Timeline
Jul 24, 2013:
- 11:09 PM Changeset in webkit [153300] by
-
- 3 edits in trunk/Source/JavaScriptCore
Unreviewed buildfix after FTL upstream.
Add ftl directory as include path.
- CMakeLists.txt:
- JavaScriptCore.pri:
- 10:59 PM Changeset in webkit [153299] by
-
- 3 edits in trunk/Source/JavaScriptCore
Unreviewed buildfix after FTL upstream for non C++11 builds.
- interpreter/CallFrame.h:
- interpreter/StackIteratorPrivate.h:
(JSC::StackIterator::end):
- 10:02 PM Changeset in webkit [153298] by
-
- 2 edits in trunk/Source/JavaScriptCore
Endeavour to fix CMakelist builds
- 9:36 PM Changeset in webkit [153297] by
-
- 5 edits in trunk/Source/WebCore
Introduce toSVGPatternElement(), use it
https://bugs.webkit.org/show_bug.cgi?id=119013
Reviewed by Andreas Kling.
As a step to change static_cast with toSVGXXX, static_cast<SVGPatternElement*> can
be changed with toSVGPatternElement().
Merge from https://src.chromium.org/viewvc/blink?view=rev&revision=154734
- rendering/svg/RenderSVGResourcePattern.cpp:
(WebCore::RenderSVGResourcePattern::buildPattern):
- rendering/svg/SVGRenderTreeAsText.cpp:
(WebCore::writeSVGResourceContainer):
- rendering/svg/SVGResources.cpp:
(WebCore::targetReferenceFromResource):
- svg/SVGPatternElement.h:
(WebCore::toSVGPatternElement):
- 9:05 PM Changeset in webkit [153296] by
-
- 39 edits5 copies1 add in trunk/Source
fourthTier: DFG IR dumps should be easier to read
https://bugs.webkit.org/show_bug.cgi?id=119050
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
Added a DumpContext that includes support for printing an endnote
that describes all structures in full, while the main flow of the
dump just uses made-up names for the structures. This is helpful
since Structure::dump() may print a lot. The stuff it prints is
useful, but if it's all inline with the surrounding thing you're
dumping (often, a node in the DFG), then you get a ridiculously
long print-out. All classes that dump structures (including
Structure itself) now have dumpInContext() methods that use
inContext() for dumping anything that might transitively print a
structure. If Structure::dumpInContext() is called with a NULL
context, it just uses dump() like before. Hence you don't have to
know anything about DumpContext unless you want to.
inContext(*structure, context) dumps something like %B4:Array,
and the endnote will have something like:
%B4:Array = 0x10e91a180:[Array, {Edge:100, Normal:101, Line:102, NumPx:103, LastPx:104}, ArrayWithContiguous, Proto:0x10e99ffe0]
where B4 is the inferred name that StringHashDumpContext came up
with.
Also shortened a bunch of other dumps, removing information that
isn't so important.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/ArrayProfile.cpp:
(JSC::dumpArrayModes):
- bytecode/CodeBlockHash.cpp:
(JSC):
(JSC::CodeBlockHash::CodeBlockHash):
(JSC::CodeBlockHash::dump):
- bytecode/CodeOrigin.cpp:
(JSC::CodeOrigin::dumpInContext):
(JSC):
(JSC::InlineCallFrame::dumpInContext):
(JSC::InlineCallFrame::dump):
- bytecode/CodeOrigin.h:
(CodeOrigin):
(InlineCallFrame):
- bytecode/Operands.h:
(JSC::OperandValueTraits::isEmptyForDump):
(Operands):
(JSC::Operands::dump):
(JSC):
- bytecode/OperandsInlines.h: Added.
(JSC):
(JSC::::dumpInContext):
- bytecode/StructureSet.h:
(JSC::StructureSet::dumpInContext):
(JSC::StructureSet::dump):
(StructureSet):
- dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::dump):
(DFG):
(JSC::DFG::AbstractValue::dumpInContext):
- dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::operator!):
(AbstractValue):
- dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::performBlockCFA):
- dfg/DFGCommon.cpp:
- dfg/DFGCommon.h:
(JSC::DFG::NodePointerTraits::isEmptyForDump):
- dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::createDumpList):
- dfg/DFGDisassembler.h:
(Disassembler):
- dfg/DFGFlushFormat.h:
(WTF::inContext):
(WTF):
- dfg/DFGFlushLivenessAnalysisPhase.cpp:
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dumpCodeOrigin):
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::dumpBlockHeader):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGLazyJSValue.cpp:
(JSC::DFG::LazyJSValue::dumpInContext):
(JSC::DFG::LazyJSValue::dump):
(DFG):
- dfg/DFGLazyJSValue.h:
(LazyJSValue):
- dfg/DFGNode.h:
(JSC::DFG::nodeMapDump):
(WTF::inContext):
(WTF):
- dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
- dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
- dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::dumpInContext):
(JSC::DFG::StructureAbstractValue::dump):
(StructureAbstractValue):
- ftl/FTLExitValue.cpp:
(JSC::FTL::ExitValue::dumpInContext):
(JSC::FTL::ExitValue::dump):
(FTL):
- ftl/FTLExitValue.h:
(ExitValue):
- ftl/FTLLowerDFGToLLVM.cpp:
- ftl/FTLValueSource.cpp:
(JSC::FTL::ValueSource::dumpInContext):
(FTL):
- ftl/FTLValueSource.h:
(ValueSource):
- runtime/DumpContext.cpp: Added.
(JSC):
(JSC::DumpContext::DumpContext):
(JSC::DumpContext::~DumpContext):
(JSC::DumpContext::isEmpty):
(JSC::DumpContext::dump):
- runtime/DumpContext.h: Added.
(JSC):
(DumpContext):
- runtime/JSCJSValue.cpp:
(JSC::JSValue::dump):
(JSC):
(JSC::JSValue::dumpInContext):
- runtime/JSCJSValue.h:
(JSC):
(JSValue):
- runtime/Structure.cpp:
(JSC::Structure::dumpInContext):
(JSC):
(JSC::Structure::dumpBrief):
(JSC::Structure::dumpContextHeader):
- runtime/Structure.h:
(JSC):
(Structure):
Source/WTF:
Reviewed by Mark Hahnenberg.
Added support for dumping values within a context. By default, if you say
print(inContext(value, context)) it calls value.dumpInContext(out, context)
instead of value.dump(out).
Hoisted the support for six-character hashes out of JSC::CodeBlockHash into
WTF, in the form of SixCharacterHash.h.
Added a helper for creating dump contexts where the inContext() dump will
just use a short string hash to "name" the object being dumped, and then
will print out the full dumps in an endnote to your dump.
Added support for using CString as a hashtable key.
- WTF.xcodeproj/project.pbxproj:
- wtf/PrintStream.h:
(WTF):
(ValueInContext):
(WTF::ValueInContext::ValueInContext):
(WTF::ValueInContext::dump):
(WTF::inContext):
- wtf/SixCharacterHash.cpp: Added.
(WTF):
(WTF::sixCharacterHashStringToInteger):
(WTF::integerToSixCharacterHashString):
- wtf/SixCharacterHash.h: Added.
(WTF):
- wtf/StringHashDumpContext.h: Added.
(WTF):
(StringHashDumpContext):
(WTF::StringHashDumpContext::StringHashDumpContext):
(WTF::StringHashDumpContext::getID):
(WTF::StringHashDumpContext::dumpBrief):
(WTF::StringHashDumpContext::brief):
(WTF::StringHashDumpContext::isEmpty):
(WTF::StringHashDumpContext::dump):
- wtf/text/CString.cpp:
(WTF::CString::hash):
(WTF):
(WTF::operator<):
(WTF::CStringHash::equal):
- wtf/text/CString.h:
(WTF::CString::CString):
(CString):
(WTF::CString::isHashTableDeletedValue):
(WTF):
(WTF::CStringHash::hash):
(CStringHash):
- 9:05 PM Changeset in webkit [153295] by
-
- 13 edits4 copies1 add in trunk/Source/JavaScriptCore
fourthTier: DFG should do a high-level LICM before going to FTL
https://bugs.webkit.org/show_bug.cgi?id=118749
Reviewed by Oliver Hunt.
Implements LICM hoisting for nodes that never write anything and never read
things that are clobbered by the loop. There are some other preconditions for
hoisting, see DFGLICMPhase.cpp.
Also did a few fixes:
- ClobberSet::add was failing to switch Super entries to Direct entries in some cases.
- DFGClobberize.cpp needed to #include "Operations.h".
- DCEPhase needs to process the graph in reverse DFS order, when we're in SSA.
- AbstractInterpreter can now execute a Node without knowing its indexInBlock. Knowing the indexInBlock is an optional optimization that all other clients of AI still opt into, but LICM doesn't.
This makes the FTL a 2.19x speed-up on imaging-gaussian-blur.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGAbstractInterpreter.h:
(AbstractInterpreter):
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
(JSC::DFG::::execute):
(DFG):
(JSC::DFG::::clobberWorld):
(JSC::DFG::::clobberStructures):
- dfg/DFGAtTailAbstractState.cpp: Added.
(DFG):
(JSC::DFG::AtTailAbstractState::AtTailAbstractState):
(JSC::DFG::AtTailAbstractState::~AtTailAbstractState):
(JSC::DFG::AtTailAbstractState::createValueForNode):
(JSC::DFG::AtTailAbstractState::forNode):
- dfg/DFGAtTailAbstractState.h: Added.
(DFG):
(AtTailAbstractState):
(JSC::DFG::AtTailAbstractState::initializeTo):
(JSC::DFG::AtTailAbstractState::forNode):
(JSC::DFG::AtTailAbstractState::variables):
(JSC::DFG::AtTailAbstractState::block):
(JSC::DFG::AtTailAbstractState::isValid):
(JSC::DFG::AtTailAbstractState::setDidClobber):
(JSC::DFG::AtTailAbstractState::setIsValid):
(JSC::DFG::AtTailAbstractState::setBranchDirection):
(JSC::DFG::AtTailAbstractState::setFoundConstants):
(JSC::DFG::AtTailAbstractState::haveStructures):
(JSC::DFG::AtTailAbstractState::setHaveStructures):
- dfg/DFGBasicBlock.h:
(JSC::DFG::BasicBlock::insertBeforeLast):
- dfg/DFGBasicBlockInlines.h:
(DFG):
- dfg/DFGClobberSet.cpp:
(JSC::DFG::ClobberSet::add):
(JSC::DFG::ClobberSet::addAll):
- dfg/DFGClobberize.cpp:
(JSC::DFG::doesWrites):
- dfg/DFGClobberize.h:
(DFG):
- dfg/DFGDCEPhase.cpp:
(JSC::DFG::DCEPhase::DCEPhase):
(JSC::DFG::DCEPhase::run):
(JSC::DFG::DCEPhase::fixupBlock):
(DCEPhase):
- dfg/DFGEdgeDominates.h: Added.
(DFG):
(EdgeDominates):
(JSC::DFG::EdgeDominates::EdgeDominates):
(JSC::DFG::EdgeDominates::operator()):
(JSC::DFG::EdgeDominates::result):
(JSC::DFG::edgesDominate):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::checkArray):
- dfg/DFGLICMPhase.cpp: Added.
(LICMPhase):
(JSC::DFG::LICMPhase::LICMPhase):
(JSC::DFG::LICMPhase::run):
(JSC::DFG::LICMPhase::attemptHoist):
(DFG):
(JSC::DFG::performLICM):
- dfg/DFGLICMPhase.h: Added.
(DFG):
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
- 9:05 PM Changeset in webkit [153294] by
-
- 5 edits6 adds in trunk/Source
fourthTier: DFG Nodes should be able to abstractly tell you what they read and what they write
https://bugs.webkit.org/show_bug.cgi?id=118910
Source/JavaScriptCore:
Reviewed by Sam Weinig.
Add the notion of AbstractHeap to the DFG. This is analogous to the AbstractHeap in
the FTL, except that the FTL's AbstractHeaps are used during LLVM lowering and are
engineered to obey LLVM TBAA logic. The FTL's AbstractHeaps are also engineered to
be inexpensive to use (they just give you a TBAA node) but expensive to create (you
create them all up front). FTL AbstractHeaps also don't actually give you the
ability to reason about aliasing; they are *just* a mechanism for lowering to TBAA.
The DFG's AbstractHeaps are engineered to be both cheap to create and cheap to use.
They also give you aliasing machinery. The DFG AbstractHeaps are represented
internally by a int64_t. Many comparisons between them are just integer comaprisons.
AbstractHeaps form a three-level hierarchy (World is the supertype of everything,
Kind with a TOP payload is a direct subtype of World, and Kind with a non-TOP
payload is the direct subtype of its corresponding TOP Kind).
Add the notion of a ClobberSet. This is the set of AbstractHeaps that you had
clobbered. It represents the set that results from unifying a bunch of
AbstractHeaps, and is intended to quickly answer overlap questions: does the given
AbstractHeap overlap any AbstractHeap in the ClobberSet? To this end, if you add an
AbstractHeap to a set, it "directly" adds the heap itself, and "super" adds all of
its ancestors. An AbstractHeap is said to overlap a set if any direct or super
member is equal to it, or if any of its ancestors are equal to a direct member.
Example #1:
- I add Variables(5). I.e. Variables is the Kind and 5 is the payload. This is a subtype of Variables, which is a subtype of World.
- You query Variables. I.e. Variables with a TOP payload, which is the supertype of Variables(X) for any X, and a subtype of World.
The set will have Variables(5) as a direct member, and Variables and World as
super members. The Variables query will immediately return true, because
Variables is indeed a super member.
Example #2:
- I add Variables(5)
- You query NamedProperties
NamedProperties is not a member at all (neither direct or super). We next
query World. World is a member, but it's a super member, so we return false.
Example #3:
- I add Variables
- You query Variables(5)
The set will have Variables as a direct member, and World as a super member.
The Variables(5) query will not find Variables(5) in the set, but then it
will query Variables. Variables is a direct member, so we return true.
Example #4:
- I add Variables
- You query NamedProperties(5)
Neither NamedProperties nor NamedProperties(5) are members. We next query
World. World is a member, but it's a super member, so we return false.
Overlap queries require that either the heap being queried is in the set (either
direct or super), or that one of its ancestors is a direct member. Another way to
think about how this works is that two heaps A and B are said to overlap if
A.isSubtypeOf(B) or B.isSubtypeOf(A). This is sound since heaps form a
single-inheritance heirarchy. Consider that we wanted to implement a set that holds
heaps and answers the question, "is any member in the set an ancestor (i.e.
supertype) of some other heap". We would have the set contain the heaps themselves,
and we would satisfy the query "A.isSubtypeOfAny(set)" by walking the ancestor
chain of A, and repeatedly querying its membership in the set. This is what the
"direct" members of our set do. Now consider the other part, where we want to ask if
any member of the set is a descendent of a heap, or "A.isSupertypeOfAny(set)". We
would implement this by implementing set.add(B) as adding not just B but also all of
B's ancestors; then we would answer A.isSupertypeOfAny(set) by just checking if A is
in the set. With two such sets - one that answers isSubtypeOfAny() and another that
answers isSupertypeOfAny() - we could answer the "do any of my heaps overlap your
heap" question. ClobberSet does this, but combines the two sets into a single
HashMap. The HashMap's value, "direct", means that the key is a member of both the
supertype set and the subtype set; if it's false then it's only a member of one of
them.
Finally, this adds a functorized clobberize() method that adds the read and write
clobbers of a DFG::Node to read and write functors. Common functors for adding to
ClobberSets, querying overlap, and doing nothing are provided. Convenient wrappers
are also provided. This allows you to say things like:
ClobberSet set;
addWrites(graph, node1, set);
if (readsOverlap(graph, node2, set))
We know that node1 may write to something that node2 may read from.
Currently this facility is only used to improve graph dumping, but it will be
instrumental in both LICM and GVN. In the future, I want to completely kill the
NodeClobbersWorld and NodeMightClobber flags, and eradicate CSEPhase's hackish way
of accomplishing almost exactly what AbstractHeap gives you.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGAbstractHeap.cpp: Added.
(DFG):
(JSC::DFG::AbstractHeap::Payload::dump):
(JSC::DFG::AbstractHeap::dump):
(WTF):
(WTF::printInternal):
- dfg/DFGAbstractHeap.h: Added.
(DFG):
(AbstractHeap):
(Payload):
(JSC::DFG::AbstractHeap::Payload::Payload):
(JSC::DFG::AbstractHeap::Payload::top):
(JSC::DFG::AbstractHeap::Payload::isTop):
(JSC::DFG::AbstractHeap::Payload::value):
(JSC::DFG::AbstractHeap::Payload::valueImpl):
(JSC::DFG::AbstractHeap::Payload::operator==):
(JSC::DFG::AbstractHeap::Payload::operator!=):
(JSC::DFG::AbstractHeap::Payload::operator<):
(JSC::DFG::AbstractHeap::Payload::isDisjoint):
(JSC::DFG::AbstractHeap::Payload::overlaps):
(JSC::DFG::AbstractHeap::AbstractHeap):
(JSC::DFG::AbstractHeap::operator!):
(JSC::DFG::AbstractHeap::kind):
(JSC::DFG::AbstractHeap::payload):
(JSC::DFG::AbstractHeap::isDisjoint):
(JSC::DFG::AbstractHeap::overlaps):
(JSC::DFG::AbstractHeap::supertype):
(JSC::DFG::AbstractHeap::hash):
(JSC::DFG::AbstractHeap::operator==):
(JSC::DFG::AbstractHeap::operator!=):
(JSC::DFG::AbstractHeap::operator<):
(JSC::DFG::AbstractHeap::isHashTableDeletedValue):
(JSC::DFG::AbstractHeap::payloadImpl):
(JSC::DFG::AbstractHeap::encode):
(JSC::DFG::AbstractHeapHash::hash):
(JSC::DFG::AbstractHeapHash::equal):
(AbstractHeapHash):
(WTF):
- dfg/DFGClobberSet.cpp: Added.
(DFG):
(JSC::DFG::ClobberSet::ClobberSet):
(JSC::DFG::ClobberSet::~ClobberSet):
(JSC::DFG::ClobberSet::add):
(JSC::DFG::ClobberSet::addAll):
(JSC::DFG::ClobberSet::contains):
(JSC::DFG::ClobberSet::overlaps):
(JSC::DFG::ClobberSet::clear):
(JSC::DFG::ClobberSet::direct):
(JSC::DFG::ClobberSet::super):
(JSC::DFG::ClobberSet::dump):
(JSC::DFG::ClobberSet::setOf):
(JSC::DFG::addReads):
(JSC::DFG::addWrites):
(JSC::DFG::addReadsAndWrites):
(JSC::DFG::readsOverlap):
(JSC::DFG::writesOverlap):
- dfg/DFGClobberSet.h: Added.
(DFG):
(ClobberSet):
(JSC::DFG::ClobberSet::isEmpty):
(ClobberSetAdd):
(JSC::DFG::ClobberSetAdd::ClobberSetAdd):
(JSC::DFG::ClobberSetAdd::operator()):
(ClobberSetOverlaps):
(JSC::DFG::ClobberSetOverlaps::ClobberSetOverlaps):
(JSC::DFG::ClobberSetOverlaps::operator()):
(JSC::DFG::ClobberSetOverlaps::result):
- dfg/DFGClobberize.cpp: Added.
(DFG):
(JSC::DFG::didWrites):
- dfg/DFGClobberize.h: Added.
(DFG):
(JSC::DFG::clobberize):
(NoOpClobberize):
(JSC::DFG::NoOpClobberize::NoOpClobberize):
(JSC::DFG::NoOpClobberize::operator()):
(CheckClobberize):
(JSC::DFG::CheckClobberize::CheckClobberize):
(JSC::DFG::CheckClobberize::operator()):
(JSC::DFG::CheckClobberize::result):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
Source/WTF:
Reviewed by Sam Weinig.
Fix compile goof in sortedListDump().
- wtf/ListDump.h:
(WTF::sortedListDump):
Conflicts:
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
- 9:05 PM Changeset in webkit [153293] by
-
- 4 edits in trunk/Source/JavaScriptCore
fourthTier: It should be easy to figure out which blocks nodes belong to
https://bugs.webkit.org/show_bug.cgi?id=118957
Reviewed by Sam Weinig.
- dfg/DFGGraph.cpp:
(DFG):
(JSC::DFG::Graph::initializeNodeOwners):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGNode.h:
- 9:05 PM Changeset in webkit [153292] by
-
- 18 edits in trunk/Source/JavaScriptCore
fourthTier: NodeExitsForward shouldn't be duplicated in NodeType
https://bugs.webkit.org/show_bug.cgi?id=118956
Reviewed by Sam Weinig.
We had two way of expressing that something exits forward: the NodeExitsForward
flag and the word 'Forward' in the NodeType. That's kind of dumb. This patch
makes it just be a flag.
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
- dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::int32ToDoubleCSE):
(JSC::DFG::CSEPhase::checkStructureElimination):
(JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
(JSC::DFG::CSEPhase::putStructureStoreElimination):
(JSC::DFG::CSEPhase::checkArrayElimination):
(JSC::DFG::CSEPhase::performNodeCSE):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
- dfg/DFGMinifiedNode.h:
(JSC::DFG::belongsInMinifiedGraph):
(JSC::DFG::MinifiedNode::hasChild):
- dfg/DFGNode.h:
(JSC::DFG::Node::convertToStructureTransitionWatchpoint):
(JSC::DFG::Node::hasStructureSet):
(JSC::DFG::Node::hasStructure):
(JSC::DFG::Node::hasArrayMode):
(JSC::DFG::Node::willHaveCodeGenOrOSR):
- dfg/DFGNodeType.h:
(DFG):
(JSC::DFG::needsOSRForwardRewiring):
- dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
- dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::run):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
- dfg/DFGVariableEventStream.cpp:
(JSC::DFG::VariableEventStream::reconstruct):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
- 9:05 PM Changeset in webkit [153291] by
-
- 10 edits in trunk/Source/JavaScriptCore
fourthTier: It should be possible for a DFG::Node to claim to exit to one CodeOrigin, but then claim that it belongs to a different CodeOrigin for all other purposes
https://bugs.webkit.org/show_bug.cgi?id=118946
Reviewed by Geoffrey Garen.
We want to decouple the exit target code origin of a node from the code origin
for all other purposes. The purposes of code origins are:
- Where the node will exit, if it exits. The exit target should be consistent with the surrounding nodes, in that if you just looked at the code origins of nodes in the graph, they would be consistent with the code origins in bytecode. This is necessary for live-at-bytecode analyses to work, and to preserve the original bytecode semantics when exiting.
- What kind of code the node came from, for semantics thingies. For example, we might use the code origin to find the node's global object for doing an original array check. Or we might use it to determine if the code is in strict mode. Or other similar things. When we use the code origin in this way, we're basically using it as a way of describing the node's meta-data without putting it into the node directly, to save space. In the absurd extreme you could imagine nodes not even having NodeTypes or NodeFlags, and just using the CodeOrigin to determine what bytecode the node originated from. We won't do that, but you can think of this use of code origins as just a way of compressing meta-data.
- What code origin we should supply profiling to, if we exit. This is closely related to the semantics thingies, in that the exit profiling is a persistent kind of semantic meta-data that survives between recompiles, and the only way to do that is to ascribe it to the original bytecode via the code origin.
If we hoist a node, we need to change the exit target code origin, but we must not
change the code origin for other purposes. The best way to do this is to decouple
the two kinds of code origin.
OSR exit data structures already do this, because they may edit the exit target
code origin while keeping the code origin for profiling intact. This happens for
forward exits. So, we just need to thread separation all the way back to DFG::Node.
That's what this patch does.
- dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(Node):
- dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::OSRExit):
- dfg/DFGOSRExitBase.h:
(JSC::DFG::OSRExitBase::OSRExitBase):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(LowerDFGToLLVM):
- ftl/FTLOSRExit.cpp:
(JSC::FTL::OSRExit::OSRExit):
- ftl/FTLOSRExit.h:
(OSRExit):
- 9:05 PM Changeset in webkit [153290] by
-
- 6 edits1 add in trunk/Source/JavaScriptCore
fourthTier: each DFG node that relies on other nodes to do their type checks should be able to tell you if those type checks happened
https://bugs.webkit.org/show_bug.cgi?id=118866
Reviewed by Sam Weinig.
Adds a safeToExecute() method that takes a node and an abstract state and tells you
if the node will run without crashing under that state.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
- dfg/DFGCFAPhase.cpp:
(CFAPhase):
(JSC::DFG::CFAPhase::CFAPhase):
(JSC::DFG::CFAPhase::run):
(JSC::DFG::CFAPhase::performBlockCFA):
(JSC::DFG::CFAPhase::performForwardCFA):
- dfg/DFGSafeToExecute.h: Added.
(DFG):
(SafeToExecuteEdge):
(JSC::DFG::SafeToExecuteEdge::SafeToExecuteEdge):
(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::SafeToExecuteEdge::result):
(JSC::DFG::safeToExecute):
- dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::isValidOffset):
(StructureAbstractValue):
- runtime/Options.h:
(JSC):
- 9:05 PM Changeset in webkit [153289] by
-
- 9 edits3 adds in trunk
fourthTier: FTL should be able to generate LLVM IR that uses an intrinsic for OSR exit
https://bugs.webkit.org/show_bug.cgi?id=118948
Source/JavaScriptCore:
Reviewed by Sam Weinig.
- Add the ability to generate LLVM IR but then not use it, via --llvmAlwaysFails=true. This allows doing "what if" experiments with IR generation, even if the generated IR can't yet execute.
- Add an OSR exit path that just calls an intrinsic that combines the branch and the off-ramp.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
- ftl/FTLFail.cpp: Added.
(FTL):
(JSC::FTL::fail):
- ftl/FTLFail.h: Added.
(FTL):
- ftl/FTLIntrinsicRepository.h:
(FTL):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
- runtime/Options.h:
(JSC):
Tools:
Reviewed by Sam Weinig.
- Make ReducedFTL capable of dealing with code that uses the fake OSR exit intrinsic, by exporting it as a function.
- Make combineModules.rb idempotent. Sometimes it's convenient to run a file through it even if you know that you've already done so. See processIRDump.sh.
- Add a script, processIRDump.sh, that takes the output of --dumpLLVMIR=true and runs it through ReducedFTL automatically. You typically want to say something like:
jsc --dumpLLVMIR=true <program(s)> > jsc-output.txt
./processIRDump.sh --timing < jsc-output.txt
- ReducedFTL/ReducedFTL.c:
(webkit_osr_exit):
- ReducedFTL/combineModules.rb:
- ReducedFTL/processIRDump.sh: Added.
- 9:05 PM Changeset in webkit [153288] by
-
- 2 edits in trunk/Tools
fourthTier: We should use the no-asserts build of LLVM if that's what the user configured
https://bugs.webkit.org/show_bug.cgi?id=118947
Reviewed by Dan Bernstein.
- Scripts/copy-webkitlibraries-to-product-directory:
- 9:05 PM Changeset in webkit [153287] by
-
- 4 edits1 add in trunk/Source/JavaScriptCore
fourthTier: StringObjectUse uses structures, and CSE should know that
https://bugs.webkit.org/show_bug.cgi?id=118940
Reviewed by Geoffrey Garen.
This is asymptomatic right now, but we should fix it.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::putStructureStoreElimination):
- dfg/DFGEdgeUsesStructure.h: Added.
(DFG):
(EdgeUsesStructure):
(JSC::DFG::EdgeUsesStructure::EdgeUsesStructure):
(JSC::DFG::EdgeUsesStructure::operator()):
(JSC::DFG::EdgeUsesStructure::result):
(JSC::DFG::edgesUseStructure):
- dfg/DFGUseKind.h:
(DFG):
(JSC::DFG::usesStructure):
Conflicts:
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
- 9:05 PM Changeset in webkit [153286] by
-
- 9 edits13 adds in trunk
fourthTier: String GetByVal out-of-bounds handling is so wrong
https://bugs.webkit.org/show_bug.cgi?id=118935
Source/JavaScriptCore:
Reviewed by Geoffrey Garen.
Bunch of String GetByVal out-of-bounds fixes:
- Even if the string proto chain is sane, we need to watch out for negative indices. They may get values or call getters in the prototypes, since proto sanity doesn't check for negative indexed properties, as they are not technically indexed properties.
- GetByVal String out-of-bounds does in fact clobberWorld(). CSE should be given this information.
- GetByVal String out-of-bounds does in fact clobberWorld(). CFA should be given this information.
Also fixed some other things:
- If the DFG is disabled, the testRunner should pretend that we've done a bunch of DFG compiles. That's necessary to prevent the tests from timing out.
- Disassembler shouldn't try to dump source code since it's not safe in the concurrent JIT.
- API/JSCTestRunnerUtils.cpp:
(JSC::numberOfDFGCompiles):
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
- dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dumpHeader):
- dfg/DFGGraph.h:
(JSC::DFG::Graph::byValIsPure):
- dfg/DFGSaneStringGetByValSlowPathGenerator.h: Added.
(DFG):
(SaneStringGetByValSlowPathGenerator):
(JSC::DFG::SaneStringGetByValSlowPathGenerator::SaneStringGetByValSlowPathGenerator):
(JSC::DFG::SaneStringGetByValSlowPathGenerator::generateInternal):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
LayoutTests:
Reviewed by Geoffrey Garen.
- fast/js/dfg-string-out-of-bounds-check-structure-expected.txt: Added.
- fast/js/dfg-string-out-of-bounds-check-structure.html: Added.
- fast/js/dfg-string-out-of-bounds-cse-expected.txt: Added.
- fast/js/dfg-string-out-of-bounds-cse.html: Added.
- fast/js/dfg-string-out-of-bounds-negative-check-structure-expected.txt: Added.
- fast/js/dfg-string-out-of-bounds-negative-check-structure.html: Added.
- fast/js/dfg-string-out-of-bounds-negative-proto-value-expected.txt: Added.
- fast/js/dfg-string-out-of-bounds-negative-proto-value.html: Added.
- fast/js/jsc-test-list:
- fast/js/script-tests/dfg-string-out-of-bounds-check-structure.js: Added.
(foo):
- fast/js/script-tests/dfg-string-out-of-bounds-cse.js: Added.
(foo):
- fast/js/script-tests/dfg-string-out-of-bounds-negative-check-structure.js: Added.
(foo):
(while):
- fast/js/script-tests/dfg-string-out-of-bounds-negative-proto-value.js: Added.
(foo):
- 9:05 PM Changeset in webkit [153285] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: Structure::isValidOffset() should be able to tell you if you're loading a valid JSValue, and not just not crashing
https://bugs.webkit.org/show_bug.cgi?id=118911
Reviewed by Geoffrey Garen.
We could also have a separate method like "willNotCrash(offset)", but that's not
what isValidOffset() is intended to mean.
- runtime/Structure.h:
(JSC::Structure::isValidOffset):
- 9:05 PM Changeset in webkit [153284] by
-
- 13 edits in trunk/Source/JavaScriptCore
fourthTier: Structure should be able to tell you if it's valid to load at a given offset from any object with that structure
https://bugs.webkit.org/show_bug.cgi?id=118878
Reviewed by Oliver Hunt.
- Change Structure::isValidOffset() to actually answer the question "If I attempted to load from an object of this structure, at this offset, would I commit suicide or would I get back some kind of value?"
- Change StorageAccessData::offset to use a PropertyOffset. It should have been that way from the start.
- Fix PutStructure so that it sets haveStructures in all of the cases that it should.
- Make GetByOffset also reference the base object in addition to the butterfly.
The future use of this power will be to answer questions like "If I hoisted this
GetByOffset or PutByOffset to this point, would it cause crashes, or would it be
fine?"
I don't currently plan to use this power to perform validation, since the CSE has
the power to eliminate CheckStructure's that the CFA wouldn't be smart enough to
remove - both in the case of StructureSets where size >= 2 and in the case of
CheckStructures that match across PutStructures. At first I tried to write a
validator that was aware of this, but the validation code got way too complicated
and I started having nightmares of spurious assertion bugs being filed against me.
This also changes some of the code for how we hash FunctionExecutable's for debug
dumps, since that code still had some thread-safety issues. Basically, the
concurrent JIT needs to use the CodeBlock's precomputed hash and never call anything
that could transitively try to compute the hash from the source code. The source
code is a string that may be lazily computed, and that involves all manner of thread
unsafe things.
- bytecode/CodeOrigin.cpp:
(JSC::InlineCallFrame::hash):
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleGetByOffset):
(JSC::DFG::ByteCodeParser::handlePutByOffset):
(JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::performBlockCFA):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGGraph.h:
(StorageAccessData):
- dfg/DFGNode.h:
(JSC::DFG::Node::convertToGetByOffset):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
(JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
- runtime/FunctionExecutableDump.cpp:
(JSC::FunctionExecutableDump::dump):
- runtime/Structure.h:
(Structure):
(JSC::Structure::isValidOffset):
- 9:05 PM Changeset in webkit [153283] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: AbstractInterpreter should explicitly ask AbstractState to create new AbstractValues for newly born nodes
https://bugs.webkit.org/show_bug.cgi?id=118880
Reviewed by Sam Weinig.
It should be possible to have an AbstractState that is backed by a HashMap. But to
do this, the AbstractInterpreter should explicitly ask for new nodes to be added to
the map, since otherwise the idiom of getting a reference to the AbstractValue
returned by forNode() would cause really subtle memory corruption bugs.
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
- dfg/DFGInPlaceAbstractState.h:
(JSC::DFG::InPlaceAbstractState::createValueForNode):
(InPlaceAbstractState):
- 9:05 PM Changeset in webkit [153282] by
-
- 11 edits2 moves3 adds in trunk/Source/JavaScriptCore
fourthTier: Decouple the way that CFA stores its state from the way it does abstract interpretation
https://bugs.webkit.org/show_bug.cgi?id=118835
Reviewed by Oliver Hunt.
This separates AbstractState into two things:
- InPlaceAbstractState, which can tell you the abstract state of anything you might care about, and uses the old AbstractState's algorithms and data structures for doing so.
- AbstractInterpreter<AbstractStateType>, which can execute a DFG::Node* with respect to an AbstractStateType. Currently we always use AbstractStateType = InPlaceAbstractState. But we could drop in an other class that supports basic primitives like forNode() and variables().
This is important because:
- We want to hoist things out of loops.
- We don't know what things rely on what type checks.
- We only want to hoist type checks out of loops if they aren't clobbered.
- We may want to still hoist things that depended on those type checks, if it's safe to do those things based on the CFA state at the tail of the loop pre-header.
- We don't want things to rely on their type checks by way of a token, because that's just weird.
So, we want to be able to have a special form of the CFA that can
incrementally update a basic block's state-at-tail, and we want to be able to
do this for multiple blocks simultaneously. This requires *not* storing the
per-node state in the nodes themselves, but instead using the at-tail HashMap
directly.
Hence we need to have a way of making the abstract interpreter (i.e.
AbstractState::execute) polymorphic with respect to state representation. Put
another way, we need to separate the way that abstract state is represented
from the way DFG IR is abstractly interpreted.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGAbstractInterpreter.h: Added.
(DFG):
(AbstractInterpreter):
(JSC::DFG::AbstractInterpreter::forNode):
(JSC::DFG::AbstractInterpreter::variables):
(JSC::DFG::AbstractInterpreter::needsTypeCheck):
(JSC::DFG::AbstractInterpreter::filterEdgeByUse):
(JSC::DFG::AbstractInterpreter::filter):
(JSC::DFG::AbstractInterpreter::filterArrayModes):
(JSC::DFG::AbstractInterpreter::filterByValue):
(JSC::DFG::AbstractInterpreter::trySetConstant):
(JSC::DFG::AbstractInterpreter::filterByType):
- dfg/DFGAbstractInterpreterInlines.h: Added.
(DFG):
(JSC::DFG::::AbstractInterpreter):
(JSC::DFG::::~AbstractInterpreter):
(JSC::DFG::::booleanResult):
(JSC::DFG::::startExecuting):
(JSC::DFG::::executeEdges):
(JSC::DFG::::verifyEdge):
(JSC::DFG::::verifyEdges):
(JSC::DFG::::executeEffects):
(JSC::DFG::::execute):
(JSC::DFG::::clobberWorld):
(JSC::DFG::::clobberCapturedVars):
(JSC::DFG::::clobberStructures):
(JSC::DFG::::dump):
(JSC::DFG::::filter):
(JSC::DFG::::filterArrayModes):
(JSC::DFG::::filterByValue):
- dfg/DFGAbstractState.cpp: Removed.
- dfg/DFGAbstractState.h: Removed.
- dfg/DFGArgumentsSimplificationPhase.cpp:
- dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::CFAPhase):
(JSC::DFG::CFAPhase::performBlockCFA):
(CFAPhase):
- dfg/DFGCFGSimplificationPhase.cpp:
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::ConstantFoldingPhase):
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(ConstantFoldingPhase):
- dfg/DFGInPlaceAbstractState.cpp: Added.
(DFG):
(JSC::DFG::InPlaceAbstractState::InPlaceAbstractState):
(JSC::DFG::InPlaceAbstractState::~InPlaceAbstractState):
(JSC::DFG::InPlaceAbstractState::beginBasicBlock):
(JSC::DFG::setLiveValues):
(JSC::DFG::InPlaceAbstractState::initialize):
(JSC::DFG::InPlaceAbstractState::endBasicBlock):
(JSC::DFG::InPlaceAbstractState::reset):
(JSC::DFG::InPlaceAbstractState::mergeStateAtTail):
(JSC::DFG::InPlaceAbstractState::merge):
(JSC::DFG::InPlaceAbstractState::mergeToSuccessors):
(JSC::DFG::InPlaceAbstractState::mergeVariableBetweenBlocks):
- dfg/DFGInPlaceAbstractState.h: Added.
(DFG):
(InPlaceAbstractState):
(JSC::DFG::InPlaceAbstractState::forNode):
(JSC::DFG::InPlaceAbstractState::variables):
(JSC::DFG::InPlaceAbstractState::block):
(JSC::DFG::InPlaceAbstractState::didClobber):
(JSC::DFG::InPlaceAbstractState::isValid):
(JSC::DFG::InPlaceAbstractState::setDidClobber):
(JSC::DFG::InPlaceAbstractState::setIsValid):
(JSC::DFG::InPlaceAbstractState::setBranchDirection):
(JSC::DFG::InPlaceAbstractState::setFoundConstants):
(JSC::DFG::InPlaceAbstractState::haveStructures):
(JSC::DFG::InPlaceAbstractState::setHaveStructures):
- dfg/DFGMergeMode.h: Added.
(DFG):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::backwardTypeCheck):
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileToStringOnCell):
(JSC::DFG::SpeculativeJIT::speculateStringIdentAndLoadStorage):
(JSC::DFG::SpeculativeJIT::speculateStringObject):
(JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::needsTypeCheck):
(SpeculativeJIT):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
- ftl/FTLLowerDFGToLLVM.cpp:
(FTL):
(JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::appendTypeCheck):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateNumber):
(JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
(LowerDFGToLLVM):
Conflicts:
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
- 9:04 PM Changeset in webkit [153281] by
-
- 8 edits in trunk/Source/JavaScriptCore
fourthTier: DFG shouldn't create CheckStructures for array accesses except if the ArrayMode implies an original array access
https://bugs.webkit.org/show_bug.cgi?id=118867
Reviewed by Mark Hahnenberg.
This allows us to kill off a bunch of code in the parser, in fixup, and to simplify
ArrayProfile.
It also makes it easier to ask any array-using node how to create its type check.
Doing this required fixing a bug in LowLevelInterpreter64, where it was storing into
an array profile, thinking that it was storing into a value profile. Reshuffling the
fields in ArrayProfile revealed this.
- bytecode/ArrayProfile.cpp:
(JSC::ArrayProfile::computeUpdatedPrediction):
(JSC::ArrayProfile::briefDescriptionWithoutUpdating):
- bytecode/ArrayProfile.h:
(JSC::ArrayProfile::ArrayProfile):
(ArrayProfile):
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::updateAllArrayPredictions):
(JSC::CodeBlock::updateAllPredictions):
- bytecode/CodeBlock.h:
(CodeBlock):
(JSC::CodeBlock::updateAllArrayPredictions):
- dfg/DFGArrayMode.h:
(ArrayMode):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getArrayModeConsideringSlowPath):
(JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(FixupPhase):
(JSC::DFG::FixupPhase::checkArray):
(JSC::DFG::FixupPhase::blessArrayOperation):
- llint/LowLevelInterpreter64.asm:
- 9:04 PM Changeset in webkit [153280] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: CFA should consider live-at-head for clobbering and dumping
https://bugs.webkit.org/show_bug.cgi?id=118857
Reviewed by Mark Hahnenberg.
- clobberStructures() was not considering nodes live-at-head when in SSA form. This means it would fail to clobber some structures.
- dump() was not considering nodes live-at-head when in SSA form. This means it wouldn't dump everything that you might be interested in.
- AbstractState::m_currentNode is a useless variable and we should get rid of it.
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::AbstractState):
(JSC::DFG::AbstractState::beginBasicBlock):
(JSC::DFG::AbstractState::reset):
(JSC::DFG::AbstractState::startExecuting):
(JSC::DFG::AbstractState::clobberStructures):
(JSC::DFG::AbstractState::dump):
- dfg/DFGAbstractState.h:
(AbstractState):
- 9:04 PM Changeset in webkit [153279] by
-
- 8 edits1 copy1 add in trunk/Source/JavaScriptCore
fourthTier: Add a phase to create loop pre-headers
https://bugs.webkit.org/show_bug.cgi?id=118778
Reviewed by Oliver Hunt.
Add a loop pre-header creation phase. Any loop that doesn't already have
just one predecessor that isn't part of the loop has a pre-header
prepended. All non-loop predecessors then jump to that pre-header.
Also fix a handful of bugs:
- DFG::Analysis should set m_valid before running the analysis, since that makes it easier to use ASSERT(m_valid) in the analysis' methods, which may be called by the analysis before the analysis completes. NaturalLoops does this with loopsOf().
- NaturalLoops::headerOf() was missing a check for innerMostLoopOf() returning 0, since that'll happen if the block isn't in any loop.
- Change BlockInsertionSet to dethread the graph, since anyone using it will want to do so.
- Change dethreading to ignore SSA form graphs.
This also adds NaturalLoops::belongsTo(), which I always used in the
pre-header creation phase. I didn't end up using it but I'll probably use
it in the near future.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGAnalysis.h:
(JSC::DFG::Analysis::computeIfNecessary):
- dfg/DFGBlockInsertionSet.cpp:
(JSC::DFG::BlockInsertionSet::execute):
- dfg/DFGCriticalEdgeBreakingPhase.cpp:
(JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dethread):
- dfg/DFGLoopPreHeaderCreationPhase.cpp: Added.
(DFG):
(LoopPreHeaderCreationPhase):
(JSC::DFG::LoopPreHeaderCreationPhase::LoopPreHeaderCreationPhase):
(JSC::DFG::LoopPreHeaderCreationPhase::run):
(JSC::DFG::performLoopPreHeaderCreation):
- dfg/DFGLoopPreHeaderCreationPhase.h: Added.
(DFG):
- dfg/DFGNaturalLoops.h:
(NaturalLoop):
(JSC::DFG::NaturalLoops::headerOf):
(JSC::DFG::NaturalLoops::innerMostLoopOf):
(JSC::DFG::NaturalLoops::innerMostOuterLoop):
(JSC::DFG::NaturalLoops::belongsTo):
(NaturalLoops):
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
Conflicts:
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
- 9:04 PM Changeset in webkit [153278] by
-
- 7 edits in trunk/Source/JavaScriptCore
fourthTier: Rationalize Node::replacement
https://bugs.webkit.org/show_bug.cgi?id=118774
Reviewed by Oliver Hunt.
- Clearing of replacements is now done in Graph::clearReplacements().
- New nodes now have replacement set to 0.
- Node::replacement is now part of a 'misc' union. I'll be putting at least one other field into that union as part of LICM work (see https://bugs.webkit.org/show_bug.cgi?id=118749).
- dfg/DFGCPSRethreadingPhase.cpp:
(JSC::DFG::CPSRethreadingPhase::run):
(JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
(JSC::DFG::CPSRethreadingPhase::canonicalizeGetLocalFor):
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::run):
(JSC::DFG::CSEPhase::setReplacement):
(JSC::DFG::CSEPhase::performBlockCSE):
- dfg/DFGGraph.cpp:
(DFG):
(JSC::DFG::Graph::clearReplacements):
- dfg/DFGGraph.h:
(JSC::DFG::Graph::performSubstitutionForEdge):
(Graph):
- dfg/DFGNode.h:
(JSC::DFG::Node::Node):
- dfg/DFGSSAConversionPhase.cpp:
(JSC::DFG::SSAConversionPhase::run):
- 9:04 PM Changeset in webkit [153277] by
-
- 7 edits in trunk/Source
fourthTier: NaturalLoops should be able to quickly answer questions like "what loops own this basic block"
https://bugs.webkit.org/show_bug.cgi?id=118750
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
- dfg/DFGBasicBlock.h:
(BasicBlock):
- dfg/DFGNaturalLoops.cpp:
(JSC::DFG::NaturalLoops::compute):
(JSC::DFG::NaturalLoops::loopsOf):
- dfg/DFGNaturalLoops.h:
(DFG):
(JSC::DFG::NaturalLoop::NaturalLoop):
(NaturalLoop):
(JSC::DFG::NaturalLoop::index):
(JSC::DFG::NaturalLoop::isOuterMostLoop):
(JSC::DFG::NaturalLoop::addBlock):
(JSC::DFG::NaturalLoops::headerOf):
(JSC::DFG::NaturalLoops::innerMostLoopOf):
(NaturalLoops):
(JSC::DFG::NaturalLoops::innerMostOuterLoop):
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
Source/WTF:
Reviewed by Mark Hahnenberg.
Add a utility function for inserting an element into a vector that has bounded size,
and where the insertion causes things to drop off the end.
- wtf/StdLibExtras.h:
(WTF):
(WTF::insertIntoBoundedVector):
- 9:04 PM Changeset in webkit [153276] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: don't GC when shutting down the VM
https://bugs.webkit.org/show_bug.cgi?id=118751
Reviewed by Mark Hahnenberg.
- heap/Heap.h:
(Heap):
- runtime/VM.cpp:
(JSC::VM::~VM):
- 9:04 PM Changeset in webkit [153275] by
-
- 1 edit4 adds in trunk/Tools
fourthTier: We should have a reduced FTL LLVM pipeline tool in the repository
https://bugs.webkit.org/show_bug.cgi?id=118647
Rubber stamped by Geoffrey Garen and Mark Hahnenberg.
Add a tool that takes in an LLVM bitcode file and JITs it in exactly the same
way that the FTL would.
Also add a tool that combines multiple LLVM modules generated by FTL into a
single module.
- ReducedFTL: Added.
- ReducedFTL/ReducedFTL.c: Added.
(usage):
(currentTime):
(MemorySection):
(mmAllocateCodeSection):
(mmAllocateDataSection):
(mmApplyPermissions):
(mmDestroy):
(symbolLookupCallback):
(main):
- ReducedFTL/build.sh: Added.
- ReducedFTL/combineModules.rb: Added.
- 9:04 PM Changeset in webkit [153274] by
-
- 45 edits10 copies8 adds in trunk/Source
fourthTier: DFG should have an SSA form for use by FTL
https://bugs.webkit.org/show_bug.cgi?id=118338
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
Adds an SSA form to the DFG. We can convert ThreadedCPS form into SSA form
after breaking critical edges. The conversion algorithm follows Aycock and
Horspool, and the SSA form itself follows something I've done before, where
instead of having Phi functions specify input nodes corresponding to block
predecessors, we instead have Upsilon functions in the predecessors that
specify which value in that block goes into which subsequent Phi. Upsilons
don't have to dominate Phis (usually they don't) and they correspond to a
non-SSA "mov" into the Phi's "variable". This gives all of the good
properties of SSA, while ensuring that a bunch of CFG transformations don't
have to be SSA-aware.
So far the only DFG phases that are SSA-aware are DCE and CFA. CFG
simplification is probably SSA-aware by default, though I haven't tried it.
Constant folding probably needs a few tweaks, but is likely ready. Ditto
for CSE, though it's not clear that we'd want to use block-local CSE when
we could be doing GVN.
Currently only the FTL can generate code from the SSA form, and there is no
way to convert from SSA to ThreadedCPS or LoadStore. There probably will
never be such a capability.
In order to handle OSR exit state in the SSA, we place MovHints at Phi
points. Other than that, you can reconstruct state-at-exit by forward
propagating MovHints. Note that MovHint is the new SetLocal in SSA.
SetLocal and GetLocal only survive into SSA if they are on captured
variables, or in the case of flushes. A "live SetLocal" will be
NodeMustGenerate and will always correspond to a flush. Computing the
state-at-exit requires running SSA liveness analysis, OSR availability
analysis, and flush liveness analysis. The FTL runs all of these prior to
generating code. While OSR exit continues to be tricky, much of the logic
is now factored into separate phases and the backend has to do less work
to reason about what happened outside of the basic block that is being
lowered.
Conversion from DFG SSA to LLVM SSA is done by ensuring that we generate
code in depth-first order, thus guaranteeing that a node will always be
lowered (and hence have a LValue) before any of the blocks dominated by
that node's block have code generated. For Upsilon/Phi, we just use
alloca's. We could do something more clever there, but it's probably not
worth it, at least not now.
Finally, while the SSA form is currently only being converted to LLVM IR,
there is nothing that prevents us from considering other backends in the
future - with the caveat that this form is designed to be first lowered to
a lower-level SSA before actual machine code generation commences. So we
ought to either use LLVM (the intended path) or we will have to write our
own SSA low-level backend.
This runs all of the code that the FTL was known to run previously. No
change in performance for now. But it does open some exciting
possibilities!
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/Operands.h:
(JSC::OperandValueTraits::dump):
(JSC::Operands::fill):
(Operands):
(JSC::Operands::clear):
(JSC::Operands::operator==):
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::beginBasicBlock):
(JSC::DFG::setLiveValues):
(DFG):
(JSC::DFG::AbstractState::initialize):
(JSC::DFG::AbstractState::endBasicBlock):
(JSC::DFG::AbstractState::executeEffects):
(JSC::DFG::AbstractState::mergeStateAtTail):
(JSC::DFG::AbstractState::merge):
- dfg/DFGAbstractState.h:
(AbstractState):
- dfg/DFGAdjacencyList.h:
(JSC::DFG::AdjacencyList::justOneChild):
(AdjacencyList):
- dfg/DFGBasicBlock.cpp: Added.
(DFG):
(JSC::DFG::BasicBlock::BasicBlock):
(JSC::DFG::BasicBlock::~BasicBlock):
(JSC::DFG::BasicBlock::ensureLocals):
(JSC::DFG::BasicBlock::isInPhis):
(JSC::DFG::BasicBlock::isInBlock):
(JSC::DFG::BasicBlock::removePredecessor):
(JSC::DFG::BasicBlock::replacePredecessor):
(JSC::DFG::BasicBlock::dump):
(JSC::DFG::BasicBlock::SSAData::SSAData):
(JSC::DFG::BasicBlock::SSAData::~SSAData):
- dfg/DFGBasicBlock.h:
(BasicBlock):
(JSC::DFG::BasicBlock::operator[]):
(JSC::DFG::BasicBlock::successor):
(JSC::DFG::BasicBlock::successorForCondition):
(SSAData):
- dfg/DFGBasicBlockInlines.h:
(DFG):
- dfg/DFGBlockInsertionSet.cpp: Added.
(DFG):
(JSC::DFG::BlockInsertionSet::BlockInsertionSet):
(JSC::DFG::BlockInsertionSet::~BlockInsertionSet):
(JSC::DFG::BlockInsertionSet::insert):
(JSC::DFG::BlockInsertionSet::insertBefore):
(JSC::DFG::BlockInsertionSet::execute):
- dfg/DFGBlockInsertionSet.h: Added.
(DFG):
(BlockInsertionSet):
- dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::run):
- dfg/DFGCFGSimplificationPhase.cpp:
- dfg/DFGCPSRethreadingPhase.cpp:
(JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlock):
- dfg/DFGCommon.cpp:
(WTF::printInternal):
- dfg/DFGCommon.h:
(JSC::DFG::doesKill):
(DFG):
(JSC::DFG::killStatusForDoesKill):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::isCapturedAtOrAfter):
- dfg/DFGCriticalEdgeBreakingPhase.cpp: Added.
(DFG):
(CriticalEdgeBreakingPhase):
(JSC::DFG::CriticalEdgeBreakingPhase::CriticalEdgeBreakingPhase):
(JSC::DFG::CriticalEdgeBreakingPhase::run):
(JSC::DFG::CriticalEdgeBreakingPhase::breakCriticalEdge):
(JSC::DFG::performCriticalEdgeBreaking):
- dfg/DFGCriticalEdgeBreakingPhase.h: Added.
(DFG):
- dfg/DFGDCEPhase.cpp:
(JSC::DFG::DCEPhase::run):
(JSC::DFG::DCEPhase::findTypeCheckRoot):
(JSC::DFG::DCEPhase::countNode):
(DCEPhase):
(JSC::DFG::DCEPhase::countEdge):
(JSC::DFG::DCEPhase::eliminateIrrelevantPhantomChildren):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- dfg/DFGEdge.cpp:
(JSC::DFG::Edge::dump):
- dfg/DFGEdge.h:
(JSC::DFG::Edge::Edge):
(JSC::DFG::Edge::setNode):
(JSC::DFG::Edge::useKindUnchecked):
(JSC::DFG::Edge::setUseKind):
(JSC::DFG::Edge::setProofStatus):
(JSC::DFG::Edge::willNotHaveCheck):
(JSC::DFG::Edge::willHaveCheck):
(Edge):
(JSC::DFG::Edge::killStatusUnchecked):
(JSC::DFG::Edge::killStatus):
(JSC::DFG::Edge::setKillStatus):
(JSC::DFG::Edge::doesKill):
(JSC::DFG::Edge::doesNotKill):
(JSC::DFG::Edge::shift):
(JSC::DFG::Edge::makeWord):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGFlushFormat.cpp: Added.
(WTF):
(WTF::printInternal):
- dfg/DFGFlushFormat.h: Added.
(DFG):
(JSC::DFG::resultFor):
(JSC::DFG::useKindFor):
(WTF):
- dfg/DFGFlushLivenessAnalysisPhase.cpp: Added.
(DFG):
(FlushLivenessAnalysisPhase):
(JSC::DFG::FlushLivenessAnalysisPhase::FlushLivenessAnalysisPhase):
(JSC::DFG::FlushLivenessAnalysisPhase::run):
(JSC::DFG::FlushLivenessAnalysisPhase::process):
(JSC::DFG::FlushLivenessAnalysisPhase::setForNode):
(JSC::DFG::FlushLivenessAnalysisPhase::flushFormat):
(JSC::DFG::performFlushLivenessAnalysis):
- dfg/DFGFlushLivenessAnalysisPhase.h: Added.
(DFG):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::dumpBlockHeader):
(DFG):
(JSC::DFG::Graph::addForDepthFirstSort):
(JSC::DFG::Graph::getBlocksInDepthFirstOrder):
- dfg/DFGGraph.h:
(JSC::DFG::Graph::convertToConstant):
(JSC::DFG::Graph::valueProfileFor):
(Graph):
- dfg/DFGInsertionSet.h:
(DFG):
(JSC::DFG::InsertionSet::execute):
- dfg/DFGLivenessAnalysisPhase.cpp: Added.
(DFG):
(LivenessAnalysisPhase):
(JSC::DFG::LivenessAnalysisPhase::LivenessAnalysisPhase):
(JSC::DFG::LivenessAnalysisPhase::run):
(JSC::DFG::LivenessAnalysisPhase::process):
(JSC::DFG::LivenessAnalysisPhase::addChildUse):
(JSC::DFG::performLivenessAnalysis):
- dfg/DFGLivenessAnalysisPhase.h: Added.
(DFG):
- dfg/DFGNode.cpp:
(JSC::DFG::Node::hasVariableAccessData):
(DFG):
- dfg/DFGNode.h:
(DFG):
(Node):
(JSC::DFG::Node::hasLocal):
(JSC::DFG::Node::variableAccessData):
(JSC::DFG::Node::hasPhi):
(JSC::DFG::Node::phi):
(JSC::DFG::Node::takenBlock):
(JSC::DFG::Node::notTakenBlock):
(JSC::DFG::Node::successor):
(JSC::DFG::Node::successorForCondition):
(JSC::DFG::nodeComparator):
(JSC::DFG::nodeListDump):
(JSC::DFG::nodeMapDump):
- dfg/DFGNodeFlags.cpp:
(JSC::DFG::dumpNodeFlags):
- dfg/DFGNodeType.h:
(DFG):
- dfg/DFGOSRAvailabilityAnalysisPhase.cpp: Added.
(DFG):
(OSRAvailabilityAnalysisPhase):
(JSC::DFG::OSRAvailabilityAnalysisPhase::OSRAvailabilityAnalysisPhase):
(JSC::DFG::OSRAvailabilityAnalysisPhase::run):
(JSC::DFG::performOSRAvailabilityAnalysis):
- dfg/DFGOSRAvailabilityAnalysisPhase.h: Added.
(DFG):
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
- dfg/DFGPredictionInjectionPhase.cpp:
(JSC::DFG::PredictionInjectionPhase::run):
- dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
- dfg/DFGSSAConversionPhase.cpp: Added.
(DFG):
(SSAConversionPhase):
(JSC::DFG::SSAConversionPhase::SSAConversionPhase):
(JSC::DFG::SSAConversionPhase::run):
(JSC::DFG::SSAConversionPhase::forwardPhiChildren):
(JSC::DFG::SSAConversionPhase::forwardPhi):
(JSC::DFG::SSAConversionPhase::forwardPhiEdge):
(JSC::DFG::SSAConversionPhase::deduplicateChildren):
(JSC::DFG::SSAConversionPhase::addFlushedLocalOp):
(JSC::DFG::SSAConversionPhase::addFlushedLocalEdge):
(JSC::DFG::performSSAConversion):
- dfg/DFGSSAConversionPhase.h: Added.
(DFG):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validate):
(Validate):
(JSC::DFG::Validate::validateCPS):
- dfg/DFGVariableAccessData.h:
(JSC::DFG::VariableAccessData::flushFormat):
(VariableAccessData):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::lower):
(JSC::FTL::LowerDFGToLLVM::createPhiVariables):
(JSC::FTL::LowerDFGToLLVM::compileBlock):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileUpsilon):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::compilePhi):
(JSC::FTL::LowerDFGToLLVM::compileJSConstant):
(JSC::FTL::LowerDFGToLLVM::compileWeakJSConstant):
(JSC::FTL::LowerDFGToLLVM::compileGetArgument):
(JSC::FTL::LowerDFGToLLVM::compileGetLocal):
(JSC::FTL::LowerDFGToLLVM::compileSetLocal):
(JSC::FTL::LowerDFGToLLVM::compileAdd):
(JSC::FTL::LowerDFGToLLVM::compileArithSub):
(JSC::FTL::LowerDFGToLLVM::compileArithMul):
(JSC::FTL::LowerDFGToLLVM::compileArithDiv):
(JSC::FTL::LowerDFGToLLVM::compileArithMod):
(JSC::FTL::LowerDFGToLLVM::compileArithMinOrMax):
(JSC::FTL::LowerDFGToLLVM::compileArithAbs):
(JSC::FTL::LowerDFGToLLVM::compileArithNegate):
(JSC::FTL::LowerDFGToLLVM::compileBitAnd):
(JSC::FTL::LowerDFGToLLVM::compileBitOr):
(JSC::FTL::LowerDFGToLLVM::compileBitXor):
(JSC::FTL::LowerDFGToLLVM::compileBitRShift):
(JSC::FTL::LowerDFGToLLVM::compileBitLShift):
(JSC::FTL::LowerDFGToLLVM::compileBitURShift):
(JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
(JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble):
(JSC::FTL::LowerDFGToLLVM::compileGetButterfly):
(JSC::FTL::LowerDFGToLLVM::compileGetArrayLength):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compileGetByOffset):
(JSC::FTL::LowerDFGToLLVM::compileGetGlobalVar):
(JSC::FTL::LowerDFGToLLVM::compileCompareEqConstant):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEqConstant):
(JSC::FTL::LowerDFGToLLVM::compileCompareLess):
(JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
(JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
(JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
(JSC::FTL::LowerDFGToLLVM::speculateBackward):
(JSC::FTL::LowerDFGToLLVM::lowInt32):
(JSC::FTL::LowerDFGToLLVM::lowCell):
(JSC::FTL::LowerDFGToLLVM::lowBoolean):
(JSC::FTL::LowerDFGToLLVM::lowDouble):
(JSC::FTL::LowerDFGToLLVM::lowJSValue):
(JSC::FTL::LowerDFGToLLVM::lowStorage):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateBoolean):
(JSC::FTL::LowerDFGToLLVM::isLive):
(JSC::FTL::LowerDFGToLLVM::use):
(JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
(JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
(JSC::FTL::LowerDFGToLLVM::linkOSRExitsAndCompleteInitializationBlocks):
(JSC::FTL::LowerDFGToLLVM::setInt32):
(JSC::FTL::LowerDFGToLLVM::setJSValue):
(JSC::FTL::LowerDFGToLLVM::setBoolean):
(JSC::FTL::LowerDFGToLLVM::setStorage):
(JSC::FTL::LowerDFGToLLVM::setDouble):
(JSC::FTL::LowerDFGToLLVM::isValid):
- ftl/FTLLoweredNodeValue.h: Added.
(FTL):
(LoweredNodeValue):
(JSC::FTL::LoweredNodeValue::LoweredNodeValue):
(JSC::FTL::LoweredNodeValue::isSet):
(JSC::FTL::LoweredNodeValue::operator!):
(JSC::FTL::LoweredNodeValue::value):
(JSC::FTL::LoweredNodeValue::block):
- ftl/FTLValueFromBlock.h:
(JSC::FTL::ValueFromBlock::ValueFromBlock):
(ValueFromBlock):
- ftl/FTLValueSource.cpp:
(JSC::FTL::ValueSource::dump):
- ftl/FTLValueSource.h:
Source/WTF:
Reviewed by Mark Hahnenberg.
- Extend variadicity of PrintStream and dataLog.
- Give HashSet the ability to add a span of things.
- Give HashSet the ability to == another HashSet.
- Note FIXME's in HashTable concerning copying performance, that affects the way that the DFG now uses HashSets and HashMaps.
- Factor out the bulk-insertion logic of JSC::DFG::InsertionSet into WTF::Insertion, so that it can be used in more places.
- Create a dumper for lists and maps.
- WTF.xcodeproj/project.pbxproj:
- wtf/DataLog.h:
(WTF):
(WTF::dataLog):
- wtf/HashSet.h:
(HashSet):
(WTF):
(WTF::::add):
(WTF::=):
- wtf/HashTable.h:
(WTF::::HashTable):
(WTF::=):
- wtf/Insertion.h: Added.
(WTF):
(Insertion):
(WTF::Insertion::Insertion):
(WTF::Insertion::index):
(WTF::Insertion::element):
(WTF::Insertion::operator<):
(WTF::executeInsertions):
- wtf/ListDump.h: Added.
(WTF):
(ListDump):
(WTF::ListDump::ListDump):
(WTF::ListDump::dump):
(MapDump):
(WTF::MapDump::MapDump):
(WTF::MapDump::dump):
(WTF::listDump):
(WTF::sortedListDump):
(WTF::lessThan):
(WTF::mapDump):
(WTF::sortedMapDump):
- wtf/PrintStream.h:
(PrintStream):
(WTF::PrintStream::print):
Conflicts:
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
- 9:04 PM Changeset in webkit [153273] by
-
- 9 edits in trunk/Source/JavaScriptCore
fourthTier: Resurrect the CLoop LLINT on the FTL branch.
https://bugs.webkit.org/show_bug.cgi?id=118144.
Reviewed by Mark Hahnenberg.
- bytecode/CodeBlock.h:
(JSC::CodeBlock::jitType):
- Fix the CodeBlock jitType to be InterpreterThunk when !ENABLE_JIT.
