• fpizlo@apple.com's avatar
    DFG should inline typedArray.byteOffset · 537a477d
    fpizlo@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=119962
    
    Source/JavaScriptCore: 
    
    Reviewed by Oliver Hunt.
            
    This adds a new node, GetTypedArrayByteOffset, which inlines
    typedArray.byteOffset.
            
    Also, I improved a bunch of the clobbering logic related to typed arrays
    and clobbering in general. For example, PutByOffset/PutStructure are not
    clobber-world so they can be handled by most default cases in CSE. Also,
    It's better to use the 'Class_field' notation for typed arrays now that
    they no longer involve magical descriptor thingies.
    
    * bytecode/SpeculatedType.h:
    * dfg/DFGAbstractHeap.h:
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::::executeEffects):
    * dfg/DFGArrayMode.h:
    (JSC::DFG::neverNeedsStorage):
    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::CSEPhase::getByValLoadElimination):
    (JSC::DFG::CSEPhase::getByOffsetLoadElimination):
    (JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
    (JSC::DFG::CSEPhase::checkArrayElimination):
    (JSC::DFG::CSEPhase::getIndexedPropertyStorageLoadElimination):
    (JSC::DFG::CSEPhase::getTypedArrayByteOffsetLoadElimination):
    (JSC::DFG::CSEPhase::performNodeCSE):
    * dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteLength):
    (JSC::DFG::FixupPhase::convertToGetArrayLength):
    (JSC::DFG::FixupPhase::attemptToMakeGetTypedArrayByteOffset):
    * dfg/DFGNodeType.h:
    * dfg/DFGPredictionPropagationPhase.cpp:
    (JSC::DFG::PredictionPropagationPhase::propagate):
    * dfg/DFGSafeToExecute.h:
    (JSC::DFG::safeToExecute):
    * dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffset):
    * dfg/DFGSpeculativeJIT.h:
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGTypeCheckHoistingPhase.cpp:
    (JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
    * runtime/ArrayBuffer.h:
    (JSC::ArrayBuffer::offsetOfData):
    * runtime/Butterfly.h:
    (JSC::Butterfly::offsetOfArrayBuffer):
    * runtime/IndexingHeader.h:
    (JSC::IndexingHeader::offsetOfArrayBuffer):
    
    LayoutTests: 
    
    Reviewed by Oliver Hunt.
    
    * fast/js/dfg-byteOffset-neuter.html: Added.
    * fast/js/dfg-byteOffset-neuter-expected.txt: Added.
    * fast/js/regress/ArrayBuffer-Int32Array-byteOffset-expected.txt: Added.
    * fast/js/regress/ArrayBuffer-Int32Array-byteOffset.html: Added.
    * fast/js/regress/script-tests/ArrayBuffer-Int32Array-byteOffset.js: Added.
    * fast/js/script-tests/dfg-byteOffset-neuter.js: Added.
    (foo):
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154305 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    537a477d