1. 19 Oct, 2013 1 commit
    • fpizlo@apple.com's avatar
      Baseline JIT and DFG IC code generation should be unified and rationalized · 5ba07883
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=122939
      
      Reviewed by Geoffrey Garen.
              
      Introduce the JITInlineCacheGenerator, which takes a CodeBlock and a CodeOrigin plus
      some register info and creates JIT inline caches for you. Used this to even furhter
      unify the baseline and DFG ICs. In the future we can use this for FTL ICs. And my hope
      is that we'll be able to use it for cascading ICs: an IC for some instruction may realize
      that it needs to do the equivalent of get_by_id, so with this generator it will be able
      to create an IC even though it wasn't associated with a get_by_id bytecode instruction.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/AbstractMacroAssembler.h:
      (JSC::AbstractMacroAssembler::DataLabelCompact::label):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::ecmaMode):
      * dfg/DFGInlineCacheWrapper.h: Added.
      (JSC::DFG::InlineCacheWrapper::InlineCacheWrapper):
      * dfg/DFGInlineCacheWrapperInlines.h: Added.
      (JSC::DFG::::finalize):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::addGetById):
      (JSC::DFG::JITCompiler::addPutById):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::cachedGetById):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/AssemblyHelpers.h:
      (JSC::AssemblyHelpers::isStrictModeFor):
      (JSC::AssemblyHelpers::strictModeFor):
      * jit/GPRInfo.h:
      (JSC::JSValueRegs::tagGPR):
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      * jit/JITInlineCacheGenerator.cpp: Added.
      (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
      (JSC::JITByIdGenerator::JITByIdGenerator):
      (JSC::JITByIdGenerator::finalize):
      (JSC::JITByIdGenerator::generateFastPathChecks):
      (JSC::JITGetByIdGenerator::generateFastPath):
      (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
      (JSC::JITPutByIdGenerator::generateFastPath):
      (JSC::JITPutByIdGenerator::slowPathFunction):
      * jit/JITInlineCacheGenerator.h: Added.
      (JSC::JITInlineCacheGenerator::JITInlineCacheGenerator):
      (JSC::JITInlineCacheGenerator::stubInfo):
      (JSC::JITByIdGenerator::JITByIdGenerator):
      (JSC::JITByIdGenerator::reportSlowPathCall):
      (JSC::JITByIdGenerator::slowPathJump):
      (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
      (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::emitSlow_op_put_by_id):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_get_by_id):
      (JSC::JIT::emitSlow_op_get_by_id):
      (JSC::JIT::emit_op_put_by_id):
      (JSC::JIT::emitSlow_op_put_by_id):
      * jit/RegisterSet.h:
      (JSC::RegisterSet::set):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157685 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      5ba07883
  2. 07 Sep, 2013 1 commit
    • andersca@apple.com's avatar
      Get rid of FastAllocBase.h · 3d185a87
      andersca@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120952
      
      Reviewed by Antti Koivisto.
      
      Source/JavaScriptCore:
      
      Include FastMalloc.h instead of FastAllocBase.h.
      
      * assembler/LinkBuffer.h:
      * bytecode/CodeBlock.h:
      * bytecode/StructureStubClearingWatchpoint.h:
      * dfg/DFGFinalizer.h:
      * dfg/DFGLongLivedState.h:
      * dfg/DFGSlowPathGenerator.h:
      * ftl/FTLAbstractHeap.h:
      * heap/JITStubRoutineSet.h:
      * jit/CompactJITCodeMap.h:
      * profiler/ProfilerDatabase.h:
      * profiler/ProfilerExecutionCounter.h:
      
      Source/WebCore:
      
      Include FastMalloc.h instead of FastAllocBase.h.
      
      * Modules/webdatabase/SQLTransactionClient.h:
      * bindings/js/GCController.h:
      * bridge/Bridge.h:
      * bridge/IdentifierRep.h:
      * dom/DocumentStyleSheetCollection.h:
      * dom/TransformSource.h:
      * html/InputType.h:
      * inspector/InspectorCounters.h:
      * inspector/InstrumentingAgents.h:
      * inspector/WorkerInspectorController.h:
      * loader/cache/CachedResourceClient.h:
      * page/FrameActionScheduler.h:
      * platform/Length.h:
      * platform/MemoryPressureHandler.h:
      * platform/ScrollAnimator.h:
      * platform/SharedTimer.h:
      * platform/audio/gstreamer/FFTFrameGStreamer.cpp:
      * platform/cairo/WidgetBackingStore.h:
      * platform/graphics/Color.h:
      * platform/graphics/FontData.h:
      * platform/graphics/Path.h:
      * platform/graphics/qt/FontCustomPlatformData.h:
      * platform/graphics/transforms/AffineTransform.h:
      * platform/graphics/transforms/TransformationMatrix.h:
      * platform/gtk/GtkDragAndDropHelper.h:
      * platform/gtk/GtkPopupMenu.h:
      * platform/network/NetworkStateNotifier.h:
      * platform/sql/SQLiteTransaction.h:
      * platform/text/enchant/TextCheckerEnchant.h:
      * rendering/RenderArena.h:
      * rendering/TableLayout.h:
      * rendering/style/StyleCustomFilterProgram.h:
      * rendering/style/StyleCustomFilterProgramCache.h:
      * svg/SVGPathConsumer.h:
      * workers/WorkerScriptLoader.h:
      
      Source/WTF:
      
      FastAllocBase.h now only contains the WTF_MAKE_FAST_ALLOCATED macro.
      Move that macro to FastMalloc.h instead and remove FastAllocBase.h.
      
