Changeset 194216 in webkit


Ignore:
Timestamp:
Dec 17, 2015 2:33:08 AM (8 years ago)
Author:
Yusuke Suzuki
Message:

[ES6] Handle new_generator_func / new_generator_func_exp in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=152227

Reviewed by Saam Barati.

Source/JavaScriptCore:

This patch introduces new_generator_func / new_generator_func_exp into DFG and FTL.
We add a new DFG Node, NewGeneratorFunction. It will construct a function with GeneratorFunction's structure.
The structure of GeneratorFunction is different from one of Function because GeneratorFunction has the different proto.

Instead of extending NewFunction / PhantomNewFunction, we just added new DFG nodes, NewGeneratorFunction and PhantomNewGeneratorFunction.
This is because NewGeneratorFunction will generate an object that has different class info from JSFunction (And if JSGeneratorFunction is extended, its size will become different from JSFunction).
So, rather than extending NewFunction with generator flag, just adding new DFG nodes seems cleaner.

Object allocation sinking phase will change NewGeneratorFunction to PhantomNewGeneratorFunction and defer or eliminate its actual materialization.
It is completely the same to NewFunction and PhantomNewFunction.
And when OSR exit occurs, we need to execute deferred NewGeneratorFunction since Baseline JIT does not consider it.
So in FTL operation, we should create JSGeneratorFunction if we see PhantomNewGeneratorFunction materialization.

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGClobbersExitState.cpp:

(JSC::DFG::clobbersExitState):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGMayExit.cpp:

(JSC::DFG::mayExit):

  • dfg/DFGNode.h:

(JSC::DFG::Node::convertToPhantomNewFunction):
(JSC::DFG::Node::convertToPhantomNewGeneratorFunction):
(JSC::DFG::Node::hasCellOperand):
(JSC::DFG::Node::isFunctionAllocation):
(JSC::DFG::Node::isPhantomFunctionAllocation):
(JSC::DFG::Node::isPhantomAllocation):

  • dfg/DFGNodeType.h:
  • dfg/DFGObjectAllocationSinkingPhase.cpp:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNewFunction):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGStoreBarrierInsertionPhase.cpp:
  • dfg/DFGStructureRegistrationPhase.cpp:

(JSC::DFG::StructureRegistrationPhase::run):

  • dfg/DFGValidate.cpp:

(JSC::DFG::Validate::validateCPS):
(JSC::DFG::Validate::validateSSA):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
(JSC::FTL::DFG::LowerDFGToLLVM::compileNewFunction):

  • ftl/FTLOperations.cpp:

(JSC::FTL::operationPopulateObjectInOSR):
(JSC::FTL::operationMaterializeObjectInOSR):

  • tests/stress/generator-function-create-optimized.js: Added.

(shouldBe):
(g):
(test.return.gen):
(test):
(test2.gen):
(test2):

  • tests/stress/generator-function-declaration-sinking-no-double-allocate.js: Added.

(shouldBe):
(GeneratorFunctionPrototype):
(call):
(f):
(sink):

  • tests/stress/generator-function-declaration-sinking-osrexit.js: Added.

(shouldBe):
(GeneratorFunctionPrototype):
(g):
(f):
(sink):

  • tests/stress/generator-function-declaration-sinking-put.js: Added.

(shouldBe):
(GeneratorFunctionPrototype):
(g):
(f):
(sink):

  • tests/stress/generator-function-expression-sinking-no-double-allocate.js: Added.

(shouldBe):
(GeneratorFunctionPrototype):
(call):
(f):
(sink):

  • tests/stress/generator-function-expression-sinking-osrexit.js: Added.

(shouldBe):
(GeneratorFunctionPrototype):
(g):
(sink):

  • tests/stress/generator-function-expression-sinking-put.js: Added.

(shouldBe):
(GeneratorFunctionPrototype):
(g):
(sink):

LayoutTests:

Make the test taking longer time.