- bytecode/JumpTable.h:
(JSC::SimpleJumpTable::clear):
- interpreter/StackIterator.cpp:
(JSC::StackIterator::Frame::bytecodeOffset):
(JSC::StackIterator::Frame::print):
- jit/JITCode.cpp:
(JSC):
- jit/JITExceptions.cpp:
(JSC::getExceptionLocation):
- llint/LowLevelInterpreter.cpp:
- offlineasm/cloop.rb:
- runtime/Structure.cpp:
- 9:04 PM Changeset in webkit [153272] by
-
- 4 edits in trunk/Source/JavaScriptCore
fourthTier: NaturalLoops + Profiler = Crash
https://bugs.webkit.org/show_bug.cgi?id=118486
Reviewed by Geoffrey Garen.
I borked dominators in:
http://trac.webkit.org/changeset/152431/branches/dfgFourthTier/Source/JavaScriptCore/dfg/DFGDominators.h
This patch also adds some debug support, and fixes the loop that adds a block to
an already-existing natural loop. Note that we currently don't take that path in
most programs, but it will arise, for example if you use 'continue' - though you'd
have to use it rather cleverly since the bytecode will not jump to the loop header
in most uses of 'continue'.
- dfg/DFGDominators.cpp:
(JSC::DFG::Dominators::dump):
(DFG):
- dfg/DFGDominators.h:
(JSC::DFG::Dominators::dominates):
(Dominators):
- dfg/DFGNaturalLoops.cpp:
(JSC::DFG::NaturalLoops::compute):
- 9:04 PM Changeset in webkit [153271] by
-
- 4 edits in trunk/Source/JavaScriptCore
fourthTier: DFG::AbstractState::beginBasicBlock() should set m_haveStructures if any of the valuesAtHead have either a current known structure or a non-top/non-bottom array modes
https://bugs.webkit.org/show_bug.cgi?id=118489
Reviewed by Mark Hahnenberg.
- bytecode/ArrayProfile.h:
(JSC::arrayModesAreClearOrTop):
(JSC):
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::beginBasicBlock):
- dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::hasClobberableState):
(AbstractValue):
- 9:04 PM Changeset in webkit [153270] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: CheckArray should call the right version of filterArrayModes
https://bugs.webkit.org/show_bug.cgi?id=118488
Reviewed by Filip Pizlo.
Currently in the CFA CheckArray doesn't call the right filterArrayMode which can cause
the CFA to ignore when it sees a contradiction.
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- 9:04 PM Changeset in webkit [153269] by
-
- 12 edits in trunk/Source/JavaScriptCore
fourthTier: Graph::clearAndDerefChild() makes no sense anymore, and neither does Nop
https://bugs.webkit.org/show_bug.cgi?id=118452
Reviewed by Sam Weinig.
Noticed that ArgumentsSimplificationPhase was converting something to a Nop and then
resetting its children using clearAndDerefChild(). Using Nop instead of Phantom is a
holdover from back when we needed a no-MustGenerate no-op. We don't anymore. Using
clearAndDerefChild() was necessary back when we did eager reference counting. We
don't need to do that anymore, and in fact clearAndDerefChild() appeared to not do
any reference counting, so it was badly named to begin with.
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
- dfg/DFGCPSRethreadingPhase.cpp:
(JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::performNodeCSE):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGNode.h:
(JSC::DFG::Node::willHaveCodeGenOrOSR):
- dfg/DFGNodeType.h:
(DFG):
- dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- 9:04 PM Changeset in webkit [153268] by
-
- 7 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should better report its compile-times and it should be able to run in a mode where it doesn't spend time generating OSR exits
https://bugs.webkit.org/show_bug.cgi?id=118401
Reviewed by Sam Weinig.
Add two new OSR exit modes, which are useful only for playing with compile times:
- All OSR exits are llvm.trap().
- OSR exits don't take arguments and have no exit value marshaling.
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThread):
(JSC::DFG::Plan::compileInThreadImpl):
- dfg/DFGPlan.h:
(Plan):
- ftl/FTLIntrinsicRepository.h:
(FTL):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
- ftl/FTLOutput.h:
(JSC::FTL::Output::trap):
- runtime/Options.h:
(JSC):
- 9:04 PM Changeset in webkit [153267] by
-
- 39 edits in trunk/Source/JavaScriptCore
fourthTier: DFG should refer to BasicBlocks by BasicBlock* and not BlockIndex
https://bugs.webkit.org/show_bug.cgi?id=118339
Reviewed by Michael Saboff.
This accomplishes two goals:
1) Simplifies a bunch of code. You can now much more directly get to a successor
or predecessor, since you just get the pointer directly. The backend(s) always
hold onto a pointer to the block they're on, so you don't have to do work to
get the block from the index.
2) It allows for the possibility of inserting blocks into the program.
Previously, if you did that, you'd have to edit all references to blocks since
those references would have outdated indexing after an insertion. Now, if you
change the indexing, you just have to invalidate some analyses and make sure
that you change each block's BasicBlock::index accordingly.
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::initialize):
(JSC::DFG::AbstractState::endBasicBlock):
(JSC::DFG::AbstractState::mergeToSuccessors):
- dfg/DFGAbstractState.h:
(AbstractState):
- dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
- dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::run):
- dfg/DFGBasicBlock.h:
(DFG):
(JSC::DFG::BasicBlock::BasicBlock):
(JSC::DFG::BasicBlock::size):
(JSC::DFG::BasicBlock::isEmpty):
(JSC::DFG::BasicBlock::at):
(JSC::DFG::BasicBlock::operator[]):
(JSC::DFG::BasicBlock::last):
(JSC::DFG::BasicBlock::resize):
(JSC::DFG::BasicBlock::grow):
(BasicBlock):
(JSC::DFG::BasicBlock::append):
(JSC::DFG::BasicBlock::numSuccessors):
(JSC::DFG::BasicBlock::successor):
(JSC::DFG::BasicBlock::successorForCondition):
(JSC::DFG::BasicBlock::dump):
(UnlinkedBlock):
(JSC::DFG::UnlinkedBlock::UnlinkedBlock):
(JSC::DFG::getBytecodeBeginForBlock):
(JSC::DFG::blockForBytecodeOffset):
- dfg/DFGByteCodeParser.cpp:
(ByteCodeParser):
(InlineStackEntry):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::linkBlock):
(JSC::DFG::ByteCodeParser::linkBlocks):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
(JSC::DFG::ByteCodeParser::parse):
- dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::performBlockCFA):
(JSC::DFG::CFAPhase::performForwardCFA):
- dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
(JSC::DFG::CFGSimplificationPhase::convertToJump):
- dfg/DFGCPSRethreadingPhase.cpp:
(JSC::DFG::CPSRethreadingPhase::freeUnnecessaryNodes):
(JSC::DFG::CPSRethreadingPhase::canonicalizeLocalsInBlocks):
(JSC::DFG::CPSRethreadingPhase::propagatePhis):
(CPSRethreadingPhase):
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::run):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::run):
(JSC::DFG::ConstantFoldingPhase::foldConstants):
- dfg/DFGDCEPhase.cpp:
(JSC::DFG::DCEPhase::run):
- dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::Disassembler):
(JSC::DFG::Disassembler::createDumpList):
- dfg/DFGDisassembler.h:
(JSC::DFG::Disassembler::setForBlockIndex):
- dfg/DFGDominators.cpp:
(JSC::DFG::Dominators::compute):
(JSC::DFG::Dominators::iterateForBlock):
- dfg/DFGDominators.h:
(JSC::DFG::Dominators::dominates):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::run):
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::dumpBlockHeader):
(JSC::DFG::Graph::handleSuccessor):
(JSC::DFG::Graph::determineReachability):
(JSC::DFG::Graph::resetReachability):
- dfg/DFGGraph.h:
(JSC::DFG::Graph::numBlocks):
(JSC::DFG::Graph::block):
(JSC::DFG::Graph::lastBlock):
(Graph):
(JSC::DFG::Graph::appendBlock):
(JSC::DFG::Graph::killBlock):
(DFG):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::link):
- dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::setForBlockIndex):
- dfg/DFGNaturalLoops.cpp:
(JSC::DFG::NaturalLoop::dump):
(JSC::DFG::NaturalLoops::compute):
(JSC::DFG::NaturalLoops::loopsOf):
- dfg/DFGNaturalLoops.h:
(JSC::DFG::NaturalLoop::NaturalLoop):
(JSC::DFG::NaturalLoop::addBlock):
(JSC::DFG::NaturalLoop::header):
(JSC::DFG::NaturalLoop::at):
(JSC::DFG::NaturalLoop::operator[]):
(JSC::DFG::NaturalLoop::contains):
(NaturalLoop):
(JSC::DFG::NaturalLoops::headerOf):
(NaturalLoops):
- dfg/DFGNode.h:
(DFG):
(JSC::DFG::SwitchCase::SwitchCase):
(JSC::DFG::SwitchCase::withBytecodeIndex):
(SwitchCase):
(JSC::DFG::SwitchCase::targetBytecodeIndex):
(JSC::DFG::SwitchData::SwitchData):
(JSC::DFG::SwitchData::setFallThroughBytecodeIndex):
(JSC::DFG::SwitchData::fallThroughBytecodeIndex):
(SwitchData):
(JSC::DFG::Node::setTakenBlock):
(JSC::DFG::Node::setNotTakenBlock):
(JSC::DFG::Node::takenBlock):
(JSC::DFG::Node::notTakenBlock):
(JSC::DFG::Node::successor):
(JSC::DFG::Node::successorForCondition):
- dfg/DFGPredictionInjectionPhase.cpp:
(JSC::DFG::PredictionInjectionPhase::run):
- dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagateForward):
(JSC::DFG::PredictionPropagationPhase::propagateBackward):
(JSC::DFG::PredictionPropagationPhase::doRoundOfDoubleVoting):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
(JSC::DFG::SpeculativeJIT::nonSpeculativeCompare):
(JSC::DFG::SpeculativeJIT::nonSpeculativeStrictEq):
(JSC::DFG::SpeculativeJIT::compilePeepHoleDoubleBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleIntegerBranch):
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::createOSREntries):
(JSC::DFG::SpeculativeJIT::linkOSREntries):
(JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
(JSC::DFG::SpeculativeJIT::compileStrictEq):
(JSC::DFG::SpeculativeJIT::compileRegExpExec):
(JSC::DFG::SpeculativeJIT::addBranch):
(JSC::DFG::SpeculativeJIT::linkBranches):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::nextBlock):
(SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::detectPeepHoleBranch):
(JSC::DFG::SpeculativeJIT::branchDouble):
(JSC::DFG::SpeculativeJIT::branchDoubleNonZero):
(JSC::DFG::SpeculativeJIT::branch32):
(JSC::DFG::SpeculativeJIT::branchTest32):
(JSC::DFG::SpeculativeJIT::branch64):
(JSC::DFG::SpeculativeJIT::branch8):
(JSC::DFG::SpeculativeJIT::branchPtr):
(JSC::DFG::SpeculativeJIT::branchTestPtr):
(JSC::DFG::SpeculativeJIT::branchTest8):
(JSC::DFG::SpeculativeJIT::jump):
(JSC::DFG::SpeculativeJIT::addBranch):
(JSC::DFG::SpeculativeJIT::StringSwitchCase::StringSwitchCase):
(StringSwitchCase):
(JSC::DFG::SpeculativeJIT::BranchRecord::BranchRecord):
(BranchRecord):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranch):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitBranch):
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::run):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
(JSC::DFG::TypeCheckHoistingPhase::disableHoistingAcrossOSREntries):
- dfg/DFGUnificationPhase.cpp:
(JSC::DFG::UnificationPhase::run):
- dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validate):
(JSC::DFG::Validate::checkOperand):
(JSC::DFG::Validate::reportValidationContext):
- dfg/DFGVirtualRegisterAllocationPhase.cpp:
(JSC::DFG::VirtualRegisterAllocationPhase::run):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::lower):
(JSC::FTL::LowerDFGToLLVM::compileBlock):
(JSC::FTL::LowerDFGToLLVM::compileJump):
(JSC::FTL::LowerDFGToLLVM::compileBranch):
(JSC::FTL::LowerDFGToLLVM::lowBlock):
- 9:04 PM Changeset in webkit [153266] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: Unreviewed, add a helpful comment for why DCE is needed in the FTL.
I believe I've now twice down the experiment of disabling DCE in the FTL,
only to realize that this can't work, and that DCE is needed. I'd kind of
like to not make that mistake again.
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
- 9:04 PM Changeset in webkit [153265] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: DFG::Node::m_opInfo2 should also be a uintptr_t
https://bugs.webkit.org/show_bug.cgi?id=118340
Reviewed by Sam Weinig.
- dfg/DFGNode.h:
(JSC::DFG::Node::Node):
- 9:04 PM Changeset in webkit [153264] by
-
- 8 edits in trunk/Source
fourthTier: Have fewer Arrayify's
https://bugs.webkit.org/show_bug.cgi?id=118335
Reviewed by Mark Hahnenberg.
A lot of Arrayify's arise because some program saw Int32 arrays early on in
execution, but then they all got converted to Double arrays and the program
will never see Int32 arrays ever again. Prior to this change you would always
have an Arrayify in this case. But with this change, the first time that an
ArrayProfile is about to go polymorphic in computeUpdatedPrediction(), it
instead forcibly monomorphises itself to the latest-seen structure.
Thereafter it will never again perform this monomorphisation. This is
controlled by ArrayProfile::m_didPerformFirstRunPruning. This is a 5%
speed-up on Kraken/imaging-gaussian-blur with the FTL enabled, and it
unblocks a bunch of stuff we want to do in the future because it makes a
bunch of loops effect-free.
We will still want to implement Arrayify hoisting in the future, but this is
great anyway because it's better to not have Arrayifications than it is to
have hoisted Arrayifications.
- bytecode/ArrayProfile.cpp:
(JSC::ArrayProfile::computeUpdatedPrediction):
(JSC::ArrayProfile::briefDescription):
(JSC):
(JSC::ArrayProfile::briefDescriptionWithoutUpdating):
- bytecode/ArrayProfile.h:
(JSC::ArrayProfile::ArrayProfile):
(ArrayProfile):
- 9:04 PM Changeset in webkit [153263] by
-
- 5 edits in trunk/Source/JavaScriptCore
fourthTier: add option to disable OSR entry in loops
https://bugs.webkit.org/show_bug.cgi?id=118329
Reviewed by Mark Hahnenberg.
This adds that option, and also makes the OSR exit reoptimization trigger rely less on
OSR entry failing. Now even if we never attempt OSR entry but our execution counter gets
high after a small number of OSR exits, we will recompile.
- dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::handleExitCounts):
- dfg/DFGOperations.cpp:
- jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_loop_hint):
(JSC::JIT::emitSlow_op_loop_hint):
- runtime/Options.h:
(JSC):
- 9:04 PM Changeset in webkit [153262] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: since the FTL disassembly hacks cannot distinguish between code and data, the LLVM disassembler symbol table callback should be able to deal gracefully with arbitrary garbage
https://bugs.webkit.org/show_bug.cgi?id=118313
Reviewed by Mark Hahnenberg.
Give it a mode where we can still crash on unrecognized reference types, so that we might
implement them in the future, but by default just print some stuff and keep going.
- disassembler/LLVMDisassembler.cpp:
(JSC):
(JSC::symbolLookupCallback):
- 9:04 PM Changeset in webkit [153261] by
-
- 5 edits in trunk/Source
fourthTier: FTL should use the equivalent of llvm opt -O2 by default
https://bugs.webkit.org/show_bug.cgi?id=118311
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
Use a PassManagerBuilder instead of rolling our own.
This boosts our speed-up by another 5% or so.
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- runtime/Options.h:
(JSC):
Source/WTF:
Reviewed by Mark Hahnenberg.
- wtf/LLVMHeaders.h:
- 9:04 PM Changeset in webkit [153260] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should run LICM after AA setup
https://bugs.webkit.org/show_bug.cgi?id=118277
Reviewed by Maciej Stachowiak.
LICM queries alias analysis. Hence, just like GVN, it should run after
we have set up the alias analysis.
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- 9:04 PM Changeset in webkit [153259] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should run AA passes before GVN
https://bugs.webkit.org/show_bug.cgi?id=118276
Rubber stamped by Geoffrey Garen.
These enable load elimination in GVN.
Immediately gives us a speed-up on a bunch of benchmarks I hacked to run
properly in the FTL. One example is 20% on imaging-gaussian-blur. (Fair
warning: the stock version of that benchmark won't see speed-ups -
probably slow-downs instead - because the FTL can't do OSR entry yet.)
Another example is the findGraphNode function, which now sees a 7%
speed-up, and that's without even doing LICM or other good things.
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- 9:04 PM Changeset in webkit [153258] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: Make Graph::substituteGetLocal() out-of-line
Rubber stamped by Geoffrey Garen.
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::substituteGetLocal):
(DFG):
- dfg/DFGGraph.h:
(Graph):
- 9:04 PM Changeset in webkit [153257] by
-
- 8 edits1 copy2 adds in trunk/Source/JavaScriptCore
fourthTier: DFG should know how to find natural loops
https://bugs.webkit.org/show_bug.cgi?id=118152
Reviewed by Mark Hahnenberg.
There are a bunch of things we can do when we know where the loops are.
Previously we didn't. With this patch, we do.
This patch adds the classic dominator based natural loop finder.
The only client of this right now is the DFG::Disassembler. It prints out
a summary of the analysis for each block.
This will become more important when I do
https://bugs.webkit.org/show_bug.cgi?id=118151, which definitely requires
this kind of analysis, at least if we want to do the optimization over
DFG IR (and I'm pretty sure we do).
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGAnalysis.h: Added.
(DFG):
(Analysis):
(JSC::DFG::Analysis::Analysis):
(JSC::DFG::Analysis::invalidate):
(JSC::DFG::Analysis::computeIfNecessary):
(JSC::DFG::Analysis::isValid):
- dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
- dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::createDumpList):
- dfg/DFGDominators.cpp:
(JSC::DFG::Dominators::Dominators):
(JSC::DFG::Dominators::compute):
- dfg/DFGDominators.h:
(Dominators):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dumpBlockHeader):
(JSC::DFG::Graph::invalidateCFG):
(DFG):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGNaturalLoops.cpp: Added.
(DFG):
(JSC::DFG::NaturalLoop::dump):
(JSC::DFG::NaturalLoops::NaturalLoops):
(JSC::DFG::NaturalLoops::~NaturalLoops):
(JSC::DFG::NaturalLoops::compute):
(JSC::DFG::NaturalLoops::loopsOf):
(JSC::DFG::NaturalLoops::dump):
- dfg/DFGNaturalLoops.h: Added.
(DFG):
(NaturalLoop):
(JSC::DFG::NaturalLoop::NaturalLoop):
(JSC::DFG::NaturalLoop::addBlock):
(JSC::DFG::NaturalLoop::header):
(JSC::DFG::NaturalLoop::size):
(JSC::DFG::NaturalLoop::at):
(JSC::DFG::NaturalLoop::operator[]):
(JSC::DFG::NaturalLoop::contains):
(NaturalLoops):
(JSC::DFG::NaturalLoops::numLoops):
(JSC::DFG::NaturalLoops::loop):
(JSC::DFG::NaturalLoops::headerOf):
- 9:04 PM Changeset in webkit [153256] by
-
- 15 edits2 copies1 move2 adds in trunk/Source
fourthTier: JSC's disassembly infrastructure should be able to disassemble the code that LLVM generates
https://bugs.webkit.org/show_bug.cgi?id=118148
Source/JavaScriptCore:
Reviewed by Anders Carlsson.
Oh boy. UDis86 cannot disassemble the AVX (or whatever it's called) stuff
that LLVM generates for floating point. So the right decision is to
switch to the LLVM disassembler, right? Wrong!! LLVM's disassembler
cannot disassemble the load-from-absolute-address-into-%rax instructions
that our JIT generates quite a lot of.
So, this keeps the UDis86 disassembler, but adds the LLVM disassembler,
and requires the caller of disassemble() to hint which one is likely to
be less wrong for the given code.
Maybe in the future LLVM will catch up to UDis86, but it's definitely not
there right now.
This now allows us to disassemble all of the code that LLVM generates.
- JavaScriptCore.xcodeproj/project.pbxproj:
- disassembler/Disassembler.cpp:
(JSC::disassemble):
- disassembler/Disassembler.h:
(JSC::tryToDisassemble):
(JSC):
- disassembler/LLVMDisassembler.cpp: Added.
(JSC):
(JSC::symbolLookupCallback):
(JSC::tryToDisassembleWithLLVM):
- disassembler/LLVMDisassembler.h: Added.
(JSC):
(JSC::tryToDisassembleWithLLVM):
- disassembler/UDis86Disassembler.cpp:
(JSC::tryToDisassembleWithUDis86):
- disassembler/UDis86Disassembler.h: Added.
(JSC):
(JSC::tryToDisassembleWithUDis86):
- disassembler/X86Disassembler.cpp: Added.
(JSC):
(JSC::tryToDisassemble):
- ftl/FTLAbbreviatedTypes.h:
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- ftl/FTLJITCode.h:
- ftl/FTLJITFinalizer.h:
- ftl/FTLLLVMHeaders.h: Removed.
- ftl/FTLLink.cpp:
- runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
- runtime/Options.h:
(JSC):
Source/WTF:
Reviewed by Anders Carlsson.
We now use LLVM for two things: disassembler and FTL. Separate out the question
of whether we have LLVM (HAVE(LLVM)) from whether we want to use the LLVM
disassembler (USE(LLVM_DISASSEMBLER)) and whether we enable the FTL
(ENABLE(FTL_JIT)).
Also move the cruft for including LLVM headers into WTF since now we use it in
a bunch of places, not all related to FTL. There's no obvious place to put that
file in JSC so I put it in WTF.
- WTF.xcodeproj/project.pbxproj:
- wtf/LLVMHeaders.h: Copied from Source/JavaScriptCore/ftl/FTLLLVMHeaders.h.
- wtf/Platform.h:
- 9:04 PM Changeset in webkit [153255] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should be able to dump disassembly
https://bugs.webkit.org/show_bug.cgi?id=118141
Reviewed by Geoffrey Garen.
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- 9:04 PM Changeset in webkit [153254] by
-
- 8 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support hole/OOB PutByVal's
https://bugs.webkit.org/show_bug.cgi?id=118112
Reviewed by Geoffrey Garen.
Added a common code generator for the out-of-bounds case that is reused by
all contiguous-like arrays (Int32, Double, Contiguous).
This is relatively straight-forward, except that it's the first time that
the FTL has to call DFG operations that take more than two arguments.
- ftl/FTLAbbreviations.h:
(JSC::FTL::functionType):
(JSC::FTL::buildCall):
- ftl/FTLAbstractHeapRepository.h:
(FTL):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLIntrinsicRepository.h:
(FTL):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::contiguousPutByValOutOfBounds):
(JSC::FTL::LowerDFGToLLVM::vmCall):
- ftl/FTLOutput.h:
(JSC::FTL::Output::call):
- 9:03 PM Changeset in webkit [153253] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: FTL::canCompile(Graph&) should not consider nodes that won't be compiled
https://bugs.webkit.org/show_bug.cgi?id=118097
Reviewed by Mark Hahnenberg.
This increases coverage to include programs that have unprofiled paths. Those paths will
often have nodes that appear to do untyped speculations, and the FTL sometimes doesn't
support those; except that it doesn't matter since the reason why they were untyped is
that they were unprofiled and anyway we won't run them because we'll exit before them.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- 9:03 PM Changeset in webkit [153252] by
-
- 4 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support ArrayifyToStructure
https://bugs.webkit.org/show_bug.cgi?id=118095
Reviewed by Mark Hahnenberg.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLIntrinsicRepository.h:
(FTL):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure):
(LowerDFGToLLVM):
- 9:03 PM Changeset in webkit [153251] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support ForwardCheckStructure/ForwardStructureTransitionWatchpoint and doing so shouldn't break V8/crypto
https://bugs.webkit.org/show_bug.cgi?id=118091
Reviewed by Mark Hahnenberg.
I was going to just add ForwardCheckStructure/ForwardStructureTransitionWatchpoint support,
which is trivial. But doing so increases coverage a lot, and revealed long-standing bugs in
the FTL. I then fixed those bugs, also:
- The FTL should not attempt to compile a block that is not reachable according to the CFA. This is analogous to terminating basic block compilation if the CFA becomes !isValid(). Attempting to compile such a block means that you're running on broken CFA state, and the CFA will become inconsistent with the code you're generating, leading to some strangeness. For example, the FTL relies on the CFA to tell it that we gave up compiling a node and hence don't have LValue's for that node (by virtue of us giving up due to !isValid()). But the CFA's isValid() bit will not be set correctly for blocks that weren't visited by the CFA at all, and the CFA expects you to know this because it expects that you already checked BasicBlock::cfaHasVisited.
- SetLocal needs to change the ValueSource of the operand to indicate that its value has been stashed in the local (i.e. the "reference" corresponding to the operand in FTL speak). This is because although OSR exit already knows that the value of the operand is stored in the Node, and it already knows what LValue corresponds to the node, OSR exit will also assume that if the Node dies then the value-at-exit for that operand should be Dead (i.e. jsUndefined). But the Node dying, and the local dying, are two distinct things; in particular the local always outlives the Node in the case of a SetLocal. So, we just need to have SetLocal have the ValueSource be BlahInLocal rather than HaveNode, to ensure that OSR exit knows that the darn thing is really live until the end of the basic block, as opposed to until whenever the Node dies (which could be at any time).
- PutByOffset was erroneously storing to an offset from the base object, rather than an offset from the storage. Note that the storage will be the base object (exactly - i.e. same node, same value) for inline stores, but will be a distinct thing for out-of-line stores.
- At-head set-up of OSR exit state was using ValueInLocals for variables forced double, when it should have been using DoubleInLocals.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileBlock):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileSetLocal):
(JSC::FTL::LowerDFGToLLVM::compilePutByOffset):
(JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
(JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
- 9:03 PM Changeset in webkit [153250] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support PutByVal
https://bugs.webkit.org/show_bug.cgi?id=118075
Reviewed by Mark Hahnenberg.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::lower):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
- 9:03 PM Changeset in webkit [153249] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: Convert versus AsIs should have no bearing on whether we can do the SaneChain optimization for double array GetByVals
https://bugs.webkit.org/show_bug.cgi?id=118028
Reviewed by Sam Weinig.
The SaneChain optimization allows us to get rid of the NaN check on loading from
a double array, if the result is used in an arithmetic op that wouldn't
distinguish between NaN and undefined. Normally the NaN check would be needed
because NaN is the hole marker.
The SaneChain optimization definitely requires that you're an Original array,
since we need to watchpoint the array prototype chain. And so it also needs to
be a JSArray, and not an object that has indexed double properties. We also
require an in-bounds access, since the backend is only capable of the
optimization in the in-bounds case (though we could extend it to OOB in the
future). But whether the array is being converted or is as-is isn't relevant.
Either way, if it's a double original array in-bounds access by the time that
the array check (or conversion!) completes, we can do the optimization.
Ever-so-slight speed-up on Kraken/imaging-gaussian-blur.
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- 9:03 PM Changeset in webkit [153248] by
-
- 21 edits26 adds in trunk
fourthTier: DFG should support switch_string
https://bugs.webkit.org/show_bug.cgi?id=117967
Source/JavaScriptCore:
Reviewed by Sam Weinig.
Add a reusable binary switch creator.
Implement switch on string using three modes:
- Binary switch on StringImpl* in the case of identifiers.
- Trie of binary switches on characters in the case of a not-too-big switch over not-too-big 8-bit strings.
- Hash lookup if all else fails.
Anywhere from a 2x to 3x speed-up on microbenchmarks that stress
string switches. 25-35% speed-up on HashMap tests. 4% speed-up on
pdfjs.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/JumpTable.h:
(StringJumpTable):
(JSC::StringJumpTable::clear):
- dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
- dfg/DFGBinarySwitch.cpp: Added.
(DFG):
(JSC::DFG::BinarySwitch::BinarySwitch):
(JSC::DFG::BinarySwitch::advance):
(JSC::DFG::BinarySwitch::build):
- dfg/DFGBinarySwitch.h: Added.
(DFG):
(BinarySwitch):
(JSC::DFG::BinarySwitch::caseIndex):
(JSC::DFG::BinarySwitch::caseValue):
(JSC::DFG::BinarySwitch::fallThrough):
(JSC::DFG::BinarySwitch::Case::Case):
(Case):
(JSC::DFG::BinarySwitch::Case::operator<):
(JSC::DFG::BinarySwitch::BranchCode::BranchCode):
(BranchCode):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
- dfg/DFGLazyJSValue.cpp:
(JSC::DFG::LazyJSValue::getValue):
(JSC::DFG::equalToStringImpl):
(DFG):
(JSC::DFG::LazyJSValue::strictEqual):
(JSC::DFG::LazyJSValue::dump):
- dfg/DFGLazyJSValue.h:
(JSC::DFG::LazyJSValue::knownStringImpl):
(LazyJSValue):
(JSC::DFG::LazyJSValue::stringImpl):
(JSC::DFG::LazyJSValue::switchLookupValue):
- dfg/DFGNode.cpp:
(WTF::printInternal):
- dfg/DFGNode.h:
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitSwitchChar):
(JSC::DFG::SpeculativeJIT::StringSwitchCase::operator<):
(DFG):
(JSC::DFG::SpeculativeJIT::emitBinarySwitchStringRecurse):
(JSC::DFG::SpeculativeJIT::emitSwitchStringOnString):
(JSC::DFG::SpeculativeJIT::emitSwitchString):
(JSC::DFG::SpeculativeJIT::emitSwitch):
(JSC::DFG::SpeculativeJIT::addBranch):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::branch8):
(SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::StringSwitchCase::StringSwitchCase):
(StringSwitchCase):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileSwitch):
- runtime/Options.h:
(JSC):
Source/WTF:
Reviewed by Sam Weinig.
Make it possible to compare a RefPtr<StringImpl> and a StringImpl* without
having to ref the StringImpl.
- wtf/text/StringHash.h:
(WTF::StringHash::equal):
LayoutTests:
Reviewed by Sam Weinig.
- fast/js/regress/script-tests/switch-string-basic-big-var.js: Added.
(foo):
(make):
- fast/js/regress/script-tests/switch-string-basic-big.js: Added.
(foo):
(make):
- fast/js/regress/script-tests/switch-string-basic-var.js: Added.
(foo):
(make):
- fast/js/regress/script-tests/switch-string-basic.js: Added.
(foo):
- fast/js/regress/script-tests/switch-string-big-length-tower-var.js: Added.
(foo):
- fast/js/regress/script-tests/switch-string-length-tower-var.js: Added.
(foo):
- fast/js/regress/script-tests/switch-string-length-tower.js: Added.
(foo):
- fast/js/regress/script-tests/switch-string-short.js: Added.
(foo):
- fast/js/regress/switch-string-basic-big-expected.txt: Added.
- fast/js/regress/switch-string-basic-big-var-expected.txt: Added.
- fast/js/regress/switch-string-basic-big-var.html: Added.
- fast/js/regress/switch-string-basic-big.html: Added.
- fast/js/regress/switch-string-basic-expected.txt: Added.
- fast/js/regress/switch-string-basic-var-expected.txt: Added.
- fast/js/regress/switch-string-basic-var.html: Added.
- fast/js/regress/switch-string-basic.html: Added.
- fast/js/regress/switch-string-big-length-tower-var-expected.txt: Added.
- fast/js/regress/switch-string-big-length-tower-var.html: Added.
- fast/js/regress/switch-string-length-tower-expected.txt: Added.
- fast/js/regress/switch-string-length-tower-var-expected.txt: Added.
- fast/js/regress/switch-string-length-tower-var.html: Added.
- fast/js/regress/switch-string-length-tower.html: Added.
- fast/js/regress/switch-string-short-expected.txt: Added.
- fast/js/regress/switch-string-short.html: Added.
Conflicts:
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
- 9:03 PM Changeset in webkit [153247] by
-
- 11 edits in trunk/Source
fourthTier: Count external memory usage towards heap footprint
https://bugs.webkit.org/show_bug.cgi?id=117948
Reviewed by Geoffrey Garen.
Source/JavaScriptCore:
Currently just count strings. Strings get counted in such a way that we won't re-count strings
that are aliased, by dividing by the reference count. This then ups the GC footprint and allows
the collector to appropriately amortize itself.
- heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::size):
(JSC::Heap::collect):
- heap/Heap.h:
(Heap):
- heap/SlotVisitor.h:
- heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::reportExtraMemoryUsage):
(JSC):
- runtime/JSString.cpp:
(JSC::JSString::visitChildren):
Source/WTF:
Expose some functionality needed for properly measuring StringImpl footprint.
- wtf/Atomics.h:
(WTF::weakCompareAndSwapSize):
(WTF):
- wtf/MathExtras.h:
(divideRoundedUp):
- wtf/text/StringImpl.h:
(WTF::StringImpl::cost):
(StringImpl):
(WTF::StringImpl::costDuringGC):
(WTF::StringImpl::refCount):
- 9:03 PM Changeset in webkit [153246] by
-
- 1 edit in trunk/Source/WTF/ChangeLog
fourthTier: DFG should optimize identifier string equality
https://bugs.webkit.org/show_bug.cgi?id=117920
Reviewed by Sam Weinig.
Note that this ChangeLog was supposed to be committed in r151890.
Expose the IsIdentifier bit to the JIT.
- wtf/text/StringImpl.h:
(WTF::StringImpl::flagIsIdentifier):
- 9:03 PM Changeset in webkit [153245] by
-
- 12 edits6 adds in trunk
fourthTier: DFG should optimize identifier string equality
https://bugs.webkit.org/show_bug.cgi?id=117920
Source/JavaScriptCore:
Reviewed by Sam Weinig.
This is a 20% speed-up for string equality comparisons when both strings are
identifiers.
This is important for two reasons:
1) Using strings as enumerations is an idiom. A great example is typeof. It
would be great if this performed better.
2) When I implement switch_string in the DFG, it would be great to optimize
the case where the switched-on value is an identifier. That would involve
a simple binary switch rather than a more complicated trie-switch over
characters.
- bytecode/SpeculatedType.cpp:
(JSC::dumpSpeculation):
(JSC::speculationToAbbreviatedString):
(JSC::speculationFromCell):
- bytecode/SpeculatedType.h:
(JSC):
(JSC::isStringIdentSpeculation):
(JSC::isStringSpeculation):
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateStringIdent):
(Node):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleBranch):
(JSC::DFG::SpeculativeJIT::compare):
(JSC::DFG::SpeculativeJIT::compileStrictEq):
(JSC::DFG::SpeculativeJIT::compileStringEquality):
(JSC::DFG::SpeculativeJIT::compileStringIdentEquality):
(DFG):
(JSC::DFG::SpeculativeJIT::speculateString):
(JSC::DFG::SpeculativeJIT::speculateStringIdentAndLoadStorage):
(JSC::DFG::SpeculativeJIT::speculateStringIdent):
(JSC::DFG::SpeculativeJIT::speculate):
- dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
- dfg/DFGUseKind.cpp:
(WTF::printInternal):
- dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):
LayoutTests:
Reviewed by Sam Weinig.
Add a benchmark for string equality where there is a long identifier, and
also add a benchmark for non-identifier string equality (since the previous
test for string equality was really identifier equality).
- fast/js/regress/script-tests/string-long-ident-equality.js: Added.
(foo):
- fast/js/regress/script-tests/string-var-equality.js: Added.
(addFoo):
(foo):
- fast/js/regress/string-long-ident-equality-expected.txt: Added.
- fast/js/regress/string-long-ident-equality.html: Added.
- fast/js/regress/string-var-equality-expected.txt: Added.
- fast/js/regress/string-var-equality.html: Added.
- 9:03 PM Changeset in webkit [153244] by
-
- 10 edits6 adds in trunk
fourthTier: DFG shouldn't exit just because a String GetByVal went out-of-bounds
https://bugs.webkit.org/show_bug.cgi?id=117906
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
This does the obvious thing, but also makes sure that out-of-bounds accesses
don't fall off into a C call, but try to do the fast thing if the prototype
chain is sane. We ought to probably do this for other array accesses in the
future, as well, since it's so darn easy.
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
- runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::objectPrototypeIsSane):
(JSC):
(JSC::JSGlobalObject::arrayPrototypeChainIsSane):
(JSC::JSGlobalObject::stringPrototypeChainIsSane):
- runtime/JSGlobalObject.h:
(JSGlobalObject):
LayoutTests:
Reviewed by Mark Hahnenberg.
The out-of-bounds benchmark that isn't insane speeds up by 22x in this
patch.
- fast/js/regress/script-tests/string-get-by-val-out-of-bounds-insane.js: Added.
(foo):
- fast/js/regress/script-tests/string-get-by-val-out-of-bounds.js: Added.
(foo):
- fast/js/regress/string-get-by-val-out-of-bounds-expected.txt: Added.
- fast/js/regress/string-get-by-val-out-of-bounds-insane-expected.txt: Added.
- fast/js/regress/string-get-by-val-out-of-bounds-insane.html: Added.
- fast/js/regress/string-get-by-val-out-of-bounds.html: Added.
- 9:03 PM Changeset in webkit [153243] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: GC's put_by_id transition fixpoint should converge more quickly
https://bugs.webkit.org/show_bug.cgi?id=117912
Reviewed by Mark Hahnenberg.
This was a rookie mistake. The GC does a classic forward data flow fixpoint. These work well so long as you
iterate the program in program order, or at least something close to program order. Because I enjoy reverse
loops ("while (n--) blah"), I ended up iterating in *reverse* of program order which ensured worst-case
pathologies every single time. And unsurprisingly, this slowed down a program, namely pdfjs.
Flipping the loops to iterate forward fixes a 90% regression in Octane/pdfjs and is otherwise neutral.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::propagateTransitions):
- 9:03 PM Changeset in webkit [153242] by
-
- 4 edits3 adds in trunk
fourthTier: DFG should CSE MakeRope
https://bugs.webkit.org/show_bug.cgi?id=117905
Source/JavaScriptCore:
Reviewed by Geoffrey Garen.
Adds MakeRope to the CSE phase and removes the comment that says that
we could do it but aren't doing it.
Also fixed SpeculatedType dumping so that if you have a Cell type then
it just prints "Cell" and if you just have Object then it just prints
"Object", instead of printing the long list of types.
- bytecode/SpeculatedType.cpp:
(JSC::dumpSpeculation):
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::performNodeCSE):
LayoutTests:
Reviewed by Geoffrey Garen.
This benchmark speeds up by 50%.
- fast/js/regress/make-rope-cse-expected.txt: Added.
- fast/js/regress/make-rope-cse.html: Added.
- fast/js/regress/script-tests/make-rope-cse.js: Added.
(foo):
- 9:03 PM Changeset in webkit [153241] by
-
- 8 edits3 adds in trunk
fourthTier: DFG should't exit just because it GetByVal'd a big character
https://bugs.webkit.org/show_bug.cgi?id=117899
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
Add a slow path. Also clarify handling of GetByVal in PutStructure elimination.
Previously it would fail due to canExit() but now we can also fail because
GetByVal(String) can allocate. Just make it so GetByVal is totally poisoned, in
a very explicit way.
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::putStructureStoreElimination):
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
(SpeculativeJIT):
LayoutTests:
Reviewed by Mark Hahnenberg.
This benchmark speeds up by 3x.
- fast/js/regress/script-tests/string-get-by-val-big-char.js: Added.
(foo):
- fast/js/regress/string-get-by-val-big-char-expected.txt: Added.
- fast/js/regress/string-get-by-val-big-char.html: Added.
- 9:03 PM Changeset in webkit [153240] by
-
- 10 edits3 adds in trunk
fourthTier: Small strings shouldn't get GC'd
https://bugs.webkit.org/show_bug.cgi?id=117897
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
Kill off the code needed to allocate them lazily and finalize them.
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
- heap/Heap.cpp:
(JSC::Heap::collect):
- runtime/JSString.h:
(JSC::jsSingleCharacterString):
(JSC::jsSingleCharacterSubstring):
(JSC::jsString):
(JSC::jsSubstring8):
(JSC::jsSubstring):
(JSC::jsOwnedString):
- runtime/NumberPrototype.cpp:
(JSC::integerValueToString):
- runtime/SmallStrings.cpp:
(JSC):
(JSC::SmallStrings::initializeCommonStrings):
(JSC::SmallStrings::visitStrongReferences):
- runtime/SmallStrings.h:
(JSC::SmallStrings::singleCharacterString):
(SmallStrings):
LayoutTests:
Reviewed by Mark Hahnenberg.
This test speeds up by 5%.
- fast/js/regress/script-tests/string-get-by-val.js: Added.
(foo):
- fast/js/regress/string-get-by-val-expected.txt: Added.
- fast/js/regress/string-get-by-val.html: Added.
- 9:03 PM Changeset in webkit [153239] by
-
- 1 edit in trunk/Source/JavaScriptCore/runtime/JSString.h
fourthTier: Re-indent JSString.h to aid mhe merging of the FTL branch
- 9:03 PM Changeset in webkit [153238] by
-
- 7 edits in trunk/Source/JavaScriptCore
fourthTier: Structure should have a dump()
https://bugs.webkit.org/show_bug.cgi?id=117859
Reviewed by Geoffrey Garen.
This is pretty cool. Anywhere we previously printed Structure pointers in dumps,
we now print a bunch of other info as well. For example, for an object literal
like "{f:42, g:64, h:24}", when we print the structure we'll now get:
0x107a0af80:[Object, {f:0, g:1, h:2}, NonArray, Proto:0x107a8fff0]
This also changes a bunch of places to use the dump method.
- bytecode/StructureSet.h:
(JSC::StructureSet::dump):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
- dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::dump):
- runtime/JSCJSValue.cpp:
(JSC::JSValue::dump):
- runtime/Structure.cpp:
(JSC::Structure::dump):
(JSC):
- runtime/Structure.h:
(Structure):
- 9:03 PM Changeset in webkit [153237] by
-
- 19 edits in trunk/Source/JavaScriptCore
fourthTier: There should only be one table of SimpleJumpTables
https://bugs.webkit.org/show_bug.cgi?id=117856
Reviewed by Geoffrey Garen.
Having multiple tables of SimpleJumpTables just means we have to duplicate a
ton of code. This patch deduplicates all of it.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::shrinkToFit):
- bytecode/CodeBlock.h:
(JSC::CodeBlock::numberOfSwitchJumpTables):
(JSC::CodeBlock::addSwitchJumpTable):
(JSC::CodeBlock::switchJumpTable):
(JSC::CodeBlock::clearSwitchJumpTables):
(RareData):
- bytecode/PreciseJumpTargets.cpp:
(JSC):
(JSC::computePreciseJumpTargets):
- bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::shrinkToFit):
(JSC::UnlinkedCodeBlock::numberOfSwitchJumpTables):
(JSC::UnlinkedCodeBlock::addSwitchJumpTable):
(JSC::UnlinkedCodeBlock::switchJumpTable):
(RareData):
- bytecompiler/BytecodeGenerator.cpp:
(JSC):
(JSC::prepareJumpTableForSwitch):
(JSC::BytecodeGenerator::endSwitch):
- dfg/DFGByteCodeParser.cpp:
(InlineStackEntry):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
- dfg/DFGJITCompiler.h:
(JITCompiler):
- dfg/DFGOperations.cpp:
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
(DFG):
(JSC::DFG::SpeculativeJIT::emitSwitchImm):
(JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump):
- dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
- ftl/FTLLink.cpp:
(JSC::FTL::link):
- jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_switch_char):
- jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_switch_imm):
(JSC::JIT::emit_op_switch_char):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
- llint/LowLevelInterpreter32_64.asm:
- llint/LowLevelInterpreter64.asm:
- 9:03 PM Changeset in webkit [153236] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should clear character switch jump tables
https://bugs.webkit.org/show_bug.cgi?id=117852
Reviewed by Sam Weinig.
The FTL just uses LLVM's switch, which results in LLVM allocating its own switch
jump tables as needed.
- bytecode/CodeBlock.h:
(JSC::CodeBlock::clearCharacterSwitchJumpTables):
- ftl/FTLLink.cpp:
(JSC::FTL::link):
- 9:03 PM Changeset in webkit [153235] by
-
- 17 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support SwitchChar
https://bugs.webkit.org/show_bug.cgi?id=117849
Reviewed by Geoffrey Garen.
This adds Switch(SwitchChar) to the FTL and also implicitly does some other things.
SwitchChar requires calling a slow path to resolve ropes. Previously the FTL had no
support for calling slow paths, and we avoided adding coverage that would require
that. Well, this patch adds the ability to call slow paths and just uses that for
resolving ropes for SwitchChar. Also SwitchChar required adding awareness of strings,
so I did that, too.
- bytecode/CodeBlock.h:
(CodeBlock):
(JSC::CodeBlock::addCodeOrigin):
- dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
- dfg/DFGNode.cpp:
(WTF):
(WTF::printInternal):
- dfg/DFGNode.h:
(WTF):
- dfg/DFGOperations.h:
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
- ftl/FTLAbbreviations.h:
(JSC::FTL::int16Type):
(JSC::FTL::constInt):
- ftl/FTLAbstractHeapRepository.h:
(FTL):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLCommonValues.cpp:
(JSC::FTL::CommonValues::CommonValues):
- ftl/FTLCommonValues.h:
(CommonValues):
- ftl/FTLIntrinsicRepository.cpp:
(JSC::FTL::IntrinsicRepository::IntrinsicRepository):
(FTL):
- ftl/FTLIntrinsicRepository.h:
(FTL):
(IntrinsicRepository):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::lower):
(JSC::FTL::LowerDFGToLLVM::transferAndCheckArguments):
(JSC::FTL::LowerDFGToLLVM::compileJump):
(JSC::FTL::LowerDFGToLLVM::compileBranch):
(JSC::FTL::LowerDFGToLLVM::compileSwitch):
(JSC::FTL::LowerDFGToLLVM::buildSwitch):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::lowString):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::isObject):
(JSC::FTL::LowerDFGToLLVM::isNotString):
(JSC::FTL::LowerDFGToLLVM::isString):
(JSC::FTL::LowerDFGToLLVM::isNotObject):
(JSC::FTL::LowerDFGToLLVM::speculateObject):
(JSC::FTL::LowerDFGToLLVM::speculateString):
(JSC::FTL::LowerDFGToLLVM::speculateNonNullObject):
(JSC::FTL::LowerDFGToLLVM::vmCall):
(JSC::FTL::LowerDFGToLLVM::callPreflight):
(JSC::FTL::LowerDFGToLLVM::callCheck):
(JSC::FTL::LowerDFGToLLVM::lowBlock):
- ftl/FTLOutput.h:
(JSC::FTL::Output::constBool):
(JSC::FTL::Output::constInt8):
(JSC::FTL::Output::constInt32):
(JSC::FTL::Output::constIntPtr):
(JSC::FTL::Output::constInt64):
(JSC::FTL::Output::load16):
(JSC::FTL::Output::isNull):
(JSC::FTL::Output::notNull):
(JSC::FTL::Output::testIsZero32):
(JSC::FTL::Output::testNonZero32):
(Output):
(JSC::FTL::Output::operation):
(JSC::FTL::Output::crash):
- 9:03 PM Changeset in webkit [153234] by
-
- 22 edits8 adds in trunk
fourthTier: DFG should have switch_char
https://bugs.webkit.org/show_bug.cgi?id=117710
Source/JavaScriptCore:
Reviewed by Michael Saboff.
Add op_switch_char. Most of this is fairly simple, except for the whole
LazyJSValue thing.
It's long been the case that anytime you wanted the DFG to speak of a string
that didn't appear in the constant pool, you would have a hard time since
the DFG isn't allowed to allocate in the GC heap. For example, if you know
that you want to speak of a single character string, you might find that
the one you wanted to speak of had been GC'd. Another example is if you
wanted to add constant folding for string concatenation - something we don't
have yet but will want eventually.
I solve this by finally adding the notion of LazyJSValue. In the future I
anticipate using this for a variety of string-related things. The idea here
is that the DFG can either say that it already knows what the value is, or
it can describe the value. For example, in this patch I needed to be able to
describe single-character strings.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
- bytecode/JumpTable.h:
- dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
- dfg/DFGByteCodeParser.cpp:
(InlineStackEntry):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
- dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGGPRInfo.h:
(JSC::DFG::JSValueRegs::payloadGPR):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::jumpTable):
(DFG):
(JSC::DFG::JITCompiler::numberOfJumpTables):
(JSC::DFG::JITCompiler::linkSwitches):
(JSC::DFG::JITCompiler::link):
- dfg/DFGJITCompiler.h:
(JITCompiler):
- dfg/DFGLazyJSValue.cpp: Added.
(DFG):
(JSC::DFG::LazyJSValue::getValue):
(JSC::DFG::equalToSingleCharacter):
(JSC::DFG::LazyJSValue::strictEqual):
(JSC::DFG::LazyJSValue::dump):
- dfg/DFGLazyJSValue.h: Added.
(DFG):
(LazyJSValue):
(JSC::DFG::LazyJSValue::LazyJSValue):
(JSC::DFG::LazyJSValue::singleCharacterString):
(JSC::DFG::LazyJSValue::tryGetValue):
(JSC::DFG::LazyJSValue::value):
(JSC::DFG::LazyJSValue::character):
(JSC::DFG::LazyJSValue::switchLookupValue):
- dfg/DFGNode.h:
(JSC::DFG::SwitchCase::SwitchCase):
(SwitchCase):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitSwitchIntJump):
(JSC::DFG::SpeculativeJIT::emitSwitchImmIntJump):
(DFG):
(JSC::DFG::SpeculativeJIT::emitSwitchImm):
(JSC::DFG::SpeculativeJIT::emitSwitchCharStringJump):
(JSC::DFG::SpeculativeJIT::emitSwitchChar):
(JSC::DFG::SpeculativeJIT::emitSwitch):
- dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
Source/WTF:
Reviewed by Michael Saboff.
I wanted to be able to say stringImpl->at(index), and now I can!
Also made it possible to convert a UChar to a utf8 CString without
allocating a StringImpl.
- wtf/text/StringImpl.cpp:
(WTF::StringImpl::utf8Impl):
(WTF):
(WTF::StringImpl::utf8ForCharacters):
(WTF::StringImpl::utf8ForRange):
- wtf/text/StringImpl.h:
(StringImpl):
(WTF::StringImpl::at):
(WTF::StringImpl::operator[]):
LayoutTests:
Rubber stamped by Mark Hahnenberg.
- fast/js/regress/script-tests/switch-char-constant.js: Added.
(foo):
(bar):
- fast/js/regress/script-tests/switch-char.js: Added.
(foo):
(bar):
- fast/js/regress/switch-char-constant-expected.txt: Added.
- fast/js/regress/switch-char-constant.html: Added.
- fast/js/regress/switch-char-expected.txt: Added.
- fast/js/regress/switch-char.html: Added.
- 9:03 PM Changeset in webkit [153233] by
-
- 9 edits1 copy in trunk/Source/JavaScriptCore
fourthTier: Refactor ObjCCallbackFunction to inherit directly from InternalFunction
https://bugs.webkit.org/show_bug.cgi?id=117595
Reviewed by Geoffrey Garen.
- API/APICallbackFunction.h: Added. New struct that allows JSCallbackFunction and
ObjCCallbackFunction to share their host call() implementation through the magic of
templates.
(JSC::APICallbackFunction::call):
- API/JSCallbackFunction.cpp:
(JSC::JSCallbackFunction::getCallData): Changed to get the template-ized version of
the host function.
- API/JSCallbackFunction.h:
- API/ObjCCallbackFunction.h: Now inherits directly from InternalFunction.
- API/ObjCCallbackFunction.mm:
(JSC::ObjCCallbackFunction::ObjCCallbackFunction):
(JSC::ObjCCallbackFunction::getCallData): Ditto.
- GNUmakefile.list.am: Build files!
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
- JavaScriptCore.xcodeproj/project.pbxproj:
- 9:03 PM Changeset in webkit [153232] by
-
- 14 edits in trunk/Source/JavaScriptCore
fourthTier: Arity fixup should be done while on same stack
https://bugs.webkit.org/show_bug.cgi?id=117102
Reviewed by Oliver Hunt.
Removed the fixup part of op_call_arityCheck() and op_construct_arityCheck() and moved it to
a thunk for the JITs and as assembly for the llint. This patch provides the plumbing needed to
move to the C stack for JS execution. The fixup thunk and llint code would need to be change to
work with a stack that grows down when we do move to the C stack.
Due to an issue with the offline assembler, I moved the const at the top of LowLevelInterpreter64.asm
and LowLevelInterpreter32_64.asm to LowLevelInterpreter.asm. The problem is that a const defined in
one file that are used in a macro doesn't resolve the const if the macro is used in another file. This
seemed like the quickest path.
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileFunction):
(JSC::DFG::JITCompiler::linkFunction):
- dfg/DFGJITCompiler.h:
(JITCompiler):
- ftl/FTLLink.cpp:
(JSC::FTL::link):
- jit/JIT.cpp:
(JSC::JIT::privateCompile):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- jit/JITStubs.h:
- jit/ThunkGenerators.cpp:
(JSC::arityFixup):
- jit/ThunkGenerators.h:
- llint/LowLevelInterpreter.asm:
- llint/LowLevelInterpreter32_64.asm:
- llint/LowLevelInterpreter64.asm:
- runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
- runtime/CommonSlowPaths.h:
(JSC::CommonSlowPaths::arityCheckFor):
- 9:03 PM Changeset in webkit [153231] by
-
- 13 edits in trunk/Source/JavaScriptCore
fourthTier: Add another temp register regT4 to JSInterfaceJIT
https://bugs.webkit.org/show_bug.cgi?id=117719
Reviewed by Geoffrey Garen.
Made the dedicated bucketCounterRegister to be regT4 and then used regT4 wherever
bucketCounterRegister had been used. Since it is masked whenever it is used and
we are looking for some randomness in the register anyway, we can use it without
any issues.
- jit/JIT.cpp:
(JSC::JIT::privateCompile):
- jit/JIT.h:
(JSC::JIT::emitValueProfilingSite):
- jit/JITCall.cpp:
(JSC::JIT::emitPutCallResult):
- jit/JITCall32_64.cpp:
(JSC::JIT::emitPutCallResult):
- jit/JITInlines.h:
(JSC::JIT::emitValueProfilingSite):
- jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_to_this):
(JSC::JIT::emit_op_get_callee):
(JSC::JIT::emit_op_get_argument_by_val):
- jit/JITOpcodes32_64.cpp:
(JSC::JIT::emit_op_get_callee):
(JSC::JIT::emit_op_to_this):
(JSC::JIT::emit_op_get_argument_by_val):
- jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
- jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
- jit/JITStubCall.h:
(JSC::JITStubCall::callWithValueProfiling):
- jit/JSInterfaceJIT.h:
(JSInterfaceJIT):
- 9:03 PM Changeset in webkit [153230] by
-
- 8 edits1 add in trunk/Source/JavaScriptCore
fourthTier: FTL should support Switch
https://bugs.webkit.org/show_bug.cgi?id=117704
Reviewed by Oliver Hunt.
- bytecode/CodeBlock.h:
(JSC::CodeBlock::clearImmediateSwitchJumpTables):
- ftl/FTLAbbreviations.h:
(JSC::FTL::buildFPToSI):
(JSC::FTL::buildSwitch):
(JSC::FTL::addCase):
(FTL):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLink.cpp:
(JSC::FTL::link):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileSwitch):
(LowerDFGToLLVM):
- ftl/FTLOutput.h:
(JSC::FTL::Output::fpToInt):
(JSC::FTL::Output::fpToInt32):
(Output):
(JSC::FTL::Output::switchInstruction):
- ftl/FTLSwitchCase.h: Added.
(FTL):
(SwitchCase):
(JSC::FTL::SwitchCase::SwitchCase):
(JSC::FTL::SwitchCase::value):
(JSC::FTL::SwitchCase::target):
Conflicts:
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
- 9:03 PM Changeset in webkit [153229] by
-
- 9 edits6 adds in trunk
fourthTier: Add CFG simplification for Switch
https://bugs.webkit.org/show_bug.cgi?id=117677
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
This is for completeness. It only speeds up a microbenchmark at this point.
Broadly, we want all control constructs to be known to the CFG simplifier.
- dfg/DFGCFGSimplificationPhase.cpp:
(JSC::DFG::CFGSimplificationPhase::run):
(JSC::DFG::CFGSimplificationPhase::convertToJump):
(CFGSimplificationPhase):
(JSC::DFG::CFGSimplificationPhase::noBlocks):
(JSC::DFG::CFGSimplificationPhase::oneBlock):
(JSC::DFG::CFGSimplificationPhase::mergeBlocks):
- runtime/JSCJSValue.h:
(JSValue):
- runtime/JSCJSValueInlines.h:
(JSC::JSValue::pureStrictEqual):
(JSC):
Source/WTF:
Reviewed by Mark Hahnenberg.
- wtf/TriState.h:
- wtf/text/StringImpl.h:
LayoutTests:
Reviewed by Mark Hahnenberg.
- fast/js/regress/script-tests/switch-constant.js: Added.
(foo):
(bar):
- fast/js/regress/script-tests/switch.js: Added.
(foo):
(bar):
- fast/js/regress/switch-constant-expected.txt: Added.
- fast/js/regress/switch-constant.html: Added.
- fast/js/regress/switch-expected.txt: Added.
- fast/js/regress/switch.html: Added.
- 9:03 PM Changeset in webkit [153228] by
-
- 26 edits in trunk/Source/JavaScriptCore
fourthTier: DFG should support op_switch_imm
https://bugs.webkit.org/show_bug.cgi?id=117559
Reviewed by Oliver Hunt.
Implement integer (i.e. immediate) switches in the DFG. Reduce the minimum
threshold for using op_switch.
Also get rid of edge code support, since we haven't used it in the year since
I introduced it. It was supposed to allow us to break critical edges late in
the backend, thus enabling global register allocation from an SSA-form graph.
But we aren't doing that so I figure we should just kill the code for now. It
would have made implementing switch harder.
- assembler/AbstractMacroAssembler.h:
(JSC::AbstractMacroAssembler::timesPtr):
- assembler/MacroAssemblerCodeRef.h:
(JSC::MacroAssemblerCodePtr::dumpWithName):
(MacroAssemblerCodePtr):
(JSC::MacroAssemblerCodePtr::dump):
(MacroAssemblerCodeRef):
(JSC::MacroAssemblerCodeRef::dump):
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::shrinkToFit):
- bytecode/JumpTable.h:
(SimpleJumpTable):
(JSC::SimpleJumpTable::clear):
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
(JSC::DFG::AbstractState::mergeToSuccessors):
- dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
- dfg/DFGByteCodeParser.cpp:
(InlineStackEntry):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::linkBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
- dfg/DFGCommon.h:
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::determineReachability):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::link):
- dfg/DFGJITCompiler.h:
(JITCompiler):
(JSC::DFG::JITCompiler::blockHeads):
- dfg/DFGNode.h:
(DFG):
(JSC::DFG::SwitchCase::SwitchCase):
(SwitchCase):
(SwitchData):
(JSC::DFG::SwitchData::SwitchData):
(Node):
(JSC::DFG::Node::isSwitch):
(JSC::DFG::Node::isTerminal):
(JSC::DFG::Node::switchData):
(JSC::DFG::Node::numSuccessors):
(JSC::DFG::Node::successor):
- dfg/DFGNodeType.h:
(DFG):
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::createOSREntries):
(JSC::DFG::SpeculativeJIT::emitSwitchImmIntJump):
(DFG):
(JSC::DFG::SpeculativeJIT::emitSwitchImm):
(JSC::DFG::SpeculativeJIT::emitSwitch):
(JSC::DFG::SpeculativeJIT::linkBranches):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
(SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::branchDouble):
(JSC::DFG::SpeculativeJIT::branchDoubleNonZero):
(JSC::DFG::SpeculativeJIT::branch32):
(JSC::DFG::SpeculativeJIT::branchTest32):
(JSC::DFG::SpeculativeJIT::branch64):
(JSC::DFG::SpeculativeJIT::branchPtr):
(JSC::DFG::SpeculativeJIT::branchTestPtr):
(JSC::DFG::SpeculativeJIT::branchTest8):
(JSC::DFG::SpeculativeJIT::jump):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- parser/Nodes.h:
(CaseBlockNode):
- 9:02 PM Changeset in webkit [153227] by
-
- 8 edits in trunk/Source
fourthTier: Concurrent JIT shouldn't try to recompute the CodeBlockHash as part of debug dumps, since doing so may fail if dealing with a CachedScript that doesn't have its script string handy
https://bugs.webkit.org/show_bug.cgi?id=117676
Reviewed by Sam Weinig.
Source/JavaScriptCore:
CodeBlock now caches m_hash, and the DFG Driver will force its computation if we're doing debug dumps of any kind.
Also made sure that CodeBlock::CodeBlock initializes all of its fields; it was previously missing the
initialization of m_capabilityLevelState.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::hash):
(JSC::CodeBlock::CodeBlock):
- bytecode/CodeBlock.h:
(CodeBlock):
- bytecode/CodeBlockHash.cpp:
(JSC::CodeBlockHash::CodeBlockHash):
- bytecode/CodeBlockHash.h:
(CodeBlockHash):
(JSC::CodeBlockHash::isSet):
(JSC::CodeBlockHash::operator!):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
Source/WebCore:
Remove the broken hack for the concurrent JIT, since now the concurrent JIT won't use this code anymore.
No new tests because no new behavior.
- loader/cache/CachedScript.cpp:
(WebCore::CachedScript::script):
- 9:02 PM Changeset in webkit [153226] by
-
- 2 edits in trunk/Source/WTF
fourthTier: Printing a StringImpl* should really guard against NULL
https://bugs.webkit.org/show_bug.cgi?id=117675
Reviewed by Mark Hahnenberg.
- wtf/PrintStream.cpp:
(WTF::printInternal):
- 9:02 PM Changeset in webkit [153225] by
-
- 30 edits12 adds in trunk
fourthTier: DFG should support op_in and it should use patching to make it fast
https://bugs.webkit.org/show_bug.cgi?id=117385
Source/JavaScriptCore:
Reviewed by Geoffrey Garen.
Implement op_in in the DFG and give it patching. The code we generate is just
a jump on the hot path, and the slow paths generate stubs and link the jump to
them. I didn't want to bother with patching structures and load offsets and
the like, although I probably could have.
This is a ginormous speed-up on microbenchmarks for "in", obviously.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpAssumingJITType):
(JSC::CodeBlock::resetStubInternal):
(JSC::structureStubInfoLessThan):
(JSC):
(JSC::CodeBlock::sortStructureStubInfos):
- bytecode/CodeBlock.h:
(CodeBlock):
- bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::deref):
(JSC::StructureStubInfo::visitWeakReferences):
- bytecode/StructureStubInfo.h:
(JSC::isInAccess):
(JSC):
(StructureStubInfo):
(JSC::StructureStubInfo::initInList):
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGCCallHelpers.h:
(JSC::DFG::CCallHelpers::setupResults):
- dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGGPRInfo.h:
(JSC::DFG::JSValueRegs::payloadOnly):
(JSValueRegs):
(JSC::DFG::JSValueRegs::JSValueRegs):
(JSC::DFG::JSValueRegs::operator!):
(JSC::DFG::JSValueSource::operator!):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
- dfg/DFGJITCompiler.h:
(JSC::DFG::InRecord::InRecord):
(InRecord):
(DFG):
(JITCompiler):
(JSC::DFG::JITCompiler::addIn):
- dfg/DFGNodeType.h:
(DFG):
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
- dfg/DFGRepatch.cpp:
(JSC::DFG::tryRepatchIn):
(DFG):
(JSC::DFG::dfgRepatchIn):
(JSC::DFG::dfgResetIn):
- dfg/DFGRepatch.h:
(DFG):
(JSC::DFG::dfgResetIn):
- dfg/DFGSlowPathGenerator.h:
(JSC::DFG::CallSlowPathGenerator::CallSlowPathGenerator):
(JSC::DFG::CallSlowPathGenerator::tearDown):
(JSC::DFG::CallResultAndNoArgumentsSlowPathGenerator::generateInternal):
(JSC::DFG::CallResultAndOneArgumentSlowPathGenerator::generateInternal):
(JSC::DFG::CallResultAndTwoArgumentsSlowPathGenerator::generateInternal):
(JSC::DFG::CallResultAndThreeArgumentsSlowPathGenerator::generateInternal):
(JSC::DFG::CallResultAndFourArgumentsSlowPathGenerator::generateInternal):
(JSC::DFG::CallResultAndFiveArgumentsSlowPathGenerator::generateInternal):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIn):
(DFG):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::extractResult):
(DFG):
(SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::callOperation):
(JSC::DFG::SpeculativeJIT::appendCallWithExceptionCheckSetResult):
(JSC::DFG::SpeculativeJIT::appendCallSetResult):
(JSC::DFG::JSValueOperand::tagGPR):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- runtime/JSCJSValue.cpp:
(JSC::JSValue::dump):
- runtime/JSString.h:
(JSString):
(JSC::JSString::tryGetValueImpl):
(JSC):
- runtime/Operations.h:
(JSC::normalizePrototypeChainForChainAccess):
Source/WTF:
Reviewed by Geoffrey Garen.
