):
      (WTF::loadStoreFence):
      (WTF::storeLoadFence):
      (WTF::storeStoreFence):
      (WTF::memoryBarrierAfterLock):
      (WTF::memoryBarrierBeforeUnlock):
      (WTF::x86_mfence):
      
      
      Conflicts:
      	Source/WTF/wtf/Atomics.h
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153124 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9397e00c
    • oliver@apple.com's avatar
      fourthTier: Landing the initial FTL logic in a single commit to avoid spurious · ea77149c
      oliver@apple.com authored
      broken builds.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153121 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ea77149c
    • oliver@apple.com's avatar
      fourthTier: DFG should provide utilities for common OSR exit tasks · b9009149
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114306
      
      Reviewed by Mark Hahnenberg.
      
      Just abstract out some things that the FTL will want to use as well.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler.h:
      (OSRExitCompiler):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompilerCommon.cpp: Added.
      (DFG):
      (JSC::DFG::handleExitCounts):
      (JSC::DFG::reifyInlinedCallFrames):
      (JSC::DFG::adjustAndJumpToTarget):
      * dfg/DFGOSRExitCompilerCommon.h: Added.
      (DFG):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153119 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b9009149
  2. 03 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG OSR exit value recoveries should be computed lazily · 8618e4ba
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=82155
      
      Reviewed by Gavin Barraclough.
              
      This change aims to reduce one aspect of DFG compile times: the fact
      that we currently compute the value recoveries for each local and
      argument on every speculation check. We compile many speculation checks,
      so this can add up quick. The strategy that this change takes is to
      have the DFG save just enough information about how the compiler is
      choosing to represent state, that the DFG::OSRExitCompiler can reify
      the value recoveries lazily.
              
      This appears to be an 0.3% SunSpider speed-up and is neutral elsewhere.
              
      I also took the opportunity to fix the sampling regions profiler (it
      was missing an export macro) and to put in more sampling regions in
      the DFG (which are disabled so long as ENABLE(SAMPLING_REGIONS) is
      false).
              