  • js/regress/script-tests/generator-function-create.js:

(test):

Location:
trunk
Files:
7 added
25 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r194209 r194216  
     12015-12-17  Yusuke Suzuki  <utatane.tea@gmail.com>
     2
     3        [ES6] Handle new_generator_func / new_generator_func_exp in DFG / FTL
     4        https://bugs.webkit.org/show_bug.cgi?id=152227
     5
     6        Reviewed by Saam Barati.
     7
     8        Make the test taking longer time.
     9
     10        * js/regress/script-tests/generator-function-create.js:
     11        (test):
     12
    1132015-12-16  Andy Estes  <aestes@apple.com>
    214
  • trunk/LayoutTests/js/regress/script-tests/generator-function-create.js

    r194141 r194216  
    88    return gen;
    99}
    10 noInline(createGeneratorFunction);
     10function test()
     11{
     12    for (var i = 0; i < 500; ++i)
     13        createGeneratorFunction();
     14}
     15noInline(test);
     16
    1117for (var i = 0; i < 1e4; ++i)
    12     createGeneratorFunction();
     18    test();
  • trunk/Source/JavaScriptCore/ChangeLog

    r194208 r194216  
     12015-12-17  Yusuke Suzuki  <utatane.tea@gmail.com>
     2
     3        [ES6] Handle new_generator_func / new_generator_func_exp in DFG / FTL
     4        https://bugs.webkit.org/show_bug.cgi?id=152227
     5
     6        Reviewed by Saam Barati.
     7
     8        This patch introduces new_generator_func / new_generator_func_exp into DFG and FTL.
     9        We add a new DFG Node, NewGeneratorFunction. It will construct a function with GeneratorFunction's structure.
     10        The structure of GeneratorFunction is different from one of Function because GeneratorFunction has the different __proto__.
     11
     12        Instead of extending NewFunction / PhantomNewFunction, we just added new DFG nodes, NewGeneratorFunction and PhantomNewGeneratorFunction.
     13        This is because NewGeneratorFunction will generate an object that has different class info from JSFunction (And if JSGeneratorFunction is extended, its size will become different from JSFunction).
     14        So, rather than extending NewFunction with generator flag, just adding new DFG nodes seems cleaner.
     15
     16        Object allocation sinking phase will change NewGeneratorFunction to PhantomNewGeneratorFunction and defer or eliminate its actual materialization.
     17        It is completely the same to NewFunction and PhantomNewFunction.
     18        And when OSR exit occurs, we need to execute deferred NewGeneratorFunction since Baseline JIT does not consider it.
     19        So in FTL operation, we should create JSGeneratorFunction if we see PhantomNewGeneratorFunction materialization.
     20
     21        * dfg/DFGAbstractInterpreterInlines.h:
     22        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
     23        * dfg/DFGByteCodeParser.cpp:
     24        (JSC::DFG::ByteCodeParser::parseBlock):
     25        * dfg/DFGCapabilities.cpp:
     26        (JSC::DFG::capabilityLevel):
     27        * dfg/DFGClobberize.h:
     28        (JSC::DFG::clobberize):
     29        * dfg/DFGClobbersExitState.cpp:
     30        (JSC::DFG::clobbersExitState):
     31        * dfg/DFGDoesGC.cpp:
     32        (JSC::DFG::doesGC):
     33        * dfg/DFGFixupPhase.cpp:
     34        (JSC::DFG::FixupPhase::fixupNode):
     35        * dfg/DFGMayExit.cpp:
     36        (JSC::DFG::mayExit):
     37        * dfg/DFGNode.h:
     38        (JSC::DFG::Node::convertToPhantomNewFunction):
     39        (JSC::DFG::Node::convertToPhantomNewGeneratorFunction):
     40        (JSC::DFG::Node::hasCellOperand):
     41        (JSC::DFG::Node::isFunctionAllocation):
     42        (JSC::DFG::Node::isPhantomFunctionAllocation):
     43        (JSC::DFG::Node::isPhantomAllocation):
     44        * dfg/DFGNodeType.h:
     45        * dfg/DFGObjectAllocationSinkingPhase.cpp:
     46        * dfg/DFGPredictionPropagationPhase.cpp:
     47        (JSC::DFG::PredictionPropagationPhase::propagate):
     48        * dfg/DFGSafeToExecute.h:
     49        (JSC::DFG::safeToExecute):
     50        * dfg/DFGSpeculativeJIT.cpp:
     51        (JSC::DFG::SpeculativeJIT::compileNewFunction):
     52        * dfg/DFGSpeculativeJIT32_64.cpp:
     53        (JSC::DFG::SpeculativeJIT::compile):
     54        * dfg/DFGSpeculativeJIT64.cpp:
     55        (JSC::DFG::SpeculativeJIT::compile):
     56        * dfg/DFGStoreBarrierInsertionPhase.cpp:
     57        * dfg/DFGStructureRegistrationPhase.cpp:
     58        (JSC::DFG::StructureRegistrationPhase::run):
     59        * dfg/DFGValidate.cpp:
     60        (JSC::DFG::Validate::validateCPS):
     61        (JSC::DFG::Validate::validateSSA):
     62        * ftl/FTLCapabilities.cpp:
     63        (JSC::FTL::canCompile):
     64        * ftl/FTLLowerDFGToLLVM.cpp:
     65        (JSC::FTL::DFG::LowerDFGToLLVM::compileNode):
     66        (JSC::FTL::DFG::LowerDFGToLLVM::compileNewFunction):
     67        * ftl/FTLOperations.cpp:
     68        (JSC::FTL::operationPopulateObjectInOSR):
     69        (JSC::FTL::operationMaterializeObjectInOSR):
     70        * tests/stress/generator-function-create-optimized.js: Added.
     71        (shouldBe):
     72        (g):
     73        (test.return.gen):
     74        (test):
     75        (test2.gen):
     76        (test2):
     77        * tests/stress/generator-function-declaration-sinking-no-double-allocate.js: Added.
     78        (shouldBe):
     79        (GeneratorFunctionPrototype):
     80        (call):
     81        (f):
     82        (sink):
     83        * tests/stress/generator-function-declaration-sinking-osrexit.js: Added.
     84        (shouldBe):
     85        (GeneratorFunctionPrototype):
     86        (g):
     87        (f):
     88        (sink):
     89        * tests/stress/generator-function-declaration-sinking-put.js: Added.
     90        (shouldBe):
     91        (GeneratorFunctionPrototype):
     92        (g):
     93        (f):
     94        (sink):
     95        * tests/stress/generator-function-expression-sinking-no-double-allocate.js: Added.
     96        (shouldBe):
     97        (GeneratorFunctionPrototype):
     98        (call):
     99        (f):
     100        (sink):
     101        * tests/stress/generator-function-expression-sinking-osrexit.js: Added.
     102        (shouldBe):
     103        (GeneratorFunctionPrototype):
     104        (g):
     105        (sink):
     106        * tests/stress/generator-function-expression-sinking-put.js: Added.
     107        (shouldBe):
     108        (GeneratorFunctionPrototype):
     109        (g):
     110        (sink):
     111
    11122015-12-16  Michael Saboff  <msaboff@apple.com>
    2113
  • trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h