Now if you pass a null StringImpl* then something will still get printed instead
of crashing. I figure that this is broadly useful for debug code, and I make use
of it in the JSC portion of this patch.
- wtf/PrintStream.cpp:
(WTF::printInternal):
LayoutTests:
Reviewed by Geoffrey Garen.
Test coverage for op_in performance.
- fast/js/regress/in-four-cases-expected.txt: Added.
- fast/js/regress/in-four-cases.html: Added.
- fast/js/regress/in-one-case-false-expected.txt: Added.
- fast/js/regress/in-one-case-false.html: Added.
- fast/js/regress/in-one-case-true-expected.txt: Added.
- fast/js/regress/in-one-case-true.html: Added.
- fast/js/regress/in-two-cases-expected.txt: Added.
- fast/js/regress/in-two-cases.html: Added.
- fast/js/regress/script-tests/in-four-cases.js: Added.
(foo):
(bar):
- fast/js/regress/script-tests/in-one-case-false.js: Added.
(foo):
(bar):
- fast/js/regress/script-tests/in-one-case-true.js: Added.
(foo):
(bar):
- fast/js/regress/script-tests/in-two-cases.js: Added.
(foo):
(bar):
- 9:02 PM Changeset in webkit [153224] by
-
- 1 edit in trunk/LayoutTests/fast/js/resources/standalone-pre.js
fourthTier: A few fixups to standalone-pre.js
- 9:02 PM Changeset in webkit [153223] by
-
- 11 edits in trunk/Source/JavaScriptCore
fourthTier: The Math object should not be polymorphic
https://bugs.webkit.org/show_bug.cgi?id=117576
Reviewed by Oliver Hunt.
Fill in the Math object eagerly, to avoid its structure changing during
execution. There are lots of ways to skin this cat; this one seemed
easiest, and justified given the relative hotness of math operations.
20% speedup on DSP-filtrr tests, small speedups on a few Kraken tests.
- DerivedSources.make:
- JavaScriptCore.order:
- create_hash_table:
- interpreter/CallFrame.h:
(JSC::ExecState::jsonTable): Removed the Math object's static table.
- runtime/JSObject.cpp:
(JSC::JSObject::putDirectNativeFunctionWithoutTransition):
- runtime/JSObject.h:
- runtime/MathObject.cpp:
(JSC::MathObject::finishCreation):
- runtime/MathObject.h:
(JSC::MathObject::create): Set up the Math object at construction time.
- runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
- runtime/VM.h: Removed the Math object's static table.
- 9:02 PM Changeset in webkit [153222] by
-
- 28 edits2 adds in trunk/Source/JavaScriptCore
fourthTier: The baseline jit and LLint should use common slow paths
https://bugs.webkit.org/show_bug.cgi?id=116889
Reviewed by Filip Pizlo.
Moved the llint_slow_paths that return JSValue along with several others to CommonSlowPaths.cpp.
Eliminated the related JIT stubs. Changes the baseline JIT to call these new common stubs.
Added a simple slow path call class that uses argument registers or the stack instead of
JITStackFrame. Changes the exception mechanism for to check for an exception after making
a slowpath call instead of returning to the handler directly form the slowpath function.
- JavaScriptCore.xcodeproj/project.pbxproj:
- jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
- jit/JIT.h:
(JIT):
- jit/JITArithmetic.cpp:
(JSC::JIT::emitSlow_op_negate):
(JSC::JIT::emitSlow_op_lshift):
(JSC::JIT::emitSlow_op_rshift):
(JSC::JIT::emitSlow_op_urshift):
(JSC::JIT::emitSlow_op_bitand):
(JSC::JIT::emitSlow_op_inc):
(JSC::JIT::emitSlow_op_dec):
(JSC::JIT::emitSlow_op_mod):
(JSC::JIT::emit_op_mod):
(JSC::JIT::compileBinaryArithOpSlowCase):
(JSC::JIT::emit_op_add):
(JSC::JIT::emitSlow_op_add):
(JSC::JIT::emitSlow_op_mul):
(JSC::JIT::emitSlow_op_div):
(JSC::JIT::emitSlow_op_sub):
- jit/JITArithmetic32_64.cpp:
(JSC::JIT::emitSlow_op_negate):
(JSC::JIT::emitSlow_op_lshift):
(JSC::JIT::emitRightShiftSlowCase):
(JSC::JIT::emitSlow_op_bitand):
(JSC::JIT::emitSlow_op_bitor):
(JSC::JIT::emitSlow_op_bitxor):
(JSC::JIT::emitSlow_op_inc):
(JSC::JIT::emitSlow_op_dec):
(JSC::JIT::emit_op_add):
(JSC::JIT::emitSlow_op_add):
(JSC::JIT::emitSlow_op_sub):
(JSC::JIT::emitSlow_op_mul):
(JSC::JIT::emitSlow_op_div):
(JSC::JIT::emit_op_mod):
(JSC::JIT::emitSlow_op_mod):
- jit/JITExceptions.cpp:
(JSC::getExceptionLocation):
(JSC::genericThrow):
(JSC::jitThrowNew):
- jit/JITExceptions.h:
(ExceptionHandler):
- jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_strcat):
(JSC::JIT::emitSlow_op_create_this):
(JSC::JIT::emitSlow_op_to_this):
(JSC::JIT::emitSlow_op_to_primitive):
(JSC::JIT::emitSlow_op_not):
(JSC::JIT::emitSlow_op_bitxor):
(JSC::JIT::emitSlow_op_bitor):
(JSC::JIT::emitSlow_op_stricteq):
(JSC::JIT::emitSlow_op_nstricteq):
(JSC::JIT::emitSlow_op_to_number):
- jit/JITOpcodes32_64.cpp:
(JSC::JIT::privateCompileCTINativeCall):
(JSC::JIT::emitSlow_op_to_primitive):
(JSC::JIT::emit_op_strcat):
(JSC::JIT::emitSlow_op_not):
(JSC::JIT::emitSlow_op_stricteq):
(JSC::JIT::emitSlow_op_nstricteq):
(JSC::JIT::emitSlow_op_to_number):
(JSC::JIT::emit_op_create_arguments):
(JSC::JIT::emitSlow_op_create_this):
(JSC::JIT::emitSlow_op_to_this):
(JSC::JIT::emitSlow_op_get_argument_by_val):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
(JSC::cti_vm_throw_slowpath):
- jit/JITStubs.h:
- jit/JITStubsARM.h:
- jit/JITStubsARMv7.h:
- jit/JITStubsMIPS.h:
- jit/JITStubsSH4.h:
- jit/JITStubsX86.h:
- jit/JITStubsX86_64.h:
- jit/JSInterfaceJIT.h:
(JSInterfaceJIT):
- jit/SlowPathCall.h: Added.
(JITSlowPathCall):
(JSC::JITSlowPathCall::JITSlowPathCall):
(JSC::JITSlowPathCall::call):
- jit/ThunkGenerators.cpp:
(JSC::nativeForGenerator):
- llint/LLIntSlowPaths.cpp:
(LLInt):
- llint/LLIntSlowPaths.h:
(LLInt):
- llint/LowLevelInterpreter.asm:
- llint/LowLevelInterpreter.cpp:
- llint/LowLevelInterpreter32_64.asm:
- llint/LowLevelInterpreter64.asm:
- runtime/CommonSlowPaths.cpp: Added.
(JSC::SLOW_PATH_DECL):
- runtime/CommonSlowPaths.h:
(SlowPathReturnType):
(JSC::encodeResult):
(JSC::decodeResult):
- runtime/JSCJSValue.h:
(JSValue):
- 9:02 PM Changeset in webkit [153221] by
-
- 91 edits4 deletes in trunk
fourthTier: Re-worked non-local variable resolution
https://bugs.webkit.org/show_bug.cgi?id=117375
Reviewed by Filip Pizlo.
Source/JavaScriptCore:
This patch has two goals:
(1) Simplicity.
- Net removes 15 opcodes.
- Net removes 2,000 lines of code.
- Removes setPair() from the DFG: All DFG nodes have 1 result register now.
(2) Performance.
- 2%-3% speedup on SunSpider (20% in LLInt and Baseline JIT)
- 2% speedup on v8-spider
- 10% speedup on js-regress-hashmap*
- Amusing 2X speedup on js-regress-poly-stricteq
The bytecode now separates the scope chain resolution opcode from the
scope access opcode.
OLD:
NEW:
resolve_scope r0, x(@id0)
get_from_scope r1, r0, x(@id0)
inc r1
put_to_scope r0, x(@id0), r1
Also, we link non-local variable resolution opcodes at CodeBlock link
time instead of time of first opcode execution.
This means that we can represent all possible non-local variable
resolutions using just three opcodes, and any optimizations in these
opcodes naturally apply across-the-board.
- API/JSCTestRunnerUtils.cpp:
(JSC::numberOfDFGCompiles):
- GNUmakefile.list.am:
- JavaScriptCore.gypi:
- JavaScriptCore.order:
- JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
- JavaScriptCore.xcodeproj/project.pbxproj:
- Target.pri: Build!
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode): Updated for removed things.
(JSC::CodeBlock::CodeBlock): Always provide the full scope chain when
creating a CodeBlock, so we can perform non-local variable resolution.
Added code to perform linking for these opcodes. This is where we figure
out which non-local variable resolutions are optimizable, and how.
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::noticeIncomingCall):
(JSC::CodeBlock::optimizeAfterWarmUp):
(JSC::CodeBlock::optimizeAfterLongWarmUp):
(JSC::CodeBlock::optimizeSoon): Updated for removed things.
- bytecode/CodeBlock.h:
(JSC::CodeBlock::needsActivation):
(JSC::GlobalCodeBlock::GlobalCodeBlock):
(JSC::ProgramCodeBlock::ProgramCodeBlock):
(JSC::EvalCodeBlock::EvalCodeBlock):
(JSC::FunctionCodeBlock::FunctionCodeBlock):
- bytecode/EvalCodeCache.h:
(JSC::EvalCodeCache::getSlow): Updated for interface changes.
- bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFor): Treat global object access as
optimizable even though the global object has a custom property access
callback. This is what we've always done since, otherwise, we can't
optimize globals. (In future, we probably want to figure out a more
targeted policy than "any property access callback means no
optimization".)
- bytecode/GlobalResolveInfo.h: Removed.
- bytecode/Instruction.h:
- bytecode/Opcode.h:
(JSC::padOpcodeName):
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFor): Like GetByIdStatus.
- bytecode/ResolveGlobalStatus.cpp: Removed.
- bytecode/ResolveGlobalStatus.h: Removed.
- bytecode/ResolveOperation.h: Removed.
- bytecode/UnlinkedCodeBlock.cpp:
(JSC::generateFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::codeBlockFor):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
- bytecode/UnlinkedCodeBlock.h: Don't provide a scope chain to unlinked
code blocks. Giving a scope to an unscoped compilation unit invites
programming errors.
- bytecode/Watchpoint.h:
(JSC::WatchpointSet::addressOfIsInvalidated):
- bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::resolveCallee):
(JSC::BytecodeGenerator::local):
(JSC::BytecodeGenerator::constLocal):
(JSC::BytecodeGenerator::resolveType):
(JSC::BytecodeGenerator::emitResolveScope):
(JSC::BytecodeGenerator::emitGetFromScope):
(JSC::BytecodeGenerator::emitPutToScope):
(JSC::BytecodeGenerator::emitInstanceOf):
(JSC::BytecodeGenerator::emitPushWithScope):
(JSC::BytecodeGenerator::emitPopScope):
(JSC::BytecodeGenerator::pushFinallyContext):
(JSC::BytecodeGenerator::emitComplexPopScopes):
(JSC::BytecodeGenerator::popTryAndEmitCatch):
(JSC::BytecodeGenerator::emitPushNameScope):
(JSC::BytecodeGenerator::isArgumentNumber):
- bytecompiler/BytecodeGenerator.h:
(JSC::Local::Local):
(JSC::Local::operator bool):
(JSC::Local::get):
(JSC::Local::isReadOnly):
(JSC::BytecodeGenerator::scopeDepth):
(JSC::BytecodeGenerator::shouldOptimizeLocals):
(JSC::BytecodeGenerator::canOptimizeNonLocals): Refactored the bytecode
generator to resolve all variables within local scope, as if there
were no non-local scope. This helps provide a separation of concerns:
unlinked bytecode is always scope-free, and the linking stage links
in the provided scope.
- bytecompiler/NodesCodegen.cpp:
(JSC::ResolveNode::isPure):
(JSC::ResolveNode::emitBytecode):
(JSC::EvalFunctionCallNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::DeleteResolveNode::emitBytecode):
(JSC::TypeOfResolveNode::emitBytecode):
(JSC::PrefixNode::emitResolve):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::ConstDeclNode::emitCodeSingle):
(JSC::ForInNode::emitBytecode): A bunch of this codegen is no longer
necessary, since it's redundant with the linking stage.
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(JSC::DFG::ByteCodeParser::cellConstantWithStructureCheck):
(JSC::DFG::ByteCodeParser::handlePutByOffset):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::parseBlock): Updated for interface changes.
Notably, we can reuse existing DFG nodes -- but the mapping between
bytecode and DFG nodes has changed, and some nodes and corner cases have
been removed.
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::scopedVarLoadElimination):
(JSC::DFG::CSEPhase::varInjectionWatchpointElimination):
(JSC::DFG::CSEPhase::globalVarStoreElimination):
(JSC::DFG::CSEPhase::scopedVarStoreElimination):
(JSC::DFG::CSEPhase::getLocalLoadElimination):
(JSC::DFG::CSEPhase::setLocalStoreElimination):
(JSC::DFG::CSEPhase::performNodeCSE): Added CSE for var injection
watchpoints. Even though watchpoints are "free", they're quite common
inside code that's subject to var injection, so I figured we'd save a
little memory.
- dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
- dfg/DFGCapabilities.h: Removed detection for old forms.
- dfg/DFGDriver.h:
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGGraph.h:
- dfg/DFGJITCode.cpp:
- dfg/DFGNode.h:
(JSC::DFG::Node::convertToStructureTransitionWatchpoint):
(JSC::DFG::Node::hasVarNumber):
(JSC::DFG::Node::hasIdentifierNumberForCheck):
(JSC::DFG::Node::hasRegisterPointer):
(JSC::DFG::Node::hasHeapPrediction):
- dfg/DFGNodeType.h:
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
- dfg/DFGRepatch.h:
(JSC::DFG::dfgResetGetByID):
(JSC::DFG::dfgResetPutByID):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation): Removed some unneeded things,
and updated for renames.
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile): The two primary changes here are:
(1) Use a watchpoint for var injection instead of looping over the scope
chain and checking. This is more efficient and much easier to model in
code generation.
(2) I've eliminated the notion of an optimized global assignment that
needs to check for whether it should fire a watchpiont. Instead, we
fire pre-emptively at the point of optimization. This removes a bunch
of edge cases, and it seems like a more honest representation of
the fact that our new optimization contradicts our old one.
- dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
- heap/DFGCodeBlocks.cpp:
(JSC::DFGCodeBlocks::jettison):
- interpreter/CallFrame.h:
(JSC::ExecState::trueCallFrame): Removed stuff that's unused now, and
fixed the build.
- interpreter/Interpreter.cpp:
(JSC::eval):
(JSC::getBytecodeOffsetForCallFrame):
(JSC::getCallerInfo):
(JSC::Interpreter::throwException): Updated exception scope tracking
to match the rest of our linking strategy: The unlinked bytecode compiles
exception scope as if non-local scope did not exist, and we add in
non-local scope at link time. This means that we can restore the right
scope depth based on a simple number, without checking the contents of
the scope chain.
(JSC::Interpreter::execute): Make sure to establish the full scope chain
before linking eval code. We now require the full scope chain at link
time, in order to link non-local variable resolution opcodes.
- jit/JIT.cpp:
(JSC::JIT::JIT):
(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):
- jit/JIT.h:
- jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_add):
- jit/JITCode.cpp:
- jit/JITOpcodes.cpp:
(JSC::JIT::emitSlow_op_bitxor):
(JSC::JIT::emitSlow_op_bitor):
- jit/JITOpcodes32_64.cpp:
(JSC::JIT::emitSlow_op_to_primitive):
(JSC::JIT::emit_op_strcat):
(JSC::JIT::emitSlow_op_create_this):
(JSC::JIT::emitSlow_op_to_this):
- jit/JITPropertyAccess.cpp:
(JSC::JIT::emitVarInjectionCheck):
(JSC::JIT::emitResolveClosure):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emitLoadWithStructureCheck):
(JSC::JIT::emitGetGlobalProperty):
(JSC::JIT::emitGetGlobalVar):
(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emitPutGlobalProperty):
(JSC::JIT::emitPutGlobalVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::emit_op_init_global_const):
- jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitVarInjectionCheck):
(JSC::JIT::emitResolveClosure):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::emitSlow_op_resolve_scope):
(JSC::JIT::emitLoadWithStructureCheck):
(JSC::JIT::emitGetGlobalProperty):
(JSC::JIT::emitGetGlobalVar):
(JSC::JIT::emitGetClosureVar):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::emitSlow_op_get_from_scope):
(JSC::JIT::emitPutGlobalProperty):
(JSC::JIT::emitPutGlobalVar):
(JSC::JIT::emitPutClosureVar):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::emit_op_init_global_const):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- jit/JITStubs.h: Re-wrote baseline JIT codegen for our new variable
resolution model.
- llint/LLIntData.cpp:
(JSC::LLInt::Data::performAssertions):
- llint/LLIntSlowPaths.cpp:
- llint/LLIntSlowPaths.h:
- llint/LowLevelInterpreter.asm:
- llint/LowLevelInterpreter.cpp:
(JSC::CLoop::execute):
- llint/LowLevelInterpreter32_64.asm:
- llint/LowLevelInterpreter64.asm: Ditto for LLInt.
- offlineasm/x86.rb: Fixed a pre-existing encoding bug for a syntactic
form that we never used before.
- runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncToString):
(JSC::arrayProtoFuncToLocaleString):
(JSC::arrayProtoFuncJoin):
(JSC::arrayProtoFuncConcat):
(JSC::arrayProtoFuncPop):
(JSC::arrayProtoFuncPush):
(JSC::arrayProtoFuncReverse):
(JSC::arrayProtoFuncShift):
(JSC::arrayProtoFuncSlice):
(JSC::arrayProtoFuncSort):
(JSC::arrayProtoFuncSplice):
(JSC::arrayProtoFuncUnShift):
(JSC::arrayProtoFuncFilter):
(JSC::arrayProtoFuncMap):
(JSC::arrayProtoFuncEvery):
(JSC::arrayProtoFuncForEach):
(JSC::arrayProtoFuncSome):
(JSC::arrayProtoFuncReduce):
(JSC::arrayProtoFuncReduceRight):
(JSC::arrayProtoFuncIndexOf):
(JSC::arrayProtoFuncLastIndexOf): Fixed some pre-existing bugs in
'this' value conversion, which I made much more common by removing
special cases in bytecode generation.
These functions need to invoke toThis() because they observe the 'this'
value. Also, toLocaleString() is specified to accept non-array 'this'
values.
(Most other host functions don't need this fix because they perform
strict 'this' checking, which never coerces unexpected types.)
- runtime/CodeCache.cpp:
(JSC::CodeCache::getCodeBlock):
(JSC::CodeCache::getProgramCodeBlock):
(JSC::CodeCache::getEvalCodeBlock):
- runtime/CodeCache.h: Don't supply a scope to the unlinked code cache.
Unlinked code is supposed to be scope-free, so let's have the compiler
help verify that.
- runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
- runtime/CommonSlowPaths.h:
- runtime/Executable.cpp:
(JSC::EvalExecutable::create):
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
- runtime/Executable.h:
(JSC::EvalExecutable::numVariables):
(JSC::EvalExecutable::numberOfFunctionDecls):
- runtime/ExecutionHarness.h:
(JSC::prepareForExecutionImpl):
(JSC::prepareFunctionForExecutionImpl):
(JSC::installOptimizedCode): Fiddled with executable initialization so
that we can always generate a full scope chain before we go to link a
code block. We need this because code block linking now depends on the
scope chain to link non-local variable resolution opcodes.
- runtime/JSActivation.h:
- runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::JSGlobalObject):
(JSC::JSGlobalObject::createEvalCodeBlock):
- runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::varInjectionWatchpoint):
- runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncEval):
- runtime/JSNameScope.h:
- runtime/JSScope.cpp:
(JSC::abstractAccess):
(JSC::JSScope::objectAtScope):
(JSC::JSScope::depth):
(JSC::JSScope::resolve):
(JSC::JSScope::abstractResolve): Updated to match changes explained above.
- runtime/JSScope.h:
(JSC::makeType):
(JSC::needsVarInjectionChecks):
(JSC::ResolveOp::ResolveOp):
(JSC::ResolveModeAndType::ResolveModeAndType):
(JSC::ResolveModeAndType::mode):
(JSC::ResolveModeAndType::type):
(JSC::ResolveModeAndType::operand): Removed the old variable resolution
state machine, since it's unused now. Added logic for performing abstract
variable resolution at link time. This is used by codeblock linking.
- runtime/ObjectPrototype.cpp:
(JSC::objectProtoFuncValueOf):
(JSC::objectProtoFuncHasOwnProperty):
(JSC::objectProtoFuncIsPrototypeOf):
(JSC::objectProtoFuncDefineGetter):
(JSC::objectProtoFuncDefineSetter):
(JSC::objectProtoFuncLookupGetter):
(JSC::objectProtoFuncLookupSetter):
(JSC::objectProtoFuncPropertyIsEnumerable):
(JSC::objectProtoFuncToLocaleString):
(JSC::objectProtoFuncToString): Fixed some pre-existing bugs in
'this' value conversion, which I made much more common by removing
special cases in bytecode generation.
These functions need to invoke toThis() because they observe the 'this'
value.
- runtime/StringPrototype.cpp:
(JSC::checkObjectCoercible):
(JSC::stringProtoFuncReplace):
(JSC::stringProtoFuncCharAt):
(JSC::stringProtoFuncCharCodeAt):
(JSC::stringProtoFuncConcat):
(JSC::stringProtoFuncIndexOf):
(JSC::stringProtoFuncLastIndexOf):
(JSC::stringProtoFuncMatch):
(JSC::stringProtoFuncSearch):
(JSC::stringProtoFuncSlice):
(JSC::stringProtoFuncSplit):
(JSC::stringProtoFuncSubstr):
(JSC::stringProtoFuncSubstring):
(JSC::stringProtoFuncToLowerCase):
(JSC::stringProtoFuncToUpperCase):
(JSC::stringProtoFuncLocaleCompare):
(JSC::stringProtoFuncBig):
(JSC::stringProtoFuncSmall):
(JSC::stringProtoFuncBlink):
(JSC::stringProtoFuncBold):
(JSC::stringProtoFuncFixed):
(JSC::stringProtoFuncItalics):
(JSC::stringProtoFuncStrike):
(JSC::stringProtoFuncSub):
(JSC::stringProtoFuncSup):
(JSC::stringProtoFuncFontcolor):
(JSC::stringProtoFuncFontsize):
(JSC::stringProtoFuncAnchor):
(JSC::stringProtoFuncLink):
(JSC::trimString): Fixed some pre-existing bugs in
'this' value conversion, which I made much more common by removing
special cases in bytecode generation.
These functions need to invoke toThis() because they observe the 'this'
value.
- runtime/StructureRareData.cpp:
- runtime/VM.cpp:
(JSC::VM::~VM):
- runtime/WriteBarrier.h:
(JSC::WriteBarrierBase::slot): Modified to reduce casting in client code.
LayoutTests:
This patch removed special-case 'this' resolution from bytecode, making
some pre-existing edge cases in 'this' value treatment much more common.
I updated the test results below, and added some tests, to match bug
fixes for these cases.
- fast/js/script-tests/array-functions-non-arrays.js:
- fast/js/array-functions-non-arrays-expected.txt: As specified, it's
not an error to pass a non-array to toLocaleString. Our new result
matches Firefox and Chrome.
- fast/js/array-prototype-properties-expected.txt: Updated for slightly
clearer error message.
- fast/js/basic-strict-mode-expected.txt: Updated for slightly more
standard error message.
- fast/js/object-prototype-toString-expected.txt: Added.
- fast/js/object-prototype-toString.html: Added. This test demonstrates
why we now fail a Sputnik test below, while Firefox and Chrome pass it.
(The test doesn't test what it thinks it tests, and this test verifies
that we get right what it does think it tests.)
- fast/js/string-prototype-function-this-expected.txt: Added.
- fast/js/string-prototype-function-this.html: Added. This test shows
that we CheckObjectCoercible in string prototype functions. (We used
to get this wrong, but Sputnik tests made it seem like we got it right
because they didn't test the dynamic scope case.)
- sputnik/Conformance/11_Expressions/11.1_Primary_Expressions/11.1.1_The_this_Keyword/S11.1.1_A2-expected.txt:
- sputnik/Conformance/15_Native_Objects/15.4_Array/15.4.4/15.4.4.3_Array_prototype_toLocaleString/S15.4.4.3_A2_T1-expected.txt:
- sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.10_String.prototype.match/S15.5.4.10_A1_T3-expected.txt:
- sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.11_String.prototype.replace/S15.5.4.11_A1_T3-expected.txt:
- sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.12_String.prototype.search/S15.5.4.12_A1_T3-expected.txt:
- sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.13_String.prototype.slice/S15.5.4.13_A1_T3-expected.txt:
- sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.14_String.prototype.split/S15.5.4.14_A1_T3-expected.txt:
- sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.15_String.prototype.substring/S15.5.4.15_A1_T3-expected.txt:
- sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.6_String.prototype.concat/S15.5.4.6_A1_T3-expected.txt:
- sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.7_String.prototype.indexOf/S15.5.4.7_A1_T3-expected.txt:
- sputnik/Conformance/15_Native_Objects/15.5_String/15.5.4/15.5.4.8_String.prototype.lastIndexOf/S15.5.4.8_A1_T3-expected.txt:
Updated to show failing results. Firefox and Chrome also fail these
tests, and the ES5 spec seems to mandate failure. Because these tests
resolve a String.prototype function at global scope, the 'this' value
for the call is an environment record. Logically, an environment record
converts to 'undefined' at the call site, and should then fail the
CheckObjectCoercible test.
- 9:02 PM Changeset in webkit [153220] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: isContravenedByStructure is backwards
https://bugs.webkit.org/show_bug.cgi?id=117366
We should be checking if arrayModeForStructure(structure) is a
subset of arrayModesThatPassFiltering(), not the other way around.
Also renamed isContravenedByStructure to better reflect what the
function is trying to determine.
Rubber stamped by Filip Pizlo.
- dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::structureWouldPassArrayModeFiltering):
- dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::noticeStructureCheckAccountingForArrayMode):
(JSC::DFG::ArrayTypeCheck::isContravenedByValue):
- 9:02 PM Changeset in webkit [153219] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: Type check hoisting phase has a dead if statement
https://bugs.webkit.org/show_bug.cgi?id=117510
Reviewed by Geoffrey Garen.
- dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
- 9:02 PM Changeset in webkit [153218] by
-
- 22 edits2 copies3 adds in trunk/Source
fourthTier: Introducing the StackIterator class.
This was a non trivial merge as trunk has changed computation of line and column information
Introducing the StackIterator class.
https://bugs.webkit.org/show_bug.cgi?id=117390.
Reviewed by Geoffrey Garen.
Source/JavaScriptCore:
The StackIterator class is meant to unify the way we iterate the JS
stack. It also makes it so that we don't have to copy the frame data
into the intermediate StackFrame struct before processing it.
Unfortunately we still can't get rid of StackFrame because it is used
to record frame information for the Exception stack that is expected
to persist beyond when the frames have been popped off the JS stack.
The StackIterator will iterate over all "logical" frames (i.e. including
inlined frames). As it iterates the JS stack, if it encounters a DFG
frame that has inlined frames, the iterator will canonicalize the
inlined frames before returning. Once canonicalized, the frame can be
read like any other frame.
The StackIterator implements a Frame class that inherits from CallFrame.
The StackIterator::Frame serves as reader of the CallFrame that makes
it easier to access information about the frame. The StackIterator::Frame
only adds functions, and no additional data fields.
- API/JSContextRef.cpp:
(JSContextCreateBacktrace):
- CMakeLists.txt:
- GNUmakefile.list.am:
- JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
- JavaScriptCore.xcodeproj/project.pbxproj:
- Target.pri:
- interpreter/CallFrame.cpp:
(JSC::CallFrame::begin):
(JSC::CallFrame::beginAt):
- interpreter/CallFrame.h:
(JSC::ExecState::setInlineCallFrame):
(ExecState):
(JSC::ExecState::end):
- interpreter/Interpreter.cpp:
(JSC::Interpreter::dumpRegisters):
(JSC::Interpreter::unwindCallFrame):
(JSC::Interpreter::getStackTrace):
(JSC::Interpreter::throwException):
(JSC::Interpreter::debug):
- interpreter/Interpreter.h:
(Interpreter):
- interpreter/StackIterator.cpp: Added.
(JSC::StackIterator::StackIterator):
(JSC::StackIterator::beginAt):
(JSC::StackIterator::gotoNextFrame):
- Based on the deleted Interpreter::findFunctionCallFrameFromVMCode().
(JSC::StackIterator::findFrameForFunction):
- Based on the deleted Interpreter::retrieveCallerFromVMCode().
(JSC::StackIterator::Frame::codeType):
- Based on the deleted getStackFrameCodeType().
(JSC::StackIterator::Frame::functionName):
- Based on StackFrame::friendlyFunctionName().
(JSC::StackIterator::Frame::sourceURL):
- Based on StackFrame::friendlySourceURL().
(JSC::StackIterator::Frame::toString):
- Based on StackFrame::toString().
(JSC::StackIterator::Frame::bytecodeOffset):
(JSC::StackIterator::Frame::line):
- Based on StackFrame::line().
(JSC::StackIterator::Frame::column):
- Based on StackFrame::column().
(JSC::StackIterator::Frame::arguments):
- Based on the deleted Interpreter::retrieveArgumentsFromVMCode().
(JSC::StackIterator::Frame::retrieveExpressionInfo):
- Based on StackFrame::expressionInfo().
(JSC::StackIterator::Frame::logicalFrame):
- Based on the now deleted CallFrame::trueCallFrame().
(JSC::StackIterator::Frame::logicalCallerFrame):
- Based on the now deleted CallFrame::trueCallerFrame().
(JSC::jitTypeName):
(JSC::printIndents):
(JSC::printif):
(JSC::StackIterator::Frame::print):
(debugPrintCallFrame):
- Prints the contents of the frame for debugging purposes. There are 2 versions that can be used as follows:
- When you have a valid StackIterator, you can print the current frame's content using the print instance method:
iter->print(indentLevel);
- When you have a CallFrame* that you want to dump from a debugger console, you can print its content as follows:
(gdb) call debugPrintCallFrame(callFrame)
A sample of the output looks like this:
frame 0x1510c70b0 {
name 'shouldBe'
sourceURL 'testapi.js'
hostFlag 0
isInlinedFrame 0
callee 0x15154efb0
returnPC 0x10ed0786d
callerFrame 0x1510c7058
logicalCallerFrame 0x1510c7058
rawLocationBits 27 0x1b
codeBlock 0x7fe79b037200
bytecodeOffset 27 0x1b / 210
line 46
column 20
jitType 3 <BaselineJIT> isOptimizingJIT 0
hasCodeOrigins 0
}
- interpreter/StackIterator.h: Added.
(StackIterator::Frame):
(JSC::StackIterator::Frame::create):
(JSC::StackIterator::Frame::isJSFrame):
(JSC::StackIterator::Frame::callFrame):
- interpreter/StackIteratorPrivate.h: Added.
(StackIterator):
(JSC::StackIterator::operator*):
(JSC::StackIterator::operator->):
(JSC::StackIterator::operator==):
(JSC::StackIterator::operator!=):
(JSC::StackIterator::operator++):
(JSC::StackIterator::end):
(JSC::StackIterator::empty):
- jsc.cpp:
(functionJSCStack):
- profiler/ProfileGenerator.cpp:
(JSC::ProfileGenerator::addParentForConsoleStart):
- profiler/ProfileNode.h:
(ProfileNode):
- runtime/JSFunction.cpp:
(JSC::retrieveArguments):
(JSC::JSFunction::argumentsGetter):
(JSC::skipOverBoundFunctions):
(JSC::retrieveCallerFunction):
(JSC::JSFunction::callerGetter):
(JSC::JSFunction::getOwnPropertyDescriptor):
(JSC::JSFunction::defineOwnProperty):
- runtime/JSGlobalObjectFunctions.cpp:
(JSC::globalFuncProtoGetter):
(JSC::globalFuncProtoSetter):
- runtime/ObjectConstructor.cpp:
(JSC::objectConstructorGetPrototypeOf):
- runtime/Operations.h:
Source/WebCore:
No new tests.
- ForwardingHeaders/interpreter/StackIterator.h: Added.
- bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::send):
- bindings/js/ScriptCallStackFactory.cpp:
(WebCore::createScriptCallStack):
- 9:02 PM Changeset in webkit [153217] by
-
- 16 edits6 adds in trunk
fourthTier: DFG GetById patching shouldn't distinguish between self lists and proto lists
https://bugs.webkit.org/show_bug.cgi?id=117377
Source/JavaScriptCore:
Reviewed by Geoffrey Garen.
Previously if you did self accesses and then wanted to do a prototype access, you'd
have a bad time: the prototype accesses would be forced to take slow path because
the self list wouldn't allow prototype accesses. Likewise if you did prototype (or
chain) accesses and then wanted to do a self access, similar stupidity would ensue.
This fixes the stupidity.
I believe that this was introduced way back in the days of the old interpreter,
where distinguishing between self lists, proto lists, and chain lists was meaningful
for interpreter performance: it meant fewer branches to evaluate those lists. Then
it got mostly carried over to the old JIT since the old JIT was just initially an
optimized version of the old interpreter, and then later it got carried over to the
DFG because I didn't know any better at the time. Now I do know better and I'm
fixing it.
- bytecode/PolymorphicAccessStructureList.h:
(JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set):
- bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::initGetByIdSelfList):
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGRepatch.cpp:
(JSC::DFG::tryCacheGetByID):
(JSC::DFG::getPolymorphicStructureList):
(DFG):
(JSC::DFG::patchJumpToGetByIdStub):
(JSC::DFG::tryBuildGetByIDList):
(JSC::DFG::dfgBuildGetByIDList):
LayoutTests:
Reviewed by Geoffrey Garen.
Add tests that show why this is important. These tests speed up by more than 3x.
- fast/js/regress/get-by-id-proto-or-self-expected.txt: Added.
- fast/js/regress/get-by-id-proto-or-self.html: Added.
- fast/js/regress/get-by-id-self-or-proto-expected.txt: Added.
- fast/js/regress/get-by-id-self-or-proto.html: Added.
- fast/js/regress/script-tests/get-by-id-proto-or-self.js: Added.
(foo):
(bar):
(Foo):
- fast/js/regress/script-tests/get-by-id-self-or-proto.js: Added.
(foo):
(bar):
(Foo):
- 9:02 PM Changeset in webkit [153216] by
-
- 16 edits in trunk/Source
fourthTier: Recursive deadlock in DFG::ByteCodeParser
https://bugs.webkit.org/show_bug.cgi?id=117376
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
Leave the lock early to prevent a deadlock beneath get().
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
Source/WTF:
Reviewed by Mark Hahnenberg.
I've often wanted to leave a lock early. Now I have that power!
- wtf/Locker.h:
(WTF::Locker::Locker):
(WTF::Locker::~Locker):
(Locker):
(WTF::Locker::unlockEarly):
(WTF::Locker::lock):
- 9:02 PM Changeset in webkit [153215] by
-
- 11 edits in trunk
fourthTier: don't insert ForceOSRExits except for inadequate coverage
https://bugs.webkit.org/show_bug.cgi?id=117363
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
Previously (in http://trac.webkit.org/changeset/151303) I made it so that we
inserted ForceOSRExits more eagerly. I now think it's better to have
contradictions execute normally and exit with full OSR exit profiling. It's
better at catching the few cases where the DFG will end up with different
types than the baseline engines.
This simplifies a bunch of code. For example it gets rid of
ConstantFoldingPhase::paintUnreachableCode().
You can think of this as a partial roll-out of r151303, except that it uses
the facilities introduced by that patch to give us run-time assertions that
check the CFA's correctness: if the CFA thought that something was a
contradiction but the code didn't exit, we'll now trap.
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::AbstractState):
(JSC::DFG::AbstractState::startExecuting):
(JSC::DFG::AbstractState::executeEffects):
(JSC::DFG::AbstractState::execute):
(JSC::DFG::AbstractState::filter):
(JSC::DFG::AbstractState::filterArrayModes):
(JSC::DFG::AbstractState::filterByValue):
(DFG):
- dfg/DFGAbstractState.h:
(AbstractState):
(JSC::DFG::AbstractState::filter):
(JSC::DFG::AbstractState::filterArrayModes):
(JSC::DFG::AbstractState::filterByValue):
- dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::performBlockCFA):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::run):
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(ConstantFoldingPhase):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
LayoutTests:
Reviewed by Mark Hahnenberg.
Convert this test, since this was the test originally added for
ConstantFoldingPhase::paintUnreachableCode(). I wanted to make sure that I had good coverage
for this since I am removing that method.
- fast/js/dfg-force-exit-then-sparse-conditional-constant-prop-in-loop-expected.txt:
- fast/js/script-tests/dfg-force-exit-then-sparse-conditional-constant-prop-in-loop.js:
- 9:02 PM Changeset in webkit [153214] by
-
- 4 edits in trunk/Source/JavaScriptCore
fourthTier: Reenable the DFG optimization fixpoint now that it's profitable to do so with concurrent compilation
https://bugs.webkit.org/show_bug.cgi?id=117331
Rubber stamped by Sam Weinig.
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
- 9:02 PM Changeset in webkit [153213] by
-
- 25 edits1 copy in trunk/Source/JavaScriptCore
fourthTier: DFG CFA should know when it hits a contradiction
https://bugs.webkit.org/show_bug.cgi?id=117272
Reviewed by Oliver Hunt.
This makes the DFG CFA immediately detect when it hit a contradiction. Previously
we might not know this: for example if we did an int32 type check on a known string;
the code would definitely always exit but the CFA would think that we wouldn't have
even though it would have computed a BOTTOM (i.e. contradictory) value for that
variable.
This requires two other changes:
- CFA must report contradictions as if they are frequent exit sites, since contradictory speculations will subsequently get replaced with ForceOSRExit. ForceOSRExit cannot itself report profiling data back to the DFG::ExitProfile. So, we do this on behalf of the speculation, eagerly, within the CFA. This also has the effect of speeding convergence somewhat. We may want to revisit this later; for example we might want to instead have the notion of a ForceOSRExit that knows the set of speculations that got folded into it.
- This revealed a bug where the CFA was modeling CheckStructure on a node that had a known singleton m_futurePossibleStructure set somewhat differently than the constant folder. If the CheckStructure was checking a structure set with two or more structures in it, it would not filter the abstract value. But the constant folder would turn this into a watchpoint on the singleton structure, thereby filtering the value. This discrepancy meant that we wouldn't realize the contradiction until the backend, and the AbstractState::bail() method asserts that we always realize contradictions in the constant folder.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/CodeBlock.h:
(JSC::CodeBlock::addFrequentExitSite):
(JSC::CodeBlock::hasExitSite):
(CodeBlock):
- bytecode/DFGExitProfile.cpp:
(JSC::DFG::ExitProfile::add):
(JSC::DFG::ExitProfile::hasExitSite):
(JSC::DFG::QueryableExitProfile::QueryableExitProfile):
(JSC::DFG::QueryableExitProfile::~QueryableExitProfile):
(DFG):
(JSC::DFG::QueryableExitProfile::initialize):
- bytecode/DFGExitProfile.h:
(JSC::DFG::FrequentExitSite::FrequentExitSite):
(ExitProfile):
(JSC::DFG::ExitProfile::hasExitSite):
(QueryableExitProfile):
- bytecode/ExitKind.cpp:
(JSC::exitKindToString):
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::AbstractState):
(JSC::DFG::AbstractState::beginBasicBlock):
(JSC::DFG::AbstractState::reset):
(JSC::DFG::AbstractState::startExecuting):
(JSC::DFG::AbstractState::executeEffects):
(JSC::DFG::AbstractState::execute):
(JSC::DFG::AbstractState::filter):
(DFG):
(JSC::DFG::AbstractState::filterArrayModes):
(JSC::DFG::AbstractState::filterByValue):
(JSC::DFG::AbstractState::bail):
- dfg/DFGAbstractState.h:
(AbstractState):
(JSC::DFG::AbstractState::filter):
(JSC::DFG::AbstractState::filterArrayModes):
(JSC::DFG::AbstractState::filterByValue):
(JSC::DFG::AbstractState::filterByType):
- dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::filter):
(JSC::DFG::AbstractValue::filterArrayModes):
(DFG):
(JSC::DFG::AbstractValue::filterByValue):
(JSC::DFG::AbstractValue::normalizeClarity):
- dfg/DFGAbstractValue.h:
(AbstractValue):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::performBlockCFA):
- dfg/DFGCapabilities.cpp:
(JSC::DFG::debugFail):
(JSC::DFG::capabilityLevel):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(ConstantFoldingPhase):
(JSC::DFG::ConstantFoldingPhase::paintUnreachableCode):
- dfg/DFGFiltrationResult.h: Added.
(DFG):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGNodeType.h:
(DFG):
- dfg/DFGOSRExitBase.cpp:
(JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSiteSlow):
- dfg/DFGOSRExitBase.h:
(JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSite):
- dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::backwardTypeCheck):
(JSC::DFG::SpeculativeJIT::bail):
(DFG):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileToStringOnCell):
(JSC::DFG::SpeculativeJIT::speculateStringObject):
(JSC::DFG::SpeculativeJIT::speculateStringOrStringObject):
- dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
(JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
(JSC::DFG::SpeculativeJIT::compile):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::appendTypeCheck):
- 9:02 PM Changeset in webkit [153212] by
-
- 10 edits in trunk/Source/JavaScriptCore
fourthTier: 32-bit CallFrame::Location should use Instruction* for BytecodeLocation, not bytecodeOffset.
https://bugs.webkit.org/show_bug.cgi?id=117327.
Reviewed by Michael Saboff.
- Renamed CallFrame::Location's Type to TypeTag.
- Made the CallFrame::Location::TypeTag private, and provided type specific encoder functions. This reduces verbosity in client code.
- Fixed the DFG's reifyInlinedCallFrames() on 32-bit ports to store a bytecode Instruction* in the CallFrame location instead of a bytecode offset.
- Fixed places in JIT and FTL code which populate the CallFrame location (i.e. ArgumentCount tag) to use a Location encoder instead of storing the bytecodeOffset directly. This doesn't make any semantic difference, but it does assert that the stored value does not have bits where we would expect Location TypeTags to be.
- dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::beginCall):
- dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
- ftl/FTLLink.cpp:
(JSC::FTL::link):
- interpreter/CallFrame.cpp:
(JSC::CallFrame::setLocationAsBytecodeOffset):
- interpreter/CallFrame.h:
(Location):
- interpreter/CallFrameInlines.h:
(JSC::CallFrame::Location::encodeAsBytecodeOffset):
(JSC::CallFrame::Location::encodeAsBytecodeInstruction):
(JSC::CallFrame::Location::encodeAsCodeOriginIndex):
(JSC::CallFrame::Location::encodeAsInlinedCode):
(JSC::CallFrame::Location::isBytecodeLocation):
(JSC::CallFrame::setIsInlinedFrame):
(JSC::CallFrame::hasLocationAsBytecodeOffset):
(JSC::CallFrame::setLocationAsBytecodeOffset):
- jit/JITCall.cpp:
(JSC::JIT::compileOpCall):
- jit/JITCall32_64.cpp:
(JSC::JIT::compileOpCall):
- jit/JITInlines.h:
(JSC::JIT::updateTopCallFrame):
- 9:02 PM Changeset in webkit [153211] by
-
- 11 edits in trunk/Source/JavaScriptCore
fourthTier: CallFrame::trueCallFrame() should populate the bytecodeOffset field
when reifying inlined frames..
https://bugs.webkit.org/show_bug.cgi?id=117209.
Reviewed by Geoffrey Garen.
When reifying an inlined frame, we fill in its CodeBlock, and
bytecodeOffset. We also set the InlinedFrame bit in the location field.
This is needed in order to iterate the stack correctly. Here's why:
Let's say we have the following stack trace:
X calls A inlines B inlines C calls D
Based on the above scenario,
- D's callerFrame points to A (not C).
- A has a codeOriginIndex that points to C.
When iterating the stack (from D back towards X), we will encounter A
twice:
t1. when trying to find C as D's caller.
This is the time when we reify B and C using the
codeOriginIndex in A, and return C as the caller frame of D.
t2. when getting's the reified B's caller.
This time, we don't run the reification process, and
just take A as the caller frame of B.
To discern which treatment of the DFG frame (i.e. A) we need to apply,
we check if the callee is an inlined frame:
If callee is NOT an inlined frame (e.g. frame D), apply treatment t1.
If callee is an inlined frame (e.g. frame B), apply treatment t2.
Why not just reify A by replacing its codeOriginIndex with A's
bytecodeOffset?
We can't do this because D's callerFrame pointer still points to A, and
needs to remain that way because we did not deopt A. It remains a DFG
frame which inlined B and C.
If we replace the codeOriginIndex in A with A's bytecodeOffset, we will
only get to iterate the stack correctly once. If we try to iterate the
stack a second time, we will not have the information from the
codeOriginIndex to tell us that D's caller is actually the inlined C,
and not A.
To recap, when reifying frames for stack iteration purposes, the DFG
frame needs to hold on to its codeOriginIndex. This in turn means the
DFG frame will need to be treated in 2 possible ways, and we need to
know if a callee frame is an inlined frame in order to choose the
correct treatment for the DFG frame.
Other changes:
- Simplified Interpreter::getCallerInfo().
- Removed CodeBlock::codeOriginForReturn() and supporting code which is now unneeded.
- Moved CallFrame location bit encoding from the CodeOrigin to the new CallFrame::Location class.
- Explicitly tagged inlined frames. This is necessary in order to iterate the stack correctly as explained above.
- bytecode/CodeBlock.cpp:
- bytecode/CodeBlock.h:
(JSC::CodeBlock::codeOrigins):
(CodeBlock):
(JSC::CodeBlock::codeOrigin):
(RareData):
- bytecode/CodeOrigin.h:
(CodeOrigin):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
- dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::beginCall):
- interpreter/CallFrame.cpp:
(JSC::CallFrame::trueCallFrame):
(JSC::CallFrame::trueCallerFrame):
(JSC::CallFrame::bytecodeOffsetFromCodeOriginIndex):
- interpreter/CallFrame.h:
(Location):
(ExecState):
(JSC::ExecState::trueCallerFrame):
(JSC::ExecState::callerFrameNoFlags):
- interpreter/CallFrameInlines.h:
(JSC::CallFrame::Location::encode):
(JSC::CallFrame::Location::decode):
(JSC::CallFrame::Location::isBytecodeOffset):
(JSC::CallFrame::Location::isCodeOriginIndex):
(JSC::CallFrame::Location::isInlinedFrame):
(JSC::CallFrame::isInlinedFrame):
(JSC::CallFrame::setIsInlinedFrame):
(JSC::CallFrame::hasLocationAsBytecodeOffset):
(JSC::CallFrame::hasLocationAsCodeOriginIndex):
(JSC::CallFrame::locationAsBytecodeOffset):
(JSC::CallFrame::setLocationAsBytecodeOffset):
(JSC::CallFrame::locationAsCodeOriginIndex):
- interpreter/Interpreter.cpp:
(JSC::getCallerInfo):
(JSC::Interpreter::getStackTrace):
(JSC::Interpreter::findFunctionCallFrameFromVMCode):
- runtime/Arguments.cpp:
(JSC::Arguments::tearOff):
- 9:02 PM Changeset in webkit [153210] by
-
- 5 edits in trunk/Source/JavaScriptCore
fourthTier: DFG CFA shouldn't filter ArrayModes with ALL_NON_ARRAY_ARRAY_MODES if the speculated type is not SpecArray
https://bugs.webkit.org/show_bug.cgi?id=117279
Reviewed by Mark Hahnenberg.
The normalization of abstract value clarity introduced in r151229 revealed a
long-standing bug where we filtered ArrayModes incorrectly and sometimes ended
up with BOTTOM incorrectly.
This patch fixes that bug, and cleans up a bunch of debugging infrastructure
that I needed to resurrect to track this down.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::resetStubInternal):
(JSC::CodeBlock::noticeIncomingCall):
- dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::filterArrayModesByType):
- dfg/DFGCFAPhase.cpp:
(CFAPhase):
(JSC::DFG::CFAPhase::run):
(JSC::DFG::CFAPhase::performBlockCFA):
(JSC::DFG::CFAPhase::performForwardCFA):
- runtime/Options.h:
(JSC):
- 9:02 PM Changeset in webkit [153209] by
-
- 11 edits1 add in trunk/Source/JavaScriptCore
fourthTier: Disambiguate between CallFrame bytecodeOffset and codeOriginIndex.
https://bugs.webkit.org/show_bug.cgi?id=117262.
Reviewed by Geoffrey Garen.
When writing to the ArgumentCount tag in CallFrame, we will set the high
bit if the written value is a codeOriginIndex.
- GNUmakefile.list.am:
- JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/CodeOrigin.h:
(CodeOrigin):
(JSC::CodeOrigin::isHandle):
(JSC::CodeOrigin::encodeHandle):
(JSC::CodeOrigin::decodeHandle):
- dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::beginCall):
- dfg/DFGRepatch.cpp:
(JSC::DFG::tryBuildGetByIDList):
- interpreter/CallFrame.cpp:
(JSC::CallFrame::locationAsBytecodeOffset):
(JSC::CallFrame::setLocationAsBytecodeOffset):
(JSC::CallFrame::currentVPC):
(JSC::CallFrame::setCurrentVPC):
(JSC::CallFrame::trueCallFrame):
- interpreter/CallFrame.h:
(ExecState):
(JSC::ExecState::inlineCallFrame):
- interpreter/CallFrameInlines.h: Added.
(JSC::CallFrame::hasLocationAsBytecodeOffset):
(JSC::CallFrame::hasLocationAsCodeOriginIndex):
(JSC::CallFrame::locationAsRawBits):
(JSC::CallFrame::setLocationAsRawBits):
(JSC::CallFrame::locationAsBytecodeOffset):
(JSC::CallFrame::setLocationAsBytecodeOffset):
(JSC::CallFrame::locationAsCodeOriginIndex):
- interpreter/Interpreter.cpp:
(JSC::getBytecodeOffsetForCallFrame):
(JSC::getCallerInfo):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- 9:02 PM Changeset in webkit [153208] by
-
- 4 edits in trunk/Source/JavaScriptCore
fourthTier: Clean up AbstractValue
https://bugs.webkit.org/show_bug.cgi?id=117217
Reviewed by Oliver Hunt.
This started as an attempt to make it so that when AbstractValue becomes empty,
its m_type always becomes SpecNone. I wanted this to happen naturally. That turns
out to be basically impossible, since AbstractValue is a set that is dynamically
computed from the intersection of several internal sets: so the value becomes
empty when any of the sets go empty. It's OK if we're imprecise here because it's
always safe for the AbstractValue to seem to overapproximate the set of values
that we see. So I mostly gave up on cleaning up that aspect of AbstractValue. But
while trying to make this happen, I encountered two bugs:
- filterValueByType() ignores the case when m_type contravenes m_value. Namely, we might filter the AbstractValue against a SpeculatedType leading to m_value becoming inconsistent with the new m_type. This change fixes that case. This wasn't a symptomatic bug but it was a silly oversight.
- filterFuturePossibleStructure() was never right. The one call to this method, in filter(Graph&, const StructureSet&), assumed that the previous notions of what structures the value could have in the future were still relevant. This could lead to a bug where we:
1) CheckStructure(@foo, S1)
Where S1 has a valid watchpoint. Now @foo's abstract value will have current
and future structure = S1.
2) Clobber the world.
Now @foo's abstract value will have current structure = TOP, and future
possible structure = S1.
3) CheckStructure(@foo, S2)
Now @foo's abstract value will have current structure = S2 and future
possible structure = S1 intersect S2 = BOTTOM.
Now we will think that any subsequent watchpoint on @foo is valid because the
value is effectively BOTTOM. That would only be correct if we had actually set
a watchpoint on S1. If we had done so, then (3) would only pass (i.e. @foo
would only have structure S2) if S1's watchpoint fired, in which case (3)
wouldn't have been reachable. But we didn't actually set a watchpoint on S1:
we just observed that we *could* have set the watchpoint. Hence future possible
structure should only be set to either the known structure at compile-time, or
it should be the structure we just checked; in both cases it should only be set
if the structure is watchable.
Then, in addition to all of this, I changed AbstractValue's filtering methods to
call clear() if the AbstractValue is effectively clear. This is just meant to
simplify the recognition of truly empty AbstractValues, but doesn't actually have
any other implications.
- bytecode/StructureSet.h:
(JSC::StructureSet::dump):
- dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::filter):
(DFG):
(JSC::DFG::AbstractValue::filterArrayModes):
(JSC::DFG::AbstractValue::filterValueByType):
(JSC::DFG::AbstractValue::filterArrayModesByType):
(JSC::DFG::AbstractValue::shouldBeClear):
(JSC::DFG::AbstractValue::normalizeClarity):
(JSC::DFG::AbstractValue::checkConsistency):
- dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::isClear):
(AbstractValue):
- 9:01 PM Changeset in webkit [153207] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: The DFG JIT should populate frame bytecodeOffsets on OSR exit.
https://bugs.webkit.org/show_bug.cgi?id=117103.
Reviewed by Geoffrey Garen.
- dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
- 9:01 PM Changeset in webkit [153206] by
-
- 6 edits in trunk/Source/JavaScriptCore
fourthTier: all cached put_by_id transitions, even ones that weren't inlined by the DFG, should be propagated by the GC
https://bugs.webkit.org/show_bug.cgi?id=117170
Reviewed by Mark Hahnenberg.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::propagateTransitions):
(JSC):
(JSC::CodeBlock::determineLiveness):
(JSC::CodeBlock::visitWeakReferences):
(JSC::CodeBlock::finalizeUnconditionally):
- bytecode/CodeBlock.h:
(CodeBlock):
- bytecode/PolymorphicPutByIdList.h:
(JSC):
(PutByIdAccess):
(PolymorphicPutByIdList):
- bytecode/StructureStubInfo.h:
(StructureStubInfo):
- jit/JITCode.h:
(JSC::JITCode::couldBeInterpreted):
(JITCode):
- 9:01 PM Changeset in webkit [153205] by
-
- 9 edits in trunk
fourthTier: Get rid of StructureStubInfo::bytecodeIndex
https://bugs.webkit.org/show_bug.cgi?id=117127
Reviewed by Mark Hahnenberg.
StructureStubInfo already has a CodeOrigin field, which also has a bytecodeIndex.
It makes sense to just always use the CodeOrigin.
- bytecode/StructureStubInfo.h:
(StructureStubInfo):
(JSC::getStructureStubInfoBytecodeIndex):
- jit/JIT.cpp:
(JSC::PropertyStubCompilationInfo::copyToStubInfo):
- jit/JIT.h:
(JSC::JIT::compileGetByIdProto):
(JSC::JIT::compileGetByIdSelfList):
(JSC::JIT::compileGetByIdProtoList):
(JSC::JIT::compileGetByIdChainList):
(JSC::JIT::compileGetByIdChain):
(JSC::JIT::compilePutByIdTransition):
- jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
- jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
- 9:01 PM Changeset in webkit [153204] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: Fix some minor issues in the DFG's profiling of heap accesses
https://bugs.webkit.org/show_bug.cgi?id=113010
Reviewed by Goeffrey Garen.
Carefully merge r146669 from trunk. This required some fiddling since it
wasn't a clean apply.
Original changelog:
1) If a CodeBlock gets jettisoned by GC, we should count the exit sites.
2) If a CodeBlock clears a structure stub during GC, it should record this, and
the DFG should prefer to not inline that access (i.e. treat it as if it had an
exit site).
3) If a PutById was seen by the baseline JIT, and the JIT attempted to cache it,
but it chose not to, then assume that it will take slow path.
4) If we frequently exited because of a structure check on a weak constant,
don't try to inline that access in the future.
5) Treat all exits that were counted as being frequent.
81% speed-up on Octane/gbemu. Small speed-ups elsewhere, and no regressions.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finalizeUnconditionally):
(JSC):
(JSC::CodeBlock::resetStubDuringGCInternal):
(JSC::CodeBlock::reoptimize):
(JSC::CodeBlock::jettison):
(JSC::ProgramCodeBlock::jettisonImpl):
(JSC::EvalCodeBlock::jettisonImpl):
(JSC::FunctionCodeBlock::jettisonImpl):
(JSC::CodeBlock::tallyFrequentExitSites):
- bytecode/CodeBlock.h:
(CodeBlock):
(JSC::CodeBlock::tallyFrequentExitSites):
(ProgramCodeBlock):
(EvalCodeBlock):
(FunctionCodeBlock):
- bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFor):
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFor):
- bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::StructureStubInfo):
(StructureStubInfo):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGOSRExitBase.cpp:
(JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSiteSlow):
- dfg/DFGOSRExitBase.h:
(JSC::DFG::OSRExitBase::considerAddingAsFrequentExitSite):
(OSRExitBase):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- runtime/Options.h:
(JSC):
- 9:01 PM Changeset in webkit [153203] by
-
- 14 edits in trunk/LayoutTests
fourthTier: convert more fast/js/dfg-* tests to wait for the concurrent JIT
Rubber stamped by Mark Hahnenberg.
- fast/js/dfg-arguments-alias-one-block-overwrite-expected.txt:
- fast/js/dfg-arguments-out-of-bounds-expected.txt:
- fast/js/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int-expected.txt:
- fast/js/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers-expected.txt:
- fast/js/dfg-array-length-dead-expected.txt:
- fast/js/dfg-array-pop-side-effects-expected.txt:
- fast/js/resources/js-test-pre.js:
(testFailed):
(dfgIncrement):
(isSuccessfullyParsed):
- fast/js/script-tests/dfg-arguments-alias-one-block-overwrite.js:
- fast/js/script-tests/dfg-arguments-out-of-bounds.js:
- fast/js/script-tests/dfg-arith-add-overflow-check-elimination-predicted-but-not-proven-int.js:
- fast/js/script-tests/dfg-arith-add-overflow-check-elimination-tower-of-large-numbers.js:
- fast/js/script-tests/dfg-array-length-dead.js:
- fast/js/script-tests/dfg-array-pop-side-effects.js:
- 9:01 PM Changeset in webkit [153202] by
-
- 5 edits in trunk/Source/JavaScriptCore
fourthTier: Remove CodeOrigin::valueProfileOffset since it was only needed for op_call_put_result.
Rubber stamped by Mark Hahnenberg.
- bytecode/CodeOrigin.h:
(CodeOrigin):
(JSC::CodeOrigin::CodeOrigin):
(JSC::CodeOrigin::isSet):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::currentCodeOrigin):
- dfg/DFGGraph.h:
(JSC::DFG::Graph::valueProfileFor):
- 9:01 PM Changeset in webkit [153201] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: Remove finalDestinationOrIgnored since it isn't called anymore.
Rubber stamped by Mark Hahnenberg.
- bytecompiler/BytecodeGenerator.h:
(BytecodeGenerator):
- 9:01 PM Changeset in webkit [153200] by
-
- 20 edits in trunk/Source/JavaScriptCore
fourthTier: get rid of op_call_put_result
https://bugs.webkit.org/show_bug.cgi?id=117047
Reviewed by Gavin Barraclough.
Work in progress. This still makes like 20 tests crash.
op_call_put_result is an oddball. Its semantics are that it takes the return
value of a call instruction, which is set aside in regT0/regT1, and places them
into some stack slot. This is weird since there is an implicit contract with the
preceding bytecode instruction, and it's even weirder since it means that it
doesn't make sense to jump to it; for example OSR exit from the preceding call
instruction must make sure to jump over the op_call_put_result.
So this patch gets rid of op_call_put_result:
- In bytecode, all calls return a value and we always allocate a temporary for that value even if it isn't used.
- The LLInt does the return value saving as part of dispatchAfterCall().
- The JIT and DFG do the return value saving as part of normal code generation. The DFG already did the right thing.
- DFG->JIT OSR exit in the case of inlining will make the return PC's point at the CallLinkInfo::callReturnLocation, rather than the machine PC associated with the op_call_put_result instruction.
- Tons of code gets removed. The DFG had to track whether or not a call had a return value in a bunch of places. It had to track the fact that we would exit to after the op_call_put_result. It was a mess. That mess is now gone.
- bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::computeFromLLInt):
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::printCallOp):
(JSC::CodeBlock::dumpArrayProfiling):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
- bytecode/CodeBlock.h:
- bytecode/Opcode.h:
(JSC):
(JSC::padOpcodeName):
- bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCall):
(JSC::BytecodeGenerator::emitCallVarargs):
(JSC::BytecodeGenerator::emitConstruct):
- bytecompiler/NodesCodegen.cpp:
(JSC::NewExprNode::emitBytecode):
(JSC::FunctionCallValueNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::FunctionCallBracketNode::emitBytecode):
(JSC::FunctionCallDotNode::emitBytecode):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(ByteCodeParser):
(JSC::DFG::ByteCodeParser::currentCodeOrigin):
(JSC::DFG::ByteCodeParser::addCall):
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
(JSC::DFG::ByteCodeParser::getPrediction):
(JSC::DFG::ByteCodeParser::handleCall):
(JSC::DFG::ByteCodeParser::handleInlining):
(JSC::DFG::ByteCodeParser::handleMinMax):
(JSC::DFG::ByteCodeParser::handleIntrinsic):
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
(JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
- dfg/DFGOSRExitCompiler.cpp:
- dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
- jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
- jit/JIT.h:
(JIT):
- jit/JITCall.cpp:
(JSC::JIT::emitPutCallResult):
(JSC::JIT::compileLoadVarargs):
(JSC::JIT::compileCallEval):
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
(JSC::JIT::emit_op_call):
(JSC):
(JSC::JIT::emit_op_call_eval):
(JSC::JIT::emit_op_call_varargs):
(JSC::JIT::emit_op_construct):
(JSC::JIT::emitSlow_op_call):
(JSC::JIT::emitSlow_op_call_eval):
(JSC::JIT::emitSlow_op_call_varargs):
(JSC::JIT::emitSlow_op_construct):
- jit/JITCall32_64.cpp:
(JSC::JIT::emitPutCallResult):
(JSC::JIT::compileLoadVarargs):
(JSC::JIT::compileCallEval):
(JSC::JIT::compileCallEvalSlowCase):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
- jit/JITOpcodes.cpp:
(JSC):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::genericCall):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
- llint/LowLevelInterpreter.cpp:
(JSC::CLoop::execute):
- llint/LowLevelInterpreter32_64.asm:
- llint/LowLevelInterpreter64.asm:
- 9:01 PM Changeset in webkit [153199] by
-
- 11 edits in trunk/Source/JavaScriptCore
fourthTier: LLInt shouldn't store an offset call PC during op_call-like calls
https://bugs.webkit.org/show_bug.cgi?id=117048
Reviewed by Mark Hahnenberg.
This just makes everything consistent in the LLInt: anytime any op calls out,
it stores its PC and never the next op's PC.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::linkIncomingCall):
(JSC::CodeBlock::bytecodeOffset):
- bytecode/CodeBlock.h:
- bytecode/Opcode.h:
(JSC::padOpcodeName):
- bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCallVarargs):
- llint/LLIntExceptions.cpp:
(JSC::LLInt::interpreterThrowInCaller):
(JSC::LLInt::returnToThrow):
(JSC::LLInt::callToThrow):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
- llint/LowLevelInterpreter.asm:
- llint/LowLevelInterpreter.cpp:
(JSC::CLoop::execute):
- llint/LowLevelInterpreter32_64.asm:
- llint/LowLevelInterpreter64.asm:
- 9:01 PM Changeset in webkit [153198] by
-
- 7 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support ArithAbs
https://bugs.webkit.org/show_bug.cgi?id=116890
Reviewed by Oliver Hunt.