      * WTF.vcxproj/WTF.vcxproj:
      * WTF.vcxproj/WTF.vcxproj.filters:
      * WTF.xcodeproj/project.pbxproj:
      * wtf/DeferrableRefCounted.h:
      * wtf/FastAllocBase.h: Removed.
      * wtf/FastMalloc.h:
      * wtf/HashSet.h:
      * wtf/MediaTime.h:
      * wtf/PrintStream.h:
      * wtf/RefCounted.h:
      * wtf/RefPtr.h:
      * wtf/ThreadingPrimitives.h:
      * wtf/Vector.h:
      * wtf/gobject/GMutexLocker.h:
      * wtf/unicode/Collator.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@155251 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3d185a87
  3. 29 Jan, 2013 1 commit
    • fpizlo@apple.com's avatar
      DFG should not use a graph that is a vector, Nodes shouldn't move after... · 8ff092fc
      fpizlo@apple.com authored
      DFG should not use a graph that is a vector, Nodes shouldn't move after allocation, and we should always refer to nodes by Node*
      https://bugs.webkit.org/show_bug.cgi?id=106868
      
      Reviewed by Oliver Hunt.
              
      This adds a pool allocator for Nodes, and uses that instead of a Vector. Changes all
      uses of Node& and NodeIndex to be simply Node*. Nodes no longer have an index except
      for debugging (Node::index(), which is not guaranteed to be O(1)).
              