    r194141 r194216  
    17151715    case PhantomNewObject:
    17161716    case PhantomNewFunction:
     1717    case PhantomNewGeneratorFunction:
    17171718    case PhantomCreateActivation:
    17181719    case PhantomDirectArguments:
     
    17611762            m_graph, m_codeBlock->globalObjectFor(node->origin.semantic)->arrowFunctionStructure());
    17621763        break;
    1763            
     1764
     1765    case NewGeneratorFunction:
     1766        forNode(node).set(
     1767            m_graph, m_codeBlock->globalObjectFor(node->origin.semantic)->generatorFunctionStructure());
     1768        break;
     1769
    17641770    case NewFunction:
    17651771        forNode(node).set(
  • trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

    r194141 r194216  
    45584558        }
    45594559           
    4560         case op_new_func: {
     4560        case op_new_func:
     4561        case op_new_generator_func: {
    45614562            FunctionExecutable* decl = m_inlineStackTop->m_profiledBlock->functionDecl(currentInstruction[3].u.operand);
    45624563            FrozenValue* frozen = m_graph.freezeStrong(decl);
    4563             set(VirtualRegister(currentInstruction[1].u.operand),
    4564                 addToGraph(NewFunction, OpInfo(frozen), get(VirtualRegister(currentInstruction[2].u.operand))));
     4564            NodeType op = (opcodeID == op_new_generator_func) ? NewGeneratorFunction : NewFunction;
     4565            set(VirtualRegister(currentInstruction[1].u.operand), addToGraph(op, OpInfo(frozen), get(VirtualRegister(currentInstruction[2].u.operand))));
     4566            static_assert(OPCODE_LENGTH(op_new_func) == OPCODE_LENGTH(op_new_generator_func), "The length of op_new_func should eqaual to one of op_new_generator_func");
    45654567            NEXT_OPCODE(op_new_func);
    45664568        }
    45674569
    45684570        case op_new_func_exp:
     4571        case op_new_generator_func_exp:
    45694572        case op_new_arrow_func_exp: {
    45704573            FunctionExecutable* expr = m_inlineStackTop->m_profiledBlock->functionExpr(currentInstruction[3].u.operand);
    45714574            FrozenValue* frozen = m_graph.freezeStrong(expr);
    4572             set(VirtualRegister(currentInstruction[1].u.operand),
    4573                 addToGraph(NewFunction, OpInfo(frozen), get(VirtualRegister(currentInstruction[2].u.operand))));
    4574            
    4575             if (opcodeID == op_new_func_exp) {
     4575            NodeType op = (opcodeID == op_new_generator_func_exp) ? NewGeneratorFunction : NewFunction;
     4576            set(VirtualRegister(currentInstruction[1].u.operand), addToGraph(op, OpInfo(frozen), get(VirtualRegister(currentInstruction[2].u.operand))));
     4577           
     4578            if (opcodeID == op_new_func_exp || opcodeID == op_new_generator_func_exp) {
    45764579                // Curly braces are necessary
     4580                static_assert(OPCODE_LENGTH(op_new_func_exp) == OPCODE_LENGTH(op_new_generator_func_exp), "The length of op_new_func_exp should eqaual to one of op_new_generator_func_exp");
    45774581                NEXT_OPCODE(op_new_func_exp);
    45784582            } else {
  • trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp

    r194141 r194216  
    216216    case op_new_func:
    217217    case op_new_func_exp:
     218    case op_new_generator_func:
     219    case op_new_generator_func_exp:
    218220    case op_new_arrow_func_exp:
    219221    case op_create_lexical_environment:
  • trunk/Source/JavaScriptCore/dfg/DFGClobberize.h

    r194141 r194216  
    10261026    case MaterializeNewObject:
    10271027    case PhantomNewFunction:
     1028    case PhantomNewGeneratorFunction:
    10281029    case PhantomCreateActivation:
    10291030    case MaterializeCreateActivation:
     
    10341035    case NewArrowFunction:
    10351036    case NewFunction:
     1037    case NewGeneratorFunction:
    10361038        if (node->castOperand<FunctionExecutable*>()->singletonFunction()->isStillValid())
    10371039            write(Watchpoint_fire);
  • trunk/Source/JavaScriptCore/dfg/DFGClobbersExitState.cpp

    r194141 r194216  
    6262    case MaterializeNewObject:
    6363    case PhantomNewFunction:
     64    case PhantomNewGeneratorFunction:
    6465    case PhantomCreateActivation:
    6566    case MaterializeCreateActivation:
     
    7879    case NewArrowFunction:
    7980    case NewFunction:
     81    case NewGeneratorFunction:
    8082        // Like above, but with the JSFunction allocation caveat.
    8183        return node->castOperand<FunctionExecutable*>()->singletonFunction()->isStillValid();
  • trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp

    r194141 r194216  
    214214    case PhantomNewObject:
    215215    case PhantomNewFunction:
     216    case PhantomNewGeneratorFunction:
    216217    case PhantomCreateActivation:
    217218    case PhantomDirectArguments:
     
    248249    case NewArrowFunction:
    249250    case NewFunction:
     251    case NewGeneratorFunction:
    250252    case NewTypedArray:
    251253    case ThrowReferenceError:
  • trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp

    r194141 r194216  
    12471247        case PhantomNewObject:
    12481248        case PhantomNewFunction:
     1249        case PhantomNewGeneratorFunction:
    12491250        case PhantomCreateActivation:
    12501251        case PhantomDirectArguments:
     
    13881389        case CreateScopedArguments:
    13891390        case CreateActivation:
    1390         case NewFunction: {
     1391        case NewFunction:
     1392        case NewGeneratorFunction: {
    13911393            fixEdge<CellUse>(node->child1());
    13921394            break;
  • trunk/Source/JavaScriptCore/dfg/DFGMayExit.cpp

    r194141 r194216  
    144144    case NewFunction:
    145145    case NewArrowFunction:
     146    case NewGeneratorFunction:
    146147    case NewStringObject:
    147148    case CreateActivation:
  • trunk/Source/JavaScriptCore/dfg/DFGNode.h

    r194141 r194216  
    586586    void convertToPhantomNewFunction()
    587587    {
    588         ASSERT(m_op == NewFunction || m_op == NewArrowFunction);
     588        ASSERT(m_op == NewFunction || m_op == NewArrowFunction || m_op == NewGeneratorFunction);
    589589        m_op = PhantomNewFunction;
     590        m_flags |= NodeMustGenerate;
     591        m_opInfo = 0;
     592        m_opInfo2 = 0;
     593        children = AdjacencyList();
     594    }
     595
     596    void convertToPhantomNewGeneratorFunction()
     597    {
     598        ASSERT(m_op == NewGeneratorFunction);
     599        m_op = PhantomNewGeneratorFunction;
    590600        m_flags |= NodeMustGenerate;
    591601        m_opInfo = 0;
     