Implements ArithAbs in the FTL, and cleans up the DFG implementation. The
DFG implementation was previously doing zero extensions manually when it
is probably better to just use StrictInt32Operand instead.
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLIntrinsicRepository.h:
(FTL):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileArithAbs):
(LowerDFGToLLVM):
- ftl/FTLOutput.h:
(JSC::FTL::Output::doubleAbs):
- 9:01 PM Changeset in webkit [153197] by
-
- 16 edits1 copy in trunk/Source/JavaScriptCore
fourthTier: Misc JIT probe enhacements.
https://bugs.webkit.org/show_bug.cgi?id=116586.
Reviewed by Michael Saboff.
- Added JIT probe support for ARMv7 and traditional ARM. Built and tested on ARMv7. ARM version not tested nor built.
- Fix the following bugs in the X86 and X86_64 probes:
- Cannot assume that the stack pointer is already aligned when we push args for the probe. Instead, we ensure the stack alignment at runtime when we set up the probe call. This is now done in the ctiMasmProbeTrampoline.
- On return, the user probe function may have altered the stack pointer value to be restored. Previously, if the sp restore value points to some of the other register restore values in the ProbeContext record, we will fail to return from the probe having those user specified value as we're expected to do. This is now fixed.
- Rearranged the X86/X86_64 registers order to organize them like gdb expects on X86_64.
- We also now preserve the condition code registers.
- JavaScriptCore.xcodeproj/project.pbxproj:
- assembler/ARMAssembler.h:
- assembler/ARMv7Assembler.h:
(ARMRegisters):
- assembler/MacroAssemblerARM.cpp:
(JSC::isVFPPresent):
(JSC::MacroAssemblerARM::ProbeContext::dumpCPURegisters):
(JSC::MacroAssemblerARM::ProbeContext::dump):
(JSC::MacroAssemblerARM::probe):
- assembler/MacroAssemblerARM.h:
(MacroAssemblerARM):
(CPUState):
(ProbeContext):
(JSC::MacroAssemblerARM::trustedImm32FromPtr):
- assembler/MacroAssemblerARMv7.h:
(MacroAssemblerARMv7):
(CPUState):
(ProbeContext):
(JSC::MacroAssemblerARMv7::trustedImm32FromPtr):
- assembler/MacroAssemblerX86.h:
(MacroAssemblerX86):
(JSC::MacroAssemblerX86::probe):
- assembler/MacroAssemblerX86Common.cpp:
(JSC::MacroAssemblerX86Common::ProbeContext::dumpCPURegisters):
- assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::probe):
- assembler/X86Assembler.h:
- config.h:
- jit/JITStubsARM.h:
- jit/JITStubsARMv7.h:
- jit/JITStubsX86.h:
- jit/JITStubsX86Common.h:
- jit/JITStubsX86_64.h:
- 9:01 PM Changeset in webkit [153196] by
-
- 17 edits in trunk
fourthTier: FTL should call masqueradesAsUndefinedWatchpointIfIsStillValid() in all of the places where it currently calls masqueradesAsUndefinedWatchpointIsStillValid()
https://bugs.webkit.org/show_bug.cgi?id=116892
Reviewed by Oliver Hunt.
All of those places mean to plant the watchpoint if it's still valid.
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
(JSC::FTL::LowerDFGToLLVM::speculateNonNullObject):
- 9:01 PM Changeset in webkit [153195] by
-
- 5 edits in trunk/LayoutTests
fourthTier: convert more fast/js/dfg-* tests to wait for the concurrent JIT
Rubber stamped by Oliver Hunt.
- fast/js/dfg-arguments-alias-activation-expected.txt:
- fast/js/dfg-arguments-alias-activation.html:
- fast/js/dfg-arguments-alias-expected.txt:
- fast/js/script-tests/dfg-arguments-alias.js:
- 9:01 PM Changeset in webkit [153194] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support ArithMin/ArithMax
https://bugs.webkit.org/show_bug.cgi?id=116885
Reviewed by Oliver Hunt.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::compileArithMinOrMax):
- 9:01 PM Changeset in webkit [153193] by
-
- 10 edits in trunk/LayoutTests
fourthTier: convert more fast/js/dfg-* tests to wait for the concurrent JIT
Rubber stamped by Oliver Hunt.
- fast/js/dfg-abs-backwards-propagation-expected.txt:
- fast/js/dfg-add-not-number-expected.txt:
- fast/js/dfg-arguments-alias-escape-expected.txt:
- fast/js/resources/js-test-pre.js:
(dfgCompiled):
(dfgIncrement):
- fast/js/script-tests/dfg-abs-backwards-propagation.js:
- fast/js/script-tests/dfg-add-not-number.js:
- fast/js/script-tests/dfg-arguments-alias-escape.js:
- fast/js/script-tests/dfg-arguments-alias-one-block-osr-exit.js:
- fast/js/script-tests/dfg-arguments-alias-one-block-overwrite-arguments.js:
- 9:01 PM Changeset in webkit [153192] by
-
- 4 edits in trunk/LayoutTests
fourthTier: fast/js should have a way of running tests long enough to wait for the concurrent JIT to tier up
https://bugs.webkit.org/show_bug.cgi?id=116878
Reviewed by Oliver Hunt.
This adds three things to js-test-pre and uses them in one representative test:
silentTestPass: If you set this to true, then testPassed() won't print anything, and will instead just have
isSuccessfullyParsed() print a message saying that some tests passed silently. This allows tests to call
shouldBe() and friends in a loop whose running time is dependent on concurrent JIT behavior, and still
be sure that the resulting test will be deterministic.
noInline(): If testRunner is present, disable inlining of the relevant function.
dfgIncrement({f:function, i:index, n:limit}): Returns index either if index < limit, or if the function is
DFG compiled. Otherwise, if index >= limit and the function isn't DFG compiled, return 0. This means
that the 'i++' in the fast/js/dfg-* warm-up loops can be replaced with:
i = dfgIncrement({f:<function you're interested in>, i:i + 1, n:<some number smaller than the loop condition>)
This has the effect of having the loop repeat the first 'n' iterations until the function is DFG
compiled. See the modified test, where we do n:100 and the loop condition is i < 200. So the loop will
repeat the first 100 iterations until the function is DFG compiled and will only do the last 100
iterations once DFG compilation kicks in.
- fast/js/dfg-arguments-osr-exit-multiple-blocks-expected.txt:
- fast/js/resources/js-test-pre.js:
(testPassed):
(dfgIncrement):
(noInline):
(isSuccessfullyParsed):
- fast/js/script-tests/dfg-arguments-osr-exit-multiple-blocks.js:
- 9:01 PM Changeset in webkit [153191] by
-
- 10 edits in trunk
fourthTier: testRunner should have a way of disabling inlining of functions
https://bugs.webkit.org/show_bug.cgi?id=116875
Reviewed by Mark Hahnenberg.
Source/JavaScriptCore:
- API/JSCTestRunnerUtils.cpp:
(JSC::getExecutable):
(JSC):
(JSC::numberOfDFGCompiles):
(JSC::setNeverInline):
- API/JSCTestRunnerUtils.h:
(JSC):
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpAssumingJITType):
- dfg/DFGCapabilities.cpp:
(JSC::DFG::mightInlineFunctionForCall):
(JSC::DFG::mightInlineFunctionForClosureCall):
(JSC::DFG::mightInlineFunctionForConstruct):
- runtime/Executable.h:
(JSC::ScriptExecutable::ScriptExecutable):
(ScriptExecutable):
(JSC::ScriptExecutable::setNeverInline):
(JSC::ScriptExecutable::neverInline):
(JSC::ScriptExecutable::isInliningCandidate):
Tools:
- DumpRenderTree/TestRunner.cpp:
(neverInlineFunction):
(TestRunner::staticFunctions):
LayoutTests:
- fast/js/script-tests/dfg-min-max.js:
- 9:01 PM Changeset in webkit [153190] by
-
- 5 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support ArithMod
https://bugs.webkit.org/show_bug.cgi?id=116792
Reviewed by Oliver Hunt.
- ftl/FTLAbbreviations.h:
(JSC::FTL::buildFRem):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileArithMod):
(LowerDFGToLLVM):
- ftl/FTLOutput.h:
(JSC::FTL::Output::doubleRem):
- 9:01 PM Changeset in webkit [153189] by
-
- 24 edits in trunk/Source
fourthTier: It should be possible to record heap operations (both FastMalloc and JSC GC)
https://bugs.webkit.org/show_bug.cgi?id=116848
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
Record GC heap operations if ENABLE(ALLOCATION_LOGGING).
- API/JSManagedValue.mm:
- dfg/DFGOperations.cpp:
- heap/Heap.cpp:
(JSC::Heap::collect):
- heap/Heap.h:
(Heap):
(JSC::Heap::allocateWithNormalDestructor):
(JSC::Heap::allocateWithImmortalStructureDestructor):
(JSC::Heap::allocateWithoutDestructor):
(JSC::Heap::tryAllocateStorage):
(JSC::Heap::tryReallocateStorage):
(JSC):
(JSC::Heap::ascribeOwner):
- heap/SlotVisitor.cpp:
(JSC::SlotVisitor::append):
(JSC::SlotVisitor::internalAppend):
- heap/SlotVisitor.h:
(SlotVisitor):
- heap/SlotVisitorInlines.h:
(JSC::SlotVisitor::append):
(JSC::SlotVisitor::appendUnbarrieredPointer):
(JSC::SlotVisitor::appendUnbarrieredValue):
(JSC::SlotVisitor::appendUnbarrieredWeak):
(JSC::SlotVisitor::internalAppend):
(JSC):
(JSC::SlotVisitor::appendValues):
- jit/JITWriteBarrier.h:
(JSC::SlotVisitor::append):
- llint/LLIntCommon.h:
- runtime/Butterfly.h:
(Butterfly):
- runtime/ButterflyInlines.h:
(JSC::Butterfly::createUninitialized):
(JSC::Butterfly::create):
(JSC::Butterfly::growPropertyStorage):
(JSC::Butterfly::createOrGrowArrayRight):
(JSC):
(JSC::Butterfly::growArrayRight):
(JSC::Butterfly::resizeArray):
- runtime/JSArray.cpp:
(JSC::createArrayButterflyInDictionaryIndexingMode):
(JSC::JSArray::unshiftCountSlowCase):
- runtime/JSArray.h:
(JSC::createContiguousArrayButterfly):
(JSC::createArrayButterfly):
(JSC):
(JSC::JSArray::create):
(JSC::JSArray::tryCreateUninitialized):
- runtime/JSObject.cpp:
(JSC::JSObject::enterDictionaryIndexingModeWhenArrayStorageAlreadyExists):
(JSC::JSObject::createInitialIndexedStorage):
(JSC::JSObject::createArrayStorage):
(JSC::JSObject::constructConvertedArrayStorageWithoutCopyingElements):
(JSC::JSObject::increaseVectorLength):
(JSC::JSObject::ensureLengthSlow):
(JSC::JSObject::growOutOfLineStorage):
- runtime/JSObject.h:
(JSC::JSObject::JSObject):
- runtime/Operations.h:
- runtime/RegExpMatchesArray.cpp:
(JSC::RegExpMatchesArray::create):
- runtime/StructureInlines.h:
(JSC):
- runtime/WriteBarrier.h:
(JSC):
Source/WTF:
Reviewed by Mark Hahnenberg.
- WTF.xcodeproj/project.pbxproj:
- wtf/DataLog.cpp:
(WTF):
(WTF::initializeLogFileOnce):
- wtf/FastMalloc.cpp:
(WTF::TCMalloc_ThreadCache::CreateCacheIfNecessary):
- wtf/Platform.h:
- 9:01 PM Changeset in webkit [153188] by
-
- 13 edits3 adds in trunk
fourthTier: testRunner should be able to tell you if a function is DFG compiled
https://bugs.webkit.org/show_bug.cgi?id=116847
Reviewed by Mark Hahnenberg.
Source/JavaScriptCore:
- API/JSCTestRunnerUtils.cpp: Added.
(JSC):
(JSC::numberOfDFGCompiles):
- API/JSCTestRunnerUtils.h: Added.
(JSC):
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::numberOfDFGCompiles):
(JSC):
- bytecode/CodeBlock.h:
(CodeBlock):
- dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::runThread):
- runtime/Executable.h:
(JSC):
- runtime/JSFunctionInlines.h: Added.
(JSC):
(JSC::JSFunction::JSFunction):
(JSC::JSFunction::jsExecutable):
(JSC::JSFunction::isHostFunction):
(JSC::JSFunction::nativeFunction):
(JSC::JSFunction::nativeConstructor):
- runtime/Operations.h:
Source/WebCore:
Bail early if we're in the compilation thread. This is only relevant for
debug dumps.
No new tests becase no new behavior.
- loader/cache/CachedScript.cpp:
(WebCore::CachedScript::script):
Tools:
- DumpRenderTree/TestRunner.cpp:
(numberOfDFGCompiles):
(TestRunner::staticFunctions):
LayoutTests:
- fast/js/script-tests/dfg-min-max.js:
- 9:01 PM Changeset in webkit [153187] by
-
- 4 edits9 adds in trunk
fourthTier: DFG ArithMod should have the !nodeUsedAsNumber optimizations that ArithDiv has
https://bugs.webkit.org/show_bug.cgi?id=116841
Reviewed by Mark Hahnenberg.
Source/JavaScriptCore:
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileArithMod):
LayoutTests:
- fast/js/dfg-mod-by-neg1-and-then-or-zero-interesting-reg-alloc-expected.txt: Added.
- fast/js/dfg-mod-by-neg1-and-then-or-zero-interesting-reg-alloc.html: Added.
- fast/js/dfg-mod-by-zero-and-then-or-zero-interesting-reg-alloc-expected.txt: Added.
- fast/js/dfg-mod-by-zero-and-then-or-zero-interesting-reg-alloc.html: Added.
- fast/js/dfg-mod-neg2tothe31-by-one-and-then-or-zero-with-interesting-reg-alloc-expected.txt: Added.
- fast/js/dfg-mod-neg2tothe31-by-one-and-then-or-zero-with-interesting-reg-alloc.html: Added.
- fast/js/jsc-test-list:
- fast/js/script-tests/dfg-mod-by-neg1-and-then-or-zero-interesting-reg-alloc.js: Added.
(foo):
- fast/js/script-tests/dfg-mod-by-zero-and-then-or-zero-interesting-reg-alloc.js: Added.
(foo):
- fast/js/script-tests/dfg-mod-neg2tothe31-by-one-and-then-or-zero-with-interesting-reg-alloc.js: Added.
(foo):
- 9:01 PM Changeset in webkit [153186] by
-
- 10 edits in trunk
fourthTier: clean up ArithDiv/ArithMod in the DFG
https://bugs.webkit.org/show_bug.cgi?id=116793
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
This makes ArithDiv and ArithMod behave similarly, and moves both of their
implementations entirely into DFGSpeculativeJIT.cpp into methods named like
the ones for ArithSub/ArithMul.
Specifically, ArithMod now uses the wrap-in-conversion-nodes idiom that
ArithDiv used for platforms that don't support integer division. Previously
ArithMod had its own int-to-double and double-to-int conversions for this
purpose.
As well, this gets rid of confusing methods like compileSoftModulo() (which
did no such thing, there wasn't anything "soft" about it) and
compileIntegerArithDivForX86() (which is accurately named but we don't use
the platform-specific method convention anywhere else).
Finally, this takes the optimized power-of-two modulo operation that was
previously only for ARMv7s, and makes it available for all platforms. Well,
sort of: I actually rewrote it to do what latest LLVM appears to do, which
is a crazy straight-line power-of-2 modulo based on a combination of shifts,
ands, additions, and subtractions. I can kind of understand it well enough
to see that it complies with both C and JS power-of-2 modulo semantics. I've
also confirmed that it does by testing (hence the corresponding improvements
to one of the division tests). But, I don't claim to know exactly how this
code works other than to observe that it is super leet.
Overall, this patch has the effect of killing some code (no more hackish
int-to-double conversions in ArithMod), making some optimization work on
more platforms, and making the compiler less confusing by doing more things
with the same idiom.
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGSpeculativeJIT.cpp:
(DFG):
(JSC::DFG::SpeculativeJIT::compileArithDiv):
(JSC::DFG::SpeculativeJIT::compileArithMod):
- dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
LayoutTests:
Reviewed by Mark Hahnenberg.
- fast/js/script-tests/integer-division-neg2tothe32-by-neg1.js:
(myModBy2):
(myModBy1073741824):
- 9:01 PM Changeset in webkit [153185] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: cti_optimize shouldn't allow GCs to get in the way of it seeing the state of its CodeBlock
https://bugs.webkit.org/show_bug.cgi?id=116748
Reviewed by Geoffrey Garen.
This fixes the following race: an optimized version of our code block could be installed
by the GC just as we return from completeAllReadyPlansForVM(), leading us to believe
that the code block isn't ready yet even though it is. Currently this triggers a
RELEASE_ASSERT. We could remove that assertion, but then this case would lead to the
code in question entering into optimizeAfterWarmUp mode. That seems pretty wasteful.
Fix the bug, and hopefully close the door on these bugs for a while, by wrapping
cti_optimize in a DeferGC. There is little downside to doing so since the only
"allocations" in cti_optimize are the ones where we inform the GC about extra memory
usage.
I had a more comprehensive solution (see the bug, "work in progress" patch) but that
one involved adding *more* raciness to cti_optimize. I decided that was a less good
approach once I came to appreciate the simplicity of just using DeferGC.
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- 9:01 PM Changeset in webkit [153184] by
-
- 7 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support ArithDiv
https://bugs.webkit.org/show_bug.cgi?id=116771
Reviewed by Oliver Hunt.
- ftl/FTLAbbreviations.h:
(JSC::FTL::buildDiv):
(JSC::FTL::buildRem):
(JSC::FTL::buildFDiv):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLCommonValues.cpp:
(JSC::FTL::CommonValues::CommonValues):
- ftl/FTLCommonValues.h:
(CommonValues):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileArithMul):
(JSC::FTL::LowerDFGToLLVM::compileArithDiv):
(LowerDFGToLLVM):
- ftl/FTLOutput.h:
(JSC::FTL::Output::div):
(JSC::FTL::Output::rem):
(JSC::FTL::Output::doubleDiv):
- 9:01 PM Changeset in webkit [153183] by
-
- 8 edits in trunk/Source
fourthTier: Remove Interpreter::retrieveLastCaller().
This merge is complicated by the trunk js stack reporting logic.
Remove Interpreter::retrieveLastCaller().
https://bugs.webkit.org/show_bug.cgi?id=116753.
Reviewed by Geoffrey Garen.
This is part of the refactoring effort to get rid of functions walking
the JS stack in their own way.
- API/JSContextRef.cpp:
(JSContextCreateBacktrace):
- interpreter/CallFrame.cpp:
- interpreter/Interpreter.cpp:
(JSC::Interpreter::Interpreter):
(JSC::Interpreter::getStackTrace):
(JSC::Interpreter::addStackTraceIfNecessary):
- interpreter/Interpreter.h:
(StackFrame):
(JSC::StackFrame::StackFrame):
(Interpreter):
- jsc.cpp:
(functionJSCStack):
- profiler/ProfileGenerator.cpp:
(JSC::ProfileGenerator::addParentForConsoleStart):
../WebCore:
No new tests.
- bindings/js/JSXMLHttpRequestCustom.cpp:
(WebCore::JSXMLHttpRequest::send):
- bindings/js/ScriptCallStackFactory.cpp:
(WebCore::createScriptCallStack):
- 9:01 PM Changeset in webkit [153182] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: FTL boolify should support ObjectOrOtherUse
https://bugs.webkit.org/show_bug.cgi?id=116741
Reviewed by Geoffrey Garen.
Just reusing what was already there in equalNullOrUndefined(). Note that we will
sometimes generate some redundant IR - like having some spurious bitNot's in
places - but it's safe to assume that LLVM will simplify those, and that it won't
be the longest pole in the tent for compile times.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileCompareEqConstant):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEqConstant):
(JSC::FTL::LowerDFGToLLVM::boolify):
(JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
- 9:01 PM Changeset in webkit [153181] by
-
- 4 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support LogicalNot and Branch on Int32 and Number
https://bugs.webkit.org/show_bug.cgi?id=116739
Reviewed by Gavin Barraclough.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
(JSC::FTL::LowerDFGToLLVM::compileBranch):
(JSC::FTL::LowerDFGToLLVM::boolify):
(LowerDFGToLLVM):
- ftl/FTLOutput.h:
(JSC::FTL::Output::isZero32):
(JSC::FTL::Output::notZero32):
- 9:01 PM Changeset in webkit [153180] by
-
- 11 edits in trunk/Source/JavaScriptCore
fourthTier: add heuristics to reduce the likelihood of a trivially inlineable function being independently compiled by the concurrent JIT
https://bugs.webkit.org/show_bug.cgi?id=116557
Reviewed by Geoffrey Garen.
This introduces a fairly comprehensive mechanism for preventing trivially inlineable
functions from being compiled independently of all of the things into which they end
up being inlined.
The trick is CodeBlock::m_shouldAlwaysBeInlined, or SABI for short (that's what the
debug logging calls it). A SABI function is one that we currently believe should
never be DFG optimized because it should always be inlined into the functions that
call it. SABI follows "innocent until proven guilty": all functions start out SABI
and have SABI set to false if we see proof that that function may be called in some
possibly non-inlineable way. So long as a function is SABI, it will not tier up to
the DFG: cti_optimize will perpetually postpone its optimization. Because SABI has
such a severe effect, we make the burden of proof of guilt quite low. SABI gets
cleared if any of the following happen:
- You get called from native code (either through CallData or CachedCall).
- You get called from an eval, since eval code takes a long time to get DFG optimized.
- You get called from global code, since often global code doesn't tier-up since it's run-once.
- You get called recursively, where recursion is detected by a stack walk of depth Options::maximumInliningDepth().
- You get called through an unlinked virtual call.
- You get called from DFG code, since if the caller was already DFG optimized and didn't inline you then obviously, you might not get inlined.
- You've tiered up to the baseline JIT and you get called from the interpreter. The idea here is that this kind of ensures that you stay SABI only if you're called no more frequently than any of your callers.
- You get called from a code block that isn't a DFG candidate.
- You aren't an inlining candidate.
Most of the heuristics for SABI are in CodeBlock::noticeIncomingCall().
This is neutral on SunSpider and V8Spider, and appears to be a slight speed-up on
V8v7, which was previously adversely affected by concurrent compilation. I also
confirmed that for example on V8/richards, it dramatically reduces the number of
code blocks that get DFG compiled. It is a speed-up on those V8v7 benchmarks that
saw regressions from concurrent compilation.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpAssumingJITType):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::linkIncomingCall):
(JSC):
(JSC::CodeBlock::noticeIncomingCall):
- bytecode/CodeBlock.h:
(CodeBlock):
- dfg/DFGCapabilities.h:
(JSC::DFG::mightInlineFunction):
(DFG):
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThread):
- dfg/DFGRepatch.cpp:
(JSC::DFG::dfgLinkFor):
- interpreter/Interpreter.cpp:
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
(JSC::Interpreter::prepareForRepeatCall):
- jit/JIT.cpp:
(JSC::JIT::privateCompile):
(JSC::JIT::linkFor):
- jit/JIT.h:
(JIT):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
(JSC::lazyLinkFor):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setUpCall):
- 9:00 PM Changeset in webkit [153179] by
-
- 11 edits in trunk/Source/JavaScriptCore
fourthTier: rationalize DFG::CapabilityLevel and DFGCapabilities.[h|cpp]
https://bugs.webkit.org/show_bug.cgi?id=116696
Reviewed by Sam Weinig.
Make it so that all capability calculation is funneled through one function, which tells
you everything you wanted to know: can it be inlined, and can it be compiled.
This work will help with https://bugs.webkit.org/show_bug.cgi?id=116557, since now the
JIT has a fairly authoritative answer to the "can it be inlined" question.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::ProgramCodeBlock::capabilityLevelInternal):
(JSC::EvalCodeBlock::capabilityLevelInternal):
(JSC::FunctionCodeBlock::capabilityLevelInternal):
- bytecode/CodeBlock.h:
(CodeBlock):
(JSC::CodeBlock::capabilityLevel):
(JSC::CodeBlock::capabilityLevelState):
(ProgramCodeBlock):
(EvalCodeBlock):
(FunctionCodeBlock):
- dfg/DFGCapabilities.cpp:
(JSC::DFG::debugFail):
(DFG):
(JSC::DFG::canInlineResolveOperations):
(JSC::DFG::capabilityLevel):
- dfg/DFGCapabilities.h:
(DFG):
(JSC::DFG::capabilityLevel):
(JSC::DFG::evalCapabilityLevel):
(JSC::DFG::programCapabilityLevel):
(JSC::DFG::functionForCallCapabilityLevel):
(JSC::DFG::functionForConstructCapabilityLevel):
(JSC::DFG::canInlineFunctionForCall):
(JSC::DFG::canInlineFunctionForClosureCall):
(JSC::DFG::canInlineFunctionForConstruct):
- dfg/DFGCommon.h:
(JSC::DFG::canCompile):
(DFG):
(JSC::DFG::canInline):
(JSC::DFG::leastUpperBound):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- jit/JIT.cpp:
(JSC::JIT::privateCompile):
- jit/JITPropertyAccess.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
- jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::privateCompilePutByIdTransition):
- tools/CodeProfile.cpp:
(JSC::CodeProfile::sample):
- 9:00 PM Changeset in webkit [153178] by
-
- 1 edit in trunk/Source/JavaScriptCore/bytecode/CodeBlock.h
fourthTier: Reindent CodeBlock.h to aid merging
- 9:00 PM Changeset in webkit [153177] by
-
- 22 edits in trunk/Source/JavaScriptCore
fourthTier: Rename getJITCode and getJITType to jitCode and jitType.
Rubber stampted by Mark Hahnenberg.
- assembler/RepatchBuffer.h:
(JSC::RepatchBuffer::RepatchBuffer):
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dump):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::resetStubInternal):
(JSC::CodeBlock::stronglyVisitWeakReferences):
(JSC::CodeBlock::baselineVersion):
(JSC::CodeBlock::hasOptimizedReplacement):
(JSC::CodeBlock::bytecodeOffset):
(JSC::CodeBlock::codeOriginForReturn):
(JSC::ProgramCodeBlock::compileOptimized):
(JSC::EvalCodeBlock::compileOptimized):
(JSC::FunctionCodeBlock::compileOptimized):
(JSC::ProgramCodeBlock::jettison):
(JSC::EvalCodeBlock::jettison):
(JSC::FunctionCodeBlock::jettison):
(JSC::ProgramCodeBlock::jitCompileImpl):
(JSC::EvalCodeBlock::jitCompileImpl):
(JSC::FunctionCodeBlock::jitCompileImpl):
(JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
(JSC::CodeBlock::adjustedExitCountThreshold):
(JSC::CodeBlock::tallyFrequentExitSites):
- bytecode/CodeBlock.h:
(JSC::CodeBlock::getCallLinkInfo):
(JSC::CodeBlock::jitCode):
(JSC::CodeBlock::jitCodeWithArityCheck):
(JSC::CodeBlock::jitType):
(JSC::CodeBlock::hasBaselineJITProfiling):
(JSC::CodeBlock::jitCompile):
(JSC::CodeBlock::addFrequentExitSite):
(JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
(JSC::ExecState::isInlineCallFrame):
- dfg/DFGAssemblyHelpers.cpp:
(JSC::DFG::AssemblyHelpers::decodedCodeMapFor):
- dfg/DFGAssemblyHelpers.h:
(JSC::DFG::AssemblyHelpers::AssemblyHelpers):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
- dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::codeLocationForRepatch):
- dfg/DFGOSRExitCompiler.cpp:
- dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::adjustAndJumpToTarget):
- dfg/DFGOperations.cpp:
- dfg/DFGVariableEventStream.cpp:
(JSC::DFG::VariableEventStream::reconstruct):
- ftl/FTLOSRExit.cpp:
(JSC::FTL::OSRExit::codeLocationForRepatch):
- ftl/FTLOSRExitCompiler.cpp:
(JSC::FTL::compileFTLOSRExit):
- heap/DFGCodeBlocks.cpp:
(JSC::DFGCodeBlocks::~DFGCodeBlocks):
(JSC::DFGCodeBlocks::jettison):
(JSC::DFGCodeBlocks::clearMarks):
(JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
(JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
- interpreter/Interpreter.cpp:
(JSC::getLineNumberForCallFrame):
(JSC::getCallerInfo):
- jit/JITDriver.h:
(JSC::jitCompileIfAppropriateImpl):
(JSC::jitCompileFunctionIfAppropriateImpl):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::entryOSR):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
- runtime/Executable.cpp:
(JSC::jettisonCodeBlock):
(JSC::EvalExecutable::compileOptimized):
(JSC::EvalExecutable::jettisonOptimizedCode):
(JSC::ProgramExecutable::compileOptimized):
(JSC::ProgramExecutable::jettisonOptimizedCode):
(JSC::FunctionExecutable::baselineCodeBlockFor):
(JSC::FunctionExecutable::compileOptimizedForCall):
(JSC::FunctionExecutable::compileOptimizedForConstruct):
(JSC::FunctionExecutable::jettisonOptimizedCodeForCall):
(JSC::FunctionExecutable::jettisonOptimizedCodeForConstruct):
- tools/CodeProfile.cpp:
(JSC::CodeProfile::sample):
- 9:00 PM Changeset in webkit [153176] by
-
- 5 edits in trunk/Source/JavaScriptCore
fourthTier: Race between LLInt->Baseline tier-up and DFG reading Baseline profiling data
https://bugs.webkit.org/show_bug.cgi?id=116633
Reviewed by Mark Hahnenberg.
Previously we would check if we had Baseline JIT profiling data by seeing if the
appropriate vector was non-empty. This is horrible if we're doing LLInt->Baseline
tier-up at the same time. This will happen for code we are inlining, if we're
deciding to inline it before the LLInt->Baseline tier-up happened for that code.
This changes things to take advantage of the fact that the very last thing that
LLInt->Baseline tier-up will do (in JITDriver.h) is setJITCode(). We now precede
the actual work in setJITCode() with a store-store fence to ensure that all
stores to modify the CodeBlock happen before setting the JITCode, and we modify
CodeBlock::getJITType() to use load-load fences to ensure that if you see
JITCode::BaselineJIT then you will also see all of those vectors. Then this
changes all of the code that scrapes Baseline JIT profiles to check if
getJITType() returns JITCode::BaselineJIT instead of checking vector sizes.
The outcome is that for the non-racy cases we behave as we did before (we fall
back on LLInt profiling if the tier-up hasn't happened) and for racy cases we
use LLInt profiling conservatively.
Note that for some (but not all!) of the cases where we scrape Baseline JIT
profiling, we would have anyway been holding the CodeBlock::m_lock so we can also
fix those cases by just having setJITCode graph that lock. This patch does that
also, mainly because although we only call setJITCode() from the main thread, in
general it's dangerous to have a pointer to a ref-counted object being modified
in a racy way. So, this patch just does the most conservative thing possible that
does we can afford to do.
- bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::computeFor):
- bytecode/CodeBlock.h:
(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::getJITType):
(JSC::CodeBlock::hasBaselineJITProfiling):
(JSC::CodeBlock::likelyToTakeSlowCase):
(JSC::CodeBlock::couldTakeSlowCase):
(JSC::CodeBlock::likelyToTakeSpecialFastCase):
(JSC::CodeBlock::couldTakeSpecialFastCase):
(JSC::CodeBlock::likelyToTakeDeepestSlowCase):
(JSC::CodeBlock::likelyToTakeAnySlowCase):
- bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFor):
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFor):
- 9:00 PM Changeset in webkit [153175] by
-
- 7 edits in trunk/Source/JavaScriptCore
fourthTier: It should be possible to use more than one compiler thread
https://bugs.webkit.org/show_bug.cgi?id=116630
Reviewed by Mark Hahnenberg.
This gives us the ability to use more compiler threads, but doesn't actually
enable the functionality because it isn't a speed-up on any benchmark. It can
even be a slow-down. This also adds the ability to disable concurrent
compilation if we're on a uniprocessor machine, and adds more logging to the
worklist code to allow us to investigate how many threads are active. It
appears that even on the most compiler-heavy benchmarks, we never have enough
work for more than 4 threads, and even then the 4 threads are all active for
a short time.
Something that having more threads does accomplish is that it shakes out bugs.
This patch fixes a bug with Watchpoint not being thread-safe ref-counted,
which enabling 7 compilation threads did catch.
As it stands, this patch is performance-neutral and just fixes bugs and adds
some options.
- bytecode/Watchpoint.h:
- dfg/DFGCommon.h:
(JSC::DFG::enableConcurrentJIT):
- dfg/DFGWorklist.cpp:
(JSC::DFG::Worklist::Worklist):
(JSC::DFG::Worklist::~Worklist):
(JSC::DFG::Worklist::finishCreation):
(JSC::DFG::Worklist::create):
(JSC::DFG::Worklist::enqueue):
(JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
(JSC::DFG::Worklist::dump):
(JSC::DFG::Worklist::runThread):
(JSC::DFG::initializeGlobalWorklistOnce):
- dfg/DFGWorklist.h:
- runtime/Options.cpp:
(JSC::computeNumberOfWorkerThreads):
(JSC):
(JSC::computeNumberOfGCMarkers):
- runtime/Options.h:
(JSC):
- 9:00 PM Changeset in webkit [153174] by
-
- 20 edits in trunk/Source/JavaScriptCore
fourthTier: FTL shouldn't use the LLVM global context, and should instead create its own context for each compilation
https://bugs.webkit.org/show_bug.cgi?id=116631
Reviewed by Mark Hahnenberg.
In the future we might want to share contexts for multiple compilations, but for
now using one context per compilation is a progression over just constantly using
the global context.
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThread):
(DFG):
(JSC::DFG::Plan::compileInThreadImpl):
- dfg/DFGPlan.h:
- ftl/FTLAbbreviatedTypes.h:
(FTL):
- ftl/FTLAbbreviations.h:
(JSC::FTL::voidType):
(JSC::FTL::int1Type):
(JSC::FTL::int8Type):
(JSC::FTL::int32Type):
(JSC::FTL::int64Type):
(JSC::FTL::intPtrType):
(JSC::FTL::doubleType):
(JSC::FTL::structType):
(JSC::FTL::mdKindID):
(JSC::FTL::mdString):
(JSC::FTL::mdNode):
(JSC::FTL::appendBasicBlock):
(JSC::FTL::insertBasicBlock):
- ftl/FTLAbstractHeap.cpp:
(JSC::FTL::AbstractHeap::tbaaMetadataSlow):
(JSC::FTL::IndexedAbstractHeap::IndexedAbstractHeap):
(JSC::FTL::NumberedAbstractHeap::NumberedAbstractHeap):
(JSC::FTL::AbsoluteAbstractHeap::AbsoluteAbstractHeap):
- ftl/FTLAbstractHeap.h:
(IndexedAbstractHeap):
(NumberedAbstractHeap):
(AbsoluteAbstractHeap):
- ftl/FTLAbstractHeapRepository.cpp:
(JSC::FTL::AbstractHeapRepository::AbstractHeapRepository):
- ftl/FTLAbstractHeapRepository.h:
(AbstractHeapRepository):
- ftl/FTLCommonValues.cpp:
(JSC::FTL::CommonValues::CommonValues):
- ftl/FTLCommonValues.h:
(CommonValues):
- ftl/FTLCompile.cpp:
(JSC::FTL::mmAllocateCodeSection):
- ftl/FTLIntrinsicRepository.cpp:
(JSC::FTL::IntrinsicRepository::IntrinsicRepository):
- ftl/FTLIntrinsicRepository.h:
(FTL):
(IntrinsicRepository):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::lower):
- ftl/FTLOutput.cpp:
(JSC::FTL::Output::Output):
- ftl/FTLOutput.h:
(Output):
(JSC::FTL::Output::newBlock):
- ftl/FTLState.cpp:
(JSC::FTL::State::State):
(JSC::FTL::State::~State):
(FTL):
- ftl/FTLState.h:
(State):
- runtime/Options.h:
(JSC):
- 9:00 PM Changeset in webkit [153173] by
-
- 3 edits in trunk/WebKitLibraries
fourthTier: Updated LLVM drops to include MCJIT memory management APIs.
Rubber stamped by Mark Hahnenberg.
- LLVMIncludesMountainLion.tar.bz2:
- LLVMLibrariesMountainLion.tar.bz2:
- 9:00 PM Changeset in webkit [153172] by
-
- 9 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should force LLVM to use our own JIT memory allocator, and we shouldn't have to keep around an LLVMExecutionEngineRef to keep code alive
https://bugs.webkit.org/show_bug.cgi?id=113619
Reviewed by Geoffrey Garen.
This uses new API that I've exposed, which allows for memory manager callbacks
from within LLVM. LLVM may allocate multiple independent chunks of memory for
a module, and we track all of those in a Vector in FTL::JITCode.
- ftl/FTLCompile.cpp:
(JSC::FTL::mmAllocateCodeSection):
(FTL):
(JSC::FTL::mmAllocateDataSection):
(JSC::FTL::mmApplyPermissions):
(JSC::FTL::mmDestroy):
(JSC::FTL::compile):
- ftl/FTLJITCode.cpp:
(JSC::FTL::JITCode::JITCode):
(JSC::FTL::JITCode::~JITCode):
(JSC::FTL::JITCode::addHandle):
(FTL):
(JSC::FTL::JITCode::initializeCode):
- ftl/FTLJITCode.h:
(JITCode):
(JSC::FTL::JITCode::handles):
- ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::~JITFinalizer):
(JSC::FTL::JITFinalizer::finalizeFunction):
- ftl/FTLJITFinalizer.h:
(JSC::FTL::JITFinalizer::initializeEntrypointLinkBuffer):
(JITFinalizer):
- ftl/FTLLink.cpp:
(JSC::FTL::link):
- ftl/FTLState.cpp:
(JSC::FTL::State::State):
- ftl/FTLState.h:
(State):
- 9:00 PM Changeset in webkit [153171] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: FTL shouldn't use FastISel and Small code model should be turned off for now
https://bugs.webkit.org/show_bug.cgi?id=115998
Reviewed by Oliver Hunt.
This switches off FastISel and makes it possible to turn off Small code model.
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- runtime/Options.h:
(JSC):
- 9:00 PM Changeset in webkit [153170] by
-
- 34 edits1 delete in trunk/Source/JavaScriptCore
fourthTier: should use ConcurrentJITLock[er] directly and not through typedef
https://bugs.webkit.org/show_bug.cgi?id=116561
Rubber stamped by Geoffrey Garen.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/ArrayProfile.cpp:
(JSC::ArrayProfile::computeUpdatedPrediction):
(JSC::ArrayProfile::briefDescription):
- bytecode/ArrayProfile.h:
(ArrayProfile):
(JSC::ArrayProfile::expectedStructure):
(JSC::ArrayProfile::structureIsPolymorphic):
(JSC::ArrayProfile::hasDefiniteStructure):
(JSC::ArrayProfile::observedArrayModes):
(JSC::ArrayProfile::mayInterceptIndexedAccesses):
(JSC::ArrayProfile::mayStoreToHole):
(JSC::ArrayProfile::outOfBounds):
(JSC::ArrayProfile::usesOriginalArrayStructures):
- bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::computeFor):
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpValueProfiling):
(JSC::CodeBlock::dumpArrayProfiling):
(JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
(JSC::CodeBlock::updateAllArrayPredictions):
(JSC::CodeBlock::nameForRegister):
- bytecode/CodeBlock.h:
(JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
(CodeBlock):
- bytecode/CodeBlockLock.h: Removed.
- bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFor):
- bytecode/LazyOperandValueProfile.cpp:
(JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
(JSC::CompressedLazyOperandValueProfileHolder::add):
(JSC::LazyOperandValueProfileParser::initialize):
(JSC::LazyOperandValueProfileParser::prediction):
- bytecode/LazyOperandValueProfile.h:
(CompressedLazyOperandValueProfileHolder):
(LazyOperandValueProfileParser):
- bytecode/MethodOfGettingAValueProfile.cpp:
(JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFor):
- bytecode/ResolveGlobalStatus.cpp:
(JSC::ResolveGlobalStatus::computeFor):
- bytecode/ValueProfile.h:
(JSC::ValueProfileBase::briefDescription):
(JSC::ValueProfileBase::computeUpdatedPrediction):
- bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addVar):
- dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::fromObserved):
- dfg/DFGArrayMode.h:
(ArrayMode):
(JSC::DFG::ArrayMode::withProfile):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
(JSC::DFG::ByteCodeParser::getArrayMode):
(JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
(JSC::DFG::ByteCodeParser::parseResolveOperations):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGPredictionInjectionPhase.cpp:
(JSC::DFG::PredictionInjectionPhase::run):
- jit/JITInlines.h:
(JSC::JIT::chooseArrayMode):
- jit/JITStubs.cpp:
(JSC::tryCachePutByID):
(JSC::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::lazyLinkFor):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::setUpCall):
- profiler/ProfilerBytecodeSequence.cpp:
(JSC::Profiler::BytecodeSequence::BytecodeSequence):
- runtime/Executable.cpp:
(JSC::ProgramExecutable::addGlobalVar):
- runtime/JSActivation.cpp:
(JSC::JSActivation::getOwnNonIndexPropertyNames):
(JSC::JSActivation::symbolTablePutWithAttributes):
- runtime/JSScope.cpp:
(JSC::JSScope::resolveContainingScopeInternal):
(JSC::JSScope::resolvePut):
- runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::findRegisterIndex):
(JSC::JSSegmentedVariableObject::addRegisters):
- runtime/JSSegmentedVariableObject.h:
(JSSegmentedVariableObject):
- runtime/JSSymbolTableObject.cpp:
(JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
- runtime/JSSymbolTableObject.h:
(JSC::symbolTableGet):
(JSC::symbolTablePut):
(JSC::symbolTablePutWithAttributes):
- runtime/Structure.cpp:
(JSC::Structure::materializePropertyMap):
(JSC::Structure::addPropertyTransitionToExistingStructureConcurrently):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::takePropertyTableOrCloneIfPinned):
(JSC::Structure::nonPropertyTransition):
(JSC::Structure::putSpecificValue):
(JSC::Structure::remove):
(JSC::Structure::createPropertyMap):
- runtime/Structure.h:
(Structure):
- runtime/SymbolTable.h:
(SymbolTable):
(JSC::SymbolTable::find):
(JSC::SymbolTable::get):
(JSC::SymbolTable::inlineGet):
(JSC::SymbolTable::begin):
(JSC::SymbolTable::end):
(JSC::SymbolTable::size):
(JSC::SymbolTable::add):
(JSC::SymbolTable::set):
(JSC::SymbolTable::contains):
- 9:00 PM Changeset in webkit [153169] by
-
- 39 edits2 copies2 adds in trunk/Source
fourthTier: DFG should be able to run on a separate thread
https://bugs.webkit.org/show_bug.cgi?id=112839
Source/JavaScriptCore:
Reviewed by Geoffrey Garen.
This is the final bit of concurrent JITing. The idea is that there is a
single global worklist, and a single global thread, that does all
optimizing compilation. This is the DFG::Worklist. It contains a queue of
DFG::Plans, and a map from CodeBlock* (the baseline code block we're
trying to optimize) to DFG::Plan. If the DFGDriver tries to concurrently
compile something, it puts the Plan on the Worklist. The Worklist's
thread will compile that Plan eventually, and when it's done, it will
signal its completion by (1) notifying anyone waiting for the Worklist to
be done, and (2) forcing the CodeBlock::m_jitExecuteCounter to take slow
path. The next Baseline JIT cti_optimize call will then install all ready
(i.e. compiled) Plans for that VM. Note that (1) is only for the GC and
VM shutdown, which will want to ensure that there aren't any outstanding
async compilations before proceeding. They do so by simply waiting for
all of the plans for the current VM to complete. (2) is the actual way
that code typically gets installed.
This is all very racy by design. For example, just as we try to force the
execute counter to take slow path, the main thread may be setting the
execute counter to some other value. The main thread must set it to
another value because (a) JIT code is constantly incrementing the counter
in a racy way, (b) the cti_optimize slow path will set it to some
large-ish negative value to ensure that cti_optimize isn't called
repeatedly, and (c) OSR exits from previously jettisoned code blocks may
still want to reset the counter values. This "race" is made benign, by
ensuring that while there is an asynchronous compilation, we at worse set
the counter to optimizeAfterWarmUp and never to deferIndefinitely. Hence
if the race happens then the worst case is that we wait another ~1000
counts before installing the optimized code. Another defense is that if
any CodeBlock calls into cti_optimize, then it will check for all ready
plans for the VM - so even if a code block has to wait another ~1000
executions before it calls cti_optimize to do the installation, it may
actually end up being installed sooner because a different code block had
called cti_optimize, potentially for an unrelated reason.
Special care is taken to ensure that installing plans informs the GC
about the increased memory usage, but also ensures that we don't recurse
infinitely - since at start of GC we try to install outstanding plans.
This is done by introducing a new GC deferral mechanism (the DeferGC
block-scoped thingy), which will ensure that GCs don't happen in the
scope but are allowed to happen after. This still leaves the strange
corner case that cti_optimize may install outstanding plans, then GC, and
that GC may jettison the code block that was installed. This, and the
fact that the plan that we took slow path to install could have been a
failed or invalid compile, mean that we have to take special precautions
in cti_optimize.
This patch also fixes a number of small concurrency bugs that I found
when things started running. There are probably more of those bugs still
left to fix. This patch just fixes the ones I know about.
Concurrent compilation is right now only enabled on X86_64 Mac. We need
platforms that are sufficiently CAStastic so that we can do the various
memory fence and CAS tricks that make this safe. We also need a platform
that uses JSVALUE64. And we need pthread_once. So, that pretty much means
just X64_64 for now. Enabling Linux-64_64 should be a breeze, but I'll
leave that up to the Qt and GTK+ ports to do at their discretion.
This is a solid speed-up on SunSpider (8-9%) and V8Spider (16%), our two
main compile-time benchmarks. Most peculiarly, this also appears to
reduce measurement noise, rather than increasing it as you would have
expected. I don't understand that result but I like it anyway. On the
other hand, this is a slight (1%) slow-down on V8v7. I will continue to
investigate this but I think that the results are already good enough
that we should land this as-is. So far, it appears that the slow-down is
due to this breaking the don't-compile-inlineables heuristics. See
investigation in https://bugs.webkit.org/show_bug.cgi?id=116556 and the
bug https://bugs.webkit.org/show_bug.cgi?id=116557.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/CodeBlock.cpp:
(JSC):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::resetStubInternal):
(JSC::CodeBlock::baselineVersion):
(JSC::CodeBlock::hasOptimizedReplacement):
(JSC::CodeBlock::optimizationThresholdScalingFactor):
(JSC::CodeBlock::checkIfOptimizationThresholdReached):
(JSC::CodeBlock::optimizeNextInvocation):
(JSC::CodeBlock::dontOptimizeAnytimeSoon):
(JSC::CodeBlock::optimizeAfterWarmUp):
(JSC::CodeBlock::optimizeAfterLongWarmUp):
(JSC::CodeBlock::optimizeSoon):
(JSC::CodeBlock::forceOptimizationSlowPathConcurrently):
(JSC::CodeBlock::setOptimizationThresholdBasedOnCompilationResult):
(JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
(JSC::CodeBlock::updateAllArrayPredictions):
(JSC::CodeBlock::shouldOptimizeNow):
- bytecode/CodeBlock.h:
(CodeBlock):
(JSC::CodeBlock::jitCompile):
- bytecode/CodeBlockLock.h:
(JSC):
- bytecode/ExecutionCounter.cpp:
(JSC::ExecutionCounter::forceSlowPathConcurrently):
(JSC):
(JSC::ExecutionCounter::setThreshold):
- bytecode/ExecutionCounter.h:
(ExecutionCounter):
- debugger/Debugger.cpp:
(JSC::Debugger::recompileAllJSFunctions):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
(JSC::DFG::ByteCodeParser::getArrayMode):
(JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
- dfg/DFGCommon.h:
(JSC::DFG::enableConcurrentJIT):
(DFG):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::Graph):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
- dfg/DFGOperations.cpp:
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::compileInThread):
(JSC::DFG::Plan::key):
(DFG):
- dfg/DFGPlan.h:
(DFG):
(Plan):
- dfg/DFGWorklist.cpp: Added.
(DFG):
(JSC::DFG::Worklist::Worklist):
(JSC::DFG::Worklist::~Worklist):
(JSC::DFG::Worklist::finishCreation):
(JSC::DFG::Worklist::create):
(JSC::DFG::Worklist::enqueue):
(JSC::DFG::Worklist::compilationState):
(JSC::DFG::Worklist::waitUntilAllPlansForVMAreReady):
(JSC::DFG::Worklist::removeAllReadyPlansForVM):
(JSC::DFG::Worklist::completeAllReadyPlansForVM):
(JSC::DFG::Worklist::completeAllPlansForVM):
(JSC::DFG::Worklist::queueLength):
(JSC::DFG::Worklist::dump):
(JSC::DFG::Worklist::runThread):
(JSC::DFG::Worklist::threadFunction):
(JSC::DFG::initializeGlobalWorklistOnce):
(JSC::DFG::globalWorklist):
- dfg/DFGWorklist.h: Added.
(DFG):
(Worklist):
- heap/CopiedSpaceInlines.h:
(JSC::CopiedSpace::allocateBlock):
- heap/DeferGC.h: Added.
(JSC):
(DeferGC):
(JSC::DeferGC::DeferGC):
(JSC::DeferGC::~DeferGC):
- heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::reportExtraMemoryCostSlowCase):
(JSC::Heap::collectAllGarbage):
(JSC::Heap::collect):
(JSC::Heap::collectIfNecessaryOrDefer):
(JSC):
(JSC::Heap::incrementDeferralDepth):
(JSC::Heap::decrementDeferralDepthAndGCIfNeeded):
- heap/Heap.h:
(Heap):
(JSC::Heap::isCollecting):
(JSC):
- heap/MarkedAllocator.cpp:
(JSC::MarkedAllocator::allocateSlowCase):
- jit/JIT.cpp:
(JSC::JIT::privateCompile):
- jit/JIT.h:
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::entryOSR):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
- profiler/ProfilerBytecodes.h:
- runtime/ConcurrentJITLock.h: Added.
(JSC):
- runtime/ExecutionHarness.h:
(JSC::replaceWithDeferredOptimizedCode):
- runtime/JSSegmentedVariableObject.cpp:
(JSC::JSSegmentedVariableObject::findRegisterIndex):
(JSC::JSSegmentedVariableObject::addRegisters):
- runtime/JSSegmentedVariableObject.h:
(JSSegmentedVariableObject):
- runtime/Options.h:
(JSC):
- runtime/Structure.h:
(Structure):
- runtime/StructureInlines.h:
(JSC::Structure::propertyTable):
- runtime/SymbolTable.h:
(SymbolTable):
- runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::~VM):
(JSC::VM::prepareToDiscardCode):
(JSC):
(JSC::VM::discardAllCode):
(JSC::VM::releaseExecutableMemory):
- runtime/VM.h:
(DFG):
(VM):
Source/WTF:
Reviewed by Geoffrey Garen.
- wtf/ByteSpinLock.h:
Make it non-copyable. We previously had bugs where we used ByteSpinLock as a locker.
Clearly that's bad.
- wtf/MetaAllocatorHandle.h:
Make it thread-safe ref-counted, since we may now be passing them between the
concurrent JIT thread and the main thread.
- wtf/Vector.h:
(WTF::Vector::takeLast):
I've wanted this method for ages, and now I finally added.
- 9:00 PM Changeset in webkit [153168] by
-
- 2 edits in trunk/Tools
fourthTier: display-profiler-output should make it even easier to diff the compilation story between two different runs
https://bugs.webkit.org/show_bug.cgi?id=116556
Reviewed by Oliver Hunt.
This adds three new capabilities:
- 'display' now accepts negative compilation indices, and allows specifying wildcard hashes combined with combination indices. Previously you could say 'display <hash>', 'display <hash>-<index>-<engine>', or 'display *'. The latter would display every compilation. This improves this so that you can say 'display *-<index>-<engine>'. It also makes it so that you can give a negative index, which allows you to say things like 'display blah--1-dfg', which displays just the last DFG compilation. Also you can say 'display *--1-dfg', which displays the last DFG compilation for each code block. I realize that this is kind of ugly, but gosh is it practical.
- You can now say 'sort hash', which will henceforth sort all of the output by code hash rather than by the time when it was compiled. This means that if you're doing 'dispay *--1-dfg' and then want to diff the results against something else, you can ensure that this doesn't get confused just by changes in compilation order.
- You can now say 'counts off', which will henceforth disable the display of execution counts from 'bytecode' and 'display'. This is also useful for diffs, since if you're trying to figure out why two compilations are different, they probably have radically different counts. 'counts off' gets this out of the output so that it doesn't confuse your diff.
Note that to use this effectively you should also have a script that scrubs
pointers from text so that the diff doesn't get confused by pointers. I'll
post my elimptr script to the bug. Maybe at some point I'll integrate that
into display-profiler-output.
Put together this is pretty awesome. I was able to do the following:
(echo "counts off" && echo "sort hash" && echo "d *--1-dfg") | Tools/Scripts/display-profiler-output richards-serial.profile | elimptr > richards-serial.asm
(echo "counts off" && echo "sort hash" && echo "d *--1-dfg") | Tools/Scripts/display-profiler-output richards-concurrent.profile | elimptr > richards-concurrent.asm
diff -u richards-serial.asm richards-concurrent.asm
And this immediately told me that the reason why richards is slower in the
concurrent compilation case is just that we end up compiling *tons* more
functions, most of which are trivially inlineable. Basically, concurrent
compilation breaks our previous heuristics for delaying compilation of
inlineables just enough that they never trigger compilation. We should fix
that in a separate bug.
- Scripts/display-profiler-output:
- 9:00 PM Changeset in webkit [153167] by
-
- 18 edits in trunk
fourthTier: CheckArrays should be hoisted
https://bugs.webkit.org/show_bug.cgi?id=116353
Source/JavaScriptCore:
Performance neutral. This will be more important when we start depending on CheckArray for flat arrays.
Reviewed by Filip Pizlo.
- dfg/DFGAbstractState.cpp: Add ForwardCheckArray to wherever we had a CheckArray before.
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
- dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::isContravenedByStructure): Checks if the ArrayMode derived from a specific Structure
would contradict the ArrayModes that would be filtered by the current ArrayMode. This is used to detect
if any specific CheckStructures would contradict our CheckArray so that we can defer to the CheckStructure's
judgment.
- dfg/DFGByteCodeParser.cpp: Fill in checkArrayHoistingFailed where we previously exited due to a BadIndexingType.
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::checkArrayElimination):
(JSC::DFG::CSEPhase::performNodeCSE):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGNode.h:
(JSC::DFG::Node::hasArrayMode):
- dfg/DFGNodeType.h: New ForwardCheckArray node type.
- dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGTypeCheckHoistingPhase.cpp: Refactored most of TypeCheckHoistingPhase into separate functions, some
of which are now generic to both CheckStructure and CheckArray hoisting while others are specific to one or the
other. Both of the non-zero CheckBallot values must be 1 because we use them as an index into an array of
length 2 inside the VariableAccessData.
(CheckData): Moved structure outside of TypeCheckHoistingPhase so that ArrayTypeCheck and StructureTypeCheck
can access it. Also added new fields for tracking ArrayModes. We need the m_arrayModeIsValid because there
isn't a good sentinel value for "this ArrayMode is invalid and meaningless" like there is for m_structure.
We need m_arrayModeHoistingOkay for when we want to permanently disable hoisting for that particular variable.
(JSC::DFG::CheckData::CheckData):
(JSC::DFG::CheckData::disableCheckArrayHoisting): Helper function for disabling CheckArray hoisting for a
specific CheckData.
(JSC::DFG::TypeCheckHoistingPhase::run): We now do both CheckStructure and CheckArray hoisting, although we prefer
CheckStructure hoisting when given the possibility to do both.
(TypeCheckHoistingPhase):
(JSC::DFG::TypeCheckHoistingPhase::clearVariableVotes): Clears all of the VariableAccessData votes since they
can only have two types of votes at any particular time.
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks): Very similar to identifyRedundantStructureChecks,
but with a few different nodes that are important, namely CheckArray (instead of CheckStructure) and the Arrayify-like
nodes always disable hoisting since they always change the IndexingType.
(JSC::DFG::TypeCheckHoistingPhase::disableHoistingForVariablesWithInsufficientVotes):
(JSC::DFG::TypeCheckHoistingPhase::disableHoistingAcrossOSREntries):
(JSC::DFG::TypeCheckHoistingPhase::disableCheckArrayHoisting): Helper that looks up the CheckData for the
specified variable and disables CheckArray hoisting on it.
(JSC::DFG::TypeCheckHoistingPhase::shouldConsiderForHoisting):
(JSC::DFG::TypeCheckHoistingPhase::noticeStructureCheck):
(JSC::DFG::TypeCheckHoistingPhase::noticeCheckArray):
(JSC::DFG::TypeCheckHoistingPhase::noticeStructureCheckAccountingForArrayMode): We want to take CheckStructure nodes
into account when hoisting CheckArrays, so we make sure that if we contradict what a CheckStructure says then we
give up on hoisting the CheckArray.
(JSC::DFG::ArrayTypeCheck::isValidToHoist):
(ArrayTypeCheck): Structure that houses some of the specifics on how to hoist CheckArrays. This structure
is used a template argument to allow some of the very similar code to statically parameterized and reused
for both CheckStructure and CheckArray hoisting.
(JSC::DFG::ArrayTypeCheck::disableHoisting):
(JSC::DFG::ArrayTypeCheck::isContravenedByValue):
(JSC::DFG::ArrayTypeCheck::hasEnoughVotesToHoist):
(JSC::DFG::ArrayTypeCheck::hoistingPreviouslyFailed):
(JSC::DFG::StructureTypeCheck::isValidToHoist):
(StructureTypeCheck): Same as ArrayTypeCheck, but specific to CheckStructure hoisting.
(JSC::DFG::StructureTypeCheck::disableHoisting):
(JSC::DFG::StructureTypeCheck::isContravenedByValue):
(JSC::DFG::StructureTypeCheck::hasEnoughVotesToHoist):
(JSC::DFG::StructureTypeCheck::hoistingPreviouslyFailed):
- dfg/DFGUnificationPhase.cpp: Added merging of whether or not CheckArray hoisting failed.
(JSC::DFG::UnificationPhase::run):
- dfg/DFGVariableAccessData.h:
(JSC::DFG::VariableAccessData::VariableAccessData):
(JSC::DFG::VariableAccessData::mergeCheckArrayHoistingFailed):
(VariableAccessData):
(JSC::DFG::VariableAccessData::checkArrayHoistingFailed):
- runtime/Options.h:
LayoutTests:
Added a microbenchmark to JSRegress that specifically targets CheckArray hoisting.
We get a 25% improvement on it.
Reviewed by Filip Pizlo.
- fast/js/regress/check-array-hoisting-expected.txt: Added.
- fast/js/regress/check-array-hoisting.html: Added.
- fast/js/regress/script-tests/check-array-hoisting.js: Added.
(f):
- 9:00 PM Changeset in webkit [153166] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: getCTIStub should be thread-safe
https://bugs.webkit.org/show_bug.cgi?id=116126
Reviewed by Dan Bernstein.
It's called from the compilation thread. Give it locks.
- jit/JITThunks.cpp:
(JSC::JITThunks::ctiStub):
(JSC::JITThunks::hostFunctionStub):
- jit/JITThunks.h:
(JITThunks):
- 9:00 PM Changeset in webkit [153165] by
-
- 19 edits2 copies in trunk/Source/JavaScriptCore
fourthTier: Executable and CodeBlock should be aware of DFG::Plans that complete asynchronously
https://bugs.webkit.org/show_bug.cgi?id=116350
Reviewed by Oliver Hunt.
This refactors compilation so that:
- JITStubs knows exactly what the result of compilation was. For example, if compilation was deferred, it will now know this.
- The set of things that has to happen to install compiled code is now factored out into JSC::installOptimizedCode().
- A bunch of the code in Executable.cpp is now made more common to reduce code duplication. For example, the heap heuristics stuff is now in one place.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/CodeBlock.cpp:
(JSC::ProgramCodeBlock::compileOptimized):
(JSC::ProgramCodeBlock::replaceWithDeferredOptimizedCode):
(JSC):
(JSC::EvalCodeBlock::compileOptimized):
(JSC::EvalCodeBlock::replaceWithDeferredOptimizedCode):
(JSC::FunctionCodeBlock::compileOptimized):
(JSC::FunctionCodeBlock::replaceWithDeferredOptimizedCode):
(JSC::ProgramCodeBlock::jitCompileImpl):
(JSC::EvalCodeBlock::jitCompileImpl):
(JSC::FunctionCodeBlock::jitCompileImpl):
- bytecode/CodeBlock.h:
(CodeBlock):
(JSC::CodeBlock::jitCompile):
(ProgramCodeBlock):
(EvalCodeBlock):
(FunctionCodeBlock):
- dfg/DFGDesiredIdentifiers.cpp:
(JSC::DFG::DesiredIdentifiers::numberOfIdentifiers):
(DFG):
(JSC::DFG::DesiredIdentifiers::at):
- dfg/DFGDesiredIdentifiers.h:
(JSC):
(DesiredIdentifiers):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
(JSC::DFG::tryFinalizePlan):
(DFG):
- dfg/DFGDriver.h:
(DFG):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
(JSC::DFG::tryFinalizePlan):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::Graph):
- dfg/DFGJITFinalizer.cpp:
(JSC::DFG::JITFinalizer::finalizeCommon):
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::compileInThread):
(JSC::DFG::Plan::reallyAdd):
- dfg/DFGPlan.h:
(JSC):
(Plan):
(DFG):
- ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalizeFunction):
- jit/JITDriver.h:
(JSC::jitCompileIfAppropriateImpl):
(JSC::jitCompileFunctionIfAppropriateImpl):
(JSC):
(JSC::jitCompileIfAppropriate):
(JSC::jitCompileFunctionIfAppropriate):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
- runtime/CompilationResult.cpp: Added.
(WTF):
(WTF::printInternal):
- runtime/CompilationResult.h: Added.
(JSC):
(WTF):
- runtime/Executable.cpp:
(JSC::EvalExecutable::compileOptimized):
(JSC::EvalExecutable::jitCompile):
(JSC::EvalExecutable::compileInternal):
(JSC::EvalExecutable::replaceWithDeferredOptimizedCode):
(JSC):
(JSC::ProgramExecutable::compileOptimized):
(JSC::ProgramExecutable::jitCompile):
(JSC::ProgramExecutable::compileInternal):
(JSC::ProgramExecutable::replaceWithDeferredOptimizedCode):
(JSC::FunctionExecutable::compileOptimizedForCall):
(JSC::FunctionExecutable::compileOptimizedForConstruct):
(JSC::FunctionExecutable::jitCompileForCall):
(JSC::FunctionExecutable::jitCompileForConstruct):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForCall):
(JSC::FunctionExecutable::compileForConstructInternal):
(JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeForConstruct):
- runtime/Executable.h:
(ScriptExecutable):
(EvalExecutable):
(ProgramExecutable):
(FunctionExecutable):
(JSC::FunctionExecutable::compileOptimizedFor):
(JSC::FunctionExecutable::replaceWithDeferredOptimizedCodeFor):
(JSC::FunctionExecutable::jitCompileFor):
- runtime/ExecutionHarness.h:
(JSC::prepareForExecutionImpl):
(JSC::prepareFunctionForExecutionImpl):
(JSC):
(JSC::installOptimizedCode):
(JSC::prepareForExecution):
(JSC::prepareFunctionForExecution):
(JSC::replaceWithDeferredOptimizedCode):
- 9:00 PM Changeset in webkit [153164] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: observeUseKindOnNode doesn't contain a case for KnownCellUse
https://bugs.webkit.org/show_bug.cgi?id=116130
This would just lead to us being overly conservative when deciding
whether we should unbox GetLocals with KnownCellUse UseKinds.