      1% speed-up on SunSpider, presumably because this improves compile times.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/DataFormat.h:
      (JSC::dataFormatToString):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::booleanResult):
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::mergeToSuccessors):
      (JSC::DFG::AbstractState::mergeVariableBetweenBlocks):
      (JSC::DFG::AbstractState::dump):
      * dfg/DFGAbstractState.h:
      (DFG):
      (JSC::DFG::AbstractState::forNode):
      (AbstractState):
      (JSC::DFG::AbstractState::speculateInt32Unary):
      (JSC::DFG::AbstractState::speculateNumberUnary):
      (JSC::DFG::AbstractState::speculateBooleanUnary):
      (JSC::DFG::AbstractState::speculateInt32Binary):
      (JSC::DFG::AbstractState::speculateNumberBinary):
      (JSC::DFG::AbstractState::trySetConstant):
      * dfg/DFGAbstractValue.h:
      (AbstractValue):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::AdjacencyList):
      (JSC::DFG::AdjacencyList::initialize):
      * dfg/DFGAllocator.h: Added.
      (DFG):
      (Allocator):
      (JSC::DFG::Allocator::Region::size):
      (JSC::DFG::Allocator::Region::headerSize):
      (JSC::DFG::Allocator::Region::numberOfThingsPerRegion):
      (JSC::DFG::Allocator::Region::data):
      (JSC::DFG::Allocator::Region::isInThisRegion):
      (JSC::DFG::Allocator::Region::regionFor):
      (Region):
      (JSC::DFG::::Allocator):
      (JSC::DFG::::~Allocator):
      (JSC::DFG::::allocate):
      (JSC::DFG::::free):
      (JSC::DFG::::freeAll):
      (JSC::DFG::::reset):
      (JSC::DFG::::indexOf):
      (JSC::DFG::::allocatorOf):
      (JSC::DFG::::bumpAllocate):
      (JSC::DFG::::freeListAllocate):
      (JSC::DFG::::allocateSlow):
      (JSC::DFG::::freeRegionsStartingAt):
      (JSC::DFG::::startBumpingIn):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
      (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
      (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
      * dfg/DFGArrayMode.cpp:
      (JSC::DFG::ArrayMode::originalArrayStructure):
      (JSC::DFG::ArrayMode::alreadyChecked):
      * dfg/DFGArrayMode.h:
      (ArrayMode):
      * dfg/DFGArrayifySlowPathGenerator.h:
      (JSC::DFG::ArrayifySlowPathGenerator::ArrayifySlowPathGenerator):
      * dfg/DFGBasicBlock.h:
      (JSC::DFG::BasicBlock::node):
      (JSC::DFG::BasicBlock::isInPhis):
      (JSC::DFG::BasicBlock::isInBlock):
      (BasicBlock):
      * dfg/DFGBasicBlockInlines.h:
      (DFG):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (JSC::DFG::ByteCodeParser::getDirect):
      (JSC::DFG::ByteCodeParser::get):
      (JSC::DFG::ByteCodeParser::setDirect):
      (JSC::DFG::ByteCodeParser::set):
      (JSC::DFG::ByteCodeParser::setPair):
      (JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
      (JSC::DFG::ByteCodeParser::getLocal):
      (JSC::DFG::ByteCodeParser::setLocal):
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::setArgument):
      (JSC::DFG::ByteCodeParser::flushDirect):
      (JSC::DFG::ByteCodeParser::getToInt32):
      (JSC::DFG::ByteCodeParser::toInt32):
      (JSC::DFG::ByteCodeParser::getJSConstantForValue):
      (JSC::DFG::ByteCodeParser::getJSConstant):
      (JSC::DFG::ByteCodeParser::getCallee):
      (JSC::DFG::ByteCodeParser::getThis):
      (JSC::DFG::ByteCodeParser::setThis):
      (JSC::DFG::ByteCodeParser::isJSConstant):
      (JSC::DFG::ByteCodeParser::isInt32Constant):
      (JSC::DFG::ByteCodeParser::valueOfJSConstant):
      (JSC::DFG::ByteCodeParser::valueOfInt32Constant):
      (JSC::DFG::ByteCodeParser::constantUndefined):
      (JSC::DFG::ByteCodeParser::constantNull):
      (JSC::DFG::ByteCodeParser::one):
      (JSC::DFG::ByteCodeParser::constantNaN):
      (JSC::DFG::ByteCodeParser::cellConstant):
      (JSC::DFG::ByteCodeParser::addToGraph):
      (JSC::DFG::ByteCodeParser::insertPhiNode):
      (JSC::DFG::ByteCodeParser::addVarArgChild):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::getPrediction):
      (JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::makeDivSafe):
      (JSC::DFG::ByteCodeParser::ConstantRecord::ConstantRecord):
      (ConstantRecord):
      (JSC::DFG::ByteCodeParser::PhiStackEntry::PhiStackEntry):
      (PhiStackEntry):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::emitFunctionChecks):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::setIntrinsicResult):
      (JSC::DFG::ByteCodeParser::handleMinMax):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::handleGetByOffset):
      (JSC::DFG::ByteCodeParser::handleGetById):
      (JSC::DFG::ByteCodeParser::getScope):
      (JSC::DFG::ByteCodeParser::parseResolveOperations):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack):
      (JSC::DFG::ByteCodeParser::linkBlock):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::performBlockCFA):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixPhis):
      (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
      (OperandSubstitution):
      (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
      (JSC::DFG::CFGSimplificationPhase::recordNewTarget):
      (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::canonicalize):
      (JSC::DFG::CSEPhase::endIndexForPureCSE):
      (JSC::DFG::CSEPhase::pureCSE):
      (JSC::DFG::CSEPhase::constantCSE):
      (JSC::DFG::CSEPhase::weakConstantCSE):
      (JSC::DFG::CSEPhase::getCalleeLoadElimination):
      (JSC::DFG::CSEPhase::getArrayLengthElimination):
      (JSC::DFG::CSEPhase::globalVarLoadElimination):
      (JSC::DFG::CSEPhase::scopedVarLoadElimination):
      (JSC::DFG::CSEPhase::globalVarWatchpointElimination):
      (JSC::DFG::CSEPhase::globalVarStoreElimination):
      (JSC::DFG::CSEPhase::scopedVarStoreElimination):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::checkFunctionElimination):
      (JSC::DFG::CSEPhase::checkExecutableElimination):
      (JSC::DFG::CSEPhase::checkStructureElimination):
      (JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
      (JSC::DFG::CSEPhase::putStructureStoreElimination):
      (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
      (JSC::DFG::CSEPhase::putByOffsetStoreElimination):
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::checkArrayElimination):
      (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::getMyScopeLoadElimination):
      (JSC::DFG::CSEPhase::getLocalLoadElimination):
      (JSC::DFG::CSEPhase::setLocalStoreElimination):
      (JSC::DFG::CSEPhase::performSubstitution):
      (JSC::DFG::CSEPhase::eliminateIrrelevantPhantomChildren):
      (JSC::DFG::CSEPhase::setReplacement):
      (JSC::DFG::CSEPhase::eliminate):
      (JSC::DFG::CSEPhase::performNodeCSE):
      (JSC::DFG::CSEPhase::performBlockCSE):
      (CSEPhase):
      * dfg/DFGCommon.cpp: Added.
      (DFG):
      (JSC::DFG::NodePointerTraits::dump):
      * dfg/DFGCommon.h:
      (DFG):
      (JSC::DFG::NodePointerTraits::defaultValue):
      (NodePointerTraits):
      (JSC::DFG::verboseCompilationEnabled):
      (JSC::DFG::shouldDumpGraphAtEachPhase):
      (JSC::DFG::validationEnabled):
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::foldConstants):
      (JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
      (JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
      (JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
      * dfg/DFGDisassembler.cpp:
      (JSC::DFG::Disassembler::Disassembler):
      (JSC::DFG::Disassembler::createDumpList):
      (JSC::DFG::Disassembler::dumpDisassembly):
      * dfg/DFGDisassembler.h:
      (JSC::DFG::Disassembler::setForNode):
      (Disassembler):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGEdge.cpp: Added.
      (DFG):
      (JSC::DFG::Edge::dump):
      * dfg/DFGEdge.h:
      (JSC::DFG::Edge::Edge):
      (JSC::DFG::Edge::node):
      (JSC::DFG::Edge::operator*):
      (JSC::DFG::Edge::operator->):
      (Edge):
      (JSC::DFG::Edge::setNode):
      (JSC::DFG::Edge::useKind):
      (JSC::DFG::Edge::setUseKind):