    13571367        case NewFunction:
    13581368        case NewArrowFunction:
     1369        case NewGeneratorFunction:
    13591370        case CreateActivation:
    13601371        case MaterializeCreateActivation:
     
    15751586        case NewArrowFunction:
    15761587        case NewFunction:
     1588        case NewGeneratorFunction:
    15771589            return true;
    15781590        default:
     
    15851597        switch (op()) {
    15861598        case PhantomNewFunction:
     1599        case PhantomNewGeneratorFunction:
    15871600            return true;
    15881601        default:
     
    15981611        case PhantomClonedArguments:
    15991612        case PhantomNewFunction:
     1613        case PhantomNewGeneratorFunction:
    16001614        case PhantomCreateActivation:
    16011615            return true;
  • trunk/Source/JavaScriptCore/dfg/DFGNodeType.h

    r194141 r194216  
    273273    macro(MaterializeNewObject, NodeResultJS | NodeHasVarArgs) \
    274274    macro(PhantomNewFunction, NodeResultJS | NodeMustGenerate) \
     275    macro(PhantomNewGeneratorFunction, NodeResultJS | NodeMustGenerate) \
    275276    macro(PhantomCreateActivation, NodeResultJS | NodeMustGenerate) \
    276277    macro(MaterializeCreateActivation, NodeResultJS | NodeHasVarArgs) \
     
    313314    \
    314315    macro(NewArrowFunction, NodeResultJS) \
     316    macro(NewGeneratorFunction, NodeResultJS) \
    315317    \
    316318    /* These aren't terminals but always exit */ \
  • trunk/Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp

    r194141 r194216  
    140140    // replace any use of those pointers by the corresponding
    141141    // materialization
    142     enum class Kind { Escaped, Object, Activation, Function, NewArrowFunction };
     142    enum class Kind { Escaped, Object, Activation, Function, ArrowFunction, GeneratorFunction };
    143143
    144144    explicit Allocation(Node* identifier = nullptr, Kind kind = Kind::Escaped)
     
    234234    bool isFunctionAllocation() const
    235235    {
    236         return m_kind == Kind::Function || m_kind == Kind::NewArrowFunction;
    237     }
    238    
    239     bool isArrowFunctionAllocation() const
    240     {
    241         return m_kind == Kind::NewArrowFunction;
     236        return m_kind == Kind::Function || m_kind == Kind::ArrowFunction || m_kind == Kind::GeneratorFunction;
    242237    }
    243238
     
    275270            break;
    276271               
    277         case Kind::NewArrowFunction:
    278             out.print("NewArrowFunction");
     272        case Kind::ArrowFunction:
     273            out.print("ArrowFunction");
     274            break;
     275
     276        case Kind::GeneratorFunction:
     277            out.print("GeneratorFunction");
    279278            break;
    280279
     
    838837
    839838        case NewFunction:
    840         case NewArrowFunction: {
     839        case NewArrowFunction:
     840        case NewGeneratorFunction: {
    841841            if (node->castOperand<FunctionExecutable*>()->singletonFunction()->isStillValid()) {
    842842                m_heap.escape(node->child1().node());
     
    844844            }
    845845           
    846             target = &m_heap.newAllocation(node, Allocation::Kind::Function);
     846            if (node->op() == NewGeneratorFunction)
     847                target = &m_heap.newAllocation(node, Allocation::Kind::GeneratorFunction);
     848            else if (node->op() == NewArrowFunction)
     849                target = &m_heap.newAllocation(node, Allocation::Kind::ArrowFunction);
     850            else
     851                target = &m_heap.newAllocation(node, Allocation::Kind::Function);
    847852            writes.add(FunctionExecutablePLoc, LazyNode(node->cellOperand()));
    848853            writes.add(FunctionActivationPLoc, LazyNode(node->child1().node()));
     