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::shrinkDFGDataToFit):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::minifiedDFG):
      (JSC::CodeBlock::variableEventStream):
      (DFGData):
      * bytecode/Operands.h:
      (JSC::Operands::hasOperand):
      (Operands):
      (JSC::Operands::size):
      (JSC::Operands::at):
      (JSC::Operands::operator[]):
      (JSC::Operands::isArgument):
      (JSC::Operands::isVariable):
      (JSC::Operands::argumentForIndex):
      (JSC::Operands::variableForIndex):
      (JSC::Operands::operandForIndex):
      (JSC):
      (JSC::dumpOperands):
      * bytecode/SamplingTool.h:
      (SamplingRegion):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::performCFA):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::performCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::performFixup):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::GenerationInfo):
      (JSC::DFG::GenerationInfo::initConstant):
      (JSC::DFG::GenerationInfo::initInteger):
      (JSC::DFG::GenerationInfo::initJSValue):
      (JSC::DFG::GenerationInfo::initCell):
      (JSC::DFG::GenerationInfo::initBoolean):
      (JSC::DFG::GenerationInfo::initDouble):
      (JSC::DFG::GenerationInfo::initStorage):
      (GenerationInfo):
      (JSC::DFG::GenerationInfo::noticeOSRBirth):
      (JSC::DFG::GenerationInfo::use):
      (JSC::DFG::GenerationInfo::spill):
      (JSC::DFG::GenerationInfo::setSpilled):
      (JSC::DFG::GenerationInfo::fillJSValue):
      (JSC::DFG::GenerationInfo::fillCell):
      (JSC::DFG::GenerationInfo::fillInteger):
      (JSC::DFG::GenerationInfo::fillBoolean):
      (JSC::DFG::GenerationInfo::fillDouble):
      (JSC::DFG::GenerationInfo::fillStorage):
      (JSC::DFG::GenerationInfo::appendFill):
      (JSC::DFG::GenerationInfo::appendSpill):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGMinifiedGraph.h: Added.
      (DFG):
      (MinifiedGraph):
      (JSC::DFG::MinifiedGraph::MinifiedGraph):
      (JSC::DFG::MinifiedGraph::at):
      (JSC::DFG::MinifiedGraph::append):
      (JSC::DFG::MinifiedGraph::prepareAndShrink):
      (JSC::DFG::MinifiedGraph::setOriginalGraphSize):
      (JSC::DFG::MinifiedGraph::originalGraphSize):
      * dfg/DFGMinifiedNode.cpp: Added.
      (DFG):
      (JSC::DFG::MinifiedNode::fromNode):
      * dfg/DFGMinifiedNode.h: Added.
      (DFG):
      (JSC::DFG::belongsInMinifiedGraph):
      (MinifiedNode):
      (JSC::DFG::MinifiedNode::MinifiedNode):
      (JSC::DFG::MinifiedNode::index):
      (JSC::DFG::MinifiedNode::op):
      (JSC::DFG::MinifiedNode::hasChild1):
      (JSC::DFG::MinifiedNode::child1):
      (JSC::DFG::MinifiedNode::hasConstant):
      (JSC::DFG::MinifiedNode::hasConstantNumber):
      (JSC::DFG::MinifiedNode::constantNumber):
      (JSC::DFG::MinifiedNode::hasWeakConstant):
      (JSC::DFG::MinifiedNode::weakConstant):
      (JSC::DFG::MinifiedNode::getIndex):
      (JSC::DFG::MinifiedNode::compareByNodeIndex):
      (JSC::DFG::MinifiedNode::hasChild):
      * dfg/DFGNode.h:
      (Node):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler.h:
      (OSRExitCompiler):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::performPredictionPropagation):
      * dfg/DFGRedundantPhiEliminationPhase.cpp:
      (JSC::DFG::performRedundantPhiElimination):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      (DFG):
      (JSC::DFG::SpeculativeJIT::fillStorage):
      (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT.h:
      (DFG):
      (JSC::DFG::SpeculativeJIT::use):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::spill):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
      (JSC::DFG::SpeculativeJIT::recordSetLocal):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValueRecoveryOverride.h: Added.
      (DFG):
      (ValueRecoveryOverride):
      (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
      * dfg/DFGValueSource.cpp: Added.
      (DFG):
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h: Added.
      (DFG):
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::valueSourceKindToDataFormat):
      (JSC::DFG::isInRegisterFile):
      (ValueSource):
      (JSC::DFG::ValueSource::ValueSource):
      (JSC::DFG::ValueSource::forPrediction):
      (JSC::DFG::ValueSource::forDataFormat):
      (JSC::DFG::ValueSource::isSet):
      (JSC::DFG::ValueSource::kind):
      (JSC::DFG::ValueSource::isInRegisterFile):
      (JSC::DFG::ValueSource::dataFormat):
      (JSC::DFG::ValueSource::valueRecovery):
      (JSC::DFG::ValueSource::nodeIndex):
      (JSC::DFG::ValueSource::nodeIndexFromKind):
      (JSC::DFG::ValueSource::kindFromNodeIndex):
      * dfg/DFGVariableEvent.cpp: Added.
      (DFG):
      (JSC::DFG::VariableEvent::dump):
      (JSC::DFG::VariableEvent::dumpFillInfo):
      (JSC::DFG::VariableEvent::dumpSpillInfo):
      * dfg/DFGVariableEvent.h: Added.
      (DFG):
      (VariableEvent):
      (JSC::DFG::VariableEvent::VariableEvent):
      (JSC::DFG::VariableEvent::reset):
      (JSC::DFG::VariableEvent::fillGPR):
      (JSC::DFG::VariableEvent::fillPair):
      (JSC::DFG::VariableEvent::fillFPR):
      (JSC::DFG::VariableEvent::spill):
      (JSC::DFG::VariableEvent::death):
      (JSC::DFG::VariableEvent::setLocal):
      (JSC::DFG::VariableEvent::movHint):
      (JSC::DFG::VariableEvent::kind):
      (JSC::DFG::VariableEvent::nodeIndex):
      (JSC::DFG::VariableEvent::dataFormat):
      (JSC::DFG::VariableEvent::gpr):
      (JSC::DFG::VariableEvent::tagGPR):
      (JSC::DFG::VariableEvent::payloadGPR):
      (JSC::DFG::VariableEvent::fpr):
      (JSC::DFG::VariableEvent::virtualRegister):
      (JSC::DFG::VariableEvent::operand):
      (JSC::DFG::VariableEvent::variableRepresentation):
      * dfg/DFGVariableEventStream.cpp: Added.
      (DFG):
      (JSC::DFG::VariableEventStream::logEvent):
      (MinifiedGenerationInfo):
      (JSC::DFG::MinifiedGenerationInfo::MinifiedGenerationInfo):
      (JSC::DFG::MinifiedGenerationInfo::update):
      (JSC::DFG::VariableEventStream::reconstruct):
      * dfg/DFGVariableEventStream.h: Added.
      (DFG):
      (VariableEventStream):
      (JSC::DFG::VariableEventStream::appendAndLog):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::performVirtualRegisterAllocation):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121717 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8618e4ba
  3. 08 Jun, 2012 1 commit
    • wingo@igalia.com's avatar
      Explictly mark stubs called by JIT as being internal · 332e9bfa
      wingo@igalia.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88552
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * jit/HostCallReturnValue.h:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * jit/ThunkGenerators.cpp:
      * llint/LLIntSlowPaths.h: Mark a bunch of stubs as being
      WTF_INTERNAL.  Change most calls to SYMBOL_STRING_RELOCATION to
      LOCAL_REFERENCE, or GLOBAL_REFERENCE in the case of the wrappers
      to truly global symbols.
      * offlineasm/asm.rb: Generate LOCAL_REFERENCE instead of
      SYMBOL_STRING_RELOCATION.
      