      (JSC::DFG::Edge::isSet):
      (JSC::DFG::Edge::shift):
      (JSC::DFG::Edge::makeWord):
      (JSC::DFG::operator==):
      (JSC::DFG::operator!=):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::fixupBlock):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::checkArray):
      (JSC::DFG::FixupPhase::blessArrayOperation):
      (JSC::DFG::FixupPhase::fixIntEdge):
      (JSC::DFG::FixupPhase::fixDoubleEdge):
      (JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
      (FixupPhase):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::GenerationInfo):
      (JSC::DFG::GenerationInfo::initConstant):
      (JSC::DFG::GenerationInfo::initInteger):
      (JSC::DFG::GenerationInfo::initJSValue):
      (JSC::DFG::GenerationInfo::initCell):
      (JSC::DFG::GenerationInfo::initBoolean):
      (JSC::DFG::GenerationInfo::initDouble):
      (JSC::DFG::GenerationInfo::initStorage):
      (GenerationInfo):
      (JSC::DFG::GenerationInfo::node):
      (JSC::DFG::GenerationInfo::noticeOSRBirth):
      (JSC::DFG::GenerationInfo::use):
      (JSC::DFG::GenerationInfo::appendFill):
      (JSC::DFG::GenerationInfo::appendSpill):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::Graph):
      (JSC::DFG::Graph::~Graph):
      (DFG):
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::amountOfNodeWhiteSpace):
      (JSC::DFG::Graph::printNodeWhiteSpace):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::dumpBlockHeader):
      (JSC::DFG::Graph::refChildren):
      (JSC::DFG::Graph::derefChildren):
      (JSC::DFG::Graph::predictArgumentTypes):
      (JSC::DFG::Graph::collectGarbage):
      (JSC::DFG::Graph::determineReachability):
      (JSC::DFG::Graph::resetExitStates):
      * dfg/DFGGraph.h:
      (Graph):
      (JSC::DFG::Graph::ref):
      (JSC::DFG::Graph::deref):
      (JSC::DFG::Graph::changeChild):
      (JSC::DFG::Graph::compareAndSwap):
      (JSC::DFG::Graph::clearAndDerefChild):
      (JSC::DFG::Graph::clearAndDerefChild1):
      (JSC::DFG::Graph::clearAndDerefChild2):
      (JSC::DFG::Graph::clearAndDerefChild3):
      (JSC::DFG::Graph::convertToConstant):
      (JSC::DFG::Graph::getJSConstantSpeculation):
      (JSC::DFG::Graph::addSpeculationMode):
      (JSC::DFG::Graph::valueAddSpeculationMode):
      (JSC::DFG::Graph::arithAddSpeculationMode):
      (JSC::DFG::Graph::addShouldSpeculateInteger):
      (JSC::DFG::Graph::mulShouldSpeculateInteger):
      (JSC::DFG::Graph::negateShouldSpeculateInteger):
      (JSC::DFG::Graph::isConstant):
      (JSC::DFG::Graph::isJSConstant):
      (JSC::DFG::Graph::isInt32Constant):
      (JSC::DFG::Graph::isDoubleConstant):
      (JSC::DFG::Graph::isNumberConstant):
      (JSC::DFG::Graph::isBooleanConstant):
      (JSC::DFG::Graph::isCellConstant):
      (JSC::DFG::Graph::isFunctionConstant):
      (JSC::DFG::Graph::isInternalFunctionConstant):
      (JSC::DFG::Graph::valueOfJSConstant):
      (JSC::DFG::Graph::valueOfInt32Constant):
      (JSC::DFG::Graph::valueOfNumberConstant):
      (JSC::DFG::Graph::valueOfBooleanConstant):
      (JSC::DFG::Graph::valueOfFunctionConstant):
      (JSC::DFG::Graph::valueProfileFor):
      (JSC::DFG::Graph::methodOfGettingAValueProfileFor):
      (JSC::DFG::Graph::numSuccessors):
      (JSC::DFG::Graph::successor):
      (JSC::DFG::Graph::successorForCondition):
      (JSC::DFG::Graph::isPredictedNumerical):
      (JSC::DFG::Graph::byValIsPure):
      (JSC::DFG::Graph::clobbersWorld):
      (JSC::DFG::Graph::varArgNumChildren):
      (JSC::DFG::Graph::numChildren):
      (JSC::DFG::Graph::varArgChild):
      (JSC::DFG::Graph::child):
      (JSC::DFG::Graph::voteNode):
      (JSC::DFG::Graph::voteChildren):
      (JSC::DFG::Graph::substitute):
      (JSC::DFG::Graph::substituteGetLocal):
      (JSC::DFG::Graph::addImmediateShouldSpeculateInteger):
      (JSC::DFG::Graph::mulImmediateShouldSpeculateInteger):
      * dfg/DFGInsertionSet.h:
      (JSC::DFG::Insertion::Insertion):
      (JSC::DFG::Insertion::element):
      (Insertion):
      (JSC::DFG::InsertionSet::insert):
      (InsertionSet):
      * dfg/DFGJITCompiler.cpp:
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::setForNode):
      (JSC::DFG::JITCompiler::addressOfDoubleConstant):
      (JSC::DFG::JITCompiler::noticeOSREntry):
      * dfg/DFGLongLivedState.cpp: Added.
      (DFG):
      (JSC::DFG::LongLivedState::LongLivedState):
      (JSC::DFG::LongLivedState::~LongLivedState):
      (JSC::DFG::LongLivedState::shrinkToFit):
      * dfg/DFGLongLivedState.h: Added.
      (DFG):
      (LongLivedState):
      * dfg/DFGMinifiedID.h:
      (JSC::DFG::MinifiedID::MinifiedID):
      (JSC::DFG::MinifiedID::node):
      * dfg/DFGMinifiedNode.cpp:
      (JSC::DFG::MinifiedNode::fromNode):
      * dfg/DFGMinifiedNode.h:
      (MinifiedNode):
      * dfg/DFGNode.cpp: Added.
      (DFG):
      (JSC::DFG::Node::index):
      (WTF):
      (WTF::printInternal):
      * dfg/DFGNode.h:
      (DFG):
      (JSC::DFG::Node::Node):
      (Node):
      (JSC::DFG::Node::convertToGetByOffset):
      (JSC::DFG::Node::convertToPutByOffset):
      (JSC::DFG::Node::ref):
      (JSC::DFG::Node::shouldSpeculateInteger):
      (JSC::DFG::Node::shouldSpeculateIntegerForArithmetic):
      (JSC::DFG::Node::shouldSpeculateIntegerExpectingDefined):
      (JSC::DFG::Node::shouldSpeculateDoubleForArithmetic):
      (JSC::DFG::Node::shouldSpeculateNumber):
      (JSC::DFG::Node::shouldSpeculateNumberExpectingDefined):
      (JSC::DFG::Node::shouldSpeculateFinalObject):
      (JSC::DFG::Node::shouldSpeculateArray):
      (JSC::DFG::Node::dumpChildren):
      (WTF):
      * dfg/DFGNodeAllocator.h: Added.
      (DFG):
      (operator new ):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      (SpeculationFailureDebugInfo):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPhase.cpp:
      (DFG):
      (JSC::DFG::Phase::beginPhase):
      (JSC::DFG::Phase::endPhase):
      * dfg/DFGPhase.h:
      (Phase):
      (JSC::DFG::runAndLog):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::setPrediction):
      (JSC::DFG::PredictionPropagationPhase::mergePrediction):
      (JSC::DFG::PredictionPropagationPhase::isNotNegZero):
      (JSC::DFG::PredictionPropagationPhase::isNotZero):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoForConstant):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwoNonRecursive):
      (JSC::DFG::PredictionPropagationPhase::isWithinPowerOfTwo):
      (JSC::DFG::PredictionPropagationPhase::propagate):
      (JSC::DFG::PredictionPropagationPhase::mergeDefaultFlags):
      (JSC::DFG::PredictionPropagationPhase::propagateForward):
      (JSC::DFG::PredictionPropagationPhase::propagateBackward):
      (JSC::DFG::PredictionPropagationPhase::doDoubleVoting):
      (PredictionPropagationPhase):
      (JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::ScoreBoard):
      (JSC::DFG::ScoreBoard::use):
      (JSC::DFG::ScoreBoard::useIfHasResult):
      (ScoreBoard):
      * dfg/DFGSilentRegisterSavePlan.h:
      (JSC::DFG::SilentRegisterSavePlan::SilentRegisterSavePlan):
      (JSC::DFG::SilentRegisterSavePlan::node):
      (SilentRegisterSavePlan):
      * dfg/DFGSlowPathGenerator.h:
      (JSC::DFG::SlowPathGenerator::SlowPathGenerator):
      (JSC::DFG::SlowPathGenerator::generate):
      (SlowPathGenerator):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (JSC::DFG::SpeculativeJIT::speculationWatchpoint):
      (JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
      (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
      (JSC::DFG::SpeculativeJIT::terminateSpeculativeExecution):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForGPR):
      (JSC::DFG::SpeculativeJIT::silentSavePlanForFPR):
      (JSC::DFG::SpeculativeJIT::silentSpill):
      (JSC::DFG::SpeculativeJIT::silentFill):
      (JSC::DFG::SpeculativeJIT::checkArray):
      (JSC::DFG::SpeculativeJIT::arrayify):
      (JSC::DFG::SpeculativeJIT::fillStorage):
      (JSC::DFG::SpeculativeJIT::useChildren):