Reviewed by Filip Pizlo.
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::observeUseKindOnNode):
- 9:00 PM Changeset in webkit [153163] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: infrequent segfault in DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks()
https://bugs.webkit.org/show_bug.cgi?id=116134
CodeBlock and JITCode should be ThreadSafeRefCounted. We're going to
start using them on more threads very soon (with concurrent
compilation). This patch also fixes the specific place where we were
superfluously creating a RefPtr.
Reviewed by Oliver Hunt.
- bytecode/CodeBlock.h:
(JSC::CodeBlock::getJITType):
- jit/JITCode.h:
- 9:00 PM Changeset in webkit [153162] by
-
- 17 edits2 adds in trunk/Source/JavaScriptCore
fourthTier: Implement a probe mechanism for JIT generated code.
https://bugs.webkit.org/show_bug.cgi?id=115705.
Reviewed by Geoffrey Garen.
The probe is in the form of a MacroAssembler pseudo instruction.
It takes 3 arguments: a ProbeFunction, and 2 void* args.
When inserted into the JIT at some code generation site, the probe
pseudo "instruction" will emit a minimal amount of code to save the
stack pointer, 1 (or more) scratch register(s), and the probe
arguments into a ProbeContext record on the stack. The emitted code
will then call a probe trampoline to do the rest of the work, which
consists of:
- saving the remaining registers into the ProbeContext.
- calling the ProbeFunction, and passing it the ProbeContext pointer.
- restoring the registers from the ProbeContext after the ProbeFunction returns, and then returning to the JIT generated code.
The ProbeContext is stack allocated and is only valid for the duration
that the ProbeFunction is executing.
If the user supplied ProbeFunction alters the register values in the
ProbeContext, the new values will be installed into the registers upon
returning from the probe. This can be useful for some debugging or
testing purposes.
The probe mechanism is built conditional on USE(MASM_PROBE) which is
defined in config.h. USE(MASM_PROBE) will off by default.
This changeset only implements the probe mechanism for X86 and X86_64.
- CMakeLists.txt:
- GNUmakefile.list.am:
- JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
- JavaScriptCore.xcodeproj/project.pbxproj:
- Target.pri:
- assembler/MacroAssembler.h:
(MacroAssembler):
(JSC::MacroAssembler::shouldBlind):
(JSC::MacroAssembler::store32):
- assembler/MacroAssemblerX86.h:
(MacroAssemblerX86):
(JSC::MacroAssemblerX86::trustedImm32FromPtr):
(JSC::MacroAssemblerX86::probe):
- assembler/MacroAssemblerX86Common.cpp: Added.
(JSC::MacroAssemblerX86Common::ProbeContext::dumpCPURegisters):
- CPU specific register dumper called by ProbeContext::dump().
(JSC::MacroAssemblerX86Common::ProbeContext::dump):
- Prints the ProbeContext to the DataLog.
- assembler/MacroAssemblerX86Common.h:
(MacroAssemblerX86Common):
(CPUState): Added.
(ProbeContext): Added.
- assembler/MacroAssemblerX86_64.h:
(MacroAssemblerX86_64):
(JSC::MacroAssemblerX86_64::trustedImm64FromPtr):
(JSC::MacroAssemblerX86_64::probe):
- assembler/X86Assembler.h:
- config.h: Added WTF_USE_MASM_PROBE flag.
- jit/JITStubs.cpp:
- jit/JITStubs.h:
- jit/JITStubsX86.h:
- jit/JITStubsX86Common.h: Added.
- jit/JITStubsX86_64.h:
- 9:00 PM Changeset in webkit [153161] by
-
- 23 edits11 copies in trunk/Source/JavaScriptCore
fourthTier: DFG should separate link phase into things that must be done concurrently and things that must be done synchronously, and have a way of passing data from one to the other
https://bugs.webkit.org/show_bug.cgi?id=116060
Reviewed by Gavin Barraclough.
This introduces the concept of a DFG::Plan, which corresponds to:
- The data that the concurrent DFG or FTL need to start compiling a CodeBlock. This mostly includes basic things like CodeBlock*, but also a list of must-handle values for OSR entry.
- The data that the synchronous linker need to link in code compiled by a concurrent compilation thread. This is further encapsulated by DFG::Finalizer, since the data, and the actions that need to be taken, are different in DFG versus FTL. This patch also institutes the policy that the concurrent compilation thread shall not use LinkBuffer::performFinalization(), since that code assumes that it's running on the same thread that will actually run the code.
- The actions that need to be taken to compile code. In other words, most of the code that previously lived in DFGDriver.cpp now lives in DFG::Plan::compileInThread().
- The actions that need to be taken when synchronously linking the code. This includes "really" adding watchpoints and identifiers, checking watchpoint and chain validity, and running the DFG::Finalizer.
Currently, DFGDriver just creates a Plan and runs it synchronously. But in the
future, we will be able to malloc some Plans and enqueue them, and have the
concurrent thread dequeue them and call Plan::compileInThread().
For now, this has no behavior or performance change.
- JavaScriptCore.xcodeproj/project.pbxproj:
- assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::performFinalization):
- assembler/LinkBuffer.h:
(LinkBuffer):
(JSC::LinkBuffer::LinkBuffer):
(JSC::LinkBuffer::~LinkBuffer):
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::initialize):
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::setFuturePossibleStructure):
(JSC::DFG::AbstractValue::filterFuturePossibleStructure):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::parseResolveOperations):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
(JSC::DFG::ByteCodeParser::parseCodeBlock):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
(JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
- dfg/DFGDriver.cpp:
(DFG):
(JSC::DFG::compile):
- dfg/DFGFailedFinalizer.cpp: Added.
(DFG):
(JSC::DFG::FailedFinalizer::FailedFinalizer):
(JSC::DFG::FailedFinalizer::~FailedFinalizer):
(JSC::DFG::FailedFinalizer::finalize):
(JSC::DFG::FailedFinalizer::finalizeFunction):
- dfg/DFGFailedFinalizer.h: Added.
(DFG):
(FailedFinalizer):
- dfg/DFGFinalizer.cpp: Added.
(DFG):
(JSC::DFG::Finalizer::Finalizer):
(JSC::DFG::Finalizer::~Finalizer):
- dfg/DFGFinalizer.h: Added.
(DFG):
(Finalizer):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::Graph):
(JSC::DFG::Graph::dump):
(DFG):
- dfg/DFGGraph.h:
(Graph):
(JSC::DFG::Graph::masqueradesAsUndefinedWatchpointIsStillValid):
(JSC::DFG::Graph::compilation):
(JSC::DFG::Graph::identifiers):
(JSC::DFG::Graph::watchpoints):
(JSC::DFG::Graph::chains):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
(JSC::DFG::JITCompiler::linkFunction):
(DFG):
(JSC::DFG::JITCompiler::disassemble):
- dfg/DFGJITCompiler.h:
(JITCompiler):
(JSC::DFG::JITCompiler::addLazily):
- dfg/DFGJITFinalizer.cpp: Added.
(DFG):
(JSC::DFG::JITFinalizer::JITFinalizer):
(JSC::DFG::JITFinalizer::~JITFinalizer):
(JSC::DFG::JITFinalizer::finalize):
(JSC::DFG::JITFinalizer::finalizeFunction):
(JSC::DFG::JITFinalizer::finalizeCommon):
- dfg/DFGJITFinalizer.h: Added.
(DFG):
(JITFinalizer):
- dfg/DFGPlan.cpp: Added.
(DFG):
(JSC::DFG::dumpAndVerifyGraph):
(JSC::DFG::Plan::Plan):
(JSC::DFG::Plan::~Plan):
(JSC::DFG::Plan::compileInThread):
(JSC::DFG::Plan::isStillValid):
(JSC::DFG::Plan::reallyAdd):
(JSC::DFG::Plan::finalize):
- dfg/DFGPlan.h: Added.
(DFG):
(Plan):
(JSC::DFG::Plan::vm):
- dfg/DFGPredictionInjectionPhase.cpp:
(JSC::DFG::PredictionInjectionPhase::run):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::identifierUID):
(JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
- dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::run):
- ftl/FTLGeneratedFunction.h: Added.
(FTL):
- ftl/FTLJITFinalizer.cpp: Added.
(FTL):
(JSC::FTL::JITFinalizer::JITFinalizer):
(JSC::FTL::JITFinalizer::~JITFinalizer):
(JSC::FTL::JITFinalizer::finalize):
(JSC::FTL::JITFinalizer::finalizeFunction):
- ftl/FTLJITFinalizer.h: Added.
(FTL):
(JITFinalizer):
(JSC::FTL::JITFinalizer::initializeExitThunksLinkBuffer):
(JSC::FTL::JITFinalizer::initializeEntrypointLinkBuffer):
(JSC::FTL::JITFinalizer::initializeCode):
(JSC::FTL::JITFinalizer::initializeFunction):
(JSC::FTL::JITFinalizer::initializeArityCheck):
(JSC::FTL::JITFinalizer::initializeJITCode):
- ftl/FTLLink.cpp:
(JSC::FTL::link):
- ftl/FTLLink.h:
(FTL):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::linkOSRExitsAndCompleteInitializationBlocks):
- ftl/FTLState.cpp:
(JSC::FTL::State::State):
- ftl/FTLState.h:
(FTL):
(State):
- 9:00 PM Changeset in webkit [153160] by
-
- 5 edits6 adds in trunk/Source/JavaScriptCore
fourthTier: Refactor JITStubs.cpp to move CPU specific parts out into their own files.
https://bugs.webkit.org/show_bug.cgi?id=116135.
Reviewed by Michael Saboff.
This mod only moves the CPU specific parts out. There is no code change.
Tested on debug builds of X86, X86_64, ARM and ARMv7. The SH4 and MIPS
ports are untested. Windows port also not tested.
- GNUmakefile.list.am:
- JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
- JavaScriptCore.xcodeproj/project.pbxproj:
- jit/JITStubs.cpp:
(JSC::performPlatformSpecificJITAssertions):
- jit/JITStubsARM.h: Added.
(JSC::ctiTrampoline):
(JSC::ctiTrampolineEnd):
(JSC::ctiVMThrowTrampoline):
(JSC::ctiOpThrowNotCaught):
(JSC::performARMJITAssertions):
- jit/JITStubsARMv7.h: Added.
(JSC::ctiTrampoline):
(JSC::ctiVMThrowTrampoline):
(JSC::ctiOpThrowNotCaught):
(JSC::performARMv7JITAssertions):
- jit/JITStubsMIPS.h: Added.
(JSC::performMIPSJITAssertions):
- jit/JITStubsSH4.h: Added.
- jit/JITStubsX86.h: Added.
- jit/JITStubsX86_64.h: Added.
- 9:00 PM Changeset in webkit [153159] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: Segfault in jsc with simple test program when running with profile dumping enabled
https://bugs.webkit.org/show_bug.cgi?id=116082
It's crashing because CodeBlock::baselineVersion() doesn't know how to handle the case where 'this' is the
baseline version but it hasn't been assigned to the m_blahCodeBlock field in BlahExecutable. The fix is to
check if we're the baseline version in baselineVersion() and return this if so.
Reviewed by Filip Pizlo.
- bytecode/CodeBlock.h:
(JSC::CodeBlock::baselineVersion):
- 9:00 PM Changeset in webkit [153158] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: Rename StructureCheckHoistingPhase to TypeCheckHoistingPhase
https://bugs.webkit.org/show_bug.cgi?id=115938
We're going to add some more types of check hoisting soon, so let's have
the right name here.
Rubber stamped by Filip Pizlo.
- CMakeLists.txt:
- GNUmakefile.list.am:
- JavaScriptCore.xcodeproj/project.pbxproj:
- Target.pri:
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- dfg/DFGStructureCheckHoistingPhase.cpp: Removed.
- dfg/DFGStructureCheckHoistingPhase.h: Removed.
- dfg/DFGTypeCheckHoistingPhase.cpp: Added.
(DFG):
(TypeCheckHoistingPhase):
(JSC::DFG::TypeCheckHoistingPhase::TypeCheckHoistingPhase):
(JSC::DFG::TypeCheckHoistingPhase::run):
(JSC::DFG::TypeCheckHoistingPhase::shouldConsiderForHoisting):
(JSC::DFG::TypeCheckHoistingPhase::noticeStructureCheck):
(CheckData):
(JSC::DFG::TypeCheckHoistingPhase::CheckData::CheckData):
(JSC::DFG::performTypeCheckHoisting):
- dfg/DFGTypeCheckHoistingPhase.h: Added.
- 9:00 PM Changeset in webkit [153157] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: SpeculativeJIT::checkArray should use the correct ExitKind
https://bugs.webkit.org/show_bug.cgi?id=115943
Currently it uses Uncountable, which gives us no information if we end up exiting due to a
mismatched ClassInfo pointer. It should instead use BadType and should pass the correct
JSValueSource and Node instead of passing empty values.
Reviewed by Filip Pizlo.
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkArray):
- 9:00 PM Changeset in webkit [153156] by
-
- 6 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support Jump and ForceOSRExit
https://bugs.webkit.org/show_bug.cgi?id=115942
Reviewed by Oliver Hunt.
Added two obvious nodes: Jump and ForceOSRExit. We already had everything we needed
to support them.
Adding these increases our coverage a fair bit, and revealed a bug: LLVM's full
instruction selector currently appears to mishandle doubles in constant pools (or
just constant pools in general) with the small code model in the MCJIT. But switching
to FastISel "fixes" it. That's what this patch does, for now. This will probably
actually be permanent; the FastISel does pretty much everything we would ever want,
at least in the foreseeable future.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
(FTL):
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileBlock):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileJSConstant):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::compileJump):
(JSC::FTL::LowerDFGToLLVM::compileReturn):
(JSC::FTL::LowerDFGToLLVM::compileForceOSRExit):
- runtime/Options.h:
(JSC):
- 9:00 PM Changeset in webkit [153155] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support CompareStrictEqConstant
https://bugs.webkit.org/show_bug.cgi?id=115941
Reviewed by Mark Hahnenberg.
Pretty simple, but factors out the craziness of comparing against null or undefined
in a way that is reusable for both == and ===.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileCompareEqConstant):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEqConstant):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::equalNullOrUndefined):
- 8:59 PM Changeset in webkit [153154] by
-
- 7 edits2 adds in trunk/Source/JavaScriptCore
fourthTier: FTL should support CompareEqConstant
https://bugs.webkit.org/show_bug.cgi?id=115939
Reviewed by Oliver Hunt and Mark Hahnenberg.
The most interesting part of this patch is the way I make it easier to deal with
the inputs to Phi functions. This adds the notion of ValueFromBlock, which you
can get by doing m_out.anchor(value). You can build up a vector of these, and then
pass them to m_out.phi(type, vector) in one go.
- JavaScriptCore.xcodeproj/project.pbxproj:
- ftl/FTLAbbreviatedTypes.h: Added.
(FTL):
- ftl/FTLAbbreviations.h:
(FTL):
(JSC::FTL::addIncoming):
(JSC::FTL::buildPhi):
- ftl/FTLAbstractHeapRepository.h:
(FTL):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileCompareEqConstant):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::lowDouble):
(JSC::FTL::LowerDFGToLLVM::masqueradesAsUndefinedWatchpointIfIsStillValid):
- ftl/FTLOutput.h:
(JSC::FTL::Output::phi):
(Output):
(JSC::FTL::Output::anchor):
- ftl/FTLValueFromBlock.h: Added.
(FTL):
(ValueFromBlock):
(JSC::FTL::ValueFromBlock::ValueFromBlock):
(JSC::FTL::ValueFromBlock::value):
(JSC::FTL::ValueFromBlock::block):
- 8:59 PM Changeset in webkit [153153] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support CompareStrictEq
https://bugs.webkit.org/show_bug.cgi?id=115927
Reviewed by Mark Hahnenberg.
Do the sensible thing, and make it so that for common cases, CompareEq is
implemented in terms of CompareStrictEq in the FTL backend. All of the cases
we currently support can be done this way.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileCompareEq):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::compileCompareStrictEq):
- 8:59 PM Changeset in webkit [153152] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support Int32ToDouble
https://bugs.webkit.org/show_bug.cgi?id=115926
Reviewed by Mark Hahnenberg.
This node exists mainly to help the DFG see that a node may have both an int
and a double representation. But in the FTL, nodes already have multiple
representations. So this is just a no-op for the FTL.
I considered making it so that the node isn't even inserted if we're doing
FTL compilation, but that would have required a bunch of conditionalizing in
the DFG's optimization phases, which sort of expect this node to be present
and necessary.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileInt32ToDouble):
(LowerDFGToLLVM):
- 8:59 PM Changeset in webkit [153151] by
-
- 5 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support LogicalNot
https://bugs.webkit.org/show_bug.cgi?id=115924
Reviewed by Mark Hahnenberg.
- ftl/FTLAbbreviations.h:
(JSC::FTL::buildNot):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileLogicalNot):
(LowerDFGToLLVM):
- ftl/FTLOutput.h:
(JSC::FTL::Output::bitNot):
- 8:59 PM Changeset in webkit [153150] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support CompareGreater, CompareLessEq, and CompareGreaterEq
https://bugs.webkit.org/show_bug.cgi?id=115923
Reviewed by Mark Hahnenberg.
Also fixed a bug where double CompareLess would assert.
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileCompareLess):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::compileCompareLessEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareGreater):
(JSC::FTL::LowerDFGToLLVM::compileCompareGreaterEq):
- 8:59 PM Changeset in webkit [153149] by
-
- 1 edit in trunk/Source/JavaScriptCore/ChangeLog
fourthTier: FTL CompareEq ObjectUse should handle masquerading
https://bugs.webkit.org/show_bug.cgi?id=115920
Reviewed by Mark Hahnenberg.
We don't yet support watchpoints, but this does all the wiring right up to the
part where we would have emitted watchpoints. I've also written this in a way that
makes it easy to use the case where you would have anyway speculated non-masquerading
even if the watchpoint was invalidated.
This is inherently racy, of course: but the only race here is that you might first
set the watchpoint, and then the watchpoint is invalidated, and then you compile rest
of the code in a way that doesn't need the watchpoint. That's fine, since the FTL
will remember that it had set the watchpoint and then cancel the compilation.
- ftl/FTLAbbreviations.h:
(JSC::FTL::int8Type):
- ftl/FTLAbstractHeapRepository.h:
(FTL):
- ftl/FTLCommonValues.cpp:
(JSC::FTL::CommonValues::CommonValues):
- ftl/FTLCommonValues.h:
(CommonValues):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileCompareEq):
(JSC::FTL::LowerDFGToLLVM::lowNonNullObject):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::speculateNonNullObject):
(JSC::FTL::LowerDFGToLLVM::masqueradesAsUndefinedWatchpointIsStillValid):
(JSC::FTL::LowerDFGToLLVM::masqueradesAsUndefinedWatchpointIfIsStillValid):
- ftl/FTLOutput.h:
(JSC::FTL::Output::constInt8):
(JSC::FTL::Output::load8):
(JSC::FTL::Output::isZero8):
(JSC::FTL::Output::notZero8):
(JSC::FTL::Output::testIsZero8):
(JSC::FTL::Output::testNonZero8):
- 8:59 PM Changeset in webkit [153148] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: DFG shouldn't allocate in the GC heap
https://bugs.webkit.org/show_bug.cgi?id=115598
Reviewed by Geoffrey Garen.
I believe that we've now fixed this, and this patch just adds the relevant assertion.
- runtime/JSCellInlines.h:
(JSC::JSCell::JSCell):
- 8:59 PM Changeset in webkit [153147] by
-
- 19 edits in trunk/Source/JavaScriptCore
fourthTier: CodeBlock should be RefCounted
https://bugs.webkit.org/show_bug.cgi?id=115594
Reviewed by Geoffrey Garen.
This makes it possible to have the currently-being-compiled CodeBlock not be
installed in Executable, while also allowing it to point to its intended
alternative(). So long as we were using ownership and not reference counting, it
would have been difficult to have both CodeBlock::m_alternative and
Executable::m_codeBlockForBlah point to the previous CodeBlock.
I also took the opportunity to clean up a bunch of code that appears to have
rotted.
- assembler/MacroAssemblerCodeRef.h:
(MacroAssemblerCodePtr):
(JSC::MacroAssemblerCodePtr::operator==):
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
- bytecode/CodeBlock.h:
(JSC::CodeBlock::releaseAlternative):
(JSC::CodeBlock::setAlternative):
(CodeBlock):
(JSC::GlobalCodeBlock::GlobalCodeBlock):
(JSC::ProgramCodeBlock::ProgramCodeBlock):
(JSC::EvalCodeBlock::EvalCodeBlock):
(JSC::FunctionCodeBlock::FunctionCodeBlock):
- heap/DFGCodeBlocks.cpp:
(JSC::DFGCodeBlocks::~DFGCodeBlocks):
(JSC::DFGCodeBlocks::jettison):
(JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
- heap/DFGCodeBlocks.h:
(DFGCodeBlocks):
- heap/Heap.cpp:
(JSC::Heap::jettisonDFGCodeBlock):
- heap/Heap.h:
- jit/JITDriver.h:
(JSC::jitCompileIfAppropriate):
(JSC::jitCompileFunctionIfAppropriate):
- runtime/Executable.cpp:
(JSC::jettisonCodeBlock):
(JSC::EvalExecutable::jitCompile):
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::jitCompile):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::jitCompileForCall):
(JSC::FunctionExecutable::jitCompileForConstruct):
(JSC::FunctionExecutable::produceCodeBlockFor):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
- runtime/Executable.h:
(EvalExecutable):
(FunctionExecutable):
(JSC::FunctionExecutable::codeBlockFor):
- runtime/ExecutionHarness.h:
(JSC::prepareForExecution):
(JSC::prepareFunctionForExecution):
- 8:59 PM Changeset in webkit [153146] by
-
- 16 edits4 adds2 deletes in trunk/Source/JavaScriptCore
fourthTier: DFG should have its own notion of StructureChain, and it should be possible to validate it after compilation finishes
https://bugs.webkit.org/show_bug.cgi?id=115841
Reviewed by Oliver Hunt.
This adds IntendedStructureChain, which is like StructureChain, except that it holds a bit
more information and can be validated independantly of its owning Structure and lexical
GlobalObject, since it remembers both of those things. It's also malloc'd and RefCounted
rather than GC'd, so it can be allocated in a concurrent compilation thread.
Gave this class a bunch of methods to allow the following idiom:
- Snapshot a structure chain concurrently. This structure chain may end up being wrong in case of races, but in that case we will find out when we try to validate it.
- Perform validation on the structure chain itself, without recomputing the chain. Previously, many chain validation methods (prototypeChainMayInterceptStoreTo() for example) recomputed the chain, and hence, were inherently racy: you could build one chain and then validate against a different chain, and hence not realize that the chain you did build was actually broken for your purposes, because the chain you checked was a different one.
- Validate that the chain is still the right one at any time, allowing the cancellation of compilation if there was a race.
Also added DFG::DesiredStructureChains, which tracks those intended structure chains that
the compiler had already chosen to use. If any of those are invalid at link time, throw
out the compilation.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeForChain):
(JSC::GetByIdStatus::computeFor):
- bytecode/GetByIdStatus.h:
(JSC::GetByIdStatus::GetByIdStatus):
(JSC::GetByIdStatus::chain):
(GetByIdStatus):
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFromLLInt):
(JSC::PutByIdStatus::computeFor):
- bytecode/PutByIdStatus.h:
(JSC::PutByIdStatus::PutByIdStatus):
(JSC::PutByIdStatus::structureChain):
(PutByIdStatus):
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
- dfg/DFGDesiredStructureChains.cpp: Added.
(DFG):
(JSC::DFG::DesiredStructureChains::DesiredStructureChains):
(JSC::DFG::DesiredStructureChains::~DesiredStructureChains):
(JSC::DFG::DesiredStructureChains::areStillValid):
- dfg/DFGDesiredStructureChains.h: Added.
(DFG):
(DesiredStructureChains):
(JSC::DFG::DesiredStructureChains::addLazily):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::isStillValid):
(DFG):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::linkFunction):
- ftl/FTLLink.cpp:
(JSC::FTL::link):
- runtime/IntendedStructureChain.cpp: Added.
(JSC):
(JSC::IntendedStructureChain::IntendedStructureChain):
(JSC::IntendedStructureChain::~IntendedStructureChain):
(JSC::IntendedStructureChain::isStillValid):
(JSC::IntendedStructureChain::matches):
(JSC::IntendedStructureChain::chain):
(JSC::IntendedStructureChain::mayInterceptStoreTo):
(JSC::IntendedStructureChain::isNormalized):
(JSC::IntendedStructureChain::terminalPrototype):
- runtime/IntendedStructureChain.h: Added.
(JSC):
(IntendedStructureChain):
(JSC::IntendedStructureChain::head):
(JSC::IntendedStructureChain::size):
(JSC::IntendedStructureChain::at):
(JSC::IntendedStructureChain::operator[]):
(JSC::IntendedStructureChain::last):
- runtime/Structure.cpp:
(JSC::Structure::prototypeChainMayInterceptStoreTo):
- runtime/Structure.h:
(Structure):
- runtime/StructureInlines.h:
(JSC::Structure::storedPrototypeObject):
(JSC):
(JSC::Structure::storedPrototypeStructure):
- 8:59 PM Changeset in webkit [153145] by
-
- 88 edits in trunk
fourthTier: Rationalized 'this' conversion, includes subsequent FTL branch fixes
Reviewed by Oliver Hunt.
Source/JavaScriptCore:
Rationalized 'this' value conversion
https://bugs.webkit.org/show_bug.cgi?id=115542
This fixes a bunch of Sputnik tests, and some bad pointer access.
The new model is that the callee always performs 'this' value conversion.
My ultimate goal is to break up resolve_with_this into single-result
opcodes. This step avoids having to add a special form of convert_this
that distinguishes callers vs callees.
Only the callee knows whether it uses 'this' and/or whether 'this'
conversion should use StrictMode, so it's most natural to perform
convert_this in the callee.
- API/JSCallbackFunction.cpp: (JSC::JSCallbackFunction::call): Perform 'this' value conversion for our callee, since it may observe 'this'.
- API/JSCallbackObjectFunctions.h: (JSC::::call): Ditto.
- API/JSContextRef.cpp: (JSGlobalContextCreateInGroup): Use a proxy 'this' object in global scope even when we're not in the browser. This eliminates some odd cases where API clients used to be able to get a direct reference to an environment record. Now, any reference to an environment record unambiguously means that the VM resolved that record in the scope chain.
(JSContextGetGlobalObject): Removed an incorrect comment. Now that JSC
participates in the proxy 'this' object scheme, the behavior is not
WebCore-only.
- API/JSObjectRef.cpp: (JSObjectSetPrototype): (JSObjectCallAsFunction): Don't perform 'this' value conversion in the caller; the callee will do it if needed.
- JavaScriptCore.order: Order!
- JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreExports.def:
- JavaScriptCore.vcxproj/JavaScriptCoreExportGenerator/JavaScriptCoreExports.def.in: What are the chances that this will work?
- bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpBytecode): (JSC::CodeBlock::CodeBlock): Renamed convert_this to to_this, to match our other conversion opcodes.
- bytecode/CodeOrigin.h: (CodeOrigin): (InlineCallFrame): (JSC::CodeOrigin::codeOriginOwner): Use the more precise type for our executable, so compilation can discover where we're in strict mode.
- bytecode/Opcode.h: (JSC::padOpcodeName): Updated for rename.
- bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::BytecodeGenerator): Always emit to_this when 'this' is in use -- strict mode still needs to convert environment records to 'undefined'.
- dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::executeEffects):
- dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGCapabilities.h: (JSC::DFG::canCompileOpcode): Updated for renames.
- dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): Tightened up this code to consider strict mode (a new requirement) and to consider the global object (which was always a requirement).
- dfg/DFGGraph.h: (JSC::DFG::Graph::globalThisObjectFor): (JSC::DFG::Graph::executableFor):
- dfg/DFGNodeType.h:
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate):
- dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): Ditto.
- interpreter/Interpreter.cpp: (JSC::eval): (JSC::Interpreter::execute): (JSC::Interpreter::executeCall):
- interpreter/Interpreter.h: Don't ASSERT about 'this' -- it's our job to fix it up if needed.
- jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases):
- jit/JIT.h: (JIT):
- jit/JITOpcodes.cpp: (JSC::JIT::emit_op_to_this): (JSC::JIT::emitSlow_op_to_this):
- jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_to_this): (JSC::JIT::emitSlow_op_to_this):
- jit/JITStubs.cpp: (JSC::DEFINE_STUB_FUNCTION):
- jit/JITStubs.h: Removed special-case code for various kinds of conversions. The baseline fast path is now final objects only. It hurt my brain to think through how to keep the other fast paths working, and our benchmarks do not object.
- llint/LLIntData.cpp: (JSC::LLInt::Data::performAssertions):
- llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL):
- llint/LLIntSlowPaths.h: (LLInt):
- llint/LowLevelInterpreter.asm:
- llint/LowLevelInterpreter32_64.asm:
- llint/LowLevelInterpreter64.asm: Updated for renames. Removed some special case code, as in the JIT above.
- profiler/ProfileGenerator.cpp: (JSC::ProfileGenerator::addParentForConsoleStart):
- runtime/CallData.cpp: (JSC::call):
- runtime/ClassInfo.h: (MethodTable):
- runtime/Completion.cpp: (JSC::evaluate):
- runtime/DatePrototype.cpp: (JSC::dateProtoFuncToJSON): The callee performs 'this' conversion, not the caller.
- runtime/GetterSetter.cpp: (JSC::callGetter): (JSC::callSetter):
- runtime/GetterSetter.h: Added helper functions for invoking getters and setters from C++ code, since this was duplicated in a bunch of places.
- runtime/JSActivation.cpp: (JSC::JSActivation::toThis):
- runtime/JSActivation.h: (JSActivation):
- runtime/JSCJSValue.cpp: (JSC::JSValue::toThisSlowCase): (JSC::JSValue::putToPrimitive):
- runtime/JSCJSValue.h: (JSValue):
- runtime/JSCJSValueInlines.h: (JSC::JSValue::toThis):
- runtime/JSCell.cpp: (JSC::JSCell::toThis):
- runtime/JSCell.h: (JSCell):
- runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::toThis):
- runtime/JSGlobalObject.h: (JSGlobalObject): Filled out runtime support for converting 'this' values as needed, according to the appropriate strictness, using helper functions where getter/setter code was duplicated.
- runtime/JSGlobalObjectFunctions.cpp: (JSC::globalFuncProtoGetter): (JSC::globalFuncProtoSetter): Perform 'this' value conversion, since we observe 'this'.
- runtime/JSNameScope.cpp: (JSC::JSNameScope::toThis):
- runtime/JSNameScope.h: (JSNameScope): Same as JSActivation.
- runtime/JSObject.cpp: (JSC::JSObject::put): (JSC::JSObject::setPrototypeWithCycleCheck): Bug fix. Don't peform 'this' value conversion in this helper function. The proto setter does this for us, since it's the function that logically observes 'this' -- and we can ASSERT so. Also, the previous code used "globalExec()->thisValue()", which is a read past the beginning of a buffer! I don't think this ever worked on purpose.
(JSC::JSObject::toThis):
(JSC::JSObject::fillGetterPropertySlot):
- runtime/JSObject.h: (JSC::JSObject::inlineGetOwnPropertySlot):
- runtime/JSScope.cpp: (JSC::JSScope::resolveWithThis):
- runtime/JSString.cpp: (JSC::JSString::toThis):
- runtime/JSString.h: (JSString):
- runtime/PropertySlot.cpp: (JSC::PropertySlot::functionGetter):
- runtime/PropertySlot.h: (JSC): (JSC::PropertySlot::setGetterSlot): (JSC::PropertySlot::setCacheableGetterSlot):
- runtime/SparseArrayValueMap.cpp: (JSC::SparseArrayEntry::get): (JSC::SparseArrayEntry::put):
- runtime/StrictEvalActivation.cpp: (JSC::StrictEvalActivation::toThis):
- runtime/StrictEvalActivation.h: (StrictEvalActivation): Ditto.
Source/WebCore:
Rationalized 'this' value conversion
https://bugs.webkit.org/show_bug.cgi?id=115542
Source/WebKit/mac:
Rationalized 'this' value conversion
https://bugs.webkit.org/show_bug.cgi?id=115542
Source/WebKit2:
Rationalized 'this' value conversion
https://bugs.webkit.org/show_bug.cgi?id=115542
LayoutTests:
Rationalized 'this' value conversion
https://bugs.webkit.org/show_bug.cgi?id=115542
- 8:59 PM Changeset in webkit [153144] by
-
- 4 edits in trunk/Source/JavaScriptCore
fourthTier: DFG::ByteCodeParser doesn't need ExecState*
https://bugs.webkit.org/show_bug.cgi?id=115582
Reviewed by Geoffrey Garen.
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::ByteCodeParser):
(ByteCodeParser):
(JSC::DFG::parse):
- dfg/DFGByteCodeParser.h:
(DFG):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- 8:59 PM Changeset in webkit [153143] by
-
- 7 edits in trunk/Source/JavaScriptCore
fourthTier: Profiler should be thread-safe
https://bugs.webkit.org/show_bug.cgi?id=115445
Reviewed by Geoffrey Garen.
Change the Profiler::Database API for Compilation creation so that we don't add
it to the Database until it's completely constructed. This prevents the Database
from seeing Compilations that are being concurrently constructed.
Change the Profiler::Database itself to do locking for creation of Bytecodes and
for modifying the map. This map may be consulted by both the main thread and the
concurrent thread.
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::Graph):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::linkFunction):
- jit/JIT.cpp:
(JSC::JIT::privateCompile):
- profiler/ProfilerBytecodes.h:
- profiler/ProfilerDatabase.cpp:
(JSC::Profiler::Database::ensureBytecodesFor):
(JSC::Profiler::Database::notifyDestruction):
(JSC::Profiler::Database::addCompilation):
- profiler/ProfilerDatabase.h:
(Database):
- 8:59 PM Changeset in webkit [153142] by
-
- 41 edits3 copies in trunk/Source
fourthTier: DFG tries to ref/deref StringImpls in a ton of places
https://bugs.webkit.org/show_bug.cgi?id=115300
Source/JavaScriptCore:
Reviewed by Geoffrey Garen.
Change any code transitively called from DFG compilation to use StringImpl*
directly instead of String, Identifier, or PropertyName. I use the convention
of passing "StringImpl* uid" instead of an Identifier or PropertyName.
Switch over any code transitively called from DFG compilation to use CStrings
whenever possible for all of its debug dumping.
This makes it possible to compile things without hitting the ref/deref
assertion in StringImpl.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::inferredName):
(JSC::CodeBlock::sourceCodeForTools):
(JSC::CodeBlock::sourceCodeOnOneLine):
(JSC::constantName):
(JSC::idName):
(JSC::CodeBlock::registerName):
(JSC::regexpToSourceString):
(JSC::regexpName):
(JSC::pointerToSourceString):
(JSC::CodeBlock::printUnaryOp):
(JSC::CodeBlock::printBinaryOp):
(JSC::CodeBlock::printConditionalJump):
(JSC::CodeBlock::printGetByIdOp):
(JSC::dumpStructure):
(JSC::CodeBlock::printCallOp):
(JSC::CodeBlock::printPutByIdOp):
(JSC::CodeBlock::printStructure):
(JSC::CodeBlock::printStructures):
(JSC::CodeBlock::dumpBytecode):
- bytecode/CodeBlock.h:
(CodeBlock):
- bytecode/CodeBlockHash.cpp:
(JSC::CodeBlockHash::CodeBlockHash):
- bytecode/CodeOrigin.cpp:
(JSC::InlineCallFrame::inferredName):
- bytecode/CodeOrigin.h:
(InlineCallFrame):
- bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFromLLInt):
(JSC::GetByIdStatus::computeForChain):
(JSC::GetByIdStatus::computeFor):
- bytecode/GetByIdStatus.h:
(JSC):
(GetByIdStatus):
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFromLLInt):
(JSC::PutByIdStatus::computeFor):
- bytecode/PutByIdStatus.h:
(JSC):
(PutByIdStatus):
- bytecode/ReduceWhitespace.cpp:
(JSC::reduceWhitespace):
- bytecode/ReduceWhitespace.h:
(JSC):
- bytecode/ResolveGlobalStatus.cpp:
(JSC::computeForStructure):
(JSC::ResolveGlobalStatus::computeFor):
- bytecode/ResolveGlobalStatus.h:
(JSC):
(ResolveGlobalStatus):
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGByteCodeParser.cpp:
(ByteCodeParser):
(JSC::DFG::ByteCodeParser::parseResolveOperations):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
- dfg/DFGDesiredIdentifiers.cpp: Added.
(DFG):
(JSC::DFG::DesiredIdentifiers::DesiredIdentifiers):
(JSC::DFG::DesiredIdentifiers::~DesiredIdentifiers):
(JSC::DFG::DesiredIdentifiers::addLazily):
(JSC::DFG::DesiredIdentifiers::reallyAdd):
- dfg/DFGDesiredIdentifiers.h: Added.
(DFG):
(DesiredIdentifiers):
(JSC::DFG::DesiredIdentifiers::numberOfIdentifiers):
(JSC::DFG::DesiredIdentifiers::at):
(JSC::DFG::DesiredIdentifiers::operator[]):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
(JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::Graph):
(JSC::DFG::Graph::dump):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
- dfg/DFGOperations.cpp:
- dfg/DFGOperations.h:
- dfg/DFGRepatch.cpp:
(JSC::DFG::tryBuildGetByIDList):
- dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::identifierUID):
(JSC::DFG::SpeculativeJIT::callOperation):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compile):
- parser/SourceCode.cpp: Added.
(JSC):
(JSC::SourceCode::toUTF8):
- parser/SourceCode.h:
(SourceCode):
- profiler/ProfilerBytecodes.cpp:
(JSC::Profiler::Bytecodes::toJS):
- profiler/ProfilerBytecodes.h:
(JSC::Profiler::Bytecodes::inferredName):
(JSC::Profiler::Bytecodes::sourceCode):
(Bytecodes):
- runtime/Identifier.h:
(JSC::Identifier::utf8):
(JSC):
- runtime/Structure.cpp:
(JSC::Structure::addPropertyTransitionToExistingStructureImpl):
(JSC::Structure::addPropertyTransitionToExistingStructure):
(JSC::Structure::addPropertyTransitionToExistingStructureConcurrently):
(JSC::Structure::getConcurrently):
(JSC::Structure::prototypeChainMayInterceptStoreTo):
(JSC):
- runtime/Structure.h:
(Structure):
- runtime/StructureInlines.h:
(JSC::Structure::getConcurrently):
Source/WTF:
Reviewed by Geoffrey Garen.
Make it possible to do more things directly to StringImpl*'s, including being
able to directly do utf8 conversion on a substring without creating the
substring first.
Add assertions to StringImpl that it isn't being ref/deref'd from the
compilation thread.
- wtf/PrintStream.cpp:
(WTF::printInternal):
(WTF):
- wtf/PrintStream.h:
(WTF):
(WTF::printInternal):
- wtf/StringPrintStream.h:
(WTF):
(WTF::toCString):
- wtf/text/StringImpl.cpp:
(WTF::StringImpl::utf8ForRange):
(WTF::StringImpl::utf8):
(WTF):
- wtf/text/StringImpl.h:
(StringImpl):
(WTF::StringImpl::hasAtLeastOneRef):
(WTF::StringImpl::ref):
(WTF::StringImpl::deref):
- 8:59 PM Changeset in webkit [153141] by
-
- 3 edits in trunk/Source/JavaScriptCore
fourthTier: Structure transition table keys don't have to ref their StringImpl's
https://bugs.webkit.org/show_bug.cgi?id=115525
Reviewed by Geoffrey Garen.
The structure transition table basically maps string to structure. The string is
always also stored, and ref'd, in the structure in Structure::m_nameInPrevious.
m_nameInPrevious is never mutated, and never cleared. The string cannot die unless
the structure dies. If the structure dies, then that entry in the transition map
becomes a zombie anyway and we will detect this separately.
So, we don't need to use RefPtr<StringImpl>. We can just use StringImpl*.
This also fixes a goof where we were getting the StringImpl's hash rather than
using a pointer hash. Not only is the latter faster, but it prevents my change
from leading to crashes: with my change we can have zombie keys, not just zombie
values. They will exist only until the next map mutation, which will clear them.
Lookups will work fine because the lookup routine will reject zombies. But it
does mean that the HashMap will have to deal with dangling StringImpl*'s; all it
takes to make this work is to ensure that the HashMap itself never dereferences
them. Using a pointer hash rather than StringImpl::existingHash() accomplishes
this.
This also ensures that we don't accidentally call ref() or deref() from the
compilation thread, if the compilation thread inspects the transition table.
And no, we wouldn't have been able to use the HashMap<RefPtr<...>, ...>
specialization, because the transition table is actually
HashMap<pair<RefPtr<StringImpl>, unsigned>, ...>: hence that specialization
doesn't kick in. We could have written a new specialization or something, but
that seemed like a lot of work given that we don't need the table to be ref'ing
the strings anyways.
- runtime/Structure.cpp:
(JSC::StructureTransitionTable::add):
- runtime/StructureTransitionTable.h:
(StructureTransitionTable):
(Hash):
(JSC::StructureTransitionTable::Hash::hash):
- 8:59 PM Changeset in webkit [153140] by
-
- 5 edits in trunk/Source/JavaScriptCore
fourthTier: Structure::addPropertyTransitionToExistingStructure should be thread-safe
https://bugs.webkit.org/show_bug.cgi?id=115468
Reviewed by Geoffrey Garen.
This makes the main thread modify the transition table while holding a lock. Note
that the GC might modify its weak pointers without locking, but the GC will lock out
the compilation thread anyway. The map will then only reshape in response to add()
and set(), which happen while holding a lock.
This allows the compilation thread to now query transition tables safely, provided it
holds a lock when doing so.
Also changed LLVM asm printer initialization to just initialize the X86 one. It makes
sense for us to just initialize the asm printer(s) that we actually use; you could
imagine us being linked to a system LLVM that has cross-compilation support; there is
no point in the WebKit or JSC process doing work to initialize all of those targets.
That part was rubber stamped by Mark Hahnenberg.
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFor):
- runtime/InitializeThreading.cpp:
(JSC::initializeThreadingOnce):
- runtime/Structure.cpp:
(JSC::Structure::addPropertyTransitionToExistingStructureImpl):
(JSC::Structure::addPropertyTransitionToExistingStructure):
(JSC):
(JSC::Structure::addPropertyTransitionToExistingStructureConcurrently):
(JSC::Structure::addPropertyTransition):
(JSC::Structure::nonPropertyTransition):
- runtime/Structure.h:
(Structure):
- 8:59 PM Changeset in webkit [153139] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: Structure::getConcurrently() may be called from for uncacheable dictionaries, and this is safe
https://bugs.webkit.org/show_bug.cgi?id=115464
Reviewed by Oliver Hunt and Geoffrey Garen.
This can happen for example transitively from JSObject::put(). getCurrently() does
work for uncacheable dictionaries; it just has the obvious race that right after it
returns, the result it returned may no longer be right. This isn't an issue if it was
called on the main thread, and may not be an issue in some other situations.
So, we should just remove the assertion, since the only thing it buys us is crashes.
- runtime/Structure.cpp:
(JSC::Structure::getConcurrently):
- 8:59 PM Changeset in webkit [153138] by
-
- 2 edits in trunk/Tools
fourthTier: Use hw.availcpu instead of hw.ncpu, and configure LLVM with --enable-zlib=no
Rubber stamped by Mark Rowe.
- Scripts/copy-webkitlibraries-to-product-directory:
- 8:59 PM Changeset in webkit [153137] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: Don't link gtest into JavaScriptCore
Rubber stamped by Mark Rowe.
- Configurations/JavaScriptCore.xcconfig:
- 8:59 PM Changeset in webkit [153136] by
-
- 3 edits in trunk/WebKitLibraries
fourthTier: Updated LLVM drops to include MCJIT fixes and newly exposed API.
Rubber stamped by Mark Hahnenberg.
- LLVMIncludesMountainLion.tar.bz2:
- LLVMLibrariesMountainLion.tar.bz2:
- 8:59 PM Changeset in webkit [153135] by
-
- 12 edits1 add in trunk/Source
fourthTier: String::utf8() should also be available as StringImpl::utf8() so that you don't have to ref() a StringImpl just to get its utf8()
https://bugs.webkit.org/show_bug.cgi?id=115393
Reviewed by Geoffrey Garen.
Source/JavaScriptCore:
- runtime/JSGlobalObjectFunctions.cpp:
(JSC::encode):
Source/WebCore:
No new tests because no new behavior.
- Modules/websockets/WebSocket.cpp:
(WebCore::WebSocket::close):
- Modules/websockets/WebSocketChannel.cpp:
(WebCore::WebSocketChannel::send):
- html/MediaFragmentURIParser.cpp:
(WebCore::MediaFragmentURIParser::parseFragments):
Source/WTF:
- WTF.xcodeproj/project.pbxproj:
- wtf/text/ConversionMode.h: Added.
(WTF):
- wtf/text/StringImpl.cpp:
(WTF):
(WTF::putUTF8Triple):
(WTF::StringImpl::utf8):
- wtf/text/StringImpl.h:
(StringImpl):
- wtf/text/WTFString.cpp:
(WTF):
(WTF::String::utf8):
- wtf/text/WTFString.h:
(String):
- 8:59 PM Changeset in webkit [153134] by
-
- 16 edits4 copies in trunk/Source
fourthTier: ASSERT that commonly used not-thread-safe methods in the runtime are not being called during compilation
https://bugs.webkit.org/show_bug.cgi?id=115297
Source/JavaScriptCore:
Reviewed by Geoffrey Garen.
Put in assertions that we're not doing bad things in compilation threads. Also
factored compilation into compile+link so that even though we don't yet have
concurrent compilation, we can be explicit about which parts of DFG work are
meant to be concurrent, and which aren't.
Also fix a handful of bugs found by these assertions.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/ResolveGlobalStatus.cpp:
(JSC::computeForStructure):
- bytecode/Watchpoint.cpp:
(JSC::WatchpointSet::add):
(JSC::InlineWatchpointSet::inflateSlow):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::~JITCompiler):
(DFG):
(JSC::DFG::JITCompiler::compileBody):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compileFunction):
(JSC::DFG::JITCompiler::linkFunction):
- dfg/DFGJITCompiler.h:
(JITCompiler):
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- ftl/FTLCompile.h:
(FTL):
- ftl/FTLLink.cpp: Added.
(FTL):
(JSC::FTL::compileEntry):
(JSC::FTL::link):
- ftl/FTLLink.h: Added.
(FTL):
- ftl/FTLState.cpp:
(JSC::FTL::State::State):
- ftl/FTLState.h:
(FTL):
(State):
- runtime/Structure.cpp:
(JSC::Structure::get):
(JSC::Structure::prototypeChainMayInterceptStoreTo):
- runtime/Structure.h:
(JSC::Structure::materializePropertyMapIfNecessary):
- runtime/StructureInlines.h:
(JSC::Structure::get):
Source/WTF:
Reviewed by Geoffrey Garen.
Taught WTF the notion of compilation threads. This allows all parts of our stack
to assert that we're not being called from a JSC compilation thread. This is in
WTF because it will probably end up being used in StringImpl and WTFString.
- WTF.xcodeproj/project.pbxproj:
- wtf/CompilationThread.cpp: Added.
(WTF):
(WTF::initializeCompilationThreadsOnce):
(WTF::initializeCompilationThreads):
(WTF::isCompilationThread):
(WTF::exchangeIsCompilationThread):
- wtf/CompilationThread.h: Added.
(WTF):
(CompilationScope):
(WTF::CompilationScope::CompilationScope):
(WTF::CompilationScope::~CompilationScope):
(WTF::CompilationScope::leaveEarly):
- 8:59 PM Changeset in webkit [153133] by
-
- 8 edits in trunk/Source/JavaScriptCore
fourthTier: FTL should support double variables
https://bugs.webkit.org/show_bug.cgi?id=113624
Reviewed by Geoffrey Garen.
Made all of the operations that the FTL already supports, also support doubles.
OSR exit already basically had everything it needed, so no changes there. This
mostly just glues together bits of DFG IR to LLVM IR, in a straight-forward way.
- ftl/FTLAbbreviations.h:
(FTL):
(JSC::FTL::doubleType):
(JSC::FTL::constReal):
(JSC::FTL::buildPhi):
(JSC::FTL::addIncoming):
(JSC::FTL::buildFAdd):
(JSC::FTL::buildFSub):
(JSC::FTL::buildFMul):
(JSC::FTL::buildFNeg):
(JSC::FTL::buildSIToFP):
(JSC::FTL::buildUIToFP):
(JSC::FTL::buildBitCast):
(JSC::FTL::buildFCmp):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLCommonValues.cpp:
(JSC::FTL::CommonValues::CommonValues):
- ftl/FTLCommonValues.h:
(CommonValues):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::lower):
(JSC::FTL::LowerDFGToLLVM::compileGetLocal):
(JSC::FTL::LowerDFGToLLVM::compileSetLocal):
(JSC::FTL::LowerDFGToLLVM::compileAdd):
(JSC::FTL::LowerDFGToLLVM::compileArithSub):
(JSC::FTL::LowerDFGToLLVM::compileArithMul):
(JSC::FTL::LowerDFGToLLVM::compileArithNegate):
(JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):
(JSC::FTL::LowerDFGToLLVM::compileGetByVal):
(JSC::FTL::LowerDFGToLLVM::compileCompareEq):
(JSC::FTL::LowerDFGToLLVM::compileCompareLess):
(JSC::FTL::LowerDFGToLLVM::lowDouble):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::lowJSValue):
(JSC::FTL::LowerDFGToLLVM::isCellOrMisc):
(JSC::FTL::LowerDFGToLLVM::unboxDouble):
(JSC::FTL::LowerDFGToLLVM::boxDouble):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::speculateNumber):
(JSC::FTL::LowerDFGToLLVM::speculateRealNumber):
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
- ftl/FTLOutput.h:
(JSC::FTL::Output::constDouble):
(Output):
(JSC::FTL::Output::phi):
(JSC::FTL::Output::doubleAdd):
(JSC::FTL::Output::doubleSub):
(JSC::FTL::Output::doubleMul):
(JSC::FTL::Output::doubleNeg):
(JSC::FTL::Output::intToFP):
(JSC::FTL::Output::intToDouble):
(JSC::FTL::Output::unsignedToFP):
(JSC::FTL::Output::unsignedToDouble):
(JSC::FTL::Output::bitCast):
(JSC::FTL::Output::loadDouble):
(JSC::FTL::Output::storeDouble):
(JSC::FTL::Output::doubleEqual):
(JSC::FTL::Output::doubleNotEqualOrUnordered):
(JSC::FTL::Output::doubleLessThan):
(JSC::FTL::Output::doubleLessThanOrEqual):
(JSC::FTL::Output::doubleGreaterThan):
(JSC::FTL::Output::doubleGreaterThanOrEqual):
(JSC::FTL::Output::doubleEqualOrUnordered):
(JSC::FTL::Output::doubleNotEqual):
(JSC::FTL::Output::doubleLessThanOrUnordered):
(JSC::FTL::Output::doubleLessThanOrEqualOrUnordered):
(JSC::FTL::Output::doubleGreaterThanOrUnordered):
(JSC::FTL::Output::doubleGreaterThanOrEqualOrUnordered):
(JSC::FTL::Output::testIsZero64):
- 8:59 PM Changeset in webkit [153132] by
-
- 9 edits in trunk/Source/JavaScriptCore
fourthTier: SymbolTable should be thread-safe
https://bugs.webkit.org/show_bug.cgi?id=115301
Reviewed by Geoffrey Garen.
Makes SymbolTable thread-safe. Relies on SymbolTableEntry already being immutable,
other than the WatchpointSet; but the WatchpointSet already has a righteous
concurrency protocol. So, this patch just protects the SymbolTable's HashMap.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::nameForRegister):
- bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::addVar):
- runtime/Executable.cpp:
(JSC::ProgramExecutable::addGlobalVar):
- runtime/JSActivation.cpp:
(JSC::JSActivation::getOwnNonIndexPropertyNames):
(JSC::JSActivation::symbolTablePutWithAttributes):
- runtime/JSSymbolTableObject.cpp:
(JSC::JSSymbolTableObject::getOwnNonIndexPropertyNames):
- runtime/JSSymbolTableObject.h:
(JSC::symbolTableGet):
(JSC::symbolTablePut):
(JSC::symbolTablePutWithAttributes):
- runtime/SymbolTable.cpp:
(JSC::SymbolTable::SymbolTable):
(JSC::SymbolTable::~SymbolTable):
- runtime/SymbolTable.h:
(JSC::SymbolTable::find):
(JSC::SymbolTable::get):
(JSC::SymbolTable::inlineGet):
(JSC::SymbolTable::begin):
(JSC::SymbolTable::end):
(JSC::SymbolTable::size):
(JSC::SymbolTable::add):
(JSC::SymbolTable::set):
(JSC::SymbolTable::contains):
- 8:59 PM Changeset in webkit [153131] by
-
- 5 edits in trunk/Source/JavaScriptCore
fourthTier: WatchpointSet should make racy uses easier to reason about
https://bugs.webkit.org/show_bug.cgi?id=115299
Reviewed by Anders Carlsson.
The compiler often does things like:
1c) Observe something that would imply that a WatchpointSet ought to be invalid
2c) Check that it is invalid
The main thread often does things like:
1m) Fire the watchpoint set
2m) Do some other thing that would cause the compiler to assume that the WatchpointSet
ought to be invalid
An example is structure transitions, where (1c) is the compiler noticing that a
put_by_id inline cache is in a transition state, with the source structure being S;
(2c) is the compiler asserting that S's watchpoint set is invalid; (1m) is the main
thread firing S's watchpoint set before it does the first transition away from S; and
(2m) is the main thread caching the put_by_id transition away from S.
This is totally fine, except that (1c) and (2c), and (1m) and (2m) could be reordered.
Probably, in most cases, this ought to do enough things that the main thread probably
already has some fencing. But the compiler thread definitely doesn't have fencing. In
any case, we should play it safe and just have additional fencing in all of the
relevant places.
We already have some idioms to put load-load and store-store fences in the right
places. But this change just makes WatchpointSet take care of this for us, thus
reducing the chances of us getting this wrong.
- bytecode/Watchpoint.cpp:
(JSC::WatchpointSet::notifyWriteSlow):
- bytecode/Watchpoint.h:
(WatchpointSet):
(JSC::WatchpointSet::isStillValid):
(JSC::WatchpointSet::hasBeenInvalidated):
(JSC::InlineWatchpointSet::hasBeenInvalidated):
(JSC::InlineWatchpointSet::notifyWrite):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGDesiredWatchpoints.h:
(JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState):
- 8:59 PM Changeset in webkit [153130] by
-
- 16 edits in trunk/Source/JavaScriptCore
fourthTier: CFA should defend against results seeming inconsistent due to a watchpoint firing during compilation
https://bugs.webkit.org/show_bug.cgi?id=115083
Reviewed by Geoffrey Garen.
This ruggedizes our racyness with respect to watchpoints. We want to be able to assert,
in some places, that a watchpoint-based optimization has only occurred if the
watchpoint set was still valid. But currently we *can* soundly do watchpoint-based
optimizations even for invalid watchpoints, so long as we recorded in the IR that we
had done so; this will then lead to the code being insta-jettisoned after compilation
completes. Obviously, we don't want this to happen often - but we do want to allow it
precisely in the case of watchpoint races.
This adds the ability to assert that we hadn't over-watchpointed ourselves, with and
exemption for races.
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::executeEffects):
- dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::setFuturePossibleStructure):
(JSC::DFG::AbstractValue::filterFuturePossibleStructure):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::addStructureTransitionCheck):
(JSC::DFG::ByteCodeParser::parseResolveOperations):
(JSC::DFG::ByteCodeParser::parseBlock):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::addStructureTransitionCheck):
- dfg/DFGDesiredWatchpoints.h:
(GenericDesiredWatchpoints):
(JSC::DFG::GenericDesiredWatchpoints::isStillValid):
(JSC::DFG::GenericDesiredWatchpoints::shouldAssumeMixedState):
(JSC::DFG::GenericDesiredWatchpoints::isValidOrMixed):
(JSC::DFG::DesiredWatchpoints::isStillValid):
(JSC::DFG::DesiredWatchpoints::shouldAssumeMixedState):
(JSC::DFG::DesiredWatchpoints::isValidOrMixed):
(DesiredWatchpoints):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::canOptimizeStringObjectAccess):
- dfg/DFGGraph.h:
(JSC::DFG::Graph::masqueradesAsUndefinedWatchpointIsStillValid):
(Graph):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
- dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addLazily):
(JITCompiler):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::masqueradesAsUndefinedWatchpointIsStillValid):
(JSC::DFG::SpeculativeJIT::speculationWatchpointForMasqueradesAsUndefined):
(JSC::DFG::SpeculativeJIT::speculateStringObjectForStructure):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- ftl/FTLState.h:
(State):
- 8:58 PM Changeset in webkit [153129] by
-
- 5 edits1 add in trunk/Source/JavaScriptCore
fourthTier: AbstractValue methods that deal with watchpoints should have access to Graph, so that in debug mode, Graph can track the history of watchpoint states and detect races
https://bugs.webkit.org/show_bug.cgi?id=115084
Reviewed by Geoffrey Garen.
The idea is that as part of https://bugs.webkit.org/show_bug.cgi?id=115083, I'll have
Graph record the initial state of a watchpoint at the time that we decide to take
advantage of it; then I will use this to disable any watchpoint-related assertions
in debug mode. Note that this "watchpoint cache" will only be maintained in debug
mode, so there will be no release performance implications. But to do this, I need to
ensure that all of the places that reason about watchpoints have access to Graph.
For example, I'll want AbstractValue::setFuturePossibleStructure to record the state
of the watchpoint in Graph so that subsequent assertions can check if the watchpoint's
state had changed since that decision was made.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::initialize):
(JSC::DFG::AbstractState::executeEffects):
(JSC::DFG::AbstractState::mergeStateAtTail):
- dfg/DFGAbstractState.h:
(JSC::DFG::AbstractState::trySetConstant):
- dfg/DFGAbstractValue.cpp: Added.
(DFG):
(JSC::DFG::AbstractValue::setMostSpecific):
(JSC::DFG::AbstractValue::set):
(JSC::DFG::AbstractValue::filter):
(JSC::DFG::AbstractValue::setFuturePossibleStructure):
(JSC::DFG::AbstractValue::filterFuturePossibleStructure):
(JSC::DFG::AbstractValue::dump):
- dfg/DFGAbstractValue.h:
(DFG):
(AbstractValue):
(JSC::DFG::AbstractValue::setType):
(JSC::DFG::AbstractValue::filterByValue):
- 8:58 PM Changeset in webkit [153128] by
-
- 7 edits in trunk/Source/JavaScriptCore
fourthTier: Create an equivalent of Structure::get() that can work from a compilation thread
https://bugs.webkit.org/show_bug.cgi?id=114987
Reviewed by Geoffrey Garen.
This completes the work started by r148570. That patch made it possible to do
Structure::get() without modifying Structure. This patch takes this further, and
makes this thread-safe (for non-uncacheable-dictionaries) via
Structure::getConcurrently(). This method not only doesn't modify Structure, but
also ensures that any concurrent attempts to add to, remove from, or steal the
table from that structure doesn't mess up the result of the call. The call may
return invalidOffset even if a property is *just* about to be added, but it will
never do the reverse: if it returns a property then you can be sure that the
structure really does have that property and always will have it.
- bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFromLLInt):
(JSC::GetByIdStatus::computeForChain):
(JSC::GetByIdStatus::computeFor):
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFromLLInt):
(JSC::PutByIdStatus::computeFor):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::isStringPrototypeMethodSane):
- runtime/PropertyMapHashTable.h:
(PropertyTable):
(JSC::PropertyTable::findConcurrently):
(JSC):
(JSC::PropertyTable::add):
(JSC::PropertyTable::remove):
(JSC::PropertyTable::reinsert):
(JSC::PropertyTable::rehash):
- runtime/PropertyTable.cpp:
(JSC::PropertyTable::PropertyTable):
- runtime/Structure.cpp:
(JSC::Structure::findStructuresAndMapForMaterialization):
(JSC::Structure::getConcurrently):
- runtime/Structure.h:
(Structure):
- runtime/StructureInlines.h:
(JSC::Structure::getConcurrently):
- 8:58 PM Changeset in webkit [153127] by
-
- 2 edits in trunk/Tools
fourthTier: tandem WebKit and LLVM builds should ./configure LLVM if needed
https://bugs.webkit.org/show_bug.cgi?id=114933
Reviewed by Andy Estes.
This makes it easy to get set up for tandem LLVM builds.
- Scripts/copy-webkitlibraries-to-product-directory:
- 8:58 PM Changeset in webkit [153126] by
-
- 4 edits1 add in trunk
fourthTier: WebKit's build system should relink JavaScriptCore if LLVM's libraries changed but its headers didn't
https://bugs.webkit.org/show_bug.cgi?id=114926
Source/JavaScriptCore:
Reviewed by Geoffrey Garen.
Use a phony file that includes a phony header to force JavaScriptCore to be relinked
if necessary. The external LLVM-importing scripts will touch the header if the libraries
are known to have changed.
- JavaScriptCore.xcodeproj/project.pbxproj:
- ftl/WebKitLLVMLibraryAnchor.cpp: Added.
Tools:
Reviewed by Geoffrey Garen.
If the LLVM libraries change, then touch a phony header, which will force relink
of JavaScriptCore.
- Scripts/copy-webkitlibraries-to-product-directory:
(unpackIfNecessary):
- 8:58 PM Changeset in webkit [153125] by
-
- 3 edits in trunk/Tools
fourthTier: developing LLVM in tandem with WebKit should be fun and easy
https://bugs.webkit.org/show_bug.cgi?id=114925
Reviewed by Geoffrey Garen.
This enables building LLVM along with WebKit, so that build-jsc and build-webkit
will also optionally build LLVM and quickly symlink LLVM's built products into
the right places.
Most WebKit and JSC hackers will want to rely on the checked-in already-built
versions of LLVM in WebKitLibraries. But developing both systems in tandem is an
increasingly common use-case for me, and it may become a common use case for a
handful of others. Currently, this is really painful: you first have to build
LLVM, then you have to export-llvm-build (which takes a while), and then you
have to make sure that your LLVM_LIBRARY_PACKAGE and LLVM_INCLUDE_PACKAGE
variables are set to point to the thing you exported. The whole process loses
track of dependencies very quickly: making a tiny change in LLVM requires
packaging, and then unpackaging, a large number of potentially large headers and
static libraries. Not only is this slow but it then causes the WebKit build
system to rebuild anything that transitively includes any LLVM header, which is
now quite a few files. While this sort of use pattern is still worthwhile if
you're trying to package a binary drop and test it, it's not great if you're
just trying to do experimental development that involves making small changes
in both trees.
This change fixes this use case while keeping the old use cases intact. You can
do tandem development using one of two modes:
Your own LLVM directory: just set LLVM_SOURCE_PATH to the *absolute* path of
the LLVM directory you're using. Once this is done, any invocation of a WebKit
build via build-jsc or build-webkit will also build LLVM, and then quickly
symlink things into place without perturbing dependency tracking.
Internal LLVM directory: if you check out llvm into a directory called 'llvm'
right off of the WebKit source tree, then the build system will automatically
use this.
Here's how this takes care of dependencies:
Headers: the include/llvm and include/llvm-c directories are symlinked into
$productsDir/usr/local/include. And then everything just works.
Libraries: the build system detects, by reading LLVM's Makefile.config, which
mode LLVM is built in (like Release+Asserts or Debug+Asserts) and symlinks
the .a files into $productsDir/<thingy>. It will ranlib those libraries only
if they have changed, by checking both the modification time and also whether
the last time we had a symlink, that symlink was from the same directory.
This helps if you switch to an *older* LLVM build (using LLVM_SOURCE_PATH)
but that build wasn't yet ranlib'd.
One problem that this does not yet solve is that xcodebuild will not relink
JavaScriptCore if the only thing that changed was the libraries. I will work
on this problem separately: https://bugs.webkit.org/show_bug.cgi?id=114926.