      Don't rely on weak pointers for eager CodeBlock finalization
      https://bugs.webkit.org/show_bug.cgi?id=88465
      
      Reviewed by Gavin Barraclough.
      
      This is incompatible with lazy weak pointer finalization.
      
      I considered just making CodeBlock finalization lazy-friendly, but it
      turns out that the heap is already way up in CodeBlock's business when
      it comes to finalization, so I decided to finish the job and move full
      responsibility for CodeBlock finalization into the heap.
      
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Maybe this
      will build.
      
      * debugger/Debugger.cpp: Updated for rename.
      
      * heap/Heap.cpp:
      (JSC::Heap::deleteAllCompiledCode): Renamed for consistency. Fixed a bug
      where we would not delete code for a code block that had been previously
      jettisoned. I don't know if this happens in practice -- I mostly did
      this to improve consistency with deleteUnmarkedCompiledCode.
      
      (JSC::Heap::deleteUnmarkedCompiledCode): New function, responsible for
      eager finalization of unmarked code blocks.
      
      (JSC::Heap::collect): Updated for rename. Updated to call
      deleteUnmarkedCompiledCode(), which takes care of jettisoned DFG code
      blocks too.
      
      (JSC::Heap::addCompiledCode): Renamed, since this points to all code
      now, not just functions.
      
      * heap/Heap.h:
      (Heap): Keep track of all user code, not just functions. This is a
      negligible additional overhead, since most code is function code.
      
      * runtime/Executable.cpp:
      (JSC::*::finalize): Removed these functions, since we don't rely on
      weak pointer finalization anymore.
      
      (JSC::FunctionExecutable::FunctionExecutable): Moved linked-list stuff
      into base class so all executables can be in the list.
      
      (JSC::EvalExecutable::clearCode):
      (JSC::ProgramExecutable::clearCode):
      (JSC::FunctionExecutable::clearCode): All we need to do is delete our
      CodeBlock -- that will delete all of its internal data structures.
      
      (JSC::FunctionExecutable::clearCodeIfNotCompiling): Factored out a helper
      function to improve clarity.
      
      * runtime/Executable.h:
      (JSC::ExecutableBase): Moved linked-list stuff
      into base class so all executables can be in the list.
      
      (JSC::NativeExecutable::create):
      (NativeExecutable):
      (ScriptExecutable):
      (JSC::ScriptExecutable::finishCreation):
      (JSC::EvalExecutable::create):
      (EvalExecutable):
      (JSC::ProgramExecutable::create):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::create): Don't use a finalizer -- the heap
      will call us back to destroy our code block.
      
      (JSC::FunctionExecutable::discardCode): Renamed to clearCodeIfNotCompiling()
      for clarity.
      
      (JSC::FunctionExecutable::isCompiling): New helper function, for clarity.
      