      (JSC::DFG::SpeculativeJIT::isStrictInt32):
      (JSC::DFG::SpeculativeJIT::isKnownInteger):
      (JSC::DFG::SpeculativeJIT::isKnownNumeric):
      (JSC::DFG::SpeculativeJIT::isKnownCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotCell):
      (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
      (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
      (JSC::DFG::SpeculativeJIT::writeBarrier):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
      (JSC::DFG::GPRTemporary::GPRTemporary):
      (JSC::DFG::FPRTemporary::FPRTemporary):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      (JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
      (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
      (JSC::DFG::SpeculativeJIT::checkGeneratedTypeForToInt32):
      (JSC::DFG::SpeculativeJIT::compileValueToInt32):
      (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
      (JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):
      (JSC::DFG::SpeculativeJIT::compileInstanceOfForObject):
      (JSC::DFG::SpeculativeJIT::compileInstanceOf):
      (JSC::DFG::SpeculativeJIT::compileSoftModulo):
      (JSC::DFG::SpeculativeJIT::compileAdd):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
      (JSC::DFG::SpeculativeJIT::compileArithMul):
      (JSC::DFG::SpeculativeJIT::compileIntegerArithDivForX86):
      (JSC::DFG::SpeculativeJIT::compileArithMod):
      (JSC::DFG::SpeculativeJIT::compare):
      (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
      (JSC::DFG::SpeculativeJIT::compileStrictEq):
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileGetByValOnArguments):
      (JSC::DFG::SpeculativeJIT::compileGetArgumentsLength):
      (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
      (JSC::DFG::SpeculativeJIT::compileNewFunctionNoCheck):
      (JSC::DFG::SpeculativeJIT::compileNewFunctionExpression):
      (JSC::DFG::SpeculativeJIT::compileRegExpExec):
      (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
      (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::canReuse):
      (JSC::DFG::SpeculativeJIT::isFilled):
      (JSC::DFG::SpeculativeJIT::isFilledDouble):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::isConstant):
      (JSC::DFG::SpeculativeJIT::isJSConstant):
      (JSC::DFG::SpeculativeJIT::isInt32Constant):
      (JSC::DFG::SpeculativeJIT::isDoubleConstant):
      (JSC::DFG::SpeculativeJIT::isNumberConstant):
      (JSC::DFG::SpeculativeJIT::isBooleanConstant):
      (JSC::DFG::SpeculativeJIT::isFunctionConstant):
      (JSC::DFG::SpeculativeJIT::valueOfInt32Constant):
      (JSC::DFG::SpeculativeJIT::valueOfNumberConstant):
      (JSC::DFG::SpeculativeJIT::valueOfNumberConstantAsInt32):
      (JSC::DFG::SpeculativeJIT::addressOfDoubleConstant):
      (JSC::DFG::SpeculativeJIT::valueOfJSConstant):
      (JSC::DFG::SpeculativeJIT::valueOfBooleanConstant):
      (JSC::DFG::SpeculativeJIT::valueOfFunctionConstant):
      (JSC::DFG::SpeculativeJIT::isNullConstant):
      (JSC::DFG::SpeculativeJIT::valueOfJSConstantAsImm64):
      (JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
      (JSC::DFG::SpeculativeJIT::integerResult):
      (JSC::DFG::SpeculativeJIT::noResult):
      (JSC::DFG::SpeculativeJIT::cellResult):
      (JSC::DFG::SpeculativeJIT::booleanResult):
      (JSC::DFG::SpeculativeJIT::jsValueResult):
      (JSC::DFG::SpeculativeJIT::storageResult):
      (JSC::DFG::SpeculativeJIT::doubleResult):
      (JSC::DFG::SpeculativeJIT::initConstantInfo):
      (JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheck):
      (JSC::DFG::SpeculativeJIT::isInteger):
      (JSC::DFG::SpeculativeJIT::temporaryRegisterForPutByVal):
      (JSC::DFG::SpeculativeJIT::emitAllocateBasicStorage):
      (JSC::DFG::SpeculativeJIT::setNodeForOperand):
      (JSC::DFG::IntegerOperand::IntegerOperand):
      (JSC::DFG::IntegerOperand::node):
      (JSC::DFG::IntegerOperand::gpr):
      (JSC::DFG::IntegerOperand::use):
      (IntegerOperand):
      (JSC::DFG::DoubleOperand::DoubleOperand):
      (JSC::DFG::DoubleOperand::node):
      (JSC::DFG::DoubleOperand::fpr):
      (JSC::DFG::DoubleOperand::use):
      (DoubleOperand):
      (JSC::DFG::JSValueOperand::JSValueOperand):
      (JSC::DFG::JSValueOperand::node):
      (JSC::DFG::JSValueOperand::gpr):
      (JSC::DFG::JSValueOperand::fill):
      (JSC::DFG::JSValueOperand::use):
      (JSValueOperand):
      (JSC::DFG::StorageOperand::StorageOperand):
      (JSC::DFG::StorageOperand::node):
      (JSC::DFG::StorageOperand::gpr):
      (JSC::DFG::StorageOperand::use):
      (StorageOperand):
      (JSC::DFG::SpeculateIntegerOperand::SpeculateIntegerOperand):
      (JSC::DFG::SpeculateIntegerOperand::node):
      (JSC::DFG::SpeculateIntegerOperand::gpr):
      (JSC::DFG::SpeculateIntegerOperand::use):
      (SpeculateIntegerOperand):
      (JSC::DFG::SpeculateStrictInt32Operand::SpeculateStrictInt32Operand):
      (JSC::DFG::SpeculateStrictInt32Operand::node):
      (JSC::DFG::SpeculateStrictInt32Operand::gpr):
      (JSC::DFG::SpeculateStrictInt32Operand::use):
      (SpeculateStrictInt32Operand):
      (JSC::DFG::SpeculateDoubleOperand::SpeculateDoubleOperand):
      (JSC::DFG::SpeculateDoubleOperand::node):
      (JSC::DFG::SpeculateDoubleOperand::fpr):
      (JSC::DFG::SpeculateDoubleOperand::use):
      (SpeculateDoubleOperand):
      (JSC::DFG::SpeculateCellOperand::SpeculateCellOperand):
      (JSC::DFG::SpeculateCellOperand::node):
      (JSC::DFG::SpeculateCellOperand::gpr):
      (JSC::DFG::SpeculateCellOperand::use):
      (SpeculateCellOperand):
      (JSC::DFG::SpeculateBooleanOperand::SpeculateBooleanOperand):
      (JSC::DFG::SpeculateBooleanOperand::node):
      (JSC::DFG::SpeculateBooleanOperand::gpr):
      (JSC::DFG::SpeculateBooleanOperand::use):
      (SpeculateBooleanOperand):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compileValueAdd):
      (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToNumber):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeValueToInt32):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
      (JSC::DFG::SpeculativeJIT::cachedPutById):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompare):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateInt):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntStrict):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
      (JSC::DFG::SpeculativeJIT::compileIntegerCompare):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compileValueAdd):
      (JSC::DFG::SpeculativeJIT::compileNonStringCellOrOtherLogicalNot):
      (JSC::DFG::SpeculativeJIT::compileLogicalNot):
      (JSC::DFG::SpeculativeJIT::emitNonStringCellOrOtherBranch):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGStructureAbstractValue.h:
      (StructureAbstractValue):
      * dfg/DFGStructureCheckHoistingPhase.cpp:
      (JSC::DFG::StructureCheckHoistingPhase::run):
      * dfg/DFGValidate.cpp:
      (DFG):
      (Validate):
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::reportValidationContext):
      * dfg/DFGValidate.h:
      * dfg/DFGValueSource.cpp:
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h:
      (JSC::DFG::ValueSource::ValueSource):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      * runtime/FunctionExecutableDump.cpp: Added.
      (JSC):
      (JSC::FunctionExecutableDump::dump):
      * runtime/FunctionExecutableDump.h: Added.
      (JSC):
      (FunctionExecutableDump):
      (JSC::FunctionExecutableDump::FunctionExecutableDump):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (DFG):
      (JSGlobalData):
      * runtime/Options.h:
      (JSC):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@141069 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8ff092fc
  4. 18 May, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should have control flow graph simplification · 79c51ee1
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=84553
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Merged r115512 from dfgopt.
      