    14471452        }
    14481453
    1449         case Allocation::Kind::NewArrowFunction:
     1454        case Allocation::Kind::ArrowFunction:
     1455        case Allocation::Kind::GeneratorFunction:
    14501456        case Allocation::Kind::Function: {
    14511457            FrozenValue* executable = allocation.identifier()->cellOperand();
    14521458           
    1453             NodeType nodeType = allocation.kind() == Allocation::Kind::NewArrowFunction ? NewArrowFunction : NewFunction;
     1459            NodeType nodeType =
     1460                allocation.kind() == Allocation::Kind::ArrowFunction ? NewArrowFunction :
     1461                allocation.kind() == Allocation::Kind::GeneratorFunction ? NewGeneratorFunction : NewFunction;
    14541462           
    14551463            return m_graph.addNode(
     
    17841792                    case NewFunction:
    17851793                        node->convertToPhantomNewFunction();
     1794                        break;
     1795
     1796                    case NewGeneratorFunction:
     1797                        node->convertToPhantomNewGeneratorFunction();
    17861798                        break;
    17871799
     
    20342046       
    20352047        case NewFunction:
    2036         case NewArrowFunction: {
     2048        case NewArrowFunction:
     2049        case NewGeneratorFunction: {
    20372050            Vector<PromotedHeapLocation> locations = m_locationsForAllocation.get(escapee);
    20382051            ASSERT(locations.size() == 2);
  • trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp

    r194141 r194216  
    210210        case GetCallee:
    211211        case NewArrowFunction:
    212         case NewFunction: {
     212        case NewFunction:
     213        case NewGeneratorFunction: {
    213214            changed |= setPrediction(SpecFunction);
    214215            break;
     
    592593        case PhantomNewObject:
    593594        case PhantomNewFunction:
     595        case PhantomNewGeneratorFunction:
    594596        case PhantomCreateActivation:
    595597        case PhantomDirectArguments:
  • trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h

    r194141 r194216  
    269269    case NewArrowFunction:
    270270    case NewFunction:
     271    case NewGeneratorFunction:
    271272    case Jump:
    272273    case Branch:
     
    315316    case PhantomNewObject:
    316317    case PhantomNewFunction:
     318    case PhantomNewGeneratorFunction:
    317319    case PhantomCreateActivation:
    318320    case PutHint:
  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

    r194141 r194216  
    5151#include "JSCInlines.h"
    5252#include "JSEnvironmentRecord.h"
     53#include "JSGeneratorFunction.h"
    5354#include "JSLexicalEnvironment.h"
    5455#include "LinkBuffer.h"
     
    53735374{
    53745375    NodeType nodeType = node->op();
    5375     ASSERT(nodeType == NewFunction || nodeType == NewArrowFunction);
     5376    ASSERT(nodeType == NewFunction || nodeType == NewArrowFunction || nodeType == NewGeneratorFunction);
    53765377   
    53775378    SpeculateCellOperand scope(this, node->child1());
     
    54115412            callOperation(operationNewArrowFunction, resultGPR, scopeGPR, executable, thisValueTagGPR, thisValuePayloadGPR);
    54125413#endif
     5414        else if (nodeType == NewGeneratorFunction)
     5415            callOperation(operationNewGeneratorFunction, resultGPR, scopeGPR, executable);
    54135416        else
    54145417            callOperation(operationNewFunction, resultGPR, scopeGPR, executable);
     
    54185421    }
    54195422
    5420     Structure* structure = nodeType == NewArrowFunction
    5421         ? m_jit.graph().globalObjectFor(node->origin.semantic)->arrowFunctionStructure()
    5422         : m_jit.graph().globalObjectFor(node->origin.semantic)->functionStructure();
     5423    Structure* structure =
     5424        nodeType == NewArrowFunction ? m_jit.graph().globalObjectFor(node->origin.semantic)->arrowFunctionStructure() :
     5425        nodeType == NewGeneratorFunction ? m_jit.graph().globalObjectFor(node->origin.semantic)->generatorFunctionStructure() :
     5426        m_jit.graph().globalObjectFor(node->origin.semantic)->functionStructure();
    54235427   
    54245428    GPRTemporary result(this);
     