      (JSC::ScriptExecutable::clearCodeVirtual): New helper function, since
      the heap needs to make polymorphic calls to clear code.
      
      * runtime/JSGlobalData.cpp:
      (JSC::StackPreservingRecompiler::operator()):
      * runtime/JSGlobalObject.cpp:
      (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Updated for
      renames.
      
      Source/WTF:
      
      * wtf/ExportMacros.h (WTF_INTERNAL, HAVE_INTERNAL_VISIBILITY): New
      defines.  Regardless of what the port does about visibility in
      general, for code referenced only from assembly it is useful to
      give it internal visibility.
      * wtf/InlineASM.h: Split SYMBOL_STRING_RELOCATION into
      LOCAL_REFERENCE and GLOBAL_REFERENCE; the former will try to avoid
      indirection if HAVE(INTERNAL_VISIBILITY).
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119857 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      332e9bfa
  4. 24 May, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should optimize aliased uses of the Arguments object of the current call frame · 9a548f19
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86552
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoff Garen.
              
      Merged r117542 and r117543 from dfgopt.
              
      Performs must-alias and escape analysis on uses of CreateArguments, and if
      a variable is must-aliased to CreateArguments and does not escape, then we
      turn all uses of that variable into direct arguments accesses.
              
      36% speed-up on V8/earley leading to a 2.3% speed-up overall in V8.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::uncheckedArgumentsRegister):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::argumentsThatWereNotCreated):
      (ValueRecovery):
      (JSC::ValueRecovery::dump):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAdjacencyList.h:
      (AdjacencyList):
      (JSC::DFG::AdjacencyList::removeEdgeFromBag):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      (ArgumentsSimplificationPhase):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
      (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
      (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
      * dfg/DFGGPRInfo.h:
      (GPRInfo):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::collectGarbage):
      (DFG):
      * dfg/DFGGraph.h:
      (Graph):
      (JSC::DFG::Graph::executableFor):
      (JSC::DFG::Graph::argumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
      (JSC::DFG::Graph::clobbersWorld):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasHeapPrediction):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler.h:
      (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
      (OSRExitCompiler):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::ValueSource::dump):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::VariableAccessData):
      (JSC::DFG::VariableAccessData::mergeIsArgumentsAlias):
      (VariableAccessData):
      (JSC::DFG::VariableAccessData::isArgumentsAlias):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      
      LayoutTests: 
      
      Rubber stamped by Geoff Garen.
              
      Merged r117542 from dfgopt.
              
      Added a bunch of tests that check that our optimizations for aliased uses of the
      'arguments' object are robust against various forms of JavaScript crazy.
              
      * fast/js/dfg-arguments-alias-escape-expected.txt: Added.
      * fast/js/dfg-arguments-alias-escape.html: Added.
      * fast/js/dfg-arguments-alias-expected.txt: Added.
      * fast/js/dfg-arguments-alias.html: Added.
      * fast/js/dfg-arguments-cross-code-origin-expected.txt: Added.
      * fast/js/dfg-arguments-cross-code-origin.html: Added.
      * fast/js/dfg-arguments-mixed-alias-expected.txt: Added.
      * fast/js/dfg-arguments-mixed-alias.html: Added.
      * fast/js/dfg-arguments-osr-exit-expected.txt: Added.
      * fast/js/dfg-arguments-osr-exit.html: Added.
      * fast/js/dfg-arguments-unexpected-escape-expected.txt: Added.
      * fast/js/dfg-arguments-unexpected-escape.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-arguments-alias-escape.js: Added.
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arguments-alias.js: Added.
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arguments-cross-code-origin.js: Added.
      (foo):
      (bar):
      (baz):
      * fast/js/script-tests/dfg-arguments-mixed-alias.js: Added.
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arguments-osr-exit.js: Added.
      (baz):
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arguments-unexpected-escape.js: Added.
      (baz):
      (foo):
      (bar):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118323 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9a548f19
  5. 08 Apr, 2012 1 commit
    • fpizlo@apple.com's avatar
      Forced OSR exits should lead to recompilation based on count, not rate · 3cb7e2c7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=83247
      <rdar://problem/10720925>
      
      Reviewed by Geoff Garen.
              
      Track which OSR exits happen because of inadequate coverage. Count them
      separately. If the count reaches a threshold, immediately trigger
      reoptimization.
              