      This change gives the DFG the ability to simplify the control flow graph
      as part of an optimization fixpoint that includes CSE, CFA, and constant
      folding. This required a number of interesting changes including:
              
      - Solidifying the set of invariants that the DFG obeys. For example, the
        head and tail of each basic block must advertise the set of live locals
        and the set of available locals, respectively. It must do so by
        referring to the first access to the local in the block (for head) and
        the last one (for tail). This patch introduces the start of a
        validation step that may be turned on even with asserts disabled. To
        ensure that these invariants are preserved, I had to remove the
        redundant phi elimination phase. For now I just remove the call, but in
        the future we will probably remove it entirely unless we find a use for
        it.
              
      - Making it easier to get the boolean version of a JSValue. This is a
        pure operation, but we previously did not treat it as such.
              
      - Fixing the merging and filtering of AbstractValues that correspond to
        concrete JSValues. This was previously broken and was limiting the
        effect of running constant folding. Fixing this meant that I had to
        change how constant folding eliminates GetLocal nodes, so as to ensure
        that the resulting graph still obeys DFG rules.
              
      - Introducing simplified getters for some of the things that DFG phases
        want to know about, like the Nth child of a node (now just
        graph.child(...) if you don't care about performance too much) or
        getting successors of a basic block.
              
      The current CFG simplifier can handle almost all of the cases that it
      ought to handle; the noteworthy one that is not yet handled is removing
      basic blocks that just have jumps. To do this right we need to be able
      to remove jump-only blocks that also perform keep-alive on some values.
      To make this work, we need to be able to hoist the keep-alive into (or
      just above) a Branch. This is not fundamentally difficult but I opted to
      let this patch omit this optimization. We can handle this later.
              
      This is a big win on programs that include inline functions that are
      often called with constant arguments. Of course, SunSpider, V8, and
      Kraken don't count. Those benchmarks are completely neutral with this
      change.
      