    54365440           
    54375441        addSlowPathGenerator(slowPathCall(slowPath, this, operationNewFunctionWithInvalidatedReallocationWatchpoint, resultGPR, scopeGPR, executable));
     5442    }
     5443
     5444    if (nodeType == NewGeneratorFunction) {
     5445        compileNewFunctionCommon<JSGeneratorFunction>(resultGPR, structure, scratch1GPR, scratch2GPR, scopeGPR, slowPath, JSGeneratorFunction::allocationSize(0), executable, JSGeneratorFunction::offsetOfScopeChain(), JSGeneratorFunction::offsetOfExecutable(), JSGeneratorFunction::offsetOfRareData());
     5446
     5447        addSlowPathGenerator(slowPathCall(slowPath, this, operationNewGeneratorFunctionWithInvalidatedReallocationWatchpoint, resultGPR, scopeGPR, executable));
    54385448    }
    54395449   
  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

    r194141 r194216  
    44094409    case NewFunction:
    44104410    case NewArrowFunction:
     4411    case NewGeneratorFunction:
    44114412        compileNewFunction(node);
    44124413        break;
     
    48034804    case PhantomNewObject:
    48044805    case PhantomNewFunction:
     4806    case PhantomNewGeneratorFunction:
    48054807    case PhantomCreateActivation:
    48064808    case PutHint:
  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

    r194141 r194216  
    43984398    case NewFunction:
    43994399    case NewArrowFunction:
     4400    case NewGeneratorFunction:
    44004401        compileNewFunction(node);
    44014402        break;
     
    48534854    case PhantomNewObject:
    48544855    case PhantomNewFunction:
     4856    case PhantomNewGeneratorFunction:
    48554857    case PhantomCreateActivation:
    48564858    case GetMyArgumentByVal:
  • trunk/Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp

    r194141 r194216  
    307307            case NewArrowFunction:
    308308            case NewFunction:
     309            case NewGeneratorFunction:
    309310                // Nodes that allocate get to set their epoch because for those nodes we know
    310311                // that they will be the newest object in the heap.
  • trunk/Source/JavaScriptCore/dfg/DFGStructureRegistrationPhase.cpp

    r194141 r194216  
    147147                    registerStructure(m_graph.globalObjectFor(node->origin.semantic)->functionStructure());
    148148                    break;
     149                case NewGeneratorFunction:
     150                    registerStructure(m_graph.globalObjectFor(node->origin.semantic)->generatorFunctionStructure());
     151                    break;
    149152                   
    150153                default:
  • trunk/Source/JavaScriptCore/dfg/DFGValidate.cpp

    r190220 r194216  
    456456                case PhantomNewObject:
    457457                case PhantomNewFunction:
     458                case PhantomNewGeneratorFunction:
    458459                case PhantomCreateActivation:
    459460                case GetMyArgumentByVal:
     
    564565                case PhantomNewObject:
    565566                case PhantomNewFunction:
     567                case PhantomNewGeneratorFunction:
    566568                case PhantomCreateActivation:
    567569                case PhantomDirectArguments:
  • trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp

    r194141 r194216  
    112112    case NewArrowFunction:
    113113    case NewFunction:
     114    case NewGeneratorFunction:
    114115    case GetClosureVar:
    115116    case PutClosureVar:
     
    195196    case PhantomNewObject:
    196197    case PhantomNewFunction:
     198    case PhantomNewGeneratorFunction:
    197199    case PhantomCreateActivation:
    198200    case PutHint:
  • trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp

    r194185 r194216  
    5353#include "JSArrowFunction.h"
    5454#include "JSCInlines.h"
     55#include "JSGeneratorFunction.h"
    5556#include "JSLexicalEnvironment.h"
    5657#include "OperandsInlines.h"
     
    755756        case NewFunction:
    756757        case NewArrowFunction:
     758        case NewGeneratorFunction:
    757759            compileNewFunction();
    758760            break;
     
    10121014        case PhantomNewObject:
    10131015        case PhantomNewFunction:
     1016        case PhantomNewGeneratorFunction:
    10141017        case PhantomCreateActivation:
    10151018        case PhantomDirectArguments:
     
    35613564    void compileNewFunction()
    35623565    {
    3563         ASSERT(m_node->op() == NewFunction || m_node->op() == NewArrowFunction);
    3564        
     3566        ASSERT(m_node->op() == NewFunction || m_node->op() == NewArrowFunction || m_node->op() == NewGeneratorFunction);
    35653567        bool isArrowFunction = m_node->op() == NewArrowFunction;
     3568        bool isGeneratorFunction = m_node->op() == NewGeneratorFunction;
    35663569       
    35673570        LValue scope = lowCell(m_node->child1());
     