- Scripts/copy-webkitlibraries-to-product-directory:
(unpackIfNecessary):
(fileContains):
(fileContentsEquals):
- 8:58 PM Changeset in webkit [153124] by
-
- 16 edits1 copy1 add in trunk/Source
fourthTier: It should be possible to query WatchpointSets, and add Watchpoints, even if the compiler is running in another thread
https://bugs.webkit.org/show_bug.cgi?id=114909
Source/JavaScriptCore:
Reviewed by Oliver Hunt.
The idea here is that a concurrent compiler will use watchpoint sets as follows:
During concurrent compilation: It will create Watchpoints, and query WatchpointSets only
for the purpose of profiling. That is, it will use decide whether it is profitable to
compile the code "as if" the watchpoint sets are valid.
During synchronous linking: By "linking" I don't necessarily mean the LinkBuffer stuff,
but just the very bitter end of compilation where we make the JIT code callable. This
can happen after LinkBuffer stuff. Anyway, this will have to happen synchronously, and
at that point we can (a) check that all WatchpointSets that we assumed were valid are
still valid and (b) if they are then we add the watchpoints to those sets. If any of the
sets are invalid, we give up on this compilation and try again later.
The querying of WatchpointSets is engineered to say that the set is still valid if it
is so *right now*, but this is done in a racy way and so it may say so spuriously: we
may, with hopefully low probability, have a set that says it is valid even though it was
just invalidated. The goal is only to ensure that (i) a set never claims to be invalid
if it is actually valid, (ii) a set doesn't claim to be valid if it was invalidated
before compilation even began, and (iii) querying the validity of a set doesn't cause us
to crash.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/Watchpoint.cpp:
(JSC::InlineWatchpointSet::inflateSlow):
- bytecode/Watchpoint.h:
(WatchpointSet):
(InlineWatchpointSet):
(JSC::InlineWatchpointSet::hasBeenInvalidated):
(JSC::InlineWatchpointSet::isThin):
(JSC::InlineWatchpointSet::isFat):
(JSC::InlineWatchpointSet::fat):
- dfg/DFGDesiredWatchpoints.cpp: Added.
(DFG):
(JSC::DFG::DesiredWatchpoints::DesiredWatchpoints):
(JSC::DFG::DesiredWatchpoints::~DesiredWatchpoints):
(JSC::DFG::DesiredWatchpoints::addLazily):
(JSC::DFG::DesiredWatchpoints::reallyAdd):
(JSC::DFG::DesiredWatchpoints::areStillValid):
- dfg/DFGDesiredWatchpoints.h: Added.
(DFG):
(JSC::DFG::WatchpointForGenericWatchpointSet::WatchpointForGenericWatchpointSet):
(WatchpointForGenericWatchpointSet):
(GenericDesiredWatchpoints):
(JSC::DFG::GenericDesiredWatchpoints::GenericDesiredWatchpoints):
(JSC::DFG::GenericDesiredWatchpoints::addLazily):
(JSC::DFG::GenericDesiredWatchpoints::reallyAdd):
(JSC::DFG::GenericDesiredWatchpoints::areStillValid):
(DesiredWatchpoints):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
- dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addLazily):
(JITCompiler):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectEquality):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNull):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNull):
(JSC::DFG::SpeculativeJIT::compileObjectEquality):
(JSC::DFG::SpeculativeJIT::compileObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compilePeepHoleObjectToObjectOrOtherEquality):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compile):
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- ftl/FTLCompile.h:
(FTL):
- ftl/FTLState.h:
(State):
- runtime/JSFunction.h:
(JSFunction):
(JSC::JSFunction::allocationProfileWatchpointSet):
- runtime/Structure.h:
(Structure):
(JSC::Structure::transitionWatchpointSet):
Source/WTF:
Reviewed by Oliver Hunt.
Harden our notions of memory fences, now that we're doing racy algorithms.
- wtf/Atomics.h:
(WTF):
(WTF::compilerFence):
(WTF::armV7_dmb):
(WTF::armV7_dmb_st):
(WTF::loadLoadFence):
(WTF::loadStoreFence):
(WTF::storeLoadFence):
(WTF::storeStoreFence):
(WTF::memoryBarrierAfterLock):
(WTF::memoryBarrierBeforeUnlock):
(WTF::x86_mfence):
Conflicts:
Source/WTF/wtf/Atomics.h
- 8:58 PM Changeset in webkit [153123] by
-
- 31 edits2 copies in trunk/Source
fourthTier: value profiles and array profiles should be thread-safe enough to be accessible in a concurrent compilation thread
https://bugs.webkit.org/show_bug.cgi?id=114906
Source/JavaScriptCore:
Reviewed by Oliver Hunt.
This introduces thread safety to value profiles, array profiles, and
array allocation profiles.
We already have three separate operations that happen on profiles:
(1) writing, which the JIT, LLInt, and OSR exit do; (2) updating,
which happens during GC, from OSR entry slow-paths, and in the DFG;
and (3) reading, which happens in the DFG. For example, the JIT/LLInt
and OSR exit write to ValueProfile::m_buckets, which gets synthesized
into ValueProfile::m_prediction (and other fields) during update, and
the latter gets read by the DFG. Note that (2) must also happen in
the DFG since only the DFG knows which code blocks it will inline,
and those blocks' profiles may not have otherwise been updated via
any other mechanism.
I refer to these three operations as writing, updating, and reading.
Consequently, both profile updating and profile reading may happen
asynchronously, if the JIT is asynchronous.
The locking protocol for profiles works as follows:
- Writing does not require locking, but is only allowed on the main thread. We require that these fields can be stored atomically by the profiling code, even without locks. For value profiles, this only works on 64-bit platforms, currently. For array profiles, which consist of multiple separate fields, this means that an asynchronous update of the profile may see slight inconsistencies (like a structure that doesn't quite match the array modes bits), but these should be harmless: at worst, the DFG will specialize too much and we'll have OSR exits.
- Updating a value profile requires holding a lock, but must assume that the fields written by the profiling code in JIT/LLInt may be written to without locking.
- Reading a value profile requires holding a lock.
The one major exception to these rules is the ArrayAllocationProfile,
which requires no locking. We do this because it's used so often and
in places where we don't necessarily have access to the owning
CodeBlock, so if we did want it to be locked it would have to have
its own lock. Also, I believe that it is sound to just make this
profile racy and not worry about locking at all. All that was needed
were some changes to ensure that we explicitly read some raced-over
fields only once.
Two additional interesting things in this change:
- To make it easy to see which profile methods require locking, they take a const CodeBlockLocker& as an argument. I saw this idiom for identifying which methods require which locks to be held being used in LLVM, and I quite like it.
- Lazy operand value profiles, which are created lazily and at any time, require the CodeBlockLock to be held when they are being created. Writes to them are lockless and main-thread-only, but as with other profiles, updates and reads require locking.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/ArrayAllocationProfile.cpp:
(JSC::ArrayAllocationProfile::updateIndexingType):
- bytecode/ArrayAllocationProfile.h:
(JSC::ArrayAllocationProfile::selectIndexingType):
- bytecode/ArrayProfile.cpp:
(JSC::ArrayProfile::computeUpdatedPrediction):
(JSC::ArrayProfile::briefDescription):
- bytecode/ArrayProfile.h:
(ArrayProfile):
(JSC::ArrayProfile::expectedStructure):
(JSC::ArrayProfile::structureIsPolymorphic):
(JSC::ArrayProfile::hasDefiniteStructure):
(JSC::ArrayProfile::observedArrayModes):
(JSC::ArrayProfile::mayInterceptIndexedAccesses):
(JSC::ArrayProfile::mayStoreToHole):
(JSC::ArrayProfile::outOfBounds):
(JSC::ArrayProfile::usesOriginalArrayStructures):
- bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::computeFor):
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpValueProfiling):
(JSC::CodeBlock::dumpArrayProfiling):
(JSC::CodeBlock::updateAllPredictionsAndCountLiveness):
(JSC::CodeBlock::updateAllArrayPredictions):
- bytecode/CodeBlock.h:
(JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
(JSC::CodeBlock::updateAllPredictionsAndCheckIfShouldOptimizeNow):
(CodeBlock):
- bytecode/CodeBlockLock.h: Added.
(JSC):
- bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFor):
- bytecode/LazyOperandValueProfile.cpp:
(JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
(JSC::CompressedLazyOperandValueProfileHolder::add):
(JSC::LazyOperandValueProfileParser::LazyOperandValueProfileParser):
(JSC::LazyOperandValueProfileParser::~LazyOperandValueProfileParser):
(JSC):
(JSC::LazyOperandValueProfileParser::initialize):
(JSC::LazyOperandValueProfileParser::prediction):
- bytecode/LazyOperandValueProfile.h:
(CompressedLazyOperandValueProfileHolder):
(LazyOperandValueProfileParser):
- bytecode/MethodOfGettingAValueProfile.cpp:
(JSC::MethodOfGettingAValueProfile::getSpecFailBucket):
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFor):
- bytecode/ResolveGlobalStatus.cpp:
(JSC::ResolveGlobalStatus::computeFor):
- bytecode/ValueProfile.h:
(JSC::ValueProfileBase::briefDescription):
(ValueProfileBase):
(JSC::ValueProfileBase::computeUpdatedPrediction):
- dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::fromObserved):
- dfg/DFGArrayMode.h:
(ArrayMode):
(JSC::DFG::ArrayMode::withProfile):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::injectLazyOperandSpeculation):
(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
(JSC::DFG::ByteCodeParser::getArrayMode):
(JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
(JSC::DFG::ByteCodeParser::parseResolveOperations):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
- dfg/DFGOSRExitPreparation.cpp:
(JSC::DFG::prepareCodeOriginForOSRExit):
- dfg/DFGPredictionInjectionPhase.cpp:
(JSC::DFG::PredictionInjectionPhase::run):
- jit/JITInlines.h:
(JSC::JIT::chooseArrayMode):
- jit/JITStubs.cpp:
(JSC::tryCachePutByID):
(JSC::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::lazyLinkFor):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::setUpCall):
- profiler/ProfilerBytecodeSequence.cpp:
(JSC::Profiler::BytecodeSequence::BytecodeSequence):
- runtime/JSScope.cpp:
(JSC::JSScope::resolveContainingScopeInternal):
(JSC::JSScope::resolvePut):
Source/WTF:
Reviewed by Oliver Hunt.
Add ability to abstract whether or not the CodeBlock requires locking at all,
since some platforms may not support the byte spin-locking and/or may not want
to, if they turn off concurrent JIT.
- WTF.xcodeproj/project.pbxproj:
- wtf/ByteSpinLock.h:
- wtf/NoLock.h: Added.
(WTF):
(NoLock):
(WTF::NoLock::lock):
(WTF::NoLock::unlock):
(WTF::NoLock::isHeld):
- wtf/Platform.h:
- 8:58 PM Changeset in webkit [153122] by
-
- 16 edits1 copy in trunk/Source
fourthTier: all inline caches should thread-safe enough to allow a concurrent compilation thread to read them safely
https://bugs.webkit.org/show_bug.cgi?id=114762
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
For most inline caches this is easy: the inline cache has a clean temporal
separation between doing the requested action (which may take an unbounded
amount of time, may recurse, and may do arbitrary things) and recording the
relevant information in the cache. So, we just put locks around the
recording bit. That part is always O(1) and does not recurse. The lock we
use is per-CodeBlock to achieve a good balance between locking granularity
and low space overhead. So a concurrent compilation thread will only block
if an inline cache ping-pongs in the code block being compiled (or inlined)
and never when other inline caches do things.
For resolve operations, it's a bit tricky. The global resolve bit works
like any other IC in that it has the clean temporal separation. But the
operations vector itself doesn't have this separation, since we will be
filling it in tandem with actions that may take a long time. This patch
gets around this by having a m_ready bit in the ResolveOperations and
PutToBaseOperation. This is set while holding the CodeBlock's lock. If the
DFG observes the m_ready bit not set (while holding the lock) then it
conservatively assumes that the resolve hasn't happened yet and just
plants a ForceOSRExit.
- bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::computeFor):
- bytecode/CodeBlock.h:
(CodeBlock):
- bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFor):
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFor):
- bytecode/ResolveGlobalStatus.cpp:
(JSC::ResolveGlobalStatus::computeFor):
- bytecode/ResolveOperation.h:
(JSC::ResolveOperations::ResolveOperations):
(ResolveOperations):
(JSC::PutToBaseOperation::PutToBaseOperation):
- dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseResolveOperations):
(JSC::DFG::ByteCodeParser::parseBlock):
- jit/JITStubs.cpp:
(JSC::tryCachePutByID):
(JSC::tryCacheGetByID):
(JSC::DEFINE_STUB_FUNCTION):
(JSC::lazyLinkFor):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::setUpCall):
- runtime/JSScope.cpp:
(JSC::JSScope::resolveContainingScopeInternal):
(JSC::JSScope::resolveContainingScope):
(JSC::JSScope::resolvePut):
Source/WTF:
Reviewed by Mark Hahnenberg.
Implemented a new spinlock that is optimized for compactness, by using just a byte.
This will be useful as we start using fine-grained locking on a bunch of places.
At some point I'll make these byte-sized spinlocks into adaptive mutexes, but for
now I think it's fine to do the evil thing and use spinning particularly since we
only use them for short critical sections.
- WTF.xcodeproj/project.pbxproj:
- wtf/Atomics.h:
(WTF):
(WTF::weakCompareAndSwap):
- wtf/ByteSpinLock.h: Added.
(WTF):
(ByteSpinLock):
(WTF::ByteSpinLock::ByteSpinLock):
(WTF::ByteSpinLock::lock):
(WTF::ByteSpinLock::unlock):
(WTF::ByteSpinLock::isHeld):
- wtf/ThreadingPrimitives.h:
(WTF::pauseBriefly):
(WTF):
- 8:58 PM Changeset in webkit [153121] by
-
- 51 edits32 copies25 adds in trunk
fourthTier: Landing the initial FTL logic in a single commit to avoid spurious
broken builds.
- 8:58 PM Changeset in webkit [153120] by
-
- 6 edits in trunk/Source/JavaScriptCore
fourthTier: DFG should be able to query Structure without modifying it
https://bugs.webkit.org/show_bug.cgi?id=114708
Reviewed by Oliver Hunt.
This is work towards allowing the DFG, and FTL, to run on a separate thread.
The idea is that the most evil thing that the DFG does that has thread-safety
issues is fiddling with Structures by calling Structure::get(). This can lead
to rematerialization of property tables, which is definitely not thread-safe
due to how StringImpl works. So, this patch completely side-steps the problem
by creating a new version of Structure::get, called
Structure::getWithoutMaterializing, which may choose to do an O(n) search if
necessary to avoid materialization. I believe this should be fine - the DFG
does't call into these code path often enough for this to matter, and most of
the time, the Structure that we call this on will already have a property
table because some inline cache would have already called ::get() on that
Structure.
Also cleaned up the materialization logic: we can stop the search as soon as
we find any Structure with a property table rather than searching all the way
for a pinned one.
- bytecode/GetByIdStatus.cpp:
(JSC::GetByIdStatus::computeFor):
- bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeFromLLInt):
(JSC::PutByIdStatus::computeFor):
- runtime/Structure.cpp:
(JSC::Structure::findStructuresAndMapForMaterialization):
(JSC::Structure::materializePropertyMap):
(JSC::Structure::getWithoutMaterializing):
(JSC):
- runtime/Structure.h:
(Structure):
- runtime/StructureInlines.h:
(JSC::Structure::getWithoutMaterializing):
(JSC):
- 8:58 PM Changeset in webkit [153119] by
-
- 9 edits1 copy1 add in trunk/Source/JavaScriptCore
fourthTier: DFG should provide utilities for common OSR exit tasks
https://bugs.webkit.org/show_bug.cgi?id=114306
Reviewed by Mark Hahnenberg.
Just abstract out some things that the FTL will want to use as well.
- CMakeLists.txt:
- GNUmakefile.list.am:
- JavaScriptCore.xcodeproj/project.pbxproj:
- Target.pri:
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
- dfg/DFGOSRExitCompiler.cpp:
- dfg/DFGOSRExitCompiler.h:
(OSRExitCompiler):
- dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
- dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
- dfg/DFGOSRExitCompilerCommon.cpp: Added.
(DFG):
(JSC::DFG::handleExitCounts):
(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::adjustAndJumpToTarget):
- dfg/DFGOSRExitCompilerCommon.h: Added.
(DFG):
- 8:58 PM Changeset in webkit [153118] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: DFG should better abstract floating point arguments
https://bugs.webkit.org/show_bug.cgi?id=114300
Reviewed by Mark Hahnenberg.
- dfg/DFGFPRInfo.h:
(FPRInfo):
(JSC::DFG::FPRInfo::toArgumentRegister):
- 8:58 PM Changeset in webkit [153117] by
-
- 2 edits in trunk/Source/JavaScriptCore
fourthTier: DFG should better abstract arguments
https://bugs.webkit.org/show_bug.cgi?id=114073
Reviewed by Mark Hahnenberg.
- dfg/DFGGPRInfo.h:
(GPRInfo):
(JSC::DFG::GPRInfo::toArgumentRegister):
- 8:58 PM Changeset in webkit [153116] by
-
- 22 edits2 copies2 adds in trunk/Source/JavaScriptCore
fourthTier: put DFG data into a DFG::JITCode, and put common DFG and FTL data into something accessible from both DFG::JITCode and FTL::JITCode
https://bugs.webkit.org/show_bug.cgi?id=113905
Reviewed by Geoffrey Garen.
This removes one pointer from CodeBlock.
It also gives us a framework for having JITType-specific data in CodeBlock, by
putting it into the appropriate JITCode class (either DFG::JITCode or
FTL::JITCode). And it allows us to have DFG and FTL share some common data,
via DFG::CommonData, which is stored in both DFG::JITCode and FTL::JITCode and
always accessible via JITCode::dfgCommon().
- CMakeLists.txt:
- GNUmakefile.list.am:
- JavaScriptCore.xcodeproj/project.pbxproj:
- Target.pri:
- bytecode/CodeBlock.cpp:
(JSC):
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::performTracingFixpointIteration):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::stronglyVisitWeakReferences):
(JSC::CodeBlock::shrinkToFit):
(JSC::CodeBlock::tallyFrequentExitSites):
- bytecode/CodeBlock.h:
(CodeBlock):
(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::shouldImmediatelyAssumeLivenessDuringScan):
(JSC::DFGCodeBlocks::mark):
- dfg/DFGAssemblyHelpers.h:
- dfg/DFGCommonData.cpp: Added.
(DFG):
(JSC::DFG::CommonData::notifyCompilingStructureTransition):
(JSC::DFG::CommonData::shrinkToFit):
- dfg/DFGCommonData.h: Added.
(JSC):
(DFG):
(JSC::DFG::WeakReferenceTransition::WeakReferenceTransition):
(WeakReferenceTransition):
(CommonData):
(JSC::DFG::CommonData::CommonData):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
- dfg/DFGDriver.h:
(DFG):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGJITCode.cpp: Added.
(DFG):
(JSC::DFG::JITCode::JITCode):
(JSC::DFG::JITCode::~JITCode):
(JSC::DFG::JITCode::dfgCommon):
(JSC::DFG::JITCode::dfg):
(JSC::DFG::JITCode::shrinkToFit):
- dfg/DFGJITCode.h: Added.
(DFG):
(JITCode):
(JSC::DFG::JITCode::appendOSREntryData):
(JSC::DFG::JITCode::osrEntryDataForBytecodeIndex):
(JSC::DFG::JITCode::appendOSRExit):
(JSC::DFG::JITCode::lastOSRExit):
(JSC::DFG::JITCode::appendSpeculationRecovery):
(JSC::DFG::JITCode::appendWatchpoint):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::JITCompiler):
(JSC::DFG::JITCompiler::linkOSRExits):
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
- dfg/DFGJITCompiler.h:
(JITCompiler):
(JSC::DFG::JITCompiler::addWeakReference):
(JSC::DFG::JITCompiler::noticeOSREntry):
(JSC::DFG::JITCompiler::jitCode):
- dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
- dfg/DFGOSRExit.h:
(OSRExit):
- dfg/DFGOSRExitCompiler.cpp:
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::SpeculativeJIT):
(JSC::DFG::SpeculativeJIT::backwardSpeculationCheck):
(JSC::DFG::SpeculativeJIT::speculationWatchpoint):
(JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGVariableEventStream.cpp:
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- ftl/FTLJITCode.cpp:
(JSC::FTL::JITCode::JITCode):
(JSC::FTL::JITCode::~JITCode):
(FTL):
(JSC::FTL::JITCode::initializeCode):
(JSC::FTL::JITCode::addressForCall):
(JSC::FTL::JITCode::executableAddressAtOffset):
(JSC::FTL::JITCode::dataAddressAtOffset):
(JSC::FTL::JITCode::offsetOf):
(JSC::FTL::JITCode::size):
(JSC::FTL::JITCode::contains):
(JSC::FTL::JITCode::ftl):
(JSC::FTL::JITCode::dfgCommon):
- ftl/FTLJITCode.h:
(JITCode):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileStructureTransitionWatchpoint):
(JSC::FTL::LowerDFGToLLVM::compilePutStructure):
(JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure):
(JSC::FTL::LowerDFGToLLVM::addWeakReference):
(LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::weakPointer):
- ftl/FTLState.cpp:
(FTL):
(JSC::FTL::State::State):
(JSC::FTL::State::dumpState):
- ftl/FTLState.h:
(State):
- heap/DFGCodeBlocks.cpp:
(JSC::DFGCodeBlocks::~DFGCodeBlocks):
(JSC::DFGCodeBlocks::jettison):
(JSC::DFGCodeBlocks::clearMarks):
(JSC::DFGCodeBlocks::deleteUnmarkedJettisonedCodeBlocks):
(JSC::DFGCodeBlocks::traceMarkedCodeBlocks):
- jit/JITCode.cpp:
(JSC::JITCode::dfgCommon):
(JSC):
(JSC::JITCode::dfg):
(JSC::JITCode::ftl):
(JSC::DirectJITCode::DirectJITCode):
(JSC::DirectJITCode::initializeCodeRef):
(JSC::DirectJITCode::addressForCall):
(JSC::DirectJITCode::executableAddressAtOffset):
(JSC::DirectJITCode::dataAddressAtOffset):
(JSC::DirectJITCode::offsetOf):
(JSC::DirectJITCode::size):
(JSC::DirectJITCode::contains):
- jit/JITCode.h:
(DFG):
(FTL):
(JSC):
(JITCode):
(DirectJITCode):
- 8:58 PM Changeset in webkit [153115] by
-
- 10 edits in trunk/Source/JavaScriptCore
fourthTier: Everyone should know about the FTL
https://bugs.webkit.org/show_bug.cgi?id=113897
Reviewed by Mark Hahnenberg.
In order to get OSR exit to work right, we need the distinction between DFG and
FTL to be clear even after compilation finishes, since they will have subtly
different OSR stories and likely use different data structures.
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::resetStubInternal):
(JSC::ProgramCodeBlock::compileOptimized):
(JSC::EvalCodeBlock::compileOptimized):
(JSC::FunctionCodeBlock::compileOptimized):
(JSC::CodeBlock::adjustedExitCountThreshold):
(JSC::CodeBlock::tallyFrequentExitSites):
- bytecode/CodeBlock.h:
(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::hasOptimizedReplacement):
(JSC::ExecState::isInlineCallFrame):
- ftl/FTLCompile.cpp:
(JSC::FTL::compile):
- ftl/FTLJITCode.cpp:
(JSC::FTL::JITCode::JITCode):
- ftl/FTLState.cpp:
(JSC::FTL::State::dumpState):
- heap/DFGCodeBlocks.cpp:
(JSC::DFGCodeBlocks::jettison):
- interpreter/Interpreter.cpp:
(JSC::getLineNumberForCallFrame):
(JSC::getCallerInfo):
- jit/JITCode.cpp:
(WTF::printInternal):
- jit/JITCode.h:
(JSC::JITCode::topTierJIT):
(JSC::JITCode::nextTierJIT):
(JITCode):
(JSC::JITCode::isJIT):
(JSC::JITCode::isLowerTier):
(JSC::JITCode::isHigherTier):
(JSC::JITCode::isLowerOrSameTier):
(JSC::JITCode::isHigherOrSameTier):
(JSC::JITCode::isOptimizingJIT):
- jit/JITDriver.h:
(JSC::jitCompileIfAppropriate):
(JSC::jitCompileFunctionIfAppropriate):
- jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):
- runtime/Executable.cpp:
(JSC::EvalExecutable::compileOptimized):
(JSC::samplingDescription):
(JSC::ProgramExecutable::compileOptimized):
(JSC::FunctionExecutable::compileOptimizedForCall):
(JSC::FunctionExecutable::compileOptimizedForConstruct):
- 8:58 PM Changeset in webkit [153114] by
-
- 4 edits in trunk/Source/JavaScriptCore
fourthTier: DFG should abstract out how it does forward exits, and that code should be simplified
https://bugs.webkit.org/show_bug.cgi?id=113894
Reviewed by Mark Hahnenberg.
1) We previously had two different ways of convertingToForward, one path for
where we had a ValueRecovery for the current node and one where we didn't.
But the paths were doing exactly the same thing except that if you have a
ValueRecovery, you also find the last applicable mov hint and do some
extra things. This patch combines the two paths and bases both of them on
the previous no-ValueRecovery path, which was simpler to begin with.
2) This moves the logic into DFG::OSRExit, which further simplifies the code
and makes the logic available to the FTL.
- dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::convertToForward):
(DFG):
- dfg/DFGOSRExit.h:
(DFG):
(OSRExit):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::convertLastOSRExitToForward):
- 8:58 PM Changeset in webkit [153113] by
-
- 28 edits in trunk/Source/JavaScriptCore
fourthTier: JITCode should abstract exactly how the JIT code is structured and where it was allocated
https://bugs.webkit.org/show_bug.cgi?id=113437
Reviewed by Mark Hahnenberg.
JITCode is now a virtual base class, which will allow different JITs to have radically
different memory allocation and management conventions in the future. It will also
make it easier to store JIT-specific meta-data in CodeBlock just by putting it into
an appropriate JITCode subclass.
For now there is one subclass, DirectJITCode, which just behaves like JITCode used to
behave.
- assembler/RepatchBuffer.h:
(JSC::RepatchBuffer::RepatchBuffer):
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::resetStubInternal):
(JSC::CodeBlock::bytecodeOffset):
(JSC::CodeBlock::codeOriginForReturn):
- bytecode/CodeBlock.h:
(JSC::CodeBlock::setJITCode):
(JSC::CodeBlock::getJITCode):
(JSC::CodeBlock::getJITType):
(CodeBlock):
- dfg/DFGDriver.cpp:
(JSC::DFG::compile):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
- dfg/DFGDriver.h:
(DFG):
(JSC::DFG::tryCompile):
(JSC::DFG::tryCompileFunction):
- dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):
- dfg/DFGJITCompiler.h:
(JITCompiler):
- dfg/DFGOSREntry.cpp:
(JSC::DFG::prepareOSREntry):
- dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::codeLocationForRepatch):
- dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
- dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
- dfg/DFGOperations.cpp:
- interpreter/Interpreter.cpp:
(JSC::Interpreter::execute):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeConstruct):
- jit/JIT.cpp:
(JSC::JIT::privateCompile):
- jit/JIT.h:
(JSC::JIT::compile):
(JIT):
- jit/JITCode.cpp:
(JSC):
(JSC::JITCode::JITCode):
(JSC::JITCode::~JITCode):
(JSC::JITCode::execute):
(JSC::JITCode::hostFunction):
(JSC::DirectJITCode::DirectJITCode):
(JSC::DirectJITCode::~DirectJITCode):
(JSC::DirectJITCode::addressForCall):
(JSC::DirectJITCode::executableAddressAtOffset):
(JSC::DirectJITCode::dataAddressAtOffset):
(JSC::DirectJITCode::offsetOf):
(JSC::DirectJITCode::size):
(JSC::DirectJITCode::contains):
- jit/JITCode.h:
(JSC):
(JITCode):
(JSC::JITCode::bottomTierJIT):
(JSC::JITCode::topTierJIT):
(JSC::JITCode::nextTierJIT):
(JSC::JITCode::isOptimizingJIT):
(JSC::JITCode::isBaselineCode):
(JSC::JITCode::jitType):
(JSC::JITCode::jitTypeFor):
(JSC::JITCode::executableAddress):
(JSC::JITCode::start):
(JSC::JITCode::end):
(DirectJITCode):
- jit/JITDriver.h:
(JSC::jitCompileIfAppropriate):
(JSC::jitCompileFunctionIfAppropriate):
- jit/JITStubs.cpp:
(JSC::lazyLinkFor):
(JSC::DEFINE_STUB_FUNCTION):
- jit/ThunkGenerators.cpp:
(JSC::virtualForGenerator):
- llint/LLIntEntrypoints.cpp:
(JSC::LLInt::getFunctionEntrypoint):
(JSC::LLInt::getEvalEntrypoint):
(JSC::LLInt::getProgramEntrypoint):
- llint/LLIntEntrypoints.h:
(JSC):
(LLInt):
(JSC::LLInt::getEntrypoint):
- llint/LLIntSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::entryOSR):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
- runtime/Executable.cpp:
(JSC::EvalExecutable::compileInternal):
(JSC::ProgramExecutable::compileInternal):
(JSC::FunctionExecutable::compileForCallInternal):
(JSC::FunctionExecutable::compileForConstructInternal):
- runtime/Executable.h:
(JSC::ExecutableBase::generatedJITCodeForCall):
(JSC::ExecutableBase::generatedJITCodeForConstruct):
(JSC::ExecutableBase::generatedJITCodeFor):
(ExecutableBase):
(JSC::ExecutableBase::hostCodeEntryFor):
(JSC::ExecutableBase::jsCodeEntryFor):
(JSC::ExecutableBase::jsCodeWithArityCheckEntryFor):
(JSC::NativeExecutable::create):
(JSC::NativeExecutable::finishCreation):
(JSC::EvalExecutable::generatedJITCode):
(JSC::ProgramExecutable::generatedJITCode):
- runtime/ExecutionHarness.h:
(JSC::prepareForExecution):
(JSC::prepareFunctionForExecution):
- 8:16 PM Changeset in webkit [153112] by
-
- 2 edits in trunk/Source/WebCore
[iOS] Captions are clipped in documents using pagination
https://bugs.webkit.org/show_bug.cgi?id=119072
Reviewed by Beth Dakin.
MediaControlTextTrackContainerElement::createTextTrackRepresentationImage() is called
to paint captions into a layer used for fullscreen video. It did the painting using
a subtree paint, but starting at the root RenderView's layer. This is problematic,
because the caption painting is subject to clipping for columns, and any enclosing
overflow:hidden container.
Fix this by starting the paint at the MediaControlTextTrackContainerElement's
renderer's layer. By doing this we don't have to worry about an offset, so no
translation is required.
Also make sure we update layer before grabbing the renderer (in case layout
destroys it).
- html/shadow/MediaControlElements.cpp:
(WebCore::MediaControlTextTrackContainerElement::createTextTrackRepresentationImage):
- 7:32 PM Changeset in webkit [153111] by
-
- 1 edit2 adds in trunk/LayoutTests
Add DRT test to ensure don't override z-index for overflow: scroll, -webkit-overflow-scrolling: touch
https://bugs.webkit.org/show_bug.cgi?id=119071
Reviewed by Simon Fraser.
Add a DRT test to ensure we don't regress the fix for <https://bugs.webkit.org/show_bug.cgi?id=119066>.
- compositing/overflow/should-not-override-z-index-for-element-with-non-auto-z-index-and-overflow-scroll-and-touch-expected.txt: Added.
- compositing/overflow/should-not-override-z-index-for-element-with-non-auto-z-index-and-overflow-scroll-and-touch.html: Added.
- 7:02 PM Changeset in webkit [153110] by
-
- 5 edits in branches/safari-537-branch/Source
Versioning.
- 7:00 PM Changeset in webkit [153109] by
-
- 1 copy in tags/Safari-537.52
New Tag.
- 6:08 PM Changeset in webkit [153108] by
-
- 18 edits4 moves in trunk/Source/WebKit2
Rename WebColorChooserProxy
<rdar://problem/14528039> and https://bugs.webkit.org/show_bug.cgi?id=119025
Reviewed by Brady Eidson.
Renamed WebColorChooserProxy to WebColorPicker since the name WebColorChoooserProxy
implies that it represents the same object as WebColorChooser, which is not true.
Also, renamed createColorChooserProxy to createColorPicker in WebPageProxy and
platform-equivalent versions of it.
- CMakeLists.txt:
- GNUmakefile.list.am:
- Target.pri:
- UIProcess/API/gtk/PageClientImpl.cpp:
(WebKit::PageClientImpl::createColorPicker):
- UIProcess/API/gtk/PageClientImpl.h:
- UIProcess/API/mac/PageClientImpl.h:
- UIProcess/API/mac/PageClientImpl.mm:
(WebKit::PageClientImpl::createColorPicker):
- UIProcess/API/qt/raw/qrawwebview.cpp:
(QRawWebViewPrivate::createColorPicker):
- UIProcess/API/qt/raw/qrawwebview_p_p.h:
- UIProcess/CoordinatedGraphics/WebView.cpp:
(WebKit::WebView::createColorPicker):
- UIProcess/CoordinatedGraphics/WebView.h:
- UIProcess/PageClient.h:
- UIProcess/WebColorChooserProxy.cpp: Removed.
- UIProcess/WebColorChooserProxy.h: Removed.
- UIProcess/WebColorPicker.cpp: Copied from Source/WebKit2/UIProcess/WebColorChooserProxy.cpp.
(WebKit::WebColorPicker::WebColorPicker):
(WebKit::WebColorPicker::~WebColorPicker):
(WebKit::WebColorPicker::endChooser):
(WebKit::WebColorPicker::setSelectedColor):
- UIProcess/WebColorPicker.h: Copied from Source/WebKit2/UIProcess/WebColorChooserProxy.h.
(WebKit::WebColorPicker::create):
- UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::close):
(WebKit::WebPageProxy::showColorChooser):
(WebKit::WebPageProxy::setColorChooserColor):
(WebKit::WebPageProxy::endColorChooser):
(WebKit::WebPageProxy::didEndColorChooser):
(WebKit::WebPageProxy::resetStateAfterProcessExited):
- UIProcess/WebPageProxy.h: Renamed m_colorChooser to m_colorPicker.
- UIProcess/qt/QtPageClient.cpp:
(WebKit::QtPageClient::createColorPicker):
- UIProcess/qt/QtPageClient.h:
- UIProcess/qt/WebColorChooserProxyQt.cpp: Removed.
- UIProcess/qt/WebColorChooserProxyQt.h: Removed.
- UIProcess/qt/WebColorPickerQt.cpp: Added.
(WebKit::ColorChooserContextObject::ColorChooserContextObject):
(WebKit::ColorChooserContextObject::currentColor):
(WebKit::ColorChooserContextObject::elementRect):
(WebKit::ColorChooserContextObject::accept):
(WebKit::ColorChooserContextObject::reject):
(WebKit::WebColorPickerQt::WebColorPickerQt):
(WebKit::WebColorPickerQt::~WebColorPickerQt):
(WebKit::WebColorPickerQt::createItem):
(WebKit::WebColorPickerQt::createContext):
(WebKit::WebColorPickerQt::setSelectedColor):
(WebKit::WebColorPickerQt::notifyColorSelected):
(WebKit::WebColorPickerQt::endChooser):
- UIProcess/qt/WebColorPickerQt.h: Added.
(WebKit::WebColorPickerQt::create):
- WebKit2.xcodeproj/project.pbxproj:
- 5:57 PM Changeset in webkit [153107] by
-
- 5 edits1 add in trunk
Crash when calling WKPageGetProcessIdentifier after aborted process launch
https://bugs.webkit.org/show_bug.cgi?id=119069
<rdar://problem/14494064>
Reviewed by Andreas Kling.
Source/WebKit2:
- UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::processIdentifier):
Check if the page is closed instead of checking whether we have a process - We'll always have a process.
(WebKit::WebPageProxy::isValid):
Make this const.
- UIProcess/WebPageProxy.h:
Tools:
Add a test.
- TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
- TestWebKitAPI/Tests/WebKit2/mac/GetPIDAfterAbortedProcessLaunch.cpp: Added.
(TestWebKitAPI::didFinishLoadForFrame):
(TestWebKitAPI::TEST):
- 3:46 PM Changeset in webkit [153106] by
-
- 1 edit4 adds in trunk/Source/WebKit2
[WK2][Soup] Add entry point for network process
https://bugs.webkit.org/show_bug.cgi?id=110136
Reviewed by Gustavo Noronha Silva.
Original patch by Balazs Kelemen <kbalazs@webkit.org>.
Added a common entry point for non-Mac Unix ports.
- NetworkProcess/unix/NetworkProcessMainUnix.cpp: Added.
(WebKit::NetworkProcessMain):
- NetworkProcess/unix/NetworkProcessMainUnix.h: Added.
- unix/NetworkMainUnix.cpp: Added.
(main):
- 3:45 PM Changeset in webkit [153105] by
-
- 2 edits in trunk/Source/WebCore
REGRESSION (r152335): Mac Pro title occluded in MobileSafari; can't scroll page
https://bugs.webkit.org/show_bug.cgi?id=119066
<rdar://problem/14499184>
Reviewed by Daniel Bates.
Following <http://trac.webkit.org/changeset/152335> (bug #118337) we set
the z-index to 0 on every element with CSS "overflow: scroll" and
"-webkit-overflow-scrolling: touch" regardless of whether the element has
non-auto z-index. Instead we should only set the z-index to 0 for such elements
that have an auto z-index.
- css/StyleResolver.cpp:
(WebCore::StyleResolver::adjustRenderStyle):
- 2:58 PM Changeset in webkit [153104] by
-
- 5 edits in trunk/Source/JavaScriptCore
It should be possible to hijack IndexingHeader for things other than lengths
https://bugs.webkit.org/show_bug.cgi?id=119065
Reviewed by Mark Hahnenberg.
Made the body of IndexingHeader be a union.
Modified the offlineasm so that you can say IndexingHeader::u.lengths.publicLength.
Previously those dots would cause parse errors. Now an identifier in offlineasm can
have a dot anywhere except the first character.
- llint/LowLevelInterpreter32_64.asm:
- llint/LowLevelInterpreter64.asm:
- offlineasm/parser.rb:
- runtime/IndexingHeader.h:
(JSC::IndexingHeader::offsetOfPublicLength):
(JSC::IndexingHeader::offsetOfVectorLength):
(JSC::IndexingHeader::IndexingHeader):
(JSC::IndexingHeader::vectorLength):
(JSC::IndexingHeader::setVectorLength):
(JSC::IndexingHeader::publicLength):
(JSC::IndexingHeader::setPublicLength):
- 2:47 PM Changeset in webkit [153103] by
-
- 39 edits6 adds in branches/dfgFourthTier/Source
fourthTier: DFG IR dumps should be easier to read
https://bugs.webkit.org/show_bug.cgi?id=119050
Source/JavaScriptCore:
Reviewed by Mark Hahnenberg.
Added a DumpContext that includes support for printing an endnote
that describes all structures in full, while the main flow of the
dump just uses made-up names for the structures. This is helpful
since Structure::dump() may print a lot. The stuff it prints is
useful, but if it's all inline with the surrounding thing you're
dumping (often, a node in the DFG), then you get a ridiculously
long print-out. All classes that dump structures (including
Structure itself) now have dumpInContext() methods that use
inContext() for dumping anything that might transitively print a
structure. If Structure::dumpInContext() is called with a NULL
context, it just uses dump() like before. Hence you don't have to
know anything about DumpContext unless you want to.
inContext(*structure, context) dumps something like %B4:Array,
and the endnote will have something like:
%B4:Array = 0x10e91a180:[Array, {Edge:100, Normal:101, Line:102, NumPx:103, LastPx:104}, ArrayWithContiguous, Proto:0x10e99ffe0]
where B4 is the inferred name that StringHashDumpContext came up
with.
Also shortened a bunch of other dumps, removing information that
isn't so important.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/ArrayProfile.cpp:
(JSC::dumpArrayModes):
- bytecode/CodeBlockHash.cpp:
(JSC):
(JSC::CodeBlockHash::CodeBlockHash):
(JSC::CodeBlockHash::dump):
- bytecode/CodeOrigin.cpp:
(JSC::CodeOrigin::dumpInContext):
(JSC):
(JSC::InlineCallFrame::dumpInContext):
(JSC::InlineCallFrame::dump):
- bytecode/CodeOrigin.h:
(CodeOrigin):
(InlineCallFrame):
- bytecode/Operands.h:
(JSC::OperandValueTraits::isEmptyForDump):
(Operands):
(JSC::Operands::dump):
(JSC):
- bytecode/OperandsInlines.h: Added.
(JSC):
(JSC::::dumpInContext):
- bytecode/StructureSet.h:
(JSC::StructureSet::dumpInContext):
(JSC::StructureSet::dump):
(StructureSet):
- dfg/DFGAbstractValue.cpp:
(JSC::DFG::AbstractValue::dump):
(DFG):
(JSC::DFG::AbstractValue::dumpInContext):
- dfg/DFGAbstractValue.h:
(JSC::DFG::AbstractValue::operator!):
(AbstractValue):
- dfg/DFGCFAPhase.cpp:
(JSC::DFG::CFAPhase::performBlockCFA):
- dfg/DFGCommon.cpp:
- dfg/DFGCommon.h:
(JSC::DFG::NodePointerTraits::isEmptyForDump):
- dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::createDumpList):
- dfg/DFGDisassembler.h:
(Disassembler):
- dfg/DFGFlushFormat.h:
(WTF::inContext):
(WTF):
- dfg/DFGFlushLivenessAnalysisPhase.cpp:
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dumpCodeOrigin):
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::dumpBlockHeader):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGLazyJSValue.cpp:
(JSC::DFG::LazyJSValue::dumpInContext):
(JSC::DFG::LazyJSValue::dump):
(DFG):
- dfg/DFGLazyJSValue.h:
(LazyJSValue):
- dfg/DFGNode.h:
(JSC::DFG::nodeMapDump):
(WTF::inContext):
(WTF):
- dfg/DFGOSRExitCompiler32_64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
- dfg/DFGOSRExitCompiler64.cpp:
(JSC::DFG::OSRExitCompiler::compileExit):
- dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::dumpInContext):
(JSC::DFG::StructureAbstractValue::dump):
(StructureAbstractValue):
- ftl/FTLExitValue.cpp:
(JSC::FTL::ExitValue::dumpInContext):
(JSC::FTL::ExitValue::dump):
(FTL):
- ftl/FTLExitValue.h:
(ExitValue):
- ftl/FTLLowerDFGToLLVM.cpp:
- ftl/FTLValueSource.cpp:
(JSC::FTL::ValueSource::dumpInContext):
(FTL):
- ftl/FTLValueSource.h:
(ValueSource):
- runtime/DumpContext.cpp: Added.
(JSC):
(JSC::DumpContext::DumpContext):
(JSC::DumpContext::~DumpContext):
(JSC::DumpContext::isEmpty):
(JSC::DumpContext::dump):
- runtime/DumpContext.h: Added.
(JSC):
(DumpContext):
- runtime/JSCJSValue.cpp:
(JSC::JSValue::dump):
(JSC):
(JSC::JSValue::dumpInContext):
- runtime/JSCJSValue.h:
(JSC):
(JSValue):
- runtime/Structure.cpp:
(JSC::Structure::dumpInContext):
(JSC):
(JSC::Structure::dumpBrief):
(JSC::Structure::dumpContextHeader):
- runtime/Structure.h:
(JSC):
(Structure):
Source/WTF:
Reviewed by Mark Hahnenberg.
Added support for dumping values within a context. By default, if you say
print(inContext(value, context)) it calls value.dumpInContext(out, context)
instead of value.dump(out).
Hoisted the support for six-character hashes out of JSC::CodeBlockHash into
WTF, in the form of SixCharacterHash.h.
Added a helper for creating dump contexts where the inContext() dump will
just use a short string hash to "name" the object being dumped, and then
will print out the full dumps in an endnote to your dump.
Added support for using CString as a hashtable key.
- WTF.xcodeproj/project.pbxproj:
- wtf/PrintStream.h:
(WTF):
(ValueInContext):
(WTF::ValueInContext::ValueInContext):
(WTF::ValueInContext::dump):
(WTF::inContext):
- wtf/SixCharacterHash.cpp: Added.
(WTF):
(WTF::sixCharacterHashStringToInteger):
(WTF::integerToSixCharacterHashString):
- wtf/SixCharacterHash.h: Added.
(WTF):
- wtf/StringHashDumpContext.h: Added.
(WTF):
(StringHashDumpContext):
(WTF::StringHashDumpContext::StringHashDumpContext):
(WTF::StringHashDumpContext::getID):
(WTF::StringHashDumpContext::dumpBrief):
(WTF::StringHashDumpContext::brief):
(WTF::StringHashDumpContext::isEmpty):
(WTF::StringHashDumpContext::dump):
- wtf/text/CString.cpp:
(WTF::CString::hash):
(WTF):
(WTF::operator<):
(WTF::CStringHash::equal):
- wtf/text/CString.h:
(WTF::CString::CString):
(CString):
(WTF::CString::isHashTableDeletedValue):
(WTF):
(WTF::CStringHash::hash):
(CStringHash):
- 2:24 PM Changeset in webkit [153102] by
-
- 2 edits in trunk/Source/WebCore
Use-after-free in ApplyStyleCommand::removeInlineStyle
https://bugs.webkit.org/show_bug.cgi?id=118627
Reviewed by Oliver Hunt.
Merge https://chromium.googlesource.com/chromium/blink/+/b6471d077e012b05ccba14d0ce8e6d616106c8e6
Unfortunately, there is no test case for this bug.
- editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::removeInlineStyle):
- 2:21 PM Changeset in webkit [153101] by
-
- 2 edits1 add in trunk/Source/ThirdParty/ANGLE
Generate derived files in ANGLE at build time rather than when updating from upstream.
https://bugs.webkit.org/show_bug.cgi?id=118872
Reviewed by Mark Rowe.
- ANGLE.xcodeproj/project.pbxproj: Made Derived Sources target which calls DerivedSources.make,
moved generated files into Derived Sources group.
- DerivedSources.make: Added.
- 1:28 PM Changeset in webkit [153100] by
-
- 17 edits in branches/safari-537-branch/Source/WebKit2
Merged r153096. <rdar://problem/14421763>
- 1:25 PM Changeset in webkit [153099] by
-
- 11 edits in branches/safari-537-branch/Source
Merged r153092. <rdar://problem/14421763>
- 1:22 PM Changeset in webkit [153098] by
-
- 3 edits2 copies in branches/safari-537-branch
Merged r153002. <rdar://problem/14348927>
- 12:56 PM Changeset in webkit [153097] by
-
- 2 edits in trunk/Source/JavaScriptCore
JIT::updateTopCallFrame doesn't update the CallFrame's bytecodeOffset if bytecodeOffset == 0
https://bugs.webkit.org/show_bug.cgi?id=118923
Reviewed by Filip Pizlo.
This bug causes the CallFrame's bytecodeOffset to not be properly set when we
enter, e.g., cti_optimize from an op_enter.
- jit/JITInlines.h:
(JSC::JIT::updateTopCallFrame):
- 12:31 PM Changeset in webkit [153096] by
-
- 17 edits in trunk/Source/WebKit2
Remove WKPageGetPlugInInformation - it is not used anymore
https://bugs.webkit.org/show_bug.cgi?id=119047
Reviewed by Alexey Proskuryakov.
Revert r151172, which fixed a crash introduced in r151043, r151054, which fixed some naming
and ref-churn issues introduced in r151043, and r151043, which added
WKPageGetPlugInInformation.
- UIProcess/API/C/mac/WKPagePrivateMac.cpp:
(WKPageIsURLKnownHSTSHost):
- UIProcess/API/C/mac/WKPagePrivateMac.h:
- UIProcess/Plugins/PluginProcessManager.h:
- UIProcess/Plugins/mac/PluginProcessManagerMac.mm:
- UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::close):
- UIProcess/WebPageProxy.h:
- UIProcess/WebPageProxy.messages.in:
- UIProcess/mac/WebPageProxyMac.mm:
- WebProcess/Plugins/Netscape/NetscapePlugin.h:
- WebProcess/Plugins/PDF/SimplePDFPlugin.h:
- WebProcess/Plugins/Plugin.h:
- WebProcess/Plugins/PluginProxy.h:
- WebProcess/Plugins/PluginView.h:
- WebProcess/WebPage/WebPage.h:
- WebProcess/WebPage/WebPage.messages.in:
- WebProcess/WebPage/mac/WebPageMac.mm:
- 12:23 PM Changeset in webkit [153095] by
-
- 6 edits1 delete in trunk/Source/WebCore
Remove CheckedInt, use Checked<T, RecordOverflow> instead
https://bugs.webkit.org/show_bug.cgi?id=119022
Reviewed by Oliver Hunt.
Following the cleanup in r153062, the CheckedInt uses are replaced with
using the Checked<T, RecordOverflow> class. The CheckedInt header is not
used anywhere anymore and is thus removed.
- GNUmakefile.list.am:
- WebCore.xcodeproj/project.pbxproj:
- html/canvas/CheckedInt.h: Removed.
- html/canvas/DataView.cpp:
(WebCore::DataView::create):
- html/canvas/WebGLBuffer.cpp:
(WebCore::WebGLBuffer::associateBufferSubDataImpl):
- html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::drawArrays):
- 12:11 PM Changeset in webkit [153094] by
-
- 3 edits in trunk/Source/WebCore
RenderMenuList computes the width of its longest option twice.
<http://webkit.org/b/119046>
<rdar://problem/14534679>
Reviewed by Darin Adler.
Rename the RenderMenuList::m_optionsChanged flag to m_needsOptionsWidthUpdate,
and make sure it gets cleared after we do a width computation in response to font changes.
- rendering/RenderMenuList.cpp:
(WebCore::RenderMenuList::styleDidChange):
- 12:03 PM Changeset in webkit [153093] by
-
- 4 edits in trunk
Make KURL::hasPath private
https://bugs.webkit.org/show_bug.cgi?id=118279
Reviewed by Darin Adler.
Source/WebCore:
- platform/KURL.h: The KURL::hasPath method is not used outside of the KURL class, so it is made private.
Tools:
- TestWebKitAPI/Tests/WebCore/KURL.cpp:
(TestWebKitAPI::TEST_F): Remove references to KURL::hasPath the method is now private and thus not accessible for testing.
- 11:33 AM Changeset in webkit [153092] by
-
- 11 edits in trunk/Source
Remove WKPageGetPlugInInformation - it is not used anymore
https://bugs.webkit.org/show_bug.cgi?id=119047
Rubber-stamped by Alexey Proskuryakov.
Revert r152328, which added a key used only in the callback info for
WKPageGetPlugInInformation.
Source/WebCore:
- WebCore.exp.in:
Source/WebKit2:
- Shared/API/c/WKPluginInformation.cpp:
- Shared/API/c/WKPluginInformation.h:
- Shared/Plugins/Netscape/PluginInformation.cpp:
- Shared/Plugins/Netscape/PluginInformation.h:
- UIProcess/WebPageProxy.h:
- UIProcess/WebPageProxy.messages.in:
- UIProcess/mac/WebPageProxyMac.mm:
(WebKit::WebPageProxy::containsPlugInCallback):
- WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::containsPluginViewsWithPluginProcessToken):
- 11:28 AM Changeset in webkit [153091] by
-
- 2 edits in trunk/Source/WebInspectorUI
Web Inspector: control+clicking on a numeric token should not show the context menu
https://bugs.webkit.org/show_bug.cgi?id=119048
Reviewed by Timothy Hatcher.
Track "contextmenu" events when we're hovering a token containing a numeric value
and call preventDefault() in the event handler to ensure that the context menu does
not appear.
- UserInterface/CodeMirrorDragToAlterNumberController.js:
(WebInspector.CodeMirrorDragToAlterNumberController.prototype.handleEvent):
(WebInspector.CodeMirrorDragToAlterNumberController.prototype._setTracksMouseClickAndDrag):
- 11:11 AM Changeset in webkit [153090] by
-
- 3 edits3 copies in branches/safari-537-branch
Merged r153075. <rdar://problem/14530072>
- 11:02 AM Changeset in webkit [153089] by
-
- 7 edits20 adds in trunk
Border drawing incorrect when using both border-collapse: collapse and overflow: hidden on a table
https://bugs.webkit.org/show_bug.cgi?id=18305
Reviewed by David Hyatt.
Source/WebCore:
overflowClipRect() clips out the table's half of a collapsed border when there is an overflow clip
on the table. This prevents the table's half of the border ever getting painted.
To fix this, clip to the border box of tables when we're in the paint phase that gets the sections to draw the collapsed borders
or when we're self painting. This will allow the table's half of the border to get painted. In the case where the table is self
painting we ensure that content gets clipped to cell's side of the collapsed border by ensuring the clip passed to child layers
from the table clips to the inside of the collapsed border.
It's worth noting that a table's collapsed borders are painted by the table's layer using functions in
RenderTableSection and RenderTableCell. So if a table section has a self-painting layer this patch still works, because
the borders aren't painted by the section's layer.
Tests: fast/table/overflow-table-collapsed-borders-cell-painting-table-self-painting-layer.html
fast/table/overflow-table-collapsed-borders-cell-painting.html
fast/table/overflow-table-collapsed-borders-section-layer-painting.html
fast/table/overflow-table-collapsed-borders-section-layer-table-self-painting-layer.html
fast/table/overflow-table-collapsed-borders-section-self-painting-layer-painting.html
fast/table/overflow-table-collapsed-borders-section-self-painting-layer-table-self-painting-layer.html
fast/table/table-overflow.html
- rendering/RenderBox.cpp:
(WebCore::RenderBox::pushContentsClip):
(WebCore::RenderBox::overflowClipRect):
- rendering/RenderBox.h:
(WebCore::RenderBox::overflowClipRectForChildLayers):
- rendering/RenderLayer.cpp:
(WebCore::RenderLayer::calculateClipRects):
- rendering/RenderTable.cpp:
(WebCore::RenderTable::overflowClipRect):
- rendering/RenderTable.h:
(WebCore::RenderTable::overflowClipRectForChildLayers):
LayoutTests:
- fast/table/overflow-table-collapsed-borders-cell-painting-expected.png: Added.
- fast/table/overflow-table-collapsed-borders-cell-painting-expected.txt: Added.
- fast/table/overflow-table-collapsed-borders-cell-painting-table-self-painting-layer-expected.png: Added.
- fast/table/overflow-table-collapsed-borders-cell-painting-table-self-painting-layer-expected.txt: Added.
- fast/table/overflow-table-collapsed-borders-cell-painting-table-self-painting-layer.html: Added.
- fast/table/overflow-table-collapsed-borders-cell-painting.html: Added.
- fast/table/overflow-table-collapsed-borders-section-layer-painting-expected.png: Added.
- fast/table/overflow-table-collapsed-borders-section-layer-painting-expected.txt: Added.
- fast/table/overflow-table-collapsed-borders-section-layer-painting.html: Added.
- fast/table/overflow-table-collapsed-borders-section-layer-table-self-painting-layer-expected.png: Added.
- fast/table/overflow-table-collapsed-borders-section-layer-table-self-painting-layer-expected.txt: Added.
- fast/table/overflow-table-collapsed-borders-section-layer-table-self-painting-layer.html: Added.
- fast/table/overflow-table-collapsed-borders-section-self-painting-layer-painting-expected.png: Added.
- fast/table/overflow-table-collapsed-borders-section-self-painting-layer-painting-expected.txt: Added.
- fast/table/overflow-table-collapsed-borders-section-self-painting-layer-painting.html: Added.
- fast/table/overflow-table-collapsed-borders-section-self-painting-layer-table-self-painting-layer-expected.png: Added.
- fast/table/overflow-table-collapsed-borders-section-self-painting-layer-table-self-painting-layer-expected.txt: Added.
- fast/table/overflow-table-collapsed-borders-section-self-painting-layer-table-self-painting-layer.html: Added.
- fast/table/table-overflow-expected.html: Added.
- fast/table/table-overflow.html: Added.
- platform/qt/fast/table/overflowHidden-expected.txt:
- 10:12 AM Changeset in webkit [153088] by
-
- 4 edits2 adds in trunk
Graphical elements inside mphantom should not be visible.
https://bugs.webkit.org/show_bug.cgi?id=116600.
Patch by Frédéric Wang <fred.wang@free.fr> on 2013-07-24
Reviewed by Chris Fleizach.
Source/WebCore:
Test: mathml/presentation/phantom.html
- rendering/mathml/RenderMathMLFraction.cpp:
(WebCore::RenderMathMLFraction::paint): don't paint the fraction bar when the visibility is not "visible"
- rendering/mathml/RenderMathMLRoot.cpp:
(WebCore::RenderMathMLRoot::paint): don't paint the radical symbol when the visibility is not "visible"
LayoutTests:
- mathml/presentation/phantom-expected.html: Added.
- mathml/presentation/phantom.html: Added.
- 9:07 AM Changeset in webkit [153087] by
-
- 4 edits2 adds in trunk/Source/WebInspectorUI
Web Inspector: support click-and-drag editing of CSS numeric values
https://bugs.webkit.org/show_bug.cgi?id=118896
Reviewed by Timothy Hatcher.
Add support for adjustment of numeric values in the various CodeMirror editors
by holding the option key and dragging the mouse. By default, dragging one pixel
changes the value by 1, but key modifiers allow to customize that behavior by using
the control key to change the value to 0.1 and the shift key to change the value to 10.
- UserInterface/CodeMirrorAdditions.js:
Split adjustNumber() into two methods such that we may use its logic from the
CodeMirrorDragToAlterNumberController. The new method, CodeMirror.prototype.alterNumberInRange()
allow to set begin and end CodeMirror positions such that the existing alterNumber()
can use information based on the current cursor position, and CodeMirrorDragToAlterNumberController
can use information based on the hovered token.
- UserInterface/CodeMirrorDragToAlterNumberController.css: Added.
(.CodeMirror.drag-to-adjust .CodeMirror-lines):
Set the cursor to "col-resize" when a number token is hovered and the option key
modifier is pressed.
- UserInterface/CodeMirrorDragToAlterNumberController.js: Added.
(WebInspector.CodeMirrorDragToAlterNumberController):
We define the new "dragToAdjustNumbers" CodeMirror option.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype.set enabled):
The "enabled" property controls whether the associated CodeMirror instance
may act upon hovering numeric values to adjust them via a drag interaction.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype.handleEvent):
Proxy for various event-specific methods to deal with mouse events. We also bind
the value of the "active" property to the "mouseenter" and "mouseleave" events
if we're not currently dragging-to-adjust.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype._setActive):
The "active" property is set when the mouse is over the associated CodeMirror
editor and when it's on we track all "mousemove" events such that we may
identify tokens containing numeric values. We also start tracking changes to the
option modifier key press state such that we may change the cursor accordingly.
We ensure that the CodeMirror instance is not read-only such that we don't
allow adjustment of numeric values in places where they couldn't be committed.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype._setDragging):
The "dragging" property reflects whether a dragging-to-adjust interaction
is underway. We call into WebInspector.elementDragStart() and WebInspector.elementDragEnd()
to set the cursor to "col-resize" for the whole document while tracking mousemove
and mouseup events at the window level such that we can drag-to-adjust even outside
of the inspector window.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype._setTracksMouseClickAndDrag):
The "tracksMouseClickAndDrag" property is set to true whenever the controller
has detected that a token containing a numeric value is being hovered and the
option modifier key is pressed. This property controls the cursor value for the
hovered token to reflect that a drag-to-adjust interaction is allowed and tracks
"mousedown" events for when a dragging interaction may be initiated.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype._modifiersDidChange):
Sets the "tracksMouseClickAndDrag" property depending on the availability of a hovered
token containing a numeric value and the pressed state of the option modified key.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype._mouseMoved):
Handles "mousemove" events when we're not in the "dragging" state such that we
check the currently hovered token, if any, to see if it contains a number that
we may drag-to-adjust. Subsequently, we may enter the "tracksMouseClickAndDrag"
state.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype._mouseWasPressed):
Handles "mousedown" events during a drag-to-adjust interaction. We simply track
the current mouse position in the x-axis and enter the "dragging" state.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype._mouseWasDragged):
Handles "mousemove" events when we are in the "dragging" state. We compare the
current mouse position in the x-axis with the last recoreded value and determine
the amount by which we should adjust the value, taking into account the shift and
control modifier keys. We then call into WebInspector.alterNumberInRange() to
apply the change amount to the associated CodeMirror editor.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype._mouseWasReleased):
Handles "mouseup" events, simply exiting the "dragging" state and resetting other
parameters we would have customized as a result of the drag-to-adjust interaction.
(WebInspector.CodeMirrorDragToAlterNumberController.prototype._reset):
Resetting some parameters we would have customized as a result of the drag-to-adjust
interaction.
- UserInterface/Main.html:
Include the new CodeMirrorDragToAlterNumberController.{js|css} files.
- UserInterface/Main.js:
(WebInspector.elementDragStart):
(WebInspector.elementDragEnd):
Add an extra parameter to elementDragStart() such that the caller may specify the event
target for the "mousemove" and "mouseup" events.
- 8:44 AM Changeset in webkit [153086] by
-
- 2 edits in trunk/Source/WebCore
WebVTTParser's identifier buffering can ignore subsequent lines
https://bugs.webkit.org/show_bug.cgi?id=118483
Patch by Brendan Long <b.long@cablelabs.com> on 2013-07-24
Reviewed by Eric Carlson.
No new tests since this bug can't be reproduced in layout tests.
- html/track/WebVTTParser.cpp:
(WebCore::WebVTTParser::parseBytes): Only buffer the identifier if we haven't read an entire line.
- 8:27 AM Changeset in webkit [153085] by
-
- 7 edits in trunk
[GTK] TestInspectorServer unit test is timing out
https://bugs.webkit.org/show_bug.cgi?id=105866
Patch by Anton Obzhirov <Anton Obzhirov> on 2013-07-24
Reviewed by Gustavo Noronha Silva.
Source/WebKit2:
The test failed because it couldn't find inspector resources in default folder
(make install step was missing). It uses now resources available in
WebKitBuild folder. WebInspectorServerGtk was refactored as well to make
easier to use WEBKIT_INSPECTOR_SERVER_PATH variable.
- UIProcess/API/gtk/tests/GNUmakefile.am:
- UIProcess/API/gtk/tests/InspectorTestServer.cpp:
(main):
- UIProcess/API/gtk/tests/TestInspectorServer.cpp:
(testInspectorServerPageList):
- UIProcess/InspectorServer/gtk/WebInspectorServerGtk.cpp:
(WebKit::WebInspectorServer::platformResourceForPath):
(WebKit::WebInspectorServer::buildPageList):
(WebKit::WebInspectorServer::inspectorServerFilesPath):
Tools:
- Scripts/run-gtk-tests:
(TestRunner):
- 7:53 AM Changeset in webkit [153084] by
-
- 2 edits in trunk/Tools
[GTK] [WK2] Handle wheel event with delta zero
https://bugs.webkit.org/show_bug.cgi?id=118973
Patch by Anton Obzhirov <Anton Obzhirov> on 2013-07-24
Reviewed by Gustavo Noronha Silva.
Added handling of zero mouse scroll deltas in EventSenderProxy similar
to WK1 and Qt/EFL ports.
fast/events/platform-wheelevent-with-delta-zero-crash.html is no longer
failing on WK2.
- WebKitTestRunner/gtk/EventSenderProxyGtk.cpp:
(WTR::EventSenderProxy::mouseScrollBy):
- 5:52 AM Changeset in webkit [153083] by
-
- 2 edits in trunk/LayoutTests
[GTK] Unreviewed gardening. Add expectations for flaky test.
- platform/gtk/TestExpectations: Mark svg/stroke/non-scaling-stroke-pattern.svg
as flaky.
- 4:34 AM Changeset in webkit [153082] by
-
- 2 edits in trunk/Source/ThirdParty/ANGLE
Unreviewed. Setting the svn:eol-style=native property on the ANGLE.sln file.
- src/ANGLE.sln: Added property svn:eol-style.
- 3:35 AM Changeset in webkit [153081] by
-
- 2 edits in trunk/Source/ThirdParty/ANGLE
[Qt] Buildfix after r153064. Add Uniform files to the Target.pri.
Patch by Gabor Abraham <abrhm@inf.u-szeged.hu> on 2013-07-24
Reviewed by Csaba Osztrogonác.