      * API/JSValueRef.cpp:
      (JSValueToBoolean):
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
      * bytecode/Operands.h:
      (JSC::Operands::setOperandFirstTime):
      (Operands):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::initialize):
      (JSC::DFG::AbstractState::execute):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      (JSC::DFG::AbstractState::mergeToSuccessors):
      * dfg/DFGAbstractValue.h:
      (JSC::DFG::AbstractValue::isClear):
      (JSC::DFG::AbstractValue::operator!=):
      (JSC::DFG::AbstractValue::merge):
      (JSC::DFG::AbstractValue::filter):
      (JSC::DFG::AbstractValue::validateIgnoringValue):
      (AbstractValue):
      * dfg/DFGAdjacencyList.h:
      (JSC::DFG::AdjacencyList::child):
      (JSC::DFG::AdjacencyList::setChild):
      (AdjacencyList):
      * dfg/DFGBasicBlock.h:
      (JSC::DFG::BasicBlock::~BasicBlock):
      (BasicBlock):
      (JSC::DFG::BasicBlock::numNodes):
      (JSC::DFG::BasicBlock::nodeIndex):
      (JSC::DFG::BasicBlock::isPhiIndex):
      (JSC::DFG::BasicBlock::isInPhis):
      (JSC::DFG::BasicBlock::isInBlock):
      * dfg/DFGByteCodeParser.cpp:
      (ByteCodeParser):
      (DFG):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::CFAPhase::run):
      (JSC::DFG::CFAPhase::performBlockCFA):
      (JSC::DFG::performCFA):
      * dfg/DFGCFAPhase.h:
      (DFG):
      * dfg/DFGCFGSimplificationPhase.cpp: Added.
      (DFG):
      (CFGSimplificationPhase):
      (JSC::DFG::CFGSimplificationPhase::CFGSimplificationPhase):
      (JSC::DFG::CFGSimplificationPhase::run):
      (JSC::DFG::CFGSimplificationPhase::killUnreachable):
      (JSC::DFG::CFGSimplificationPhase::findOperandSource):
      (JSC::DFG::CFGSimplificationPhase::keepOperandAlive):
      (JSC::DFG::CFGSimplificationPhase::fixPossibleGetLocal):
      (JSC::DFG::CFGSimplificationPhase::jettisonBlock):
      (JSC::DFG::CFGSimplificationPhase::fixPhis):
      (JSC::DFG::CFGSimplificationPhase::fixJettisonedPredecessors):
      (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::OperandSubstitution):
      (OperandSubstitution):
      (JSC::DFG::CFGSimplificationPhase::OperandSubstitution::dump):
      (JSC::DFG::CFGSimplificationPhase::skipGetLocal):
      (JSC::DFG::CFGSimplificationPhase::fixTailOperand):
      (JSC::DFG::CFGSimplificationPhase::mergeBlocks):
      (JSC::DFG::performCFGSimplification):
      * dfg/DFGCFGSimplificationPhase.h: Added.
      (DFG):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::run):
      (CSEPhase):
      (JSC::DFG::CSEPhase::impureCSE):
      (JSC::DFG::CSEPhase::globalVarLoadElimination):
      (JSC::DFG::CSEPhase::getByValLoadElimination):
      (JSC::DFG::CSEPhase::checkStructureLoadElimination):
      (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
      (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
      (JSC::DFG::CSEPhase::performNodeCSE):
      (JSC::DFG::CSEPhase::performBlockCSE):
      (JSC::DFG::performCSE):
      * dfg/DFGCSEPhase.h:
      (DFG):
      * dfg/DFGCommon.h:
      * dfg/DFGConstantFoldingPhase.cpp:
      (JSC::DFG::ConstantFoldingPhase::run):
      (JSC::DFG::performConstantFolding):
      * dfg/DFGConstantFoldingPhase.h:
      (DFG):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGEdge.h:
      (Edge):
      (JSC::DFG::Edge::operator UnspecifiedBoolType*):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupBlock):
      (JSC::DFG::performFixup):
      * dfg/DFGFixupPhase.h:
      (DFG):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::handleSuccessor):
      (DFG):
      (JSC::DFG::Graph::determineReachability):
      (JSC::DFG::Graph::resetReachability):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::deref):
      (JSC::DFG::Graph::changeIndex):
      (Graph):
      (JSC::DFG::Graph::changeEdge):
      (JSC::DFG::Graph::numSuccessors):
      (JSC::DFG::Graph::successor):
      (JSC::DFG::Graph::successorForCondition):
      (JSC::DFG::Graph::isPredictedNumerical):
      (JSC::DFG::Graph::byValIsPure):
      (JSC::DFG::Graph::clobbersWorld):
      (JSC::DFG::Graph::numChildren):
      (JSC::DFG::Graph::child):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::convertToConstant):
      (JSC::DFG::Node::numSuccessors):
      (Node):
      (JSC::DFG::Node::successor):
      (JSC::DFG::Node::successorForCondition):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPhase.cpp:
      (JSC::DFG::Phase::endPhase):
      * dfg/DFGPhase.h:
      (JSC::DFG::runPhase):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::run):
      (JSC::DFG::performPredictionPropagation):
      * dfg/DFGPredictionPropagationPhase.h:
      (DFG):
      * dfg/DFGRedundantPhiEliminationPhase.cpp:
      (JSC::DFG::RedundantPhiEliminationPhase::run):
      (JSC::DFG::performRedundantPhiElimination):
      * dfg/DFGRedundantPhiEliminationPhase.h:
      (DFG):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::use):
      (ScoreBoard):
      (JSC::DFG::ScoreBoard::useIfHasResult):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
      (JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::createOSREntries):
      (JSC::DFG::SpeculativeJIT::linkOSREntries):
      (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
      (JSC::DFG::SpeculativeJIT::compileRegExpExec):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::nextBlock):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::use):
      (JSC::DFG::SpeculativeJIT::jump):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
      (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
      (JSC::DFG::SpeculativeJIT::emitBranch):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValidate.cpp: Added.
      (DFG):
      (Validate):
      (JSC::DFG::Validate::Validate):
      (JSC::DFG::Validate::validate):
      (JSC::DFG::Validate::reportValidationContext):
      (JSC::DFG::Validate::dumpData):
      (JSC::DFG::Validate::dumpGraphIfAppropriate):
      (JSC::DFG::validate):
      * dfg/DFGValidate.h: Added.
      (DFG):
      (JSC::DFG::validate):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::VirtualRegisterAllocationPhase::run):
      (JSC::DFG::performVirtualRegisterAllocation):
      * dfg/DFGVirtualRegisterAllocationPhase.h:
      (DFG):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/ArrayPrototype.cpp:
      (JSC::arrayProtoFuncFilter):
      (JSC::arrayProtoFuncEvery):
      (JSC::arrayProtoFuncSome):
      * runtime/BooleanConstructor.cpp:
      (JSC::constructBoolean):
      (JSC::callBooleanConstructor):
      * runtime/JSCell.h:
      (JSCell):
      * runtime/JSObject.cpp:
      (JSC):
      * runtime/JSObject.h:
      * runtime/JSString.cpp:
      (JSC::JSString::toBoolean):
      * runtime/JSString.h:
      (JSString):
      (JSC::JSCell::toBoolean):
      (JSC::JSValue::toBoolean):
      * runtime/JSValue.h:
      * runtime/ObjectConstructor.cpp:
      (JSC::toPropertyDescriptor):
      * runtime/RegExpConstructor.cpp:
      (JSC::setRegExpConstructorMultiline):
      * runtime/RegExpPrototype.cpp:
      (JSC::regExpProtoFuncToString):
      