    35703573        FunctionExecutable* executable = m_node->castOperand<FunctionExecutable*>();
    35713574        if (executable->singletonFunction()->isStillValid()) {
    3572             LValue callResult = isArrowFunction
    3573                 ? vmCall(m_out.int64, m_out.operation(operationNewArrowFunction), m_callFrame, scope, weakPointer(executable), thisValue)
    3574                 : vmCall(m_out.int64, m_out.operation(operationNewFunction), m_callFrame, scope, weakPointer(executable));
     3575            LValue callResult =
     3576                isArrowFunction ? vmCall(m_out.int64, m_out.operation(operationNewArrowFunction), m_callFrame, scope, weakPointer(executable), thisValue) :
     3577                isGeneratorFunction ? vmCall(m_out.int64, m_out.operation(operationNewGeneratorFunction), m_callFrame, scope, weakPointer(executable)) :
     3578                vmCall(m_out.int64, m_out.operation(operationNewFunction), m_callFrame, scope, weakPointer(executable));
    35753579            setJSValue(callResult);
    35763580            return;
    35773581        }
    35783582       
    3579         Structure* structure = isArrowFunction
    3580             ? m_graph.globalObjectFor(m_node->origin.semantic)->arrowFunctionStructure()
    3581             : m_graph.globalObjectFor(m_node->origin.semantic)->functionStructure();
     3583        Structure* structure =
     3584            isArrowFunction ? m_graph.globalObjectFor(m_node->origin.semantic)->arrowFunctionStructure() :
     3585            isGeneratorFunction ? m_graph.globalObjectFor(m_node->origin.semantic)->generatorFunctionStructure() :
     3586            m_graph.globalObjectFor(m_node->origin.semantic)->functionStructure();
    35823587       
    35833588        LBasicBlock slowPath = FTL_NEW_BLOCK(m_out, ("NewFunction slow path"));
     
    35863591        LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath);
    35873592       
    3588         LValue fastObject = isArrowFunction
    3589             ? allocateObject<JSArrowFunction>(structure, m_out.intPtrZero, slowPath)
    3590             : allocateObject<JSFunction>(structure, m_out.intPtrZero, slowPath);
     3593        LValue fastObject =
     3594            isArrowFunction ? allocateObject<JSArrowFunction>(structure, m_out.intPtrZero, slowPath) :
     3595            isGeneratorFunction ? allocateObject<JSGeneratorFunction>(structure, m_out.intPtrZero, slowPath) :
     3596            allocateObject<JSFunction>(structure, m_out.intPtrZero, slowPath);
    35913597       
    35923598       
     
    36173623                        locations[0].directGPR(), locations[1].directGPR(),
    36183624                        CCallHelpers::TrustedImmPtr(executable), locations[2].directGPR());
     3625                }
     3626                if (isGeneratorFunction) {
     3627                    return createLazyCallGenerator(
     3628                        operationNewGeneratorFunctionWithInvalidatedReallocationWatchpoint,
     3629                        locations[0].directGPR(), locations[1].directGPR(),
     3630                        CCallHelpers::TrustedImmPtr(executable));
    36193631                }
    36203632                return createLazyCallGenerator(
  • trunk/Source/JavaScriptCore/ftl/FTLOperations.cpp

    r193766 r194216  
    3535#include "InlineCallFrame.h"
    3636#include "JSCInlines.h"
     37#include "JSGeneratorFunction.h"
    3738#include "JSLexicalEnvironment.h"
    3839
     
    9394
    9495    case PhantomNewFunction:
     96    case PhantomNewGeneratorFunction:
    9597    case PhantomDirectArguments:
    9698    case PhantomClonedArguments:
     
    161163    }
    162164
    163     case PhantomNewFunction: {
     165    case PhantomNewFunction:
     166    case PhantomNewGeneratorFunction: {
    164167        // Figure out what the executable and activation are
    165168        FunctionExecutable* executable = nullptr;
     
    174177        RELEASE_ASSERT(executable && activation);
    175178
    176        
    177         JSFunction* result = JSFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation);
    178 
    179         return result;
     179        if (materialization->type() == PhantomNewFunction)
     180            return JSFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation);
     181        ASSERT(materialization->type() == PhantomNewGeneratorFunction);
     182        return JSGeneratorFunction::createWithInvalidatedReallocationWatchpoint(vm, executable, activation);
    180183    }
    181184
Note: See TracChangeset for help on using the changeset viewer.