• fpizlo@apple.com's avatar
    DFG should inline new typedArray() · 372fa82b
    fpizlo@apple.com authored
    https://bugs.webkit.org/show_bug.cgi?id=120022
    
    Source/JavaScriptCore: 
    
    Reviewed by Oliver Hunt.
            
    Adds inlining of typed array allocations in the DFG. Any operation of the
    form:
            
        new foo(blah)
            
    or:
            
        foo(blah)
            
    where 'foo' is a typed array constructor and 'blah' is exactly one argument,
    is turned into the NewTypedArray intrinsic. Later, of child1 (i.e. 'blah')
    is predicted integer, we generate inline code for an allocation. Otherwise
    it turns into a call to an operation that behaves like the constructor would
    if it was passed one argument (i.e. it may wrap a buffer or it may create a
    copy or another array, or it may allocate an array of that length).
    
    * bytecode/SpeculatedType.cpp:
    (JSC::speculationFromTypedArrayType):
    (JSC::speculationFromClassInfo):
    * bytecode/SpeculatedType.h:
    * dfg/DFGAbstractInterpreterInlines.h:
    (JSC::DFG::::executeEffects):
    * dfg/DFGBackwardsPropagationPhase.cpp:
    (JSC::DFG::BackwardsPropagationPhase::propagate):
    * dfg/DFGByteCodeParser.cpp:
    (JSC::DFG::ByteCodeParser::handleTypedArrayConstructor):
    (JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
    * dfg/DFGCCallHelpers.h:
    (JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
    * dfg/DFGCSEPhase.cpp:
    (JSC::DFG::CSEPhase::putStructureStoreElimination):
    * dfg/DFGClobberize.h:
    (JSC::DFG::clobberize):
    * dfg/DFGFixupPhase.cpp:
    (JSC::DFG::FixupPhase::fixupNode):
    * dfg/DFGGraph.cpp:
    (JSC::DFG::Graph::dump):
    * dfg/DFGNode.h:
    (JSC::DFG::Node::hasTypedArrayType):
    (JSC::DFG::Node::typedArrayType):
    * dfg/DFGNodeType.h:
    * dfg/DFGOperations.cpp:
    (JSC::DFG::newTypedArrayWithSize):
    (JSC::DFG::newTypedArrayWithOneArgument):
    * dfg/DFGOperations.h:
    (JSC::DFG::operationNewTypedArrayWithSizeForType):
    (JSC::DFG::operationNewTypedArrayWithOneArgumentForType):
    * dfg/DFGPredictionPropagationPhase.cpp:
    (JSC::DFG::PredictionPropagationPhase::propagate):
    * dfg/DFGSafeToExecute.h:
    (JSC::DFG::safeToExecute):
    * dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::compileNewTypedArray):
    * dfg/DFGSpeculativeJIT.h:
    (JSC::DFG::SpeculativeJIT::callOperation):
    * dfg/DFGSpeculativeJIT32_64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * dfg/DFGSpeculativeJIT64.cpp:
    (JSC::DFG::SpeculativeJIT::compile):
    * jit/JITOpcodes.cpp:
    (JSC::JIT::emit_op_new_object):
    * jit/JITOpcodes32_64.cpp:
    (JSC::JIT::emit_op_new_object):
    * runtime/JSArray.h:
    (JSC::JSArray::allocationSize):
    * runtime/JSArrayBufferView.h:
    (JSC::JSArrayBufferView::allocationSize):
    * runtime/JSGenericTypedArrayViewConstructorInlines.h:
    (JSC::constructGenericTypedArrayView):
    * runtime/JSObject.h:
    (JSC::JSFinalObject::allocationSize):
    * runtime/TypedArrayType.cpp:
    (JSC::constructorClassInfoForType):
    * runtime/TypedArrayType.h:
    (JSC::indexToTypedArrayType):
    
    LayoutTests: 
    
    Reviewed by Oliver Hunt.
    
    * fast/js/regress/Float64Array-alloc-long-lived-expected.txt: Added.
    * fast/js/regress/Float64Array-alloc-long-lived.html: Added.
    * fast/js/regress/Int16Array-alloc-long-lived-expected.txt: Added.
    * fast/js/regress/Int16Array-alloc-long-lived.html: Added.
    * fast/js/regress/Int8Array-alloc-long-lived-expected.txt: Added.
    * fast/js/regress/Int8Array-alloc-long-lived.html: Added.
    * fast/js/regress/script-tests/Float64Array-alloc-long-lived.js: Added.
    * fast/js/regress/script-tests/Int16Array-alloc-long-lived.js: Added.
    * fast/js/regress/script-tests/Int32Array-alloc-long-lived.js:
    * fast/js/regress/script-tests/Int8Array-alloc-long-lived.js: Added.
    
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154403 268f45cc-cd09-0410-ab3c-d52691b4dbfc
    372fa82b