Changeset 209112 in webkit
- Timestamp:
- Nov 29, 2016 7:09:10 PM (7 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r209101 r209112 1 2016-11-29 Saam Barati <sbarati@apple.com> 2 3 We should support CreateThis in the FTL 4 https://bugs.webkit.org/show_bug.cgi?id=164904 5 6 Reviewed by Geoffrey Garen. 7 8 * ftl/FTLAbstractHeapRepository.h: 9 * ftl/FTLCapabilities.cpp: 10 (JSC::FTL::canCompile): 11 * ftl/FTLLowerDFGToB3.cpp: 12 (JSC::FTL::DFG::LowerDFGToB3::compileNode): 13 (JSC::FTL::DFG::LowerDFGToB3::compileMakeRope): 14 (JSC::FTL::DFG::LowerDFGToB3::compileMaterializeNewObject): 15 (JSC::FTL::DFG::LowerDFGToB3::compileCreateThis): 16 (JSC::FTL::DFG::LowerDFGToB3::storeStructure): 17 (JSC::FTL::DFG::LowerDFGToB3::allocateCell): 18 (JSC::FTL::DFG::LowerDFGToB3::allocateObject): 19 (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedObject): 20 (JSC::FTL::DFG::LowerDFGToB3::allocateVariableSizedCell): 21 * runtime/Structure.h: 22 1 23 2016-11-29 Mark Lam <mark.lam@apple.com> 2 24 -
trunk/Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
r208720 r209112 68 68 macro(JSFunction_scope, JSFunction::offsetOfScopeChain()) \ 69 69 macro(JSFunction_rareData, JSFunction::offsetOfRareData()) \ 70 macro(FunctionRareData_allocator, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfAllocator()) \ 71 macro(FunctionRareData_structure, FunctionRareData::offsetOfObjectAllocationProfile() + ObjectAllocationProfile::offsetOfStructure()) \ 70 72 macro(JSObject_butterfly, JSObject::butterflyOffset()) \ 71 73 macro(JSPropertyNameEnumerator_cachedInlineCapacity, JSPropertyNameEnumerator::cachedInlineCapacityOffset()) \ … … 108 110 macro(Structure_prototype, Structure::prototypeOffset()) \ 109 111 macro(Structure_structureID, Structure::structureIDOffset()) \ 112 macro(Structure_inlineCapacity, Structure::inlineCapacityOffset()) \ 113 macro(Structure_initializationBlob, Structure::indexingTypeIncludingHistoryOffset()) \ 110 114 macro(JSMap_hashMapImpl, JSMap::offsetOfHashMapImpl()) \ 111 115 macro(JSSet_hashMapImpl, JSSet::offsetOfHashMapImpl()) \ -
trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
r208704 r209112 280 280 case CallDOM: 281 281 case CallDOMGetter: 282 case CreateThis: 282 283 // These are OK. 283 284 break; -
trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
r208860 r209112 1074 1074 compileCallDOMGetter(); 1075 1075 break; 1076 case CreateThis: 1077 compileCreateThis(); 1078 break; 1076 1079 1077 1080 case PhantomLocal: … … 4856 4859 4857 4860 LValue result = allocateCell( 4858 m_out.constIntPtr(allocator), vm().stringStructure.get(), slowPath);4861 m_out.constIntPtr(allocator), m_out.constIntPtr(vm().stringStructure.get()), slowPath); 4859 4862 4860 4863 m_out.storePtr(m_out.intPtrZero, result, m_heaps.JSString_value); … … 8146 8149 8147 8150 LValue fastObjectValue = allocateObject( 8148 m_out.constIntPtr(cellAllocator), structure, fastButterflyValue, slowPath);8151 m_out.constIntPtr(cellAllocator), m_out.constIntPtr(structure), fastButterflyValue, slowPath); 8149 8152 8150 8153 ValueFromBlock fastObject = m_out.anchor(fastObjectValue); … … 9493 9496 setJSValue(patchpoint); 9494 9497 } 9498 9499 void compileCreateThis() 9500 { 9501 LValue callee = lowCell(m_node->child1()); 9502 9503 LBasicBlock isFunctionBlock = m_out.newBlock(); 9504 LBasicBlock hasRareData = m_out.newBlock(); 9505 LBasicBlock slowPath = m_out.newBlock(); 9506 LBasicBlock continuation = m_out.newBlock(); 9507 9508 m_out.branch(isFunction(callee, provenType(m_node->child1())), usually(isFunctionBlock), rarely(slowPath)); 9509 9510 LBasicBlock lastNext = m_out.appendTo(isFunctionBlock, hasRareData); 9511 LValue rareData = m_out.loadPtr(callee, m_heaps.JSFunction_rareData); 9512 m_out.branch(m_out.isZero64(rareData), rarely(slowPath), usually(hasRareData)); 9513 9514 m_out.appendTo(hasRareData, slowPath); 9515 LValue allocator = m_out.loadPtr(rareData, m_heaps.FunctionRareData_allocator); 9516 LValue structure = m_out.loadPtr(rareData, m_heaps.FunctionRareData_structure); 9517 LValue butterfly = m_out.constIntPtr(0); 9518 ValueFromBlock fastResult = m_out.anchor(allocateObject(allocator, structure, butterfly, slowPath)); 9519 m_out.jump(continuation); 9520 9521 m_out.appendTo(slowPath, continuation); 9522 ValueFromBlock slowResult = m_out.anchor(vmCall( 9523 Int64, m_out.operation(operationCreateThis), m_callFrame, callee, m_out.constInt32(m_node->inlineCapacity()))); 9524 m_out.jump(continuation); 9525 9526 m_out.appendTo(continuation, lastNext); 9527 LValue result = m_out.phi(Int64, fastResult, slowResult); 9528 9529 mutatorFence(); 9530 setJSValue(result); 9531 } 9495 9532 9496 9533 void compareEqObjectOrOtherToObject(Edge leftChild, Edge rightChild) … … 9913 9950 return patchpoint; 9914 9951 } 9915 9916 void storeStructure(LValue object, Structure* structure) 9917 { 9918 m_out.store32(m_out.constInt32(structure->id()), object, m_heaps.JSCell_structureID); 9919 m_out.store32( 9920 m_out.constInt32(structure->objectInitializationBlob()), 9921 object, m_heaps.JSCell_usefulBytes); 9922 } 9923 9924 LValue allocateCell(LValue allocator, Structure* structure, LBasicBlock slowPath) 9952 9953 void storeStructure(LValue object, LValue structure) 9954 { 9955 LValue id; 9956 LValue blob; 9957 if (structure->hasIntPtr()) { 9958 Structure* actualStructure = bitwise_cast<Structure*>(structure->asIntPtr()); 9959 id = m_out.constInt32(actualStructure->id()); 9960 blob = m_out.constInt32(actualStructure->objectInitializationBlob()); 9961 } else { 9962 id = m_out.load32(structure, m_heaps.Structure_structureID); 9963 blob = m_out.load32(structure, m_heaps.Structure_initializationBlob); 9964 } 9965 m_out.store32(id, object, m_heaps.JSCell_structureID); 9966 m_out.store32(blob, object, m_heaps.JSCell_usefulBytes); 9967 } 9968 9969 LValue allocateCell(LValue allocator, LValue structure, LBasicBlock slowPath) 9925 9970 { 9926 9971 LValue result = allocateHeapCell(allocator, slowPath); … … 9930 9975 9931 9976 LValue allocateObject( 9932 LValue allocator, Structure*structure, LValue butterfly, LBasicBlock slowPath)9977 LValue allocator, LValue structure, LValue butterfly, LBasicBlock slowPath) 9933 9978 { 9934 9979 LValue result = allocateCell(allocator, structure, slowPath); 9935 9980 if (useGCFences()) { 9981 LValue start = m_out.constInt32(JSFinalObject::offsetOfInlineStorage() / 8); 9982 LValue end; 9983 if (structure->hasIntPtr()) { 9984 Structure* actualStructure = bitwise_cast<Structure*>(structure->asIntPtr()); 9985 end = m_out.constInt32(JSFinalObject::offsetOfInlineStorage() / 8 + actualStructure->inlineCapacity()); 9986 } else 9987 end = m_out.add(start, m_out.load8ZeroExt32(structure, m_heaps.Structure_inlineCapacity)); 9988 9936 9989 splatWords( 9937 9990 result, 9938 m_out.constInt32(JSFinalObject::offsetOfInlineStorage() / 8),9939 m_out.constInt32(JSFinalObject::offsetOfInlineStorage() / 8 + structure->inlineCapacity()),9991 start, 9992 end, 9940 9993 m_out.int64Zero, 9941 9994 m_heaps.properties.atAnyNumber()); … … 9950 10003 { 9951 10004 MarkedAllocator* allocator = vm().heap.allocatorForObjectOfType<ClassType>(size); 9952 return allocateObject(m_out.constIntPtr(allocator), structure, butterfly, slowPath);10005 return allocateObject(m_out.constIntPtr(allocator), m_out.constIntPtr(structure), butterfly, slowPath); 9953 10006 } 9954 10007 … … 10014 10067 LValue allocator = allocatorForSize( 10015 10068 vm().heap.subspaceForObjectOfType<ClassType>(), size, slowPath); 10016 return allocateObject(allocator, structure, butterfly, slowPath);10069 return allocateObject(allocator, m_out.constIntPtr(structure), butterfly, slowPath); 10017 10070 } 10018 10071 … … 10023 10076 LValue allocator = allocatorForSize( 10024 10077 vm().heap.subspaceForObjectOfType<ClassType>(), size, slowPath); 10025 return allocateCell(allocator, structure, slowPath);10078 return allocateCell(allocator, m_out.constIntPtr(structure), slowPath); 10026 10079 } 10027 10080 … … 10041 10094 10042 10095 ValueFromBlock fastResult = m_out.anchor(allocateObject( 10043 m_out.constIntPtr(allocator), structure, m_out.intPtrZero, slowPath));10096 m_out.constIntPtr(allocator), m_out.constIntPtr(structure), m_out.intPtrZero, slowPath)); 10044 10097 10045 10098 m_out.jump(continuation); -
trunk/Source/JavaScriptCore/runtime/Structure.h
r208897 r209112 406 406 } 407 407 408 static ptrdiff_t inlineCapacityOffset() 409 { 410 return OBJECT_OFFSETOF(Structure, m_inlineCapacity); 411 } 412 408 413 static ptrdiff_t prototypeOffset() 409 414 {
Note: See TracChangeset
for help on using the changeset viewer.