      Source/WebCore: 
      
      Reviewed by Oliver Hunt.
      
      Merged r115512 from dfgopt.
      
      JSValue::toBoolean(ExecState*) -> JSValue::toBoolean()
              
      No new tests, because no new behavior.
      
      * bindings/js/JSCustomSQLStatementErrorCallback.cpp:
      (WebCore::JSSQLStatementErrorCallback::handleEvent):
      * bindings/js/JSDOMWindowCustom.cpp:
      (WebCore::JSDOMWindow::addEventListener):
      (WebCore::JSDOMWindow::removeEventListener):
      * bindings/js/JSDataViewCustom.cpp:
      (WebCore::getDataViewMember):
      * bindings/js/JSDeviceMotionEventCustom.cpp:
      (WebCore::JSDeviceMotionEvent::initDeviceMotionEvent):
      * bindings/js/JSDeviceOrientationEventCustom.cpp:
      (WebCore::JSDeviceOrientationEvent::initDeviceOrientationEvent):
      * bindings/js/JSDictionary.cpp:
      (WebCore::JSDictionary::convertValue):
      * bindings/js/JSDirectoryEntryCustom.cpp:
      (WebCore::JSDirectoryEntry::getFile):
      (WebCore::JSDirectoryEntry::getDirectory):
      * bindings/js/JSDirectoryEntrySyncCustom.cpp:
      (WebCore::getFlags):
      * bindings/js/JSHTMLCanvasElementCustom.cpp:
      (WebCore::JSHTMLCanvasElement::getContext):
      * bindings/js/JSInspectorFrontendHostCustom.cpp:
      (WebCore::JSInspectorFrontendHost::showContextMenu):
      * bindings/js/JSMessageEventCustom.cpp:
      (WebCore::handleInitMessageEvent):
      * bindings/js/JSWebGLRenderingContextCustom.cpp:
      (WebCore::dataFunctionMatrix):
      * bindings/js/JSXMLHttpRequestCustom.cpp:
      (WebCore::JSXMLHttpRequest::open):
      * bindings/js/ScriptDebugServer.cpp:
      (WebCore::ScriptDebugServer::hasBreakpoint):
      * bindings/scripts/CodeGeneratorJS.pm:
      (GenerateEventListenerCall):
      (GenerateImplementation):
      (JSValueToNative):
      * bridge/c/c_utility.cpp:
      (JSC::Bindings::convertValueToNPVariant):
      * bridge/jni/jni_jsobject.mm:
      (JavaJSObject::convertValueToJObject):
      
      Source/WebKit/mac: 
      
      Reviewed by Oliver Hunt.
              
      Merged r115512 from dfgopt.
      
      JSValue::toBoolean(ExecState*) -> JSValue::toBoolean()
              
      * Plugins/Hosted/NetscapePluginInstanceProxy.mm:
      (WebKit::NetscapePluginInstanceProxy::addValueToArray):
      
      Source/WebKit2: 
      
      Reviewed by Oliver Hunt.
      
      Merged r115512 from dfgopt.
      
      JSValue::toBoolean(ExecState*) -> JSValue::toBoolean()
              
      * WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:
      (WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@117646 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      79c51ee1
  5. 24 Mar, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG Fixup should be able to short-circuit trivial ValueToInt32's · a73f21d5
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=82030
      
      Reviewed by Michael Saboff.
              
      Takes the fixup() method of the prediction propagation phase and makes it
      into its own phase. Adds the ability to short-circuit trivial ValueToInt32
      nodes, and mark pure ValueToInt32's as such.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCommon.h:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGFixupPhase.cpp: Added.
      (DFG):
      (FixupPhase):
      (JSC::DFG::FixupPhase::FixupPhase):
      (JSC::DFG::FixupPhase::run):
      (JSC::DFG::FixupPhase::fixupNode):
      (JSC::DFG::FixupPhase::fixIntEdge):
      (JSC::DFG::performFixup):
      * dfg/DFGFixupPhase.h: Added.
      (DFG):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::run):
      (PredictionPropagationPhase):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@111974 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a73f21d5