- Target.pri:
- 2:57 AM Changeset in webkit [153080] by
-
- 2 edits in trunk
[EFL][CMAKE] Fix wrong syntax about option commands
https://bugs.webkit.org/show_bug.cgi?id=119035
Reviewed by Christophe Dumez.
second argument of cmake option command should be description.
- Source/cmake/OptionsEfl.cmake: Added description instead of wrong initial value.
- 2:36 AM Changeset in webkit [153079] by
-
- 2 edits in trunk/LayoutTests
[EFL] Unreviewed gardening
https://bugs.webkit.org/show_bug.cgi?id=118826
Unreviewed EFL gardening.
Patch by Seokju Kwon <Seokju Kwon> on 2013-07-24
- 1:58 AM Changeset in webkit [153078] by
-
- 2 edits in trunk/LayoutTests
[GTK] Unreviewed gardening. Added expectations for flaky tests.
- platform/gtk/TestExpectations: Marked animations/resume-after-page-cache.html,
css3/calc/img-size.html and perf/nested-combined-selectors.html as flaky.
Jul 23, 2013:
- 9:54 PM Changeset in webkit [153077] by
-
- 5 edits2 copies in branches/safari-537-branch
Merged r153072. <rdar://problem/14324895>
- 9:52 PM Changeset in webkit [153076] by
-
- 6 edits in branches/safari-537-branch/Source/WebKit2
Merged r153070. <rdar://problem/14223830>
- 9:51 PM Changeset in webkit [153075] by
-
- 3 edits3 adds in trunk
DFG string concatenation optimizations might emit speculative nodes after emitting nodes that kill the original inputs
https://bugs.webkit.org/show_bug.cgi?id=119032
Reviewed by Oliver Hunt.
Source/JavaScriptCore:
It just needs some Phantom action.
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::attemptToMakeFastStringAdd):
LayoutTests:
- fast/js/dfg-strcat-over-objects-then-exit-on-it-expected.txt: Added.
- fast/js/dfg-strcat-over-objects-then-exit-on-it.html: Added.
- fast/js/script-tests/dfg-strcat-over-objects-then-exit-on-it.js: Added.
(foo):
(bar):
(x):
- 6:10 PM Changeset in webkit [153074] by
-
- 2 edits in trunk/Source/JavaScriptCore
Need ExpressionRangeInfo before ResolveForPuts in strict mode.
https://bugs.webkit.org/show_bug.cgi?id=118997.
Reviewed by Oliver Hunt.
If we add an assertion in UnlinkedCodeBlock::expressionRangeForBytecodeOffset()
to ensure that we are able to find an ExpressionRangeInfo for any given bytecode
offset, the following tests will fails:
fast/js/basic-strict-mode.html
fast/js/mozilla/strict/8.7.2.html
With this fix, those tests will no longer fail.
- bytecompiler/NodesCodegen.cpp:
(JSC::AssignResolveNode::emitBytecode):
(JSC::ForInNode::emitBytecode):
- Emit expression info before calls to emitResolveBaseForPut() when in strict mode.
- 5:56 PM Changeset in webkit [153073] by
-
- 6 edits in trunk
Added ExpressionRangeInfo for BinaryOpNodes that can throw exceptions
due to type coersion.
https://bugs.webkit.org/show_bug.cgi?id=116853.
Reviewed by Geoffrey Garen.
Source/JavaScriptCore:
- bytecompiler/NodesCodegen.cpp:
(JSC::BinaryOpNode::emitBytecode):
- Added expression info for the strcat and the general binary op cases. I did not add expression info for the "compare with null" case because that comparison cannot trigger type coersion, and hence it won't throw any exceptions and doesn't need the expression info.
LayoutTests:
Added the test case from bugzilla which exercises the general binary op
type coersion case, plus another for exercising the strcat case.
- fast/js/line-column-numbers-expected.txt:
- fast/js/line-column-numbers.html:
- fast/js/script-tests/line-column-numbers.js:
- 5:53 PM Changeset in webkit [153072] by
-
- 5 edits2 adds in trunk
REGRESSION(r150867): FrameView auto-sizing + delegate denied image load may cause StyleResolver to re-enter itself.
<rdar://problem/14324895>
<http://webkit.org/b/119023>
Reviewed by Simon Fraser.
Source/WebCore:
The bug happened when FrameView::autoSizeIfEnabled() was getting called below FrameLoader::checkCompleted()
triggered by an incorrect loadDone() callback originating in SubresourceLoader::didCancel().
- css/StyleResolver.cpp:
(WebCore::StyleResolver::loadPendingResources):
Add an assertion that this function is not getting re-entered. If a similar bug occurs
in the future, this will help the lucky person debugging.
- loader/SubresourceLoader.cpp:
(WebCore::SubresourceLoader::didCancel):
Don't notifyDone() if the SubresourceLoader is in Uninitialized state.
Tools:
Add a test for this rather specific problem.
- TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
- TestWebKitAPI/Tests/WebKit2ObjC/PreventImageLoadWithAutoResizing.mm: Added.
(TestWebKitAPI::TEST):
- TestWebKitAPI/Tests/WebKit2ObjC/PreventImageLoadWithAutoResizing_Bundle.cpp: Added.
(TestWebKitAPI::DenyWillSendRequestTest::DenyWillSendRequestTest):
(TestWebKitAPI::DenyWillSendRequestTest::willSendRequestForFrame):
(TestWebKitAPI::DenyWillSendRequestTest::didCreatePage):
- 5:41 PM Changeset in webkit [153071] by
-
- 8 edits in trunk/Source/JavaScriptCore
Removed unused sourceOffset from JSTokenLocation.
https://bugs.webkit.org/show_bug.cgi?id=118996.
Reviewed by Geoffrey Garen.
This also removes the assertion reported in the bug because it is now
moot, thereby resolving the assertion failure issue on Windows.
- bytecompiler/NodesCodegen.cpp:
(JSC::ArrayNode::toArgumentList):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
- parser/Lexer.cpp:
(JSC::::lex):
- parser/Lexer.h:
(JSC::::lexExpectIdentifier):
- parser/Nodes.h:
- parser/Parser.cpp:
(JSC::::Parser):
(JSC::::parseFunctionInfo):
(JSC::::parseExpressionOrLabelStatement):
(JSC::::parseMemberExpression):
- parser/Parser.h:
(JSC::::parse):
- parser/ParserTokens.h:
(JSC::JSTokenLocation::JSTokenLocation):
- 5:35 PM Changeset in webkit [153070] by
-
- 6 edits in trunk/Source/WebKit2
10.7: Java applets do not work due to sandbox violation/exception
https://bugs.webkit.org/show_bug.cgi?id=118920
<rdar://problem/14471541&12910934&14223830&14260729&14267679>
Patch by Simon Cooper <scooper@apple.com> on 2013-07-23
Reviewed by Alexey Proskuryakov.
Introduce versioning into the common profile and use it to fix
a number of issues with Java on 10.7 and 10.8. Allow writing the
com.apple.java.util.prefs preference file. This change also
introduces a "/Library/Application Support/Java/PublicFiles"
area which Java can read without any restrictions. Files written
to this location will need to be created and written to by
a privileged process.
- Resources/PlugInSandboxProfiles/com.apple.WebKit.plugin-common.sb:
- Resources/PlugInSandboxProfiles/com.oracle.java.JavaAppletPlugin.sb:
- 5:26 PM Changeset in webkit [153069] by
-
- 2 edits in branches/safari-537-branch/Source/WebCore
Merged r153068. <rdar://problem/14523331>
- 4:46 PM Changeset in webkit [153068] by
-
- 2 edits in trunk/Source/WebCore
Pixel-snap the unavailable plugin indicator arrow for maximum sharpness
https://bugs.webkit.org/show_bug.cgi?id=119024
<rdar://problem/14523331>
Reviewed by Anders Carlsson.
- rendering/RenderEmbeddedObject.cpp:
(WebCore::addReplacementArrowPath):
(WebCore::RenderEmbeddedObject::getReplacementTextGeometry):
Pixel-snap the unavailable plugin indicator arrow. Snapping directions
were chosen by eye/symmetry to look best on 1x and 2x devices at
1x and 2x page scale.
- 4:42 PM Changeset in webkit [153067] by
-
- 4 edits2 adds in trunk
The computed values of fix length padding should be subpixel precision like margin
https://bugs.webkit.org/show_bug.cgi?id=118936
Reviewed by Simon Fraser.
Source/WebCore:
The bug was caused by ComputedStyleExtractor::propertyValue always returning the used value
for padding. Fixed the bug by returning the computed value when they're of fixed length.
This aligns the behaviors of getComputedStyle(~).padding~ with getComputedStyle(~).margin~,
which had been fixed in r102149. While the current CSSOM specification says getComputedStyle
should return the used values for margins when display property is set to anything but none,
new behavior matches that of Chrome, Firefox, and Internet Explorer.
Also extracted zoomAdjustedPaddingOrMarginPixelValue to reduce the code duplication.
Test: fast/css/getComputedStyle/getComputedStyle-padding-margin-subpixel-length.html
- css/CSSComputedStyleDeclaration.cpp:
(WebCore::zoomAdjustedPaddingOrMarginPixelValue): Extracted.
(WebCore::ComputedStyleExtractor::propertyValue):
LayoutTests:
Add a regression test for obtaining the computed values of floating point padding and margin.
They shouldn't be rounded to whole pixels.
- fast/css/getComputedStyle/getComputedStyle-padding-margin-subpixel-length-expected.txt: Added.
- fast/css/getComputedStyle/getComputedStyle-padding-margin-subpixel-length.html: Added.
- fast/shapes/shape-inside/shape-inside-shape-logical-top-expected.html: Use a different technique to detect
the subpixel layout since paddings
- 3:51 PM Changeset in webkit [153066] by
-
- 6 edits2 copies in branches/safari-537-branch
Merged r153060. <rdar://problem/14478260>
- 3:49 PM Changeset in webkit [153065] by
-
- 7 edits3 copies in branches/safari-537-branch
Merged r153003. <rdar://problem/14403809>
- 3:35 PM Changeset in webkit [153064] by
-
- 57 edits185 adds2 deletes in trunk/Source
Source/ThirdParty/ANGLE: Updated ANGLE to latest git commit (047373aa3eb408be62be52ade840fa5f11e72337).
Added missing ANGLE files except unused tests, extensions, samples, build, and .git directories.
Ran Bison after making some changes to fix compile errors (see below).
https://bugs.webkit.org/show_bug.cgi?id=118550
Reviewed by Dean Jackson.
- ANGLE.plist: Updated from svn to git.
- ANGLE.xcodeproj/project.pbxproj: Renamed DetectRecursion to DetectCallDepth.
- AUTHORS: Added.
- CONTRIBUTORS: Added.
- DEPS: Added.
- GNUmakefile.am: Renamed DetectRecursion to DetectCallDepth and added Uniform.cpp.
- LICENSE: Added.
- README.chromium: Added.
- Target.pri: Renamed DetectRecursion to DetectCallDepth.
- codereview.settings: Added.
- include/EGL/eglext.h:
- include/GLES2/gl2ext.h:
- include/GLSLANG/ShaderLang.h:
- src/ANGLE.sln: Added.
- src/build_angle.gyp: Added.
- src/build_angle.gypi: Added.
- src/common/RefCountObject.cpp:
- src/common/angleutils.h:
(ArraySize):
(SafeRelease):
- src/common/debug.cpp:
- src/common/debug.h:
- src/common/system.h:
- src/common/version.h:
- src/compiler/64bit-lexer-safety.patch: Added.
- src/compiler/BaseTypes.h:
(getQualifierString):
- src/compiler/CodeGenHLSL.cpp:
(ConstructCompiler):
- src/compiler/Common.h:
- src/compiler/Compiler.cpp:
(TCompiler::TCompiler):
(TCompiler::Init):
(TCompiler::compile):
(TCompiler::InitBuiltInSymbolTable):
(TCompiler::detectCallDepth):
(TCompiler::limitExpressionComplexity):
(TCompiler::getResources):
- src/compiler/ConstantUnion.h:
(ConstantUnion::ConstantUnion):
- src/compiler/DetectCallDepth.cpp: Added.
(DetectCallDepth::FunctionNode::FunctionNode):
(DetectCallDepth::FunctionNode::getName):
(DetectCallDepth::FunctionNode::addCallee):
(DetectCallDepth::FunctionNode::detectCallDepth):
(DetectCallDepth::FunctionNode::reset):
(DetectCallDepth::DetectCallDepth):
(DetectCallDepth::~DetectCallDepth):
(DetectCallDepth::visitAggregate):
(DetectCallDepth::checkExceedsMaxDepth):
(DetectCallDepth::resetFunctionNodes):
(DetectCallDepth::detectCallDepthForFunction):
(DetectCallDepth::detectCallDepth):
(DetectCallDepth::findFunctionByName):
- src/compiler/DetectCallDepth.h: Added.
(DetectCallDepth::getInfoSink):
- src/compiler/DetectRecursion.cpp: Removed.
- src/compiler/DetectRecursion.h: Removed.
- src/compiler/Diagnostics.cpp:
(TDiagnostics::writeInfo):
- src/compiler/ForLoopUnroll.cpp:
(ForLoopUnroll::evaluateIntConstant):
- src/compiler/InfoSink.cpp:
(TInfoSinkBase::prefix):
(TInfoSinkBase::location):
(TInfoSinkBase::message):
- src/compiler/InfoSink.h:
- src/compiler/Initialize.cpp:
(InsertBuiltInFunctions):
(IdentifyBuiltIns):
(InitExtensionBehavior):
- src/compiler/Initialize.h:
- src/compiler/Intermediate.cpp:
(TIntermediate::addSymbol):
(TIntermediate::addBinaryMath):
(TIntermediate::addAssign):
(TIntermediate::addIndex):
(TIntermediate::addUnaryMath):
(TIntermediate::setAggregateOperator):
(TIntermediate::addConversion):
(TIntermediate::growAggregate):
(TIntermediate::makeAggregate):
(TIntermediate::addSelection):
(TIntermediate::addComma):
(TIntermediate::addConstantUnion):
(TIntermediate::addSwizzle):
(TIntermediate::addLoop):
(TIntermediate::addBranch):
(TIntermUnary::promote):
(TIntermBinary::promote):
(CompareStruct):
(CompareStructure):
(TIntermConstantUnion::fold): Added implied static_casts to fix compiling errors on Mac.
(TIntermediate::promoteConstantUnion):
- src/compiler/OutputGLSL.cpp:
(TOutputGLSL::visitSymbol):
- src/compiler/OutputGLSL.h:
- src/compiler/OutputGLSLBase.cpp:
(TOutputGLSLBase::writeVariableType):
(TOutputGLSLBase::writeConstantUnion):
(TOutputGLSLBase::visitBinary):
(TOutputGLSLBase::visitAggregate):
(TOutputGLSLBase::getTypeName):
(TOutputGLSLBase::structDeclared):
(TOutputGLSLBase::declareStruct):
- src/compiler/OutputGLSLBase.h:
- src/compiler/OutputHLSL.cpp:
(sh::OutputHLSL::OutputHLSL):
(sh::OutputHLSL::getUniforms):
(sh::OutputHLSL::header):
(sh::OutputHLSL::visitSymbol):
(sh::OutputHLSL::visitBinary):
(sh::OutputHLSL::visitAggregate):
(sh::OutputHLSL::visitSelection):
(sh::OutputHLSL::visitLoop):
(sh::OutputHLSL::handleExcessiveLoop):
(sh::OutputHLSL::argumentString):
(sh::OutputHLSL::typeString):
(sh::OutputHLSL::textureString):
(sh::OutputHLSL::initializer):
(sh::OutputHLSL::addConstructor):
(sh::OutputHLSL::writeConstantUnion):
(sh::OutputHLSL::decorateUniform):
(sh::OutputHLSL::decorateField):
(sh::OutputHLSL::registerString):
(sh::OutputHLSL::samplerRegister):
(sh::OutputHLSL::uniformRegister):
(sh::OutputHLSL::declareUniform):
(sh::OutputHLSL::glVariableType):
(sh::OutputHLSL::glVariablePrecision):
- src/compiler/OutputHLSL.h:
- src/compiler/ParseHelper.cpp:
(TParseContext::parseVectorFields):
(TParseContext::parseMatrixFields):
(TParseContext::error):
(TParseContext::warning):
(TParseContext::assignError):
(TParseContext::unaryOpError):
(TParseContext::binaryOpError):
(TParseContext::precisionErrorCheck):
(TParseContext::lValueErrorCheck):
(TParseContext::globalErrorCheck):
(TParseContext::reservedErrorCheck):
(TParseContext::constructorErrorCheck):
(TParseContext::voidErrorCheck):
(TParseContext::boolErrorCheck):
(TParseContext::samplerErrorCheck):
(TParseContext::structQualifierErrorCheck):
(TParseContext::parameterSamplerErrorCheck):
(TParseContext::containsSampler):
(TParseContext::arraySizeErrorCheck):
(TParseContext::arrayQualifierErrorCheck):
(TParseContext::arrayTypeErrorCheck):
(TParseContext::arrayErrorCheck):
(TParseContext::nonInitConstErrorCheck):
(TParseContext::nonInitErrorCheck):
(TParseContext::paramErrorCheck):
(TParseContext::extensionErrorCheck):
(TParseContext::isExtensionEnabled):
Replaced auto with std::map<std::string, TBehavior>::const_iterator to fix Qt and EFL compiling errors.
(TParseContext::findFunction):
(TParseContext::executeInitializer):
(TParseContext::addConstructor):
(TParseContext::constructBuiltIn):
(TParseContext::constructStruct):
(TParseContext::addConstVectorNode):
(TParseContext::addConstMatrixNode):
(TParseContext::addConstArrayNode):
(TParseContext::addConstStruct):
(TParseContext::enterStructDeclaration):
(TParseContext::structNestingErrorCheck):
(TParseContext::addIndexExpression):
- src/compiler/ParseHelper.h:
(TParseContext::TParseContext):
(TParseContext::pragma):
- src/compiler/PoolAlloc.cpp:
(TPoolAllocator::allocate):
- src/compiler/ShHandle.h:
(TShHandleBase::getAsTranslatorHLSL):
- src/compiler/ShaderLang.cpp:
(ShInitBuiltInResources):
(ShGetInfoPointer):
- src/compiler/SymbolTable.cpp:
(TType::TType):
(TType::buildMangledName):
(TType::getObjectSize):
(TStructure::containsArrays):
(TStructure::buildMangledName):
(TStructure::calculateObjectSize):
(TStructure::calculateDeepestNesting):
(TSymbolTableLevel::relateToExtension):
- src/compiler/SymbolTable.h:
(TSymbol::relateToExtension):
(TSymbol::getExtension):
(TVariable::TVariable):
(TVariable::setQualifier):
(TVariable::shareConstPointer):
(TSymbolTableLevel::insert):
(TSymbolTable::insertConstInt):
(TSymbolTable::insertBuiltIn):
- src/compiler/TranslatorHLSL.cpp:
(TranslatorHLSL::TranslatorHLSL):
(TranslatorHLSL::translate):
- src/compiler/TranslatorHLSL.h:
(TranslatorHLSL::getAsTranslatorHLSL):
(TranslatorHLSL::getUniforms):
- src/compiler/Types.h: Removed enum bit fields to fix gcc compiler errors.
(TField::TField):
(TField::type):
(TField::name):
(NewPoolTFieldList):
(TStructure::TStructure):
(TStructure::name):
(TStructure::fields):
(TStructure::mangledName):
(TStructure::objectSize):
(TStructure::deepestNesting):
(TType::TType):
(TType::elementRegisterCount):
(TType::totalRegisterCount):
(TType::clearArrayness):
(TType::getStruct):
(TType::setStruct):
(TType::getMangledName):
(TType::getDeepestStructNesting):
(TType::isStructureContainingArrays):
(TPublicType::setBasic):
- src/compiler/Uniform.cpp: Added.
(sh::Uniform::Uniform):
- src/compiler/Uniform.h: Added.
- src/compiler/VariableInfo.cpp:
(getUserDefinedVariableInfo):
- src/compiler/glslang.l:
- src/compiler/glslang.y: Moved YYLTYPE definition into %union to work with Bison 2.3.
- src/compiler/glslang_lex.cpp:
(yy_get_previous_state):
(yy_try_NUL_trans):
(yyget_lloc):
(yyset_lloc):
(string_input):
(check_type):
(reserved_word):
(glslang_scan):
- src/compiler/glslang_tab.cpp:
(yyerror):
- src/compiler/glslang_tab.h:
- src/compiler/intermOut.cpp:
(TOutputTraverser::visitUnary):
(TOutputTraverser::visitAggregate):
(TOutputTraverser::visitConstantUnion):
- src/compiler/intermediate.h:
(TIntermNode::TIntermNode):
(TIntermNode::~TIntermNode):
(TIntermNode::getLine):
(TIntermNode::setLine):
(TIntermNode::getAsLoopNode):
(TIntermTyped::totalRegisterCount):
(TIntermTyped::elementRegisterCount):
(TIntermTyped::getArraySize):
(TIntermConstantUnion::getIConst):
(TIntermConstantUnion::getFConst):
(TIntermConstantUnion::getBConst):
(TIntermAggregate::TIntermAggregate):
(TIntermTraverser::TIntermTraverser):
(TIntermTraverser::getMaxDepth):
(TIntermTraverser::incrementDepth):
- src/compiler/localintermediate.h:
- src/compiler/parseConst.cpp:
(TConstTraverser::visitSymbol):
(TConstTraverser::visitBinary):
(TConstTraverser::visitUnary):
(TConstTraverser::visitAggregate):
(TConstTraverser::visitSelection):
(TConstTraverser::visitConstantUnion):
(TConstTraverser::visitLoop):
(TConstTraverser::visitBranch):
(TIntermediate::parseConstTree):
- src/compiler/preprocessor/64bit-tokenizer-safety.patch: Added.
- src/compiler/preprocessor/Tokenizer.cpp:
(yy_get_previous_state):
(yy_try_NUL_trans):
- src/compiler/preprocessor/Tokenizer.l:
- src/compiler/preprocessor/preprocessor.vcxproj: Added.
- src/compiler/preprocessor/preprocessor.vcxproj.filters: Added.
- src/compiler/timing/RestrictVertexShaderTiming.cpp:
(RestrictVertexShaderTiming::visitSymbol):
- src/compiler/translator_common.vcxproj: Added.
- src/compiler/translator_common.vcxproj.filters: Added.
- src/compiler/translator_hlsl.vcxproj: Added.
- src/compiler/translator_hlsl.vcxproj.filters: Added.
- src/libEGL/Config.cpp: Added.
(egl::Config::Config):
(egl::Config::getHandle):
(egl::SortConfig::SortConfig):
(egl::SortConfig::scanForWantedComponents):
(egl::SortConfig::wantedComponentsSize):
(egl::SortConfig::operator()):
(egl::ConfigSet::ConfigSet):
(egl::ConfigSet::add):
(egl::ConfigSet::size):
(egl::ConfigSet::getConfigs):
(egl::ConfigSet::get):
- src/libEGL/Config.h: Added.
- src/libEGL/Display.cpp: Added.
(egl::Display::getDisplay):
(egl::Display::Display):
(egl::Display::~Display):
(egl::Display::initialize):
(egl::Display::terminate):
(egl::Display::getConfigs):
(egl::Display::getConfigAttrib):
(egl::Display::createWindowSurface):
(egl::Display::createOffscreenSurface):
(egl::Display::createContext):
(egl::Display::restoreLostDevice):
(egl::Display::destroySurface):
(egl::Display::destroyContext):
(egl::Display::notifyDeviceLost):
(egl::Display::recreateSwapChains):
(egl::Display::isInitialized):
(egl::Display::isValidConfig):
(egl::Display::isValidContext):
(egl::Display::isValidSurface):
(egl::Display::hasExistingWindowSurface):
(egl::Display::initExtensionString):
(egl::Display::getExtensionString):
(egl::Display::initVendorString):
(egl::Display::getVendorString):
- src/libEGL/Display.h: Added.
(egl::Display::getRenderer):
- src/libEGL/Surface.cpp: Added.
(egl::Surface::Surface):
(egl::Surface::~Surface):
(egl::Surface::initialize):
(egl::Surface::release):
(egl::Surface::resetSwapChain):
(egl::Surface::resizeSwapChain):
(egl::Surface::swapRect):
(egl::Surface::getWindowHandle):
(egl::SurfaceWindowProc):
(egl::Surface::subclassWindow):
(egl::Surface::unsubclassWindow):
(egl::Surface::checkForOutOfDateSwapChain):
(egl::Surface::swap):
(egl::Surface::postSubBuffer):
(egl::Surface::getWidth):
(egl::Surface::getHeight):
(egl::Surface::isPostSubBufferSupported):
(egl::Surface::getSwapChain):
(egl::Surface::setSwapInterval):
(egl::Surface::getTextureFormat):
(egl::Surface::getTextureTarget):
(egl::Surface::setBoundTexture):
(egl::Surface::getBoundTexture):
(egl::Surface::getFormat):
- src/libEGL/Surface.h: Added.
- src/libEGL/libEGL.cpp: Added.
(validateDisplay):
(validateConfig):
(validateContext):
(validateSurface):
- src/libEGL/libEGL.def: Added.
- src/libEGL/libEGL.rc: Added.
- src/libEGL/libEGL.vcxproj: Added.
- src/libEGL/libEGL.vcxproj.filters: Added.
- src/libEGL/main.cpp: Added.
(DllMain):
(egl::setCurrentError):
(egl::getCurrentError):
(egl::setCurrentAPI):
(egl::getCurrentAPI):
(egl::setCurrentDisplay):
(egl::getCurrentDisplay):
(egl::setCurrentDrawSurface):
(egl::getCurrentDrawSurface):
(egl::setCurrentReadSurface):
(egl::getCurrentReadSurface):
(egl::error):
- src/libEGL/main.h: Added.
(egl::error):
(egl::success):
- src/libEGL/resource.h: Added.
- src/libGLESv2/BinaryStream.h: Added.
(gl::BinaryInputStream::BinaryInputStream):
(gl::BinaryInputStream::read):
(gl::BinaryInputStream::skip):
(gl::BinaryInputStream::offset):
(gl::BinaryInputStream::error):
(gl::BinaryInputStream::endOfStream):
(gl::BinaryOutputStream::BinaryOutputStream):
(gl::BinaryOutputStream::write):
(gl::BinaryOutputStream::length):
(gl::BinaryOutputStream::data):
- src/libGLESv2/Buffer.cpp: Added.
(gl::Buffer::Buffer):
(gl::Buffer::~Buffer):
(gl::Buffer::bufferData):
(gl::Buffer::bufferSubData):
(gl::Buffer::getStorage):
(gl::Buffer::size):
(gl::Buffer::usage):
(gl::Buffer::getStaticVertexBuffer):
(gl::Buffer::getStaticIndexBuffer):
(gl::Buffer::invalidateStaticData):
(gl::Buffer::promoteStaticUsage):
- src/libGLESv2/Buffer.h: Added.
- src/libGLESv2/Context.cpp: Added.
(gl::makeStaticString):
(gl::Context::Context):
(gl::Context::~Context):
(gl::Context::makeCurrent):
(gl::Context::markContextLost):
(gl::Context::isContextLost):
(gl::Context::setClearColor):
(gl::Context::setClearDepth):
(gl::Context::setClearStencil):
(gl::Context::setCullFace):
(gl::Context::isCullFaceEnabled):
(gl::Context::setCullMode):
(gl::Context::setFrontFace):
(gl::Context::setDepthTest):
(gl::Context::isDepthTestEnabled):
(gl::Context::setDepthFunc):
(gl::Context::setDepthRange):
(gl::Context::setBlend):
(gl::Context::isBlendEnabled):
(gl::Context::setBlendFactors):
(gl::Context::setBlendColor):
(gl::Context::setBlendEquation):
(gl::Context::setStencilTest):
(gl::Context::isStencilTestEnabled):
(gl::Context::setStencilParams):
(gl::Context::setStencilBackParams):
(gl::Context::setStencilWritemask):
(gl::Context::setStencilBackWritemask):
(gl::Context::setStencilOperations):
(gl::Context::setStencilBackOperations):
(gl::Context::setPolygonOffsetFill):
(gl::Context::isPolygonOffsetFillEnabled):
(gl::Context::setPolygonOffsetParams):
(gl::Context::setSampleAlphaToCoverage):
(gl::Context::isSampleAlphaToCoverageEnabled):
(gl::Context::setSampleCoverage):
(gl::Context::isSampleCoverageEnabled):
(gl::Context::setSampleCoverageParams):
(gl::Context::setScissorTest):
(gl::Context::isScissorTestEnabled):
(gl::Context::setDither):
(gl::Context::isDitherEnabled):
(gl::Context::setLineWidth):
(gl::Context::setGenerateMipmapHint):
(gl::Context::setFragmentShaderDerivativeHint):
(gl::Context::setViewportParams):
(gl::Context::setScissorParams):
(gl::Context::setColorMask):
(gl::Context::setDepthMask):
(gl::Context::setActiveSampler):
(gl::Context::getReadFramebufferHandle):
(gl::Context::getDrawFramebufferHandle):
(gl::Context::getRenderbufferHandle):
(gl::Context::getArrayBufferHandle):
(gl::Context::getActiveQuery):
(gl::Context::setEnableVertexAttribArray):
(gl::Context::getVertexAttribState):
(gl::Context::setVertexAttribState):
(gl::Context::getVertexAttribPointer):
(gl::Context::setPackAlignment):
(gl::Context::getPackAlignment):
(gl::Context::setUnpackAlignment):
(gl::Context::getUnpackAlignment):
(gl::Context::setPackReverseRowOrder):
(gl::Context::getPackReverseRowOrder):
(gl::Context::createBuffer):
(gl::Context::createProgram):
(gl::Context::createShader):
(gl::Context::createTexture):
(gl::Context::createRenderbuffer):
(gl::Context::createFramebuffer):
(gl::Context::createFence):
(gl::Context::createQuery):
(gl::Context::deleteBuffer):
(gl::Context::deleteShader):
(gl::Context::deleteProgram):
(gl::Context::deleteTexture):
(gl::Context::deleteRenderbuffer):
(gl::Context::deleteFramebuffer):
(gl::Context::deleteFence):
(gl::Context::deleteQuery):
(gl::Context::getBuffer):
(gl::Context::getShader):
(gl::Context::getProgram):
(gl::Context::getTexture):
(gl::Context::getRenderbuffer):
(gl::Context::getReadFramebuffer):
(gl::Context::getDrawFramebuffer):
(gl::Context::bindArrayBuffer):
(gl::Context::bindElementArrayBuffer):
(gl::Context::bindTexture2D):
(gl::Context::bindTextureCubeMap):
(gl::Context::bindReadFramebuffer):
(gl::Context::bindDrawFramebuffer):
(gl::Context::bindRenderbuffer):
(gl::Context::useProgram):
(gl::Context::linkProgram):
(gl::Context::setProgramBinary):
(gl::Context::beginQuery):
(gl::Context::endQuery):
(gl::Context::setFramebufferZero):
(gl::Context::setRenderbufferStorage):
(gl::Context::getFramebuffer):
(gl::Context::getFence):
(gl::Context::getQuery):
(gl::Context::getArrayBuffer):
(gl::Context::getElementArrayBuffer):
(gl::Context::getCurrentProgramBinary):
(gl::Context::getTexture2D):
(gl::Context::getTextureCubeMap):
(gl::Context::getSamplerTexture):
(gl::Context::getBooleanv):
(gl::Context::getFloatv):
(gl::Context::getIntegerv):
(gl::Context::getQueryParameterInfo):
(gl::Context::applyRenderTarget):
(gl::Context::applyState):
(gl::Context::applyShaders):
(gl::Context::applyTextures):
(gl::Context::readPixels):
(gl::Context::clear):
(gl::Context::drawArrays):
(gl::Context::drawElements):
(gl::Context::sync):
(gl::Context::recordInvalidEnum):
(gl::Context::recordInvalidValue):
(gl::Context::recordInvalidOperation):
(gl::Context::recordOutOfMemory):
(gl::Context::recordInvalidFramebufferOperation):
(gl::Context::getError):
(gl::Context::getResetStatus):
(gl::Context::isResetNotificationEnabled):
(gl::Context::getMajorShaderModel):
(gl::Context::getMaximumPointSize):
(gl::Context::getMaximumCombinedTextureImageUnits):
(gl::Context::getMaxSupportedSamples):
(gl::Context::getMaximumRenderTargets):
(gl::Context::supportsEventQueries):
(gl::Context::supportsOcclusionQueries):
(gl::Context::supportsBGRATextures):
(gl::Context::supportsDXT1Textures):
(gl::Context::supportsDXT3Textures):
(gl::Context::supportsDXT5Textures):
(gl::Context::supportsFloat32Textures):
(gl::Context::supportsFloat32LinearFilter):
(gl::Context::supportsFloat32RenderableTextures):
(gl::Context::supportsFloat16Textures):
(gl::Context::supportsFloat16LinearFilter):
(gl::Context::supportsFloat16RenderableTextures):
(gl::Context::getMaximumRenderbufferDimension):
(gl::Context::getMaximumTextureDimension):
(gl::Context::getMaximumCubeTextureDimension):
(gl::Context::getMaximumTextureLevel):
(gl::Context::supportsLuminanceTextures):
(gl::Context::supportsLuminanceAlphaTextures):
(gl::Context::supportsDepthTextures):
(gl::Context::supports32bitIndices):
(gl::Context::supportsNonPower2Texture):
(gl::Context::supportsInstancing):
(gl::Context::supportsTextureFilterAnisotropy):
(gl::Context::getTextureMaxAnisotropy):
(gl::Context::getCurrentReadFormatType):
(gl::Context::detachBuffer):
(gl::Context::detachTexture):
(gl::Context::detachFramebuffer):
(gl::Context::detachRenderbuffer):
(gl::Context::getIncompleteTexture):
(gl::Context::skipDraw):
(gl::Context::setVertexAttrib):
(gl::Context::setVertexAttribDivisor):
(gl::Context::initExtensionString):
(gl::Context::getExtensionString):
(gl::Context::initRendererString):
(gl::Context::getRendererString):
(gl::Context::blitFramebuffer):
- src/libGLESv2/Context.h: Added.
(gl::VertexAttribute::VertexAttribute):
(gl::VertexAttribute::typeSize):
(gl::VertexAttribute::stride):
- src/libGLESv2/Fence.cpp: Added.
(gl::Fence::Fence):
(gl::Fence::~Fence):
(gl::Fence::isFence):
(gl::Fence::setFence):
(gl::Fence::testFence):
(gl::Fence::finishFence):
(gl::Fence::getFenceiv):
- src/libGLESv2/Fence.h: Added.
- src/libGLESv2/Float16ToFloat32.cpp: Added.
(gl::float16ToFloat32):
- src/libGLESv2/Float16ToFloat32.py: Added.
(convertMantissa):
(convertExponent):
(convertOffset):
- src/libGLESv2/Framebuffer.cpp: Added.
(gl::Framebuffer::Framebuffer):
(gl::Framebuffer::~Framebuffer):
(gl::Framebuffer::lookupRenderbuffer):
(gl::Framebuffer::setColorbuffer):
(gl::Framebuffer::setDepthbuffer):
(gl::Framebuffer::setStencilbuffer):
(gl::Framebuffer::detachTexture):
(gl::Framebuffer::detachRenderbuffer):
(gl::Framebuffer::getRenderTargetSerial):
(gl::Framebuffer::getDepthbufferSerial):
(gl::Framebuffer::getStencilbufferSerial):
(gl::Framebuffer::getColorbuffer):
(gl::Framebuffer::getDepthbuffer):
(gl::Framebuffer::getStencilbuffer):
(gl::Framebuffer::getDepthOrStencilbuffer):
(gl::Framebuffer::getReadColorbuffer):
(gl::Framebuffer::getReadColorbufferType):
(gl::Framebuffer::getFirstColorbuffer):
(gl::Framebuffer::getColorbufferType):
(gl::Framebuffer::getDepthbufferType):
(gl::Framebuffer::getStencilbufferType):
(gl::Framebuffer::getColorbufferHandle):
(gl::Framebuffer::getDepthbufferHandle):
(gl::Framebuffer::getStencilbufferHandle):
(gl::Framebuffer::getDrawBufferState):
(gl::Framebuffer::setDrawBufferState):
(gl::Framebuffer::isEnabledColorAttachment):
(gl::Framebuffer::hasEnabledColorAttachment):
(gl::Framebuffer::hasStencil):
(gl::Framebuffer::usingExtendedDrawBuffers):
(gl::Framebuffer::completeness):
(gl::DefaultFramebuffer::DefaultFramebuffer):
(gl::Framebuffer::getSamples):
(gl::DefaultFramebuffer::completeness):
- src/libGLESv2/Framebuffer.h: Added.
- src/libGLESv2/HandleAllocator.cpp: Added.
(gl::HandleAllocator::HandleAllocator):
(gl::HandleAllocator::~HandleAllocator):
(gl::HandleAllocator::setBaseHandle):
(gl::HandleAllocator::allocate):
(gl::HandleAllocator::release):
- src/libGLESv2/HandleAllocator.h: Added.
- src/libGLESv2/Program.cpp: Added.
(gl::AttributeBindings::AttributeBindings):
(gl::AttributeBindings::~AttributeBindings):
(gl::InfoLog::InfoLog):
(gl::InfoLog::~InfoLog):
(gl::InfoLog::getLength):
(gl::InfoLog::getLog):
(gl::InfoLog::appendSanitized):
(gl::InfoLog::append):
(gl::InfoLog::reset):
(gl::Program::Program):
(gl::Program::~Program):
(gl::Program::attachShader):
(gl::Program::detachShader):
(gl::Program::getAttachedShadersCount):
(gl::AttributeBindings::bindAttributeLocation):
(gl::Program::bindAttributeLocation):
(gl::Program::link):
(gl::AttributeBindings::getAttributeBinding):
(gl::Program::unlink):
(gl::Program::isLinked):
(gl::Program::getProgramBinary):
(gl::Program::setProgramBinary):
(gl::Program::release):
(gl::Program::addRef):
(gl::Program::getRefCount):
(gl::Program::getProgramBinaryLength):
(gl::Program::getInfoLogLength):
(gl::Program::getInfoLog):
(gl::Program::getAttachedShaders):
(gl::Program::getActiveAttribute):
(gl::Program::getActiveAttributeCount):
(gl::Program::getActiveAttributeMaxLength):
(gl::Program::getActiveUniform):
(gl::Program::getActiveUniformCount):
(gl::Program::getActiveUniformMaxLength):
(gl::Program::flagForDeletion):
(gl::Program::isFlaggedForDeletion):
(gl::Program::validate):
(gl::Program::isValidated):
- src/libGLESv2/Program.h: Added.
- src/libGLESv2/ProgramBinary.cpp: Added.
(gl::str):
(gl::UniformLocation::UniformLocation):
(gl::ProgramBinary::ProgramBinary):
(gl::ProgramBinary::~ProgramBinary):
(gl::ProgramBinary::getSerial):
(gl::ProgramBinary::issueSerial):
(gl::ProgramBinary::getPixelExecutable):
(gl::ProgramBinary::getVertexExecutable):
(gl::ProgramBinary::getGeometryExecutable):
(gl::ProgramBinary::getAttributeLocation):
(gl::ProgramBinary::getSemanticIndex):
(gl::ProgramBinary::getUsedSamplerRange):
(gl::ProgramBinary::usesPointSize):
(gl::ProgramBinary::usesPointSpriteEmulation):
(gl::ProgramBinary::usesGeometryShader):
(gl::ProgramBinary::getSamplerMapping):
(gl::ProgramBinary::getSamplerTextureType):
(gl::ProgramBinary::getUniformLocation):
(gl::ProgramBinary::setUniform1fv):
(gl::ProgramBinary::setUniform2fv):
(gl::ProgramBinary::setUniform3fv):
(gl::ProgramBinary::setUniform4fv):
(gl::transposeMatrix):
(gl::ProgramBinary::setUniformMatrix2fv):
(gl::ProgramBinary::setUniformMatrix3fv):
(gl::ProgramBinary::setUniformMatrix4fv):
(gl::ProgramBinary::setUniform1iv):
(gl::ProgramBinary::setUniform2iv):
(gl::ProgramBinary::setUniform3iv):
(gl::ProgramBinary::setUniform4iv):
(gl::ProgramBinary::getUniformfv):
(gl::ProgramBinary::getUniformiv):
(gl::ProgramBinary::dirtyAllUniforms):
(gl::ProgramBinary::applyUniforms):
(gl::ProgramBinary::packVaryings):
(gl::ProgramBinary::linkVaryings):
(gl::ProgramBinary::load):
(gl::ProgramBinary::save):
(gl::ProgramBinary::getLength):
(gl::ProgramBinary::link):
(gl::ProgramBinary::linkAttributes):
(gl::ProgramBinary::linkUniforms):
(gl::ProgramBinary::defineUniform):
(gl::ProgramBinary::generateGeometryShaderHLSL):
(gl::ProgramBinary::generatePointSpriteHLSL):
(gl::ProgramBinary::decorateAttribute):
(gl::ProgramBinary::isValidated):
(gl::ProgramBinary::getActiveAttribute):
(gl::ProgramBinary::getActiveAttributeCount):
(gl::ProgramBinary::getActiveAttributeMaxLength):
(gl::ProgramBinary::getActiveUniform):
(gl::ProgramBinary::getActiveUniformCount):
(gl::ProgramBinary::getActiveUniformMaxLength):
(gl::ProgramBinary::validate):
(gl::ProgramBinary::validateSamplers):
(gl::ProgramBinary::Sampler::Sampler):
(gl::AttributeSorter::AttributeSorter):
(gl::AttributeSorter::operator()):
(gl::ProgramBinary::sortAttributesByLayout):
- src/libGLESv2/ProgramBinary.h: Added.
(gl::UniformLocation::UniformLocation):
- src/libGLESv2/Query.cpp: Added.
(gl::Query::Query):
(gl::Query::~Query):
(gl::Query::begin):
(gl::Query::end):
(gl::Query::getResult):
(gl::Query::isResultAvailable):
(gl::Query::getType):
- src/libGLESv2/Query.h: Added.
- src/libGLESv2/Renderbuffer.cpp: Added.
(gl::RenderbufferInterface::RenderbufferInterface):
(gl::RenderbufferInterface::addProxyRef):
(gl::RenderbufferInterface::releaseProxy):
(gl::RenderbufferInterface::getRedSize):
(gl::RenderbufferInterface::getGreenSize):
(gl::RenderbufferInterface::getBlueSize):
(gl::RenderbufferInterface::getAlphaSize):
(gl::RenderbufferInterface::getDepthSize):
(gl::RenderbufferInterface::getStencilSize):
(gl::RenderbufferTexture2D::RenderbufferTexture2D):
(gl::RenderbufferTexture2D::~RenderbufferTexture2D):
(gl::RenderbufferTexture2D::addProxyRef):
(gl::RenderbufferTexture2D::releaseProxy):
(gl::RenderbufferTexture2D::getRenderTarget):
(gl::RenderbufferTexture2D::getDepthStencil):
(gl::RenderbufferTexture2D::getWidth):
(gl::RenderbufferTexture2D::getHeight):
(gl::RenderbufferTexture2D::getInternalFormat):
(gl::RenderbufferTexture2D::getActualFormat):
(gl::RenderbufferTexture2D::getSamples):
(gl::RenderbufferTexture2D::getSerial):
(gl::RenderbufferTextureCubeMap::RenderbufferTextureCubeMap):
(gl::RenderbufferTextureCubeMap::~RenderbufferTextureCubeMap):
(gl::RenderbufferTextureCubeMap::addProxyRef):
(gl::RenderbufferTextureCubeMap::releaseProxy):
(gl::RenderbufferTextureCubeMap::getRenderTarget):
(gl::RenderbufferTextureCubeMap::getDepthStencil):
(gl::RenderbufferTextureCubeMap::getWidth):
(gl::RenderbufferTextureCubeMap::getHeight):
(gl::RenderbufferTextureCubeMap::getInternalFormat):
(gl::RenderbufferTextureCubeMap::getActualFormat):
(gl::RenderbufferTextureCubeMap::getSamples):
(gl::RenderbufferTextureCubeMap::getSerial):
(gl::Renderbuffer::Renderbuffer):
(gl::Renderbuffer::~Renderbuffer):
(gl::Renderbuffer::addRef):
(gl::Renderbuffer::release):
(gl::Renderbuffer::getRenderTarget):
(gl::Renderbuffer::getDepthStencil):
(gl::Renderbuffer::getWidth):
(gl::Renderbuffer::getHeight):
(gl::Renderbuffer::getInternalFormat):
(gl::Renderbuffer::getActualFormat):
(gl::Renderbuffer::getRedSize):
(gl::Renderbuffer::getGreenSize):
(gl::Renderbuffer::getBlueSize):
(gl::Renderbuffer::getAlphaSize):
(gl::Renderbuffer::getDepthSize):
(gl::Renderbuffer::getStencilSize):
(gl::Renderbuffer::getSamples):
(gl::Renderbuffer::getSerial):
(gl::Renderbuffer::setStorage):
(gl::RenderbufferStorage::RenderbufferStorage):
(gl::RenderbufferStorage::~RenderbufferStorage):
(gl::RenderbufferStorage::getRenderTarget):
(gl::RenderbufferStorage::getDepthStencil):
(gl::RenderbufferStorage::getWidth):
(gl::RenderbufferStorage::getHeight):
(gl::RenderbufferStorage::getInternalFormat):
(gl::RenderbufferStorage::getActualFormat):
(gl::RenderbufferStorage::getSamples):
(gl::RenderbufferStorage::getSerial):
(gl::RenderbufferStorage::issueSerial):
(gl::RenderbufferStorage::issueCubeSerials):
(gl::Colorbuffer::Colorbuffer):
(gl::Colorbuffer::~Colorbuffer):
(gl::Colorbuffer::getRenderTarget):
(gl::DepthStencilbuffer::DepthStencilbuffer):
(gl::DepthStencilbuffer::~DepthStencilbuffer):
(gl::DepthStencilbuffer::getDepthStencil):
(gl::Depthbuffer::Depthbuffer):
(gl::Depthbuffer::~Depthbuffer):
(gl::Stencilbuffer::Stencilbuffer):
(gl::Stencilbuffer::~Stencilbuffer):
- src/libGLESv2/Renderbuffer.h: Added.
(gl::RenderbufferInterface::~RenderbufferInterface):
- src/libGLESv2/ResourceManager.cpp: Added.
(gl::ResourceManager::ResourceManager):
(gl::ResourceManager::~ResourceManager):
(gl::ResourceManager::addRef):
(gl::ResourceManager::release):
(gl::ResourceManager::createBuffer):
(gl::ResourceManager::createShader):
(gl::ResourceManager::createProgram):
(gl::ResourceManager::createTexture):
(gl::ResourceManager::createRenderbuffer):
(gl::ResourceManager::deleteBuffer):
(gl::ResourceManager::deleteShader):
(gl::ResourceManager::deleteProgram):
(gl::ResourceManager::deleteTexture):
(gl::ResourceManager::deleteRenderbuffer):
(gl::ResourceManager::getBuffer):
(gl::ResourceManager::getShader):
(gl::ResourceManager::getTexture):
(gl::ResourceManager::getProgram):
(gl::ResourceManager::getRenderbuffer):
(gl::ResourceManager::setRenderbuffer):
(gl::ResourceManager::checkBufferAllocation):
(gl::ResourceManager::checkTextureAllocation):
(gl::ResourceManager::checkRenderbufferAllocation):
- src/libGLESv2/ResourceManager.h: Added.
- src/libGLESv2/Shader.cpp: Added.
(gl::Shader::Shader):
(gl::Shader::~Shader):
(gl::Shader::getHandle):
(gl::Shader::setSource):
(gl::Shader::getInfoLogLength):
(gl::Shader::getInfoLog):
(gl::Shader::getSourceLength):
(gl::Shader::getTranslatedSourceLength):
(gl::Shader::getSourceImpl):
(gl::Shader::getSource):
(gl::Shader::getTranslatedSource):
(gl::Shader::getUniforms):
(gl::Shader::isCompiled):
(gl::Shader::getHLSL):
(gl::Shader::addRef):
(gl::Shader::release):
(gl::Shader::getRefCount):
(gl::Shader::isFlaggedForDeletion):
(gl::Shader::flagForDeletion):
(gl::Shader::initializeCompiler):
(gl::Shader::releaseCompiler):
(gl::Shader::parseVaryings):
(gl::Shader::resetVaryingsRegisterAssignment):
(gl::Shader::uncompile):
(gl::Shader::compileToHLSL):
(gl::Shader::parseType):
(gl::Shader::compareVarying):
(gl::VertexShader::VertexShader):
(gl::VertexShader::~VertexShader):
(gl::VertexShader::getType):
(gl::VertexShader::uncompile):
(gl::VertexShader::compile):
(gl::VertexShader::getSemanticIndex):
(gl::VertexShader::parseAttributes):
(gl::FragmentShader::FragmentShader):
(gl::FragmentShader::~FragmentShader):
(gl::FragmentShader::getType):
(gl::FragmentShader::compile):
- src/libGLESv2/Shader.h: Added.
(gl::Varying::Varying):
(gl::Attribute::Attribute):
- src/libGLESv2/Texture.cpp: Added.
(gl::Texture::Texture):
(gl::Texture::~Texture):
(gl::Texture::setMinFilter):
(gl::Texture::setMagFilter):
(gl::Texture::setWrapS):
(gl::Texture::setWrapT):
(gl::Texture::setMaxAnisotropy):
(gl::Texture::setUsage):
(gl::Texture::getMinFilter):
(gl::Texture::getMagFilter):
(gl::Texture::getWrapS):
(gl::Texture::getWrapT):
(gl::Texture::getMaxAnisotropy):
(gl::Texture::getLodOffset):
(gl::Texture::getSamplerState):
(gl::Texture::getUsage):
(gl::Texture::isMipmapFiltered):
(gl::Texture::setImage):
(gl::Texture::setCompressedImage):
(gl::Texture::subImage):
(gl::Texture::subImageCompressed):
(gl::Texture::getNativeTexture):
(gl::Texture::hasDirtyImages):
(gl::Texture::resetDirty):
(gl::Texture::getTextureSerial):
(gl::Texture::getRenderTargetSerial):
(gl::Texture::isImmutable):
(gl::Texture::creationLevels):
(gl::Texture2D::Texture2D):
(gl::Texture2D::~Texture2D):
(gl::Texture2D::addProxyRef):
(gl::Texture2D::releaseProxy):
(gl::Texture2D::getTarget):
(gl::Texture2D::getWidth):
(gl::Texture2D::getHeight):
(gl::Texture2D::getInternalFormat):
(gl::Texture2D::getActualFormat):
(gl::Texture2D::redefineImage):
(gl::Texture2D::setImage):
(gl::Texture2D::bindTexImage):
(gl::Texture2D::releaseTexImage):
(gl::Texture2D::setCompressedImage):
(gl::Texture2D::commitRect):
(gl::Texture2D::subImage):
(gl::Texture2D::subImageCompressed):
(gl::Texture2D::copyImage):
(gl::Texture2D::copySubImage):
(gl::Texture2D::storage):
(gl::Texture2D::isSamplerComplete):
(gl::Texture2D::isMipmapComplete):
(gl::Texture2D::isCompressed):
(gl::Texture2D::isDepth):
(gl::Texture2D::createTexture):
(gl::Texture2D::updateTexture):
(gl::Texture2D::convertToRenderTarget):
(gl::Texture2D::generateMipmaps):
(gl::Texture2D::getRenderbuffer):
(gl::Texture2D::getRenderTarget):
(gl::Texture2D::getDepthStencil):
(gl::Texture2D::levelCount):
(gl::Texture2D::getStorage):
(gl::TextureCubeMap::TextureCubeMap):
(gl::TextureCubeMap::~TextureCubeMap):
(gl::TextureCubeMap::addProxyRef):
(gl::TextureCubeMap::releaseProxy):
(gl::TextureCubeMap::getTarget):
(gl::TextureCubeMap::getWidth):
(gl::TextureCubeMap::getHeight):
(gl::TextureCubeMap::getInternalFormat):
(gl::TextureCubeMap::getActualFormat):
(gl::TextureCubeMap::setImagePosX):
(gl::TextureCubeMap::setImageNegX):
(gl::TextureCubeMap::setImagePosY):
(gl::TextureCubeMap::setImageNegY):
(gl::TextureCubeMap::setImagePosZ):
(gl::TextureCubeMap::setImageNegZ):
(gl::TextureCubeMap::setCompressedImage):
(gl::TextureCubeMap::commitRect):
(gl::TextureCubeMap::subImage):
(gl::TextureCubeMap::subImageCompressed):
(gl::TextureCubeMap::isSamplerComplete):
(gl::TextureCubeMap::isCubeComplete):
(gl::TextureCubeMap::isMipmapCubeComplete):
(gl::TextureCubeMap::isCompressed):
(gl::TextureCubeMap::createTexture):
(gl::TextureCubeMap::updateTexture):
(gl::TextureCubeMap::convertToRenderTarget):
(gl::TextureCubeMap::setImage):
(gl::TextureCubeMap::faceIndex):
(gl::TextureCubeMap::redefineImage):
(gl::TextureCubeMap::copyImage):
(gl::TextureCubeMap::copySubImage):
(gl::TextureCubeMap::storage):
(gl::TextureCubeMap::generateMipmaps):
(gl::TextureCubeMap::getRenderbuffer):
(gl::TextureCubeMap::getRenderTarget):
(gl::TextureCubeMap::levelCount):
(gl::TextureCubeMap::getStorage):
- src/libGLESv2/Texture.h: Added.
- src/libGLESv2/Uniform.cpp: Added.
(gl::Uniform::Uniform):
(gl::Uniform::~Uniform):
(gl::Uniform::isArray):
(gl::Uniform::elementCount):
- src/libGLESv2/Uniform.h: Added.
- src/libGLESv2/angletypes.h: Added.
- src/libGLESv2/constants.h: Added.
- src/libGLESv2/libGLESv2.cpp: Added.
(validImageSize):
(checkTextureFormatType):
(validateSubImageParams2D):
(validateSubImageParamsCube):
(validReadFormatType):
- src/libGLESv2/libGLESv2.def: Added.
- src/libGLESv2/libGLESv2.rc: Added.
- src/libGLESv2/libGLESv2.vcxproj: Added.
- src/libGLESv2/libGLESv2.vcxproj.filters: Added.
- src/libGLESv2/main.cpp: Added.
(DllMain):
(gl::makeCurrent):
(gl::getContext):
(gl::getNonLostContext):
(gl::getDisplay):
(gl::error):
- src/libGLESv2/main.h: Added.
(gl::error):
- src/libGLESv2/mathutil.h: Added.
(gl::Vector4::Vector4):
(gl::isPow2):
(gl::log2):
(gl::ceilPow2):
(gl::clamp):
(gl::clamp01):
(gl::unorm):
(gl::supportsSSE2):
(gl::float32ToFloat16):
(rx::Range::Range):
- src/libGLESv2/precompiled.cpp: Added.
- src/libGLESv2/precompiled.h: Added.
- src/libGLESv2/renderer: Added.
- src/libGLESv2/renderer/Blit.cpp: Added.
(rx::Blit::Blit):
(rx::Blit::~Blit):
(rx::Blit::initGeometry):
(rx::Blit::setShader):
(rx::Blit::setVertexShader):
(rx::Blit::setPixelShader):
(rx::Blit::getSurfaceRect):
(rx::Blit::boxFilter):
(rx::Blit::copy):
(rx::Blit::formatConvert):
(rx::Blit::setFormatConvertShaders):
(rx::Blit::copySurfaceToTexture):
(rx::Blit::setViewport):
(rx::Blit::setCommonBlitState):
(rx::Blit::render):
(rx::Blit::saveState):
(rx::Blit::restoreState):
- src/libGLESv2/renderer/Blit.h: Added.
- src/libGLESv2/renderer/BufferStorage.cpp: Added.
(rx::BufferStorage::BufferStorage):
(rx::BufferStorage::~BufferStorage):
(rx::BufferStorage::getSerial):
(rx::BufferStorage::updateSerial):
(rx::BufferStorage::markBufferUsage):
- src/libGLESv2/renderer/BufferStorage.h: Added.
- src/libGLESv2/renderer/BufferStorage11.cpp: Added.
(rx::BufferStorage11::BufferStorage11):
(rx::BufferStorage11::~BufferStorage11):
(rx::BufferStorage11::makeBufferStorage11):
(rx::BufferStorage11::getData):
(rx::BufferStorage11::setData):
(rx::BufferStorage11::clear):
(rx::BufferStorage11::getSize):
(rx::BufferStorage11::supportsDirectBinding):
(rx::BufferStorage11::markBufferUsage):
(rx::BufferStorage11::getBuffer):
- src/libGLESv2/renderer/BufferStorage11.h: Added.
- src/libGLESv2/renderer/BufferStorage9.cpp: Added.
(rx::BufferStorage9::BufferStorage9):
(rx::BufferStorage9::~BufferStorage9):
(rx::BufferStorage9::makeBufferStorage9):
(rx::BufferStorage9::getData):
(rx::BufferStorage9::setData):
(rx::BufferStorage9::clear):
(rx::BufferStorage9::getSize):
(rx::BufferStorage9::supportsDirectBinding):
- src/libGLESv2/renderer/BufferStorage9.h: Added.
- src/libGLESv2/renderer/Fence11.cpp: Added.
(rx::Fence11::Fence11):
(rx::Fence11::~Fence11):
(rx::Fence11::isFence):
(rx::Fence11::setFence):
(rx::Fence11::testFence):
(rx::Fence11::finishFence):
(rx::Fence11::getFenceiv):
- src/libGLESv2/renderer/Fence11.h: Added.
- src/libGLESv2/renderer/Fence9.cpp: Added.
(rx::Fence9::Fence9):
(rx::Fence9::~Fence9):
(rx::Fence9::isFence):
(rx::Fence9::setFence):
(rx::Fence9::testFence):
(rx::Fence9::finishFence):
(rx::Fence9::getFenceiv):
- src/libGLESv2/renderer/Fence9.h: Added.
- src/libGLESv2/renderer/FenceImpl.h: Added.
(rx::FenceImpl::FenceImpl):
(rx::FenceImpl::~FenceImpl):
(rx::FenceImpl::setStatus):
(rx::FenceImpl::getStatus):
(rx::FenceImpl::setCondition):
(rx::FenceImpl::getCondition):
- src/libGLESv2/renderer/Image.cpp: Added.
(rx::Image::Image):
(rx::Image::loadAlphaDataToBGRA):
(rx::Image::loadAlphaDataToNative):
(rx::Image::loadAlphaFloatDataToRGBA):
(rx::Image::loadAlphaHalfFloatDataToRGBA):
(rx::Image::loadLuminanceDataToNativeOrBGRA):
(rx::Image::loadLuminanceFloatDataToRGBA):
(rx::Image::loadLuminanceFloatDataToRGB):
(rx::Image::loadLuminanceHalfFloatDataToRGBA):
(rx::Image::loadLuminanceAlphaDataToNativeOrBGRA):
(rx::Image::loadLuminanceAlphaFloatDataToRGBA):
(rx::Image::loadLuminanceAlphaHalfFloatDataToRGBA):
(rx::Image::loadRGBUByteDataToBGRX):
(rx::Image::loadRGBUByteDataToRGBA):
(rx::Image::loadRGB565DataToBGRA):
(rx::Image::loadRGB565DataToRGBA):
(rx::Image::loadRGBFloatDataToRGBA):
(rx::Image::loadRGBFloatDataToNative):
(rx::Image::loadRGBHalfFloatDataToRGBA):
(rx::Image::loadRGBAUByteDataToBGRA):
(rx::Image::loadRGBAUByteDataToNative):
(rx::Image::loadRGBA4444DataToBGRA):
(rx::Image::loadRGBA4444DataToRGBA):
(rx::Image::loadRGBA5551DataToBGRA):
(rx::Image::loadRGBA5551DataToRGBA):
(rx::Image::loadRGBAFloatDataToRGBA):
(rx::Image::loadRGBAHalfFloatDataToRGBA):
(rx::Image::loadBGRADataToBGRA):
- src/libGLESv2/renderer/Image.h: Added.
(rx::Image::~Image):
(rx::Image::getWidth):
(rx::Image::getHeight):
(rx::Image::getInternalFormat):
(rx::Image::getActualFormat):
(rx::Image::markDirty):
(rx::Image::markClean):
(rx::Image::setManagedSurface):
- src/libGLESv2/renderer/Image11.cpp: Added.
(rx::Image11::Image11):
(rx::Image11::~Image11):
(rx::Image11::makeImage11):
(rx::Image11::generateMipmap):
(rx::Image11::isDirty):
(rx::Image11::updateSurface):
(rx::Image11::redefine):
(rx::Image11::isRenderableFormat):
(rx::Image11::getDXGIFormat):
(rx::Image11::loadData):
(rx::Image11::loadCompressedData):
(rx::Image11::copy):
(rx::Image11::getStagingTexture):
(rx::Image11::getStagingSubresource):
(rx::Image11::createStagingTexture):
(rx::Image11::map):
(rx::Image11::unmap):
- src/libGLESv2/renderer/Image11.h: Added.
- src/libGLESv2/renderer/Image9.cpp: Added.
(rx::Image9::Image9):
(rx::Image9::~Image9):
(rx::Image9::generateMip):
(rx::Image9::makeImage9):
(rx::Image9::generateMipmap):
(rx::Image9::copyLockableSurfaces):
(rx::Image9::redefine):
(rx::Image9::createSurface):
(rx::Image9::lock):
(rx::Image9::unlock):
(rx::Image9::isRenderableFormat):
(rx::Image9::getD3DFormat):
(rx::Image9::getSurface):
(rx::Image9::setManagedSurface):
(rx::Image9::updateSurface):
(rx::Image9::loadData):
(rx::Image9::loadCompressedData):
(rx::Image9::copy):
- src/libGLESv2/renderer/Image9.h: Added.
(rx::Image9::isDirty):
- src/libGLESv2/renderer/ImageSSE2.cpp: Added.
(rx::Image::loadRGBAUByteDataToBGRASSE2):
(rx::Image::loadAlphaDataToBGRASSE2):
- src/libGLESv2/renderer/IndexBuffer.cpp: Added.
(rx::IndexBuffer::IndexBuffer):
(rx::IndexBuffer::~IndexBuffer):
(rx::IndexBuffer::getSerial):
(rx::IndexBuffer::updateSerial):
(rx::IndexBufferInterface::IndexBufferInterface):
(rx::IndexBufferInterface::~IndexBufferInterface):
(rx::IndexBufferInterface::getIndexType):
(rx::IndexBufferInterface::getBufferSize):
(rx::IndexBufferInterface::getSerial):
(rx::IndexBufferInterface::mapBuffer):
(rx::IndexBufferInterface::unmapBuffer):
(rx::IndexBufferInterface::getIndexBuffer):
(rx::IndexBufferInterface::getWritePosition):
(rx::IndexBufferInterface::setWritePosition):
(rx::IndexBufferInterface::discard):
(rx::IndexBufferInterface::setBufferSize):
(rx::StreamingIndexBufferInterface::StreamingIndexBufferInterface):
(rx::StreamingIndexBufferInterface::~StreamingIndexBufferInterface):
(rx::StreamingIndexBufferInterface::reserveBufferSpace):
(rx::StaticIndexBufferInterface::StaticIndexBufferInterface):
(rx::StaticIndexBufferInterface::~StaticIndexBufferInterface):
(rx::StaticIndexBufferInterface::reserveBufferSpace):
(rx::StaticIndexBufferInterface::lookupRange):
(rx::StaticIndexBufferInterface::addRange):
- src/libGLESv2/renderer/IndexBuffer.h: Added.
(rx::StaticIndexBufferInterface::IndexRange::operator<):
- src/libGLESv2/renderer/IndexBuffer11.cpp: Added.
(rx::IndexBuffer11::IndexBuffer11):
(rx::IndexBuffer11::~IndexBuffer11):
(rx::IndexBuffer11::initialize):
(rx::IndexBuffer11::makeIndexBuffer11):
(rx::IndexBuffer11::mapBuffer):
(rx::IndexBuffer11::unmapBuffer):
(rx::IndexBuffer11::getIndexType):
(rx::IndexBuffer11::getBufferSize):
(rx::IndexBuffer11::setSize):
(rx::IndexBuffer11::discard):
(rx::IndexBuffer11::getIndexFormat):
(rx::IndexBuffer11::getBuffer):
- src/libGLESv2/renderer/IndexBuffer11.h: Added.