      This is in contrast to the recompilation trigger for all other OSR exits.
      Normally recomp is triggered when the exit rate exceeds a certain ratio.
              
      Looks like a slight V8 speedup (sub 1%).
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::forcedOSRExitCounter):
      (JSC::CodeBlock::addressOfForcedOSRExitCounter):
      (JSC::CodeBlock::offsetOfForcedOSRExitCounter):
      (JSC::CodeBlock::shouldReoptimizeNow):
      (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
      (CodeBlock):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      * dfg/DFGOSRExitCompiler.cpp:
      (JSC::DFG::OSRExitCompiler::handleExitCounts):
      (DFG):
      * dfg/DFGOSRExitCompiler.h:
      (OSRExitCompiler):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113552 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3cb7e2c7
  6. 17 Dec, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG OSR exit may get confused about where in the scratch buffer it stored a value · 32776a52
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=74695
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      The code that reads from the scratch buffer now explicitly knows which locations to
      read from. No new tests, since this patch covers a case so uncommon that I don't know
      how to make a test for it.
      
      * dfg/DFGOSRExitCompiler.h:
      (JSC::DFG::OSRExitCompiler::badIndex):
      (JSC::DFG::OSRExitCompiler::initializePoisoned):
      (JSC::DFG::OSRExitCompiler::poisonIndex):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      
      LayoutTests: 
      
      Rubber stamped by Gavin Barraclough.
              
      Wrote a custom fuzzer that does 2048 different combinations of integer and float
      temporaries and induces a failure whilst all of them are live. If poisoning doesn't
      work correctly, a large number (>hundred) of the fuzzing cases fail.
      
      * fast/js/dfg-poison-fuzz-expected.txt: Added.
      * fast/js/dfg-poison-fuzz.html: Added.
      * fast/js/script-tests/dfg-poison-fuzz.js: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      32776a52
  7. 10 Nov, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG OSR exit code should be lazily generated · 4621171a
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=71744
      
      Reviewed by Gavin Barraclough.
              
      The OSR exit code is now generated the first time it is executed,
      rather than right after speculative compilation. Because most OSR
      exits are never taken, this should greatly reduce both code size
      and compilation time.
              
      This is a 1% win on SunSpider, and a 1% win on V8 when running in
      my harness. No change in V8 in V8's harness (due to the long runs,
      so compile time is not an issue) and no change in Kraken (again,
      long runs of small code so compile time has no measurable effect).
      
      * CMakeListsEfl.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/AbstractMacroAssembler.h:
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::jump):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::jump):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::jmp_m):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::createDFGDataIfNecessary):
      (JSC::CodeBlock::appendDFGOSREntryData):
      (JSC::CodeBlock::numberOfDFGOSREntries):
      (JSC::CodeBlock::dfgOSREntryData):
      (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (JSC::CodeBlock::numberOfOSRExits):
      (JSC::CodeBlock::numberOfSpeculationRecoveries):
      (JSC::CodeBlock::osrExit):
      (JSC::CodeBlock::speculationRecovery):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::debugCall):
      * dfg/DFGCorrectableJumpPoint.cpp: Added.
      (JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch):
      * dfg/DFGCorrectableJumpPoint.h: Added.
      (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
      (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
      (JSC::DFG::CorrectableJumpPoint::correctInitialJump):
      (JSC::DFG::CorrectableJumpPoint::correctLateJump):
      (JSC::DFG::CorrectableJumpPoint::initialJump):
      (JSC::DFG::CorrectableJumpPoint::lateJump):
      (JSC::DFG::CorrectableJumpPoint::correctJump):
      (JSC::DFG::CorrectableJumpPoint::getJump):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExit.cpp: Added.
      (JSC::DFG::OSRExit::OSRExit):
      (JSC::DFG::OSRExit::dump):
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler.cpp: Added.
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      * dfg/DFGThunks.cpp: Added.
      (JSC::DFG::osrExitGenerationThunkGenerator):
      * dfg/DFGThunks.h: Added.
      * jit/JITCode.h:
      (JSC::JITCode::dataAddressAtOffset):
      * runtime/JSGlobalData.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99787 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4621171a
  8. 09 Nov, 2011 1 commit