- src/libGLESv2/renderer/IndexBuffer9.cpp: Added.
(rx::IndexBuffer9::IndexBuffer9):
(rx::IndexBuffer9::~IndexBuffer9):
(rx::IndexBuffer9::initialize):
(rx::IndexBuffer9::makeIndexBuffer9):
(rx::IndexBuffer9::mapBuffer):
(rx::IndexBuffer9::unmapBuffer):
(rx::IndexBuffer9::getIndexType):
(rx::IndexBuffer9::getBufferSize):
(rx::IndexBuffer9::setSize):
(rx::IndexBuffer9::discard):
(rx::IndexBuffer9::getIndexFormat):
(rx::IndexBuffer9::getBuffer):
- src/libGLESv2/renderer/IndexBuffer9.h: Added.
- src/libGLESv2/renderer/IndexDataManager.cpp: Added.
(rx::IndexDataManager::IndexDataManager):
(rx::IndexDataManager::~IndexDataManager):
(rx::indexTypeSize):
(rx::convertIndices):
(rx::computeRange):
(rx::IndexDataManager::prepareIndexData):
(rx::IndexDataManager::getCountingIndices):
- src/libGLESv2/renderer/IndexDataManager.h: Added.
- src/libGLESv2/renderer/InputLayoutCache.cpp: Added.
(rx::InputLayoutCache::InputLayoutCache):
(rx::InputLayoutCache::~InputLayoutCache):
(rx::InputLayoutCache::initialize):
(rx::InputLayoutCache::clear):
(rx::InputLayoutCache::applyVertexBuffers):
(rx::InputLayoutCache::hashInputLayout):
(rx::InputLayoutCache::compareInputLayouts):
- src/libGLESv2/renderer/InputLayoutCache.h: Added.
- src/libGLESv2/renderer/Query11.cpp: Added.
(rx::Query11::Query11):
(rx::Query11::~Query11):
(rx::Query11::begin):
(rx::Query11::end):
(rx::Query11::getResult):
(rx::Query11::isResultAvailable):
(rx::Query11::testQuery):
- src/libGLESv2/renderer/Query11.h: Added.
- src/libGLESv2/renderer/Query9.cpp: Added.
(rx::Query9::Query9):
(rx::Query9::~Query9):
(rx::Query9::begin):
(rx::Query9::end):
(rx::Query9::getResult):
(rx::Query9::isResultAvailable):
(rx::Query9::testQuery):
- src/libGLESv2/renderer/Query9.h: Added.
- src/libGLESv2/renderer/QueryImpl.h: Added.
(rx::QueryImpl::QueryImpl):
(rx::QueryImpl::~QueryImpl):
(rx::QueryImpl::getType):
- src/libGLESv2/renderer/RenderStateCache.cpp: Added.
(rx::RenderStateCache::RenderStateCache):
(rx::RenderStateCache::~RenderStateCache):
(rx::RenderStateCache::initialize):
(rx::RenderStateCache::clear):
(rx::RenderStateCache::hashBlendState):
(rx::RenderStateCache::compareBlendStates):
(rx::RenderStateCache::getBlendState):
(rx::RenderStateCache::hashRasterizerState):
(rx::RenderStateCache::compareRasterizerStates):
(rx::RenderStateCache::getRasterizerState):
(rx::RenderStateCache::hashDepthStencilState):
(rx::RenderStateCache::compareDepthStencilStates):
(rx::RenderStateCache::getDepthStencilState):
(rx::RenderStateCache::hashSamplerState):
(rx::RenderStateCache::compareSamplerStates):
(rx::RenderStateCache::getSamplerState):
- src/libGLESv2/renderer/RenderStateCache.h: Added.
- src/libGLESv2/renderer/RenderTarget.h: Added.
(rx::RenderTarget::RenderTarget):
(rx::RenderTarget::~RenderTarget):
(rx::RenderTarget::getWidth):
(rx::RenderTarget::getHeight):
(rx::RenderTarget::getInternalFormat):
(rx::RenderTarget::getActualFormat):
(rx::RenderTarget::getSamples):
- src/libGLESv2/renderer/RenderTarget11.cpp: Added.
(rx::getRTVSubresourceIndex):
(rx::getDSVSubresourceIndex):
(rx::RenderTarget11::RenderTarget11):
(rx::RenderTarget11::~RenderTarget11):
(rx::RenderTarget11::makeRenderTarget11):
(rx::RenderTarget11::getTexture):
(rx::RenderTarget11::getRenderTargetView):
(rx::RenderTarget11::getDepthStencilView):
(rx::RenderTarget11::getShaderResourceView):
(rx::RenderTarget11::getSubresourceIndex):
- src/libGLESv2/renderer/RenderTarget11.h: Added.
- src/libGLESv2/renderer/RenderTarget9.cpp: Added.
(rx::RenderTarget9::RenderTarget9):
(rx::RenderTarget9::~RenderTarget9):
(rx::RenderTarget9::makeRenderTarget9):
(rx::RenderTarget9::getSurface):
- src/libGLESv2/renderer/RenderTarget9.h: Added.
- src/libGLESv2/renderer/Renderer.cpp: Added.
(rx::Renderer::Renderer):
(rx::Renderer::~Renderer):
(rx::Renderer::initializeCompiler):
(rx::Renderer::compileToBinary):
- src/libGLESv2/renderer/Renderer.h: Added.
(getComparableOSVersion):
(rx::Renderer::getVertexTextureSupport):
- src/libGLESv2/renderer/Renderer11.cpp: Added.
(rx::Renderer11::Renderer11):
(rx::Renderer11::~Renderer11):
(rx::Renderer11::makeRenderer11):
(rx::Renderer11::initialize):
(rx::Renderer11::initializeDevice):
(rx::Renderer11::generateConfigs):
(rx::Renderer11::deleteConfigs):
(rx::Renderer11::sync):
(rx::Renderer11::createSwapChain):
(rx::Renderer11::setSamplerState):
(rx::Renderer11::setTexture):
(rx::Renderer11::setRasterizerState):
(rx::Renderer11::setBlendState):
(rx::Renderer11::setDepthStencilState):
(rx::Renderer11::setScissorRectangle):
(rx::Renderer11::setViewport):
(rx::Renderer11::applyPrimitiveType):
(rx::Renderer11::applyRenderTarget):
(rx::Renderer11::applyVertexBuffer):
(rx::Renderer11::applyIndexBuffer):
(rx::Renderer11::drawArrays):
(rx::Renderer11::drawElements):
(rx::Renderer11::drawLineLoop):
(rx::Renderer11::drawTriangleFan):
(rx::Renderer11::applyShaders):
(rx::Renderer11::applyUniforms):
(rx::Renderer11::clear):
(rx::Renderer11::maskedClear):
(rx::Renderer11::markAllStateDirty):
(rx::Renderer11::releaseDeviceResources):
(rx::Renderer11::notifyDeviceLost):
(rx::Renderer11::isDeviceLost):
(rx::Renderer11::testDeviceLost):
(rx::Renderer11::testDeviceResettable):
(rx::Renderer11::release):
(rx::Renderer11::resetDevice):
(rx::Renderer11::getAdapterVendor):
(rx::Renderer11::getRendererDescription):
(rx::Renderer11::getAdapterIdentifier):
(rx::Renderer11::getBGRATextureSupport):
(rx::Renderer11::getDXT1TextureSupport):
(rx::Renderer11::getDXT3TextureSupport):
(rx::Renderer11::getDXT5TextureSupport):
(rx::Renderer11::getDepthTextureSupport):
(rx::Renderer11::getFloat32TextureSupport):
(rx::Renderer11::getFloat16TextureSupport):
(rx::Renderer11::getLuminanceTextureSupport):
(rx::Renderer11::getLuminanceAlphaTextureSupport):
(rx::Renderer11::getTextureFilterAnisotropySupport):
(rx::Renderer11::getTextureMaxAnisotropy):
(rx::Renderer11::getEventQuerySupport):
(rx::Renderer11::getViewportBounds):
(rx::Renderer11::getMaxVertexTextureImageUnits):
(rx::Renderer11::getMaxCombinedTextureImageUnits):
(rx::Renderer11::getReservedVertexUniformVectors):
(rx::Renderer11::getReservedFragmentUniformVectors):
(rx::Renderer11::getMaxVertexUniformVectors):
(rx::Renderer11::getMaxFragmentUniformVectors):
(rx::Renderer11::getMaxVaryingVectors):
(rx::Renderer11::getNonPower2TextureSupport):
(rx::Renderer11::getOcclusionQuerySupport):
(rx::Renderer11::getInstancingSupport):
(rx::Renderer11::getShareHandleSupport):
(rx::Renderer11::getDerivativeInstructionSupport):
(rx::Renderer11::getPostSubBufferSupport):
(rx::Renderer11::getMajorShaderModel):
(rx::Renderer11::getMinorShaderModel):
(rx::Renderer11::getMaxPointSize):
(rx::Renderer11::getMaxViewportDimension):
(rx::Renderer11::getMaxTextureWidth):
(rx::Renderer11::getMaxTextureHeight):
(rx::Renderer11::get32BitIndexSupport):
(rx::Renderer11::getMinSwapInterval):
(rx::Renderer11::getMaxSwapInterval):
(rx::Renderer11::getMaxSupportedSamples):
(rx::Renderer11::getNearestSupportedSamples):
(rx::Renderer11::getMaxRenderTargets):
(rx::Renderer11::copyToRenderTarget):
(rx::Renderer11::copyImage):
(rx::Renderer11::copyTexture):
(rx::Renderer11::unapplyRenderTargets):
(rx::Renderer11::setOneTimeRenderTarget):
(rx::Renderer11::createRenderTarget):
(rx::Renderer11::loadExecutable):
(rx::Renderer11::compileToExecutable):
(rx::Renderer11::createVertexBuffer):
(rx::Renderer11::createIndexBuffer):
(rx::Renderer11::createBufferStorage):
(rx::Renderer11::createQuery):
(rx::Renderer11::createFence):
(rx::Renderer11::getRenderTargetResource):
(rx::Renderer11::blitRect):
(rx::Renderer11::readPixels):
(rx::Renderer11::createImage):
(rx::Renderer11::generateMipmap):
(rx::Renderer11::createTextureStorage2D):
(rx::Renderer11::createTextureStorageCube):
(rx::getFastPixelCopySize):
(rx::readPixelColor):
(rx::writePixelColor):
(rx::Renderer11::readTextureData):
(rx::Renderer11::blitRenderbufferRect):
(rx::Renderer11::resolveMultisampledTexture):
(rx::Renderer11::getLUID):
- src/libGLESv2/renderer/Renderer11.h: Added.
(rx::Renderer11::getDevice):
(rx::Renderer11::getDeviceContext):
(rx::Renderer11::getDxgiFactory):
- src/libGLESv2/renderer/Renderer9.cpp: Added.
(rx::Renderer9::Renderer9):
(rx::Renderer9::~Renderer9):
(rx::Renderer9::makeRenderer9):
(rx::Renderer9::initialize):
(rx::Renderer9::initializeDevice):
(rx::Renderer9::getDefaultPresentParameters):
(rx::Renderer9::generateConfigs):
(rx::Renderer9::deleteConfigs):
(rx::Renderer9::startScene):
(rx::Renderer9::endScene):
(rx::Renderer9::sync):
(rx::Renderer9::createSwapChain):
(rx::Renderer9::allocateEventQuery):
(rx::Renderer9::freeEventQuery):
(rx::Renderer9::createVertexShader):
(rx::Renderer9::createPixelShader):
(rx::Renderer9::createVertexBuffer):
(rx::Renderer9::createIndexBuffer):
(rx::Renderer9::createBufferStorage):
(rx::Renderer9::createQuery):
(rx::Renderer9::createFence):
(rx::Renderer9::setSamplerState):
(rx::Renderer9::setTexture):
(rx::Renderer9::setRasterizerState):
(rx::Renderer9::setBlendState):
(rx::Renderer9::setDepthStencilState):
(rx::Renderer9::setScissorRectangle):
(rx::Renderer9::setViewport):
(rx::Renderer9::applyPrimitiveType):
(rx::Renderer9::getNullColorbuffer):
(rx::Renderer9::applyRenderTarget):
(rx::Renderer9::applyVertexBuffer):
(rx::Renderer9::applyIndexBuffer):
(rx::Renderer9::drawArrays):
(rx::Renderer9::drawElements):
(rx::Renderer9::drawLineLoop):
(rx::drawPoints):
(rx::Renderer9::drawIndexedPoints):
(rx::Renderer9::applyShaders):
(rx::Renderer9::applyUniforms):
(rx::Renderer9::applyUniformnfv):
(rx::Renderer9::applyUniformniv):
(rx::Renderer9::applyUniformnbv):
(rx::Renderer9::clear):
(rx::Renderer9::markAllStateDirty):
(rx::Renderer9::releaseDeviceResources):
(rx::Renderer9::notifyDeviceLost):
(rx::Renderer9::isDeviceLost):
(rx::Renderer9::testDeviceLost):
(rx::Renderer9::testDeviceResettable):
(rx::Renderer9::resetDevice):
(rx::Renderer9::getAdapterVendor):
(rx::Renderer9::getRendererDescription):
(rx::Renderer9::getAdapterIdentifier):
(rx::Renderer9::getMultiSampleSupport):
(rx::Renderer9::getBGRATextureSupport):
(rx::Renderer9::getDXT1TextureSupport):
(rx::Renderer9::getDXT3TextureSupport):
(rx::Renderer9::getDXT5TextureSupport):
(rx::Renderer9::getDepthTextureSupport):
(rx::Renderer9::getFloat32TextureSupport):
(rx::Renderer9::getFloat16TextureSupport):
(rx::Renderer9::getLuminanceTextureSupport):
(rx::Renderer9::getLuminanceAlphaTextureSupport):
(rx::Renderer9::getTextureFilterAnisotropySupport):
(rx::Renderer9::getTextureMaxAnisotropy):
(rx::Renderer9::getEventQuerySupport):
(rx::Renderer9::getMaxVertexTextureImageUnits):
(rx::Renderer9::getMaxCombinedTextureImageUnits):
(rx::Renderer9::getReservedVertexUniformVectors):
(rx::Renderer9::getReservedFragmentUniformVectors):
(rx::Renderer9::getMaxVertexUniformVectors):
(rx::Renderer9::getMaxFragmentUniformVectors):
(rx::Renderer9::getMaxVaryingVectors):
(rx::Renderer9::getNonPower2TextureSupport):
(rx::Renderer9::getOcclusionQuerySupport):
(rx::Renderer9::getInstancingSupport):
(rx::Renderer9::getShareHandleSupport):
(rx::Renderer9::getDerivativeInstructionSupport):
(rx::Renderer9::getPostSubBufferSupport):
(rx::Renderer9::getMajorShaderModel):
(rx::Renderer9::getMaxPointSize):
(rx::Renderer9::getMaxViewportDimension):
(rx::Renderer9::getMaxTextureWidth):
(rx::Renderer9::getMaxTextureHeight):
(rx::Renderer9::get32BitIndexSupport):
(rx::Renderer9::getCapsDeclTypes):
(rx::Renderer9::getMinSwapInterval):
(rx::Renderer9::getMaxSwapInterval):
(rx::Renderer9::getMaxSupportedSamples):
(rx::Renderer9::getNearestSupportedSamples):
(rx::Renderer9::getMaxRenderTargets):
(rx::Renderer9::ConvertTextureInternalFormat):
(rx::Renderer9::copyToRenderTarget):
(rx::Renderer9::getBufferPool):
(rx::Renderer9::copyImage):
(rx::Renderer9::blitRect):
(rx::Renderer9::readPixels):
(rx::Renderer9::createRenderTarget):
(rx::Renderer9::loadExecutable):
(rx::Renderer9::compileToExecutable):
(rx::Renderer9::boxFilter):
(rx::Renderer9::getTexturePool):
(rx::Renderer9::createImage):
(rx::Renderer9::generateMipmap):
(rx::Renderer9::createTextureStorage2D):
(rx::Renderer9::createTextureStorageCube):
(rx::Renderer9::getLUID):
- src/libGLESv2/renderer/Renderer9.h: Added.
(rx::Renderer9::getDevice):
- src/libGLESv2/renderer/ShaderCache.h: Added.
(rx::ShaderCache::ShaderCache):
(rx::ShaderCache::~ShaderCache):
(rx::ShaderCache::initialize):
(rx::ShaderCache::create):
(rx::ShaderCache::clear):
(rx::ShaderCache::createShader):
- src/libGLESv2/renderer/ShaderExecutable.h: Added.
(rx::ShaderExecutable::ShaderExecutable):
(rx::ShaderExecutable::~ShaderExecutable):
(rx::ShaderExecutable::getFunction):
(rx::ShaderExecutable::getLength):
- src/libGLESv2/renderer/ShaderExecutable11.cpp: Added.
(rx::ShaderExecutable11::ShaderExecutable11):
(rx::ShaderExecutable11::~ShaderExecutable11):
(rx::ShaderExecutable11::makeShaderExecutable11):
(rx::ShaderExecutable11::getVertexShader):
(rx::ShaderExecutable11::getPixelShader):
(rx::ShaderExecutable11::getGeometryShader):
(rx::ShaderExecutable11::getConstantBuffer):
- src/libGLESv2/renderer/ShaderExecutable11.h: Added.
- src/libGLESv2/renderer/ShaderExecutable9.cpp: Added.
(rx::ShaderExecutable9::ShaderExecutable9):
(rx::ShaderExecutable9::~ShaderExecutable9):
(rx::ShaderExecutable9::makeShaderExecutable9):
(rx::ShaderExecutable9::getVertexShader):
(rx::ShaderExecutable9::getPixelShader):
- src/libGLESv2/renderer/ShaderExecutable9.h: Added.
- src/libGLESv2/renderer/SwapChain.h: Added.
(rx::SwapChain::SwapChain):
(rx::SwapChain::~SwapChain):
(rx::SwapChain::getShareHandle):
- src/libGLESv2/renderer/SwapChain11.cpp: Added.
(rx::SwapChain11::SwapChain11):
(rx::SwapChain11::~SwapChain11):
(rx::SwapChain11::release):
(rx::SwapChain11::releaseOffscreenTexture):
(rx::SwapChain11::resetOffscreenTexture):
(rx::SwapChain11::resize):
(rx::SwapChain11::reset):
(rx::SwapChain11::initPassThroughResources):
(rx::SwapChain11::swapRect):
(rx::SwapChain11::getOffscreenTexture):
(rx::SwapChain11::getRenderTarget):
(rx::SwapChain11::getRenderTargetShaderResource):
(rx::SwapChain11::getDepthStencil):
(rx::SwapChain11::getDepthStencilTexture):
(rx::SwapChain11::makeSwapChain11):
(rx::SwapChain11::recreate):
- src/libGLESv2/renderer/SwapChain11.h: Added.
(rx::SwapChain11::getWidth):
(rx::SwapChain11::getHeight):
- src/libGLESv2/renderer/SwapChain9.cpp: Added.
(rx::SwapChain9::SwapChain9):
(rx::SwapChain9::~SwapChain9):
(rx::SwapChain9::release):
(rx::convertInterval):
(rx::SwapChain9::resize):
(rx::SwapChain9::reset):
(rx::SwapChain9::swapRect):
(rx::SwapChain9::getRenderTarget):
(rx::SwapChain9::getDepthStencil):
(rx::SwapChain9::getOffscreenTexture):
(rx::SwapChain9::makeSwapChain9):
(rx::SwapChain9::recreate):
- src/libGLESv2/renderer/SwapChain9.h: Added.
- src/libGLESv2/renderer/TextureStorage.cpp: Added.
(rx::TextureStorageInterface::TextureStorageInterface):
(rx::TextureStorageInterface::~TextureStorageInterface):
(rx::TextureStorageInterface::isRenderTarget):
(rx::TextureStorageInterface::isManaged):
(rx::TextureStorageInterface::getTextureSerial):
(rx::TextureStorageInterface::issueTextureSerial):
(rx::TextureStorageInterface::getLodOffset):
(rx::TextureStorageInterface::levelCount):
(rx::TextureStorageInterface2D::TextureStorageInterface2D):
(rx::TextureStorageInterface2D::~TextureStorageInterface2D):
(rx::TextureStorageInterface2D::getRenderTarget):
(rx::TextureStorageInterface2D::generateMipmap):
(rx::TextureStorageInterface2D::getRenderTargetSerial):
(rx::TextureStorageInterfaceCube::TextureStorageInterfaceCube):
(rx::TextureStorageInterfaceCube::~TextureStorageInterfaceCube):
(rx::TextureStorageInterfaceCube::getRenderTarget):
(rx::TextureStorageInterfaceCube::generateMipmap):
(rx::TextureStorageInterfaceCube::getRenderTargetSerial):
- src/libGLESv2/renderer/TextureStorage.h: Added.
(rx::TextureStorage::TextureStorage):
(rx::TextureStorage::~TextureStorage):
(rx::TextureStorageInterface::getStorageInstance):
- src/libGLESv2/renderer/TextureStorage11.cpp: Added.
(rx::TextureStorage11::TextureStorage11):
(rx::TextureStorage11::~TextureStorage11):
(rx::TextureStorage11::makeTextureStorage11):
(rx::TextureStorage11::GetTextureBindFlags):
(rx::TextureStorage11::IsTextureFormatRenderable):
(rx::TextureStorage11::getBindFlags):
(rx::TextureStorage11::getBaseTexture):
(rx::TextureStorage11::getLodOffset):
(rx::TextureStorage11::isRenderTarget):
(rx::TextureStorage11::isManaged):
(rx::TextureStorage11::levelCount):
(rx::TextureStorage11::getSubresourceIndex):
(rx::TextureStorage11::updateSubresourceLevel):
(rx::TextureStorage11::generateMipmapLayer):
(rx::TextureStorage11_2D::TextureStorage11_2D):
(rx::TextureStorage11_2D::~TextureStorage11_2D):
(rx::TextureStorage11_2D::makeTextureStorage11_2D):
(rx::TextureStorage11_2D::getRenderTarget):
(rx::TextureStorage11_2D::getSRV):
(rx::TextureStorage11_2D::generateMipmap):
(rx::TextureStorage11_Cube::TextureStorage11_Cube):
(rx::TextureStorage11_Cube::~TextureStorage11_Cube):
(rx::TextureStorage11_Cube::makeTextureStorage11_Cube):
(rx::TextureStorage11_Cube::getRenderTarget):
(rx::TextureStorage11_Cube::getSRV):
(rx::TextureStorage11_Cube::generateMipmap):
- src/libGLESv2/renderer/TextureStorage11.h: Added.
(rx::TextureStorage11::getRenderTarget):
(rx::TextureStorage11::generateMipmap):
- src/libGLESv2/renderer/TextureStorage9.cpp: Added.
(rx::TextureStorage9::TextureStorage9):
(rx::TextureStorage9::~TextureStorage9):
(rx::TextureStorage9::makeTextureStorage9):
(rx::TextureStorage9::GetTextureUsage):
(rx::TextureStorage9::IsTextureFormatRenderable):
(rx::TextureStorage9::isRenderTarget):
(rx::TextureStorage9::isManaged):
(rx::TextureStorage9::getPool):
(rx::TextureStorage9::getUsage):
(rx::TextureStorage9::getLodOffset):
(rx::TextureStorage9::levelCount):
(rx::TextureStorage9_2D::TextureStorage9_2D):
(rx::TextureStorage9_2D::~TextureStorage9_2D):
(rx::TextureStorage9_2D::makeTextureStorage9_2D):
(rx::TextureStorage9_2D::getSurfaceLevel):
(rx::TextureStorage9_2D::getRenderTarget):
(rx::TextureStorage9_2D::generateMipmap):
(rx::TextureStorage9_2D::getBaseTexture):
(rx::TextureStorage9_2D::initializeRenderTarget):
(rx::TextureStorage9_Cube::TextureStorage9_Cube):
(rx::TextureStorage9_Cube::~TextureStorage9_Cube):
(rx::TextureStorage9_Cube::makeTextureStorage9_Cube):
(rx::TextureStorage9_Cube::getCubeMapSurface):
(rx::TextureStorage9_Cube::getRenderTarget):
(rx::TextureStorage9_Cube::generateMipmap):
(rx::TextureStorage9_Cube::getBaseTexture):
(rx::TextureStorage9_Cube::initializeRenderTarget):
- src/libGLESv2/renderer/TextureStorage9.h: Added.
(rx::TextureStorage9::getRenderTarget):
(rx::TextureStorage9::generateMipmap):
- src/libGLESv2/renderer/VertexBuffer.cpp: Added.
(rx::VertexBuffer::VertexBuffer):
(rx::VertexBuffer::~VertexBuffer):
(rx::VertexBuffer::updateSerial):
(rx::VertexBuffer::getSerial):
(rx::VertexBufferInterface::VertexBufferInterface):
(rx::VertexBufferInterface::~VertexBufferInterface):
(rx::VertexBufferInterface::getSerial):
(rx::VertexBufferInterface::getBufferSize):
(rx::VertexBufferInterface::setBufferSize):
(rx::VertexBufferInterface::getWritePosition):
(rx::VertexBufferInterface::setWritePosition):
(rx::VertexBufferInterface::discard):
(rx::VertexBufferInterface::storeVertexAttributes):
(rx::VertexBufferInterface::storeRawData):
(rx::VertexBufferInterface::reserveVertexSpace):
(rx::VertexBufferInterface::reserveRawDataSpace):
(rx::VertexBufferInterface::getVertexBuffer):
(rx::StreamingVertexBufferInterface::StreamingVertexBufferInterface):
(rx::StreamingVertexBufferInterface::~StreamingVertexBufferInterface):
(rx::StreamingVertexBufferInterface::reserveSpace):
(rx::StaticVertexBufferInterface::StaticVertexBufferInterface):
(rx::StaticVertexBufferInterface::~StaticVertexBufferInterface):
(rx::StaticVertexBufferInterface::lookupAttribute):
(rx::StaticVertexBufferInterface::reserveSpace):
(rx::StaticVertexBufferInterface::storeVertexAttributes):
- src/libGLESv2/renderer/VertexBuffer.h: Added.
- src/libGLESv2/renderer/VertexBuffer11.cpp: Added.
(rx::VertexBuffer11::VertexBuffer11):
(rx::VertexBuffer11::~VertexBuffer11):
(rx::VertexBuffer11::initialize):
(rx::VertexBuffer11::makeVertexBuffer11):
(rx::VertexBuffer11::storeVertexAttributes):
(rx::VertexBuffer11::storeRawData):
(rx::VertexBuffer11::getSpaceRequired):
(rx::VertexBuffer11::requiresConversion):
(rx::VertexBuffer11::getBufferSize):
(rx::VertexBuffer11::setBufferSize):
(rx::VertexBuffer11::discard):
(rx::VertexBuffer11::getVertexSize):
(rx::VertexBuffer11::getDXGIFormat):
(rx::VertexBuffer11::getBuffer):
(rx::copyVertexData):
(rx::copyFixedVertexData):
(rx::copyToFloatVertexData):
(rx::VertexBuffer11::getVertexConversion):
- src/libGLESv2/renderer/VertexBuffer11.h: Added.
- src/libGLESv2/renderer/VertexBuffer9.cpp: Added.
(rx::VertexBuffer9::VertexBuffer9):
(rx::VertexBuffer9::~VertexBuffer9):
(rx::VertexBuffer9::initialize):
(rx::VertexBuffer9::makeVertexBuffer9):
(rx::VertexBuffer9::storeVertexAttributes):
(rx::VertexBuffer9::storeRawData):
(rx::VertexBuffer9::getSpaceRequired):
(rx::VertexBuffer9::requiresConversion):
(rx::VertexBuffer9::getVertexSize):
(rx::VertexBuffer9::getDeclType):
(rx::VertexBuffer9::getBufferSize):
(rx::VertexBuffer9::setBufferSize):
(rx::VertexBuffer9::discard):
(rx::VertexBuffer9::getBuffer):
(rx::VertexBuffer9::initializeTranslations):
(rx::VertexBuffer9::typeIndex):
(rx::VertexBuffer9::formatConverter):
(rx::VertexBuffer9::spaceRequired):
- src/libGLESv2/renderer/VertexBuffer9.h: Added.
- src/libGLESv2/renderer/VertexDataManager.cpp: Added.
(rx::elementsInBuffer):
(rx::VertexDataManager::VertexDataManager):
(rx::VertexDataManager::~VertexDataManager):
(rx::directStoragePossible):
(rx::VertexDataManager::prepareVertexData):
- src/libGLESv2/renderer/VertexDataManager.h: Added.
- src/libGLESv2/renderer/VertexDeclarationCache.cpp: Added.
(rx::VertexDeclarationCache::VertexDeclarationCache):
(rx::VertexDeclarationCache::~VertexDeclarationCache):
(rx::VertexDeclarationCache::applyDeclaration):
(rx::VertexDeclarationCache::markStateDirty):
- src/libGLESv2/renderer/VertexDeclarationCache.h: Added.
- src/libGLESv2/renderer/generatemip.h: Added.
(rx::L8::average):
(rx::A8L8::average):
(rx::A8R8G8B8::average):
(rx::A16B16G16R16F::average):
(rx::R16F::average):
(rx::R16G16F::average):
(rx::A32B32G32R32F::average):
(rx::R32F::average):
(rx::R32G32F::average):
(rx::R32G32B32F::average):
(rx::GenerateMip):
- src/libGLESv2/renderer/renderer11_utils.cpp: Added.
(gl_d3d11::ConvertBlendFunc):
(gl_d3d11::ConvertBlendOp):
(gl_d3d11::ConvertColorMask):
(gl_d3d11::ConvertCullMode):
(gl_d3d11::ConvertComparison):
(gl_d3d11::ConvertDepthMask):
(gl_d3d11::ConvertStencilMask):
(gl_d3d11::ConvertStencilOp):
(gl_d3d11::ConvertFilter):
(gl_d3d11::ConvertTextureWrap):
(gl_d3d11::ConvertMinLOD):
(gl_d3d11::ConvertMaxLOD):
(d3d11_gl::ConvertBackBufferFormat):
(d3d11_gl::ConvertDepthStencilFormat):
(d3d11_gl::ConvertRenderbufferFormat):
(d3d11_gl::ConvertTextureInternalFormat):
(gl_d3d11::ConvertRenderbufferFormat):
(gl_d3d11::ConvertTextureFormat):
(d3d11::SetPositionTexCoordVertex):
(d3d11::SetPositionDepthColorVertex):
(d3d11::ComputePixelSizeBits):
(d3d11::ComputeBlockSizeBits):
(d3d11::IsCompressed):
(d3d11::GetTextureFormatDimensionAlignment):
(d3d11::IsDepthStencilFormat):
(d3d11::GetDepthTextureFormat):
(d3d11::GetDepthShaderResourceFormat):
(d3d11::SetDebugName):
- src/libGLESv2/renderer/renderer11_utils.h: Added.
(d3d11::isDeviceLostError):
- src/libGLESv2/renderer/renderer9_utils.cpp: Added.
(gl_d3d9::ConvertComparison):
(gl_d3d9::ConvertColor):
(gl_d3d9::ConvertBlendFunc):
(gl_d3d9::ConvertBlendOp):
(gl_d3d9::ConvertStencilOp):
(gl_d3d9::ConvertTextureWrap):
(gl_d3d9::ConvertCullMode):
(gl_d3d9::ConvertCubeFace):
(gl_d3d9::ConvertColorMask):
(gl_d3d9::ConvertMagFilter):
(gl_d3d9::ConvertMinFilter):
(gl_d3d9::ConvertRenderbufferFormat):
(gl_d3d9::GetMultisampleTypeFromSamples):
(d3d9_gl::GetStencilSize):
(d3d9_gl::GetAlphaSize):
(d3d9_gl::GetSamplesFromMultisampleType):
(d3d9_gl::IsFormatChannelEquivalent):
(d3d9_gl::ConvertBackBufferFormat):
(d3d9_gl::ConvertDepthStencilFormat):
(d3d9_gl::ConvertRenderTargetFormat):
(d3d9_gl::GetEquivalentFormat):
(d3d9::IsCompressedFormat):
(d3d9::ComputeRowSize):
- src/libGLESv2/renderer/renderer9_utils.h: Added.
(d3d9::isDeviceLostError):
- src/libGLESv2/renderer/shaders: Added.
- src/libGLESv2/renderer/shaders/Blit.ps: Added.
- src/libGLESv2/renderer/shaders/Blit.vs: Added.
- src/libGLESv2/renderer/shaders/Clear11.hlsl: Added.
- src/libGLESv2/renderer/shaders/Passthrough11.hlsl: Added.
- src/libGLESv2/renderer/shaders/compiled: Added.
- src/libGLESv2/renderer/shaders/compiled/clear11vs.h: Added.
- src/libGLESv2/renderer/shaders/compiled/clearmultiple11ps.h: Added.
- src/libGLESv2/renderer/shaders/compiled/clearsingle11ps.h: Added.
- src/libGLESv2/renderer/shaders/compiled/componentmaskps.h: Added.
- src/libGLESv2/renderer/shaders/compiled/flipyvs.h: Added.
- src/libGLESv2/renderer/shaders/compiled/luminanceps.h: Added.
- src/libGLESv2/renderer/shaders/compiled/passthrough11vs.h: Added.
- src/libGLESv2/renderer/shaders/compiled/passthroughlum11ps.h: Added.
- src/libGLESv2/renderer/shaders/compiled/passthroughlumalpha11ps.h: Added.
- src/libGLESv2/renderer/shaders/compiled/passthroughps.h: Added.
- src/libGLESv2/renderer/shaders/compiled/passthroughrgb11ps.h: Added.
- src/libGLESv2/renderer/shaders/compiled/passthroughrgba11ps.h: Added.
- src/libGLESv2/renderer/shaders/compiled/standardvs.h: Added.
- src/libGLESv2/renderer/shaders/generate_shaders.bat: Added.
- src/libGLESv2/renderer/vertexconversion.h: Added.
(rx::Identity::convert):
(rx::Cast::convert):
(rx::Normalize::convert):
(rx::FixedToFloat::convert):
(rx::SimpleDefaultValues::zero):
(rx::SimpleDefaultValues::one):
(rx::NormalizedDefaultValues::zero):
(rx::NormalizedDefaultValues::one):
(rx::VertexDataConverter::convertArray):
(rx::VertexDataConverter::pointerAddBytes):
(rx::VertexDataConverter::copyComponent):
- src/libGLESv2/resource.h: Added.
- src/libGLESv2/utilities.cpp: Added.
(gl::UniformComponentCount):
(gl::UniformComponentType):
(gl::UniformComponentSize):
(gl::UniformInternalSize):
(gl::UniformExternalSize):
(gl::VariableRowCount):
(gl::VariableColumnCount):
(gl::AllocateFirstFreeBits):
(gl::ComputePitch):
(gl::ComputeCompressedPitch):
(gl::ComputeCompressedSize):
(gl::IsCompressed):
(gl::IsDepthTexture):
(gl::IsStencilTexture):
(gl::MakeValidSize):
(gl::ComputePixelSize):
(gl::IsCubemapTextureTarget):
(gl::IsInternalTextureTarget):
(gl::ConvertSizedInternalFormat):
(gl::ExtractFormat):
(gl::ExtractType):
(gl::IsColorRenderable):
(gl::IsDepthRenderable):
(gl::IsStencilRenderable):
(gl::IsFloat32Format):
(gl::IsFloat16Format):
(gl::GetAlphaSize):
(gl::GetRedSize):
(gl::GetGreenSize):
(gl::GetBlueSize):
(gl::GetDepthSize):
(gl::GetStencilSize):
(gl::IsTriangleMode):
(getTempPath):
(writeFile):
- src/libGLESv2/utilities.h: Added.
- src/third_party/murmurhash: Added.
- src/third_party/murmurhash/LICENSE: Added.
- src/third_party/murmurhash/MurmurHash3.cpp: Added, replaced tabs with spaces.
(rotl32):
(rotl64):
(getblock):
(fmix):
(MurmurHash3_x86_32):
(MurmurHash3_x86_128):
(MurmurHash3_x64_128):
- src/third_party/murmurhash/MurmurHash3.h: Added, replaced tabs with spaces.
Source/WebCore: Updated ANGLE to latest git commit (047373aa3eb408be62be52ade840fa5f11e72337).
https://bugs.webkit.org/show_bug.cgi?id=118550
Reviewed by Dean Jackson.
- CMakeLists.txt: Renamed DetectRecursion to DetectCallDepth and added Uniform.cpp.
- 3:20 PM Changeset in webkit [153063] by
-
- 3 edits6 moves5 adds2 deletes in trunk/LayoutTests
[CSS Shapes] New positioning model: support for rounded rectangle shape-outside
https://bugs.webkit.org/show_bug.cgi?id=118081
Patch by Bem Jones-Bey <Bem Jones-Bey> on 2013-07-23
Reviewed by Dean Jackson.
Update the shape-outside rounded rectangle tests and import them from
the CSS WG's repository. They have been moved to the CSS WG repository
so they can be part of the spec test suite for CSS Shapes.
- TestExpectations: Remove skipping for tests that have been replaced.
- csswg/submitted/shapes/shape-outside/resources/rounded-rectangle.js: Added.
(ellipseXIntercept):
(scanConvertRoundedRectangleOutside):
(genLeftRightRoundedRectFloatShapeOutsideRefTest):
(genLeftRoundedRectFloatShapeOutsideRefTest):
(genRightRoundedRectFloatShapeOutsideRefTest):
- csswg/submitted/shapes/shape-outside/resources/subpixel-utils.js: Added.
(SubPixelLayout):
(SubPixelLayout.):
- csswg/submitted/shapes/shape-outside/shape-outside-floats-rounded-rectangle-001-expected.html: Renamed from LayoutTests/fast/shapes/shape-outside-floats/shape-outside-floats-simple-rounded-rectangle-001-expected.html.
- csswg/submitted/shapes/shape-outside/shape-outside-floats-rounded-rectangle-001.html: Renamed from LayoutTests/fast/shapes/shape-outside-floats/shape-outside-floats-simple-rounded-rectangle-001.html.
- csswg/submitted/shapes/shape-outside/shape-outside-floats-rounded-rectangle-002-expected.html: Renamed from LayoutTests/fast/shapes/shape-outside-floats/shape-outside-floats-simple-rounded-rectangle-002-expected.html.
- csswg/submitted/shapes/shape-outside/shape-outside-floats-rounded-rectangle-002.html: Renamed from LayoutTests/fast/shapes/shape-outside-floats/shape-outside-floats-simple-rounded-rectangle-002.html.
- csswg/submitted/shapes/shape-outside/shape-outside-floats-rounded-rectangle-003-expected.html: Renamed from LayoutTests/fast/shapes/shape-outside-floats/shape-outside-floats-simple-rounded-rectangle-003-expected.html.
- csswg/submitted/shapes/shape-outside/shape-outside-floats-rounded-rectangle-003.html: Renamed from LayoutTests/fast/shapes/shape-outside-floats/shape-outside-floats-simple-rounded-rectangle-003.html.
- csswg/submitted/shapes/shape-outside/shape-outside-floats-rounded-rectangle-004-expected.html: Added.
- csswg/submitted/shapes/shape-outside/shape-outside-floats-rounded-rectangle-004.html: Added.
- csswg/submitted/shapes/shape-outside/w3c-import.log:
- 2:53 PM Changeset in webkit [153062] by
-
- 2 edits in trunk/Source/WebCore
Use Checked<uint32_t, RecordOverflow> instead of CheckedInt in GraphicsContext3D
https://bugs.webkit.org/show_bug.cgi?id=118988
Reviewed by Oliver Hunt.
Use the WTF's Checked class, with uint32_t as the numeric type and RecordOverflow as the overflow handler,
instead of the CheckedInt class. This removes a layering violation that's occurring due to including the CheckedInt
header that's currently located in the WebCore layer (alongside the HTML canvas code in Source/WebCore/html/canvas).
- platform/graphics/GraphicsContext3D.cpp:
(WebCore::GraphicsContext3D::computeImageSizeInBytes):
- 12:47 PM Changeset in webkit [153061] by
-
- 3 edits2 adds in trunk
REGRESSION(r152313): Links in certain twitter postings don't warp correctly on page
https://bugs.webkit.org/show_bug.cgi?id=118435
Reviewed by David Hyatt.
When we find an empty inline in the middle of the word, prefer breaking it before
instead of after to match other browsers' rendering.
Source/WebCore:
Test: fast/text/whitespace/inline-whitespace-wrapping-12.html
- rendering/RenderBlockLineLayout.cpp:
(WebCore::canBreakAtThisPosition):
LayoutTests:
- fast/text/whitespace/inline-whitespace-wrapping-12-expected.html: Added.
- fast/text/whitespace/inline-whitespace-wrapping-12.html: Added.
- 12:09 PM Changeset in webkit [153060] by
-
- 6 edits2 adds in trunk
Dictionary hotkey does not work on vertical text
https://bugs.webkit.org/show_bug.cgi?id=118993
<rdar://problem/14478260>
Reviewed by Enrica Casucci.
Test: platform/mac/editing/input/firstrectforcharacterrange-vertical.html
- editing/Editor.cpp: (WebCore::collapseCaretWidth): A helper function. (WebCore::Editor::firstRectForRange): Many changes:
- use RenderObject::absoluteBoundingBoxRectForRange() in regular case, because that's more direct that getting caret rects and computing bounding rect from those.
- handle collapsed ranges separately, because absoluteBoundingBoxRectForRange() doesn't provide the needed result, and because it can be done faster.
- wherever we use carets to compute the result, account for vertical text (in a hackish way, as we don't have layout information at Editor level).
- rendering/RenderBlock.cpp: (WebCore::RenderBlock::localCaretRect): Removed dead code.
- 12:02 PM Changeset in webkit [153059] by
-
- 2 edits in trunk/Source/WebKit/win
[Win] WebView didReceiveIcon delegate call doesn't have the icon in it
https://bugs.webkit.org/show_bug.cgi?id=100379
Patch by peavo@outlook.com <peavo@outlook.com> on 2013-07-23
Reviewed by Brent Fulgham.
Added missing icon to WebView didReceiveIcon delegate call, fixes <rdar://problem/5491010>.
- WebView.cpp:
(WebView::dispatchDidReceiveIconFromWebFrame):
- 11:49 AM Changeset in webkit [153058] by
-
- 7 edits2 adds in trunk
[CSS Shapes] New positioning model: Borders
https://bugs.webkit.org/show_bug.cgi?id=118822
Patch by Bem Jones-Bey <Bem Jones-Bey> on 2013-07-23
Reviewed by Dean Jackson.
Source/WebCore:
Converting to the shape coordinate system was not properly accounting
for borders and padding. This has been fixed and a new convienence
method added because of the added complexity of the conversion.
Test: csswg/submitted/shapes/shape-outside/shape-outside-floats-square-border-000.html
- rendering/RenderBlock.cpp:
(WebCore::RenderBlock::logicalLeftFloatOffsetForLine): Update to use
computeSegmentsForContainingBlockLine to do the coordinate
conversion.
(WebCore::RenderBlock::logicalRightFloatOffsetForLine): Ditto.
- rendering/RenderBlockLineLayout.cpp:
(WebCore::LineWidth::shrinkAvailableWidthForNewFloatIfNeeded): Ditto.
- rendering/shapes/ShapeOutsideInfo.cpp:
(WebCore::ShapeOutsideInfo::computeSegmentsForContainingBlockLine):
Add new method to do the coordinate conversion from the containing
block coordinate system to the coordinate system of the shape so
that the segments can be correctly calculated.
LayoutTests:
Test that the shape is properly respected when the float has a border.
- csswg/submitted/shapes/shape-outside/shape-outside-floats-square-border-000-expected.html: Added.
- csswg/submitted/shapes/shape-outside/shape-outside-floats-square-border-000.html: Added.
- csswg/submitted/shapes/shape-outside/w3c-import.log: Updated with new
import information.
- 10:36 AM Changeset in webkit [153057] by
-
- 5 edits4 adds32 deletes in trunk/LayoutTests
[CSS Regions] Convert percentage-margins-* tests to ref-tests
https://bugs.webkit.org/show_bug.cgi?id=118723
Reviewed by Andreas Kling.
The patch converts the percentage margins tests for regions in ref tests.
- fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.html: Added.
- fast/regions/percentage-margins-mixed-ltr-dominant-regions.html:
- fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.html: Added.
- fast/regions/percentage-margins-mixed-rtl-dominant-regions.html:
- fast/regions/percentage-margins-rtl-variable-width-regions-expected.html: Added.
- fast/regions/percentage-margins-rtl-variable-width-regions.html:
- fast/regions/percentage-margins-variable-width-regions-expected.html: Added.
- fast/regions/percentage-margins-variable-width-regions.html:
- platform/efl/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Removed.
- platform/efl/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Removed.
- platform/efl/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Removed.
- platform/efl/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Removed.
- platform/efl/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Removed.
- platform/efl/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Removed.
- platform/efl/fast/regions/percentage-margins-variable-width-regions-expected.png: Removed.
- platform/efl/fast/regions/percentage-margins-variable-width-regions-expected.txt: Removed.
- platform/gtk/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Removed.
- platform/gtk/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Removed.
- platform/gtk/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Removed.
- platform/gtk/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Removed.
- platform/gtk/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Removed.
- platform/gtk/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Removed.
- platform/gtk/fast/regions/percentage-margins-variable-width-regions-expected.png: Removed.
- platform/gtk/fast/regions/percentage-margins-variable-width-regions-expected.txt: Removed.
- platform/mac/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Removed.
- platform/mac/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Removed.
- platform/mac/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Removed.
- platform/mac/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Removed.
- platform/mac/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Removed.
- platform/mac/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Removed.
- platform/mac/fast/regions/percentage-margins-variable-width-regions-expected.png: Removed.
- platform/mac/fast/regions/percentage-margins-variable-width-regions-expected.txt: Removed.
- platform/qt/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Removed.
- platform/qt/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Removed.
- platform/qt/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Removed.
- platform/qt/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Removed.
- platform/qt/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Removed.
- platform/qt/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Removed.
- platform/qt/fast/regions/percentage-margins-variable-width-regions-expected.png: Removed.
- platform/qt/fast/regions/percentage-margins-variable-width-regions-expected.txt: Removed.
- 10:36 AM Changeset in webkit [153056] by
-
- 2 edits in trunk/Source/WebKit
Unreviewed build fix after r153054.
- WebKit.vcxproj/WebKitExportGenerator/WebKitExports.def.in:
- 10:16 AM Changeset in webkit [153055] by
-
- 4 edits in trunk/Source
Remove deprecated and unused compositing settings
https://bugs.webkit.org/show_bug.cgi?id=119014
Reviewed by Andreas Kling.
Source/WebCore:
- page/Settings.in:
Source/WebKit/qt:
Remove A set of settings to control accelerated compositing that have long been
replaced with triggers returned by ChromeClient, but haven't been fully removed.
They are only set by the Qt port but not read anywhere.
- Api/qwebsettings.cpp:
(QWebSettingsPrivate::apply):
- 10:14 AM Changeset in webkit [153054] by
-
- 16 edits2 adds in trunk
Add a test for plug-in unavailability indicator obscurity detection
https://bugs.webkit.org/show_bug.cgi?id=119007
Reviewed by Anders Carlsson.
Test: plugins/unavailable-plugin-indicator-obscurity.html
Expose the ability to test whether the unavailable plugin indicator
is obscured via the internals object.
- testing/Internals.cpp:
(WebCore::Internals::isPluginUnavailabilityIndicatorObscured):
- testing/Internals.h:
- testing/Internals.idl:
Expose RenderEmbeddedObject::isReplacementObscured as
internals.isPluginUnavailabilityIndicatorObscured for testing purposes.
Expose the ability to block plug-ins via pluginLoadPolicy to testRunner.
- WebKitTestRunner/InjectedBundle/Bindings/TestRunner.idl:
- WebKitTestRunner/InjectedBundle/TestRunner.cpp:
(WTR::TestRunner::setBlockAllPlugins):
- WebKitTestRunner/InjectedBundle/TestRunner.h:
- WebKitTestRunner/TestInvocation.cpp:
(WTR::TestInvocation::didReceiveMessageFromInjectedBundle):
Add testRunner.setBlockAllPlugins function (and corresponding message to
forward it through to TestController).
- WebKitTestRunner/TestController.cpp:
Initialize m_shouldBlockAllPlugins to false (and drive-by initialize m_handlesAuthenticationChallenges).
(WTR::TestController::createWebViewWithOptions):
Register our pluginLoadPolicy callback.
(WTR::TestController::resetStateToConsistentValues):
Reset m_shouldBlockAllPlugins to false.
(WTR::TestController::pluginLoadPolicy):
Return the existing plugin load policy, unless setBlockAllPlugins(true)
was called, in which case we reject all plugins with kWKPluginLoadPolicyBlocked.
- WebKitTestRunner/TestController.h:
(WTR::TestController::setBlockAllPlugins):
Add a test that ensures that RenderEmbeddedObject accurately detects the
various different ways the unavailable plugin dialog can be obscured.
- platform/mac-wk2/TestExpectations:
- platform/mac/TestExpectations:
- plugins/unavailable-plugin-indicator-obscurity-expected.txt: Added.
- plugins/unavailable-plugin-indicator-obscurity.html: Added.
- Source/autotools/symbols.filter:
Expose RenderEmbeddedObject::isReplacementObscured to internals.
- 9:43 AM Changeset in webkit [153053] by
-
- 4 edits in trunk/LayoutTests
[Qt] REGRESSION(r152906) Modified fast/shapes/shape-inside/shape-inside-overflow.html ref test fails.
https://bugs.webkit.org/show_bug.cgi?id=118964
Reviewed by Andreas Kling.
I modified the test to use Ahem font. Now it's working well on Qt as well.
- fast/shapes/shape-inside/shape-inside-overflow-expected.html:
- fast/shapes/shape-inside/shape-inside-overflow.html:
- 8:36 AM Changeset in webkit [153052] by
-
- 3 edits in trunk/Source/WebKit/gtk
[GTK] GtkAdjustmentWatcher idle source not correctly handled
https://bugs.webkit.org/show_bug.cgi?id=119003
Reviewed by Martin Robinson.
GtkAdjustmentWatcher::updateAdjustmentsFromScrollbarsLater()
creates a new idle source and initializes
m_updateAdjustmentCallbackId, which is used everywhere and
specially in the destructor to cancel the source when the
GtkAdjustmentWatcher is deleted. However,
m_updateAdjustmentCallbackId is reset to 0 in
GtkAdjustmentWatcher::updateAdjustmentsFromScrollbars() only when
not returning early. This method is public and not only called by
the updateAdjustmentCallback, which means that a call to
updateAdjustmentsFromScrollbars could reset the
m_updateAdjustmentCallbackId without actually destroying the source.
- WebCoreSupport/GtkAdjustmentWatcher.cpp:
(WebKit::GtkAdjustmentWatcher::updateAdjustmentsFromScrollbars):
Cancel the adjustment later idle if it has been scheduled.
(WebKit::GtkAdjustmentWatcher::updateAdjustmentCallback): Reset
m_updateAdjustmentCallbackId.
- WebCoreSupport/GtkAdjustmentWatcher.h:
- 8:08 AM WebKitGTK/2.0.x edited by
- (diff)
- 6:34 AM Changeset in webkit [153051] by
-
- 2 edits in trunk/LayoutTests
[GTK] Unreviewed gardening. Added expectations for flaky tests.
- platform/gtk/TestExpectations: Added new expectations.
- 6:32 AM Changeset in webkit [153050] by
-
- 2 edits in trunk/LayoutTests
[GTK] Unreviewed gardening. Unskip passing tests.
https://bugs.webkit.org/show_bug.cgi?id=119008
Unreviewed GTK gardening.
Patch by Simon Pena <simon.pena@samsung.com> on 2013-07-23
- platform/gtk/TestExpectations: unskip editing/selection/mixed-editability-10.html,
editing/selection/5825350-1.html and editing/selection/5825350-2.html since they have new
baselines, unskip http/tests/security/mixedContent/insecure-audio-video-in-main-frame.html
after r152778, unskip fast/images/webgl-teximage2d.html after r152531 and
svg/custom/xlink-prefix-in-attributes.html after r152785
- 6:20 AM Changeset in webkit [153049] by
-
- 2 edits2 adds in trunk/LayoutTests
[GTK] Unreviewed gardening. Baseline and rebaseline needed after r152612 and r152911.
- platform/gtk/editing/caret/caret-color-expected.txt: Added.
- platform/gtk/fast/multicol/shrink-to-column-height-for-pagination-expected.txt: Updated.
- 5:35 AM Changeset in webkit [153048] by
-
- 12 edits in trunk/Source/WebKit2
[EFL][WK2] Add doneWithTouchEvent callback to the WKViewClient.
https://bugs.webkit.org/show_bug.cgi?id=110085
Patch by Eunmi Lee <eunmi15.lee@samsung.com> on 2013-07-23
Reviewed by Kenneth Rohde Christiansen.
Add doneWithTouchEvent callback to the WKViewClient in order to get the
result of touch events in the EwkView. The result will be used to
recognize gestures in the Bug 102643.
APIs to get values from WKTouchEventRef and WKTouchPointRef are added
because WKTypeRef is opaque to the applications.
- UIProcess/API/C/CoordinatedGraphics/WKView.h:
- UIProcess/API/C/efl/WKAPICastEfl.h:
(WebKit::toAPI):
- UIProcess/API/C/efl/WKEventEfl.cpp:
(WKTouchEventGetType):
(WKTouchEventGetTouchPoints):
(WKTouchEventGetModifiers):
(WKTouchEventGetTimestamp):
(WKTouchPointGetID):
(WKTouchPointGetState):
(WKTouchPointGetScreenPosition):
(WKTouchPointGetPosition):
(WKTouchPointGetRadius):
(WKTouchPointGetRotationAngle):
(WKTouchPointGetForceFactor):
- UIProcess/API/C/efl/WKEventEfl.h:
- UIProcess/API/efl/EwkView.cpp:
(EwkView::doneWithTouchEvent):
- UIProcess/API/efl/EwkView.h:
- UIProcess/CoordinatedGraphics/WebView.cpp:
(WebKit::WebView::doneWithTouchEvent):
- UIProcess/CoordinatedGraphics/WebViewClient.cpp:
(WebKit::WebViewClient::doneWithTouchEvent):
- UIProcess/CoordinatedGraphics/WebViewClient.h:
- UIProcess/efl/ViewClientEfl.cpp:
(WebKit::ViewClientEfl::doneWithTouchEvent):
(WebKit::ViewClientEfl::ViewClientEfl):
- UIProcess/efl/ViewClientEfl.h:
- 5:24 AM Changeset in webkit [153047] by
-
- 1 edit2 adds in trunk/LayoutTests
[GTK] Unreviewed gardening. Added needed baselines after r104133.
- platform/gtk/perf/nested-combined-selectors-expected.txt: Added.
- 4:51 AM Changeset in webkit [153046] by
-
- 4 edits in trunk/Source/WebCore
[Soup] Clean up header inclusions in ResourceRequest(Soup), SocketStreamHandle
https://bugs.webkit.org/show_bug.cgi?id=118984
Reviewed by Darin Adler.
Execute a minor cleanup of the header inclusions in Soup-specific ResourceRequestSoup.cpp, ResourceRequest.h
and SocketStreamHandle.h source files. The inclusions are sorted into proper order, with blank lines and unnecessary
reinclusions removed.
- platform/network/soup/ResourceRequest.h:
- platform/network/soup/ResourceRequestSoup.cpp:
- platform/network/soup/SocketStreamHandle.h:
- 4:38 AM Changeset in webkit [153045] by
-
- 2 edits in trunk/Source/WebCore
[Soup] Remove unnecessary header inclusions in ResourceHandleSoup.cpp
https://bugs.webkit.org/show_bug.cgi?id=118983
Reviewed by Martin Robinson.
Remove inclusions of the CachedResourceLoader, ChromeClient, Frame and Page headers. These are not
necessary (anymore) and only prevent the source file to be built independently of WebCore, as it should be.
- platform/network/soup/ResourceHandleSoup.cpp:
- 4:30 AM Changeset in webkit [153044] by
-
- 4 edits in trunk/Source/WebInspectorUI
WebSocket initialization to use remote inspector
https://bugs.webkit.org/show_bug.cgi?id=118678
Patch by Roland Takacs <rtakacs@inf.u-szeged.hu> on 2013-07-23
Reviewed by Timothy Hatcher.
Add WebSocket initialization and define a 'connect-src' directive in the
Content-Security-Policy HTTP header to enable the connection.
- UserInterface/InspectorFrontendHostStub.js:
(.WebInspector.InspectorFrontendHostStub.prototype.sendMessageToBackend):
- UserInterface/Main.html:
- UserInterface/Main.js:
(WebInspector.loaded):
(WebInspector._initializeWebSocketIfNeeded.createSocket.WebInspector):
(WebInspector._initializeWebSocketIfNeeded.createSocket):
(WebInspector._initializeWebSocketIfNeeded):
- 4:25 AM Changeset in webkit [153043] by
-
- 3 edits in trunk/Source/WebCore
Remove unnecessary header inclusions in GraphicsContext3D.cpp, GraphicsContext3DOpenGLCommon.cpp
https://bugs.webkit.org/show_bug.cgi?id=118989
Reviewed by Darin Adler.
- platform/graphics/GraphicsContext3D.cpp: Remove the unnecessary DrawingBuffer header inclusion.
- platform/graphics/opengl/GraphicsContext3DOpenGLCommon.cpp: Remove the unnecessary
CanvasRenderingContext and WebGLObject header inclusions.
- 4:24 AM Changeset in webkit [153042] by
-
- 3 edits in trunk/Source/WebCore
Remove the topDocumentURL member of the GraphicsContext3D::Attributes struct
https://bugs.webkit.org/show_bug.cgi?id=118987
Reviewed by Darin Adler.
Remove the topDocumentURL member that currently resides in the GraphicsContext3D::Attributes struct.
It's not used anywhere and only has one place where it is set, in WebGLRenderingContext::create.
- html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::create):
- platform/graphics/GraphicsContext3D.h:
- 4:21 AM Changeset in webkit [153041] by
-
- 3 edits in trunk/Source/WebCore
Remove unused DrawingBuffer::paintRenderingResultsToImageData
https://bugs.webkit.org/show_bug.cgi?id=118986
Reviewed by Darin Adler.
Remove the paintRenderingResultsToImageData method of the DrawingBuffer class. It is not used anywhere
and also introduces a nasty layering violation by including and operating with the ImageData class.
- platform/graphics/gpu/DrawingBuffer.cpp:
- platform/graphics/gpu/DrawingBuffer.h:
- 4:20 AM Changeset in webkit [153040] by
-
- 2 edits in trunk/Source/WebCore
Remove unnecessary includes in FormDataBuilder.cpp
https://bugs.webkit.org/show_bug.cgi?id=118991
Reviewed by Darin Adler.
- platform/network/FormDataBuilder.cpp: Remove the Frame and FrameLoader header inclusions,
nothing these two headers provide is used in this source file.
- 4:17 AM Changeset in webkit [153039] by
-
- 2 edits in trunk/Source/WebCore
Fix the style of the ContentDispositionType enum definition
https://bugs.webkit.org/show_bug.cgi?id=118990
Reviewed by Darin Adler.
- platform/network/HTTPParsers.h: Align the style of the ContentDispositionType enumeration
definition with the other enumeration definitions in the HTTPParsers header, using the
'enum Name { ... }' style instead of a typedef.
- 3:35 AM Changeset in webkit [153038] by
-
- 1 edit2 adds in trunk/LayoutTests
[GTK] Unreviewed gardening. New baselines after r152941.
https://bugs.webkit.org/show_bug.cgi?id=119005
Unreviewed GTK gardening.
GTK's DumpRenderTree prints CONFIRM instead of CONFIRM NAVIGATION, so we need
platform-specific expectations.
Patch by Simon Pena <simon.pena@samsung.com> on 2013-07-23
- platform/gtk/fast/loader/show-only-one-beforeunload-dialog-expected.txt: Added.
- platform/gtk/http/tests/misc/iframe-beforeunload-dialog-matching-ancestor-securityorigin-expected.txt: Added.
- 3:08 AM Changeset in webkit [153037] by
-
- 2 edits in trunk/LayoutTests
[GTK] Unreviewed gardening. Skip failing test.
https://bugs.webkit.org/show_bug.cgi?id=119006
Unreviewed GTK gardening.
Patch by Simon Pena <simon.pena@samsung.com> on 2013-07-23
- platform/gtk/TestExpectations: mathml/presentation/fenced-mi.html fails
after being converted to ref test.
- 3:03 AM Changeset in webkit [153036] by
-
- 1 edit7 adds in trunk/LayoutTests
[GTK] Unreviewed gardening. Added needed baselines for GTK+.
- platform/gtk/fast/block/lineboxcontain/block-with-ideographs-expected.txt: Added.
- platform/gtk/fast/css-generated-content/details-summary-before-after-expected.txt: Added.
- platform/gtk/fast/css3-text/css3-text-decoration/text-decoration-line-scaled-expected.txt: Added.
- platform/gtk/fast/regions/region-dynamic-after-before-expected.txt: Added.
- platform/gtk/fast/regions/region-generated-content-before-after-expected.txt: Added.
- platform/gtk/fast/text/text-combine-different-fonts-expected.txt: Added.
- platform/gtk/svg/text/text-overflow-ellipsis-svgfont-kerning-ligatures-expected.txt: Added.
- 2:49 AM Changeset in webkit [153035] by
-
- 2 edits in trunk/Source/WebCore
[GTK] Mock GDK_IS_X11_DISPLAY macro can be redefined unnecessarily
https://bugs.webkit.org/show_bug.cgi?id=118980
Reviewed by Martin Robinson.
- platform/gtk/GtkVersioning.h: Only define the GDK_IS_X11_DISPLAY macro when using the GTK+ 2 API version
as that's the only supported configuration where the macro is not defined. Definining it only if it's not
yet defined at the time of inclusion of this header can cause redefinitions in GTK+ headers that are normally
included later.
- 1:24 AM Changeset in webkit [153034] by
-
- 3 edits in trunk/LayoutTests
Enable some MathML reftests on Windows and EFL ports.
https://bugs.webkit.org/show_bug.cgi?id=118916
Patch by Frédéric Wang <fred.wang@free.fr> on 2013-07-23
Reviewed by Chris Fleizach.
- platform/efl/TestExpectations: do not skip over.html
- platform/win/TestExpectations: enable most of the non-pixel tests
Jul 22, 2013:
- 10:40 PM Changeset in webkit [153033] by
-
- 13 edits5 adds in branches/dfgFourthTier/Source/JavaScriptCore
fourthTier: DFG should do a high-level LICM before going to FTL
https://bugs.webkit.org/show_bug.cgi?id=118749
Reviewed by Oliver Hunt.
Implements LICM hoisting for nodes that never write anything and never read
things that are clobbered by the loop. There are some other preconditions for
hoisting, see DFGLICMPhase.cpp.
Also did a few fixes:
- ClobberSet::add was failing to switch Super entries to Direct entries in some cases.
- DFGClobberize.cpp needed to #include "Operations.h".
- DCEPhase needs to process the graph in reverse DFS order, when we're in SSA.
- AbstractInterpreter can now execute a Node without knowing its indexInBlock. Knowing the indexInBlock is an optional optimization that all other clients of AI still opt into, but LICM doesn't.
This makes the FTL a 2.19x speed-up on imaging-gaussian-blur.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGAbstractInterpreter.h:
(AbstractInterpreter):
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
(JSC::DFG::::execute):
(DFG):
(JSC::DFG::::clobberWorld):
(JSC::DFG::::clobberStructures):
- dfg/DFGAtTailAbstractState.cpp: Added.
(DFG):
(JSC::DFG::AtTailAbstractState::AtTailAbstractState):
(JSC::DFG::AtTailAbstractState::~AtTailAbstractState):
(JSC::DFG::AtTailAbstractState::createValueForNode):
(JSC::DFG::AtTailAbstractState::forNode):
- dfg/DFGAtTailAbstractState.h: Added.
(DFG):
(AtTailAbstractState):
(JSC::DFG::AtTailAbstractState::initializeTo):
(JSC::DFG::AtTailAbstractState::forNode):
(JSC::DFG::AtTailAbstractState::variables):
(JSC::DFG::AtTailAbstractState::block):
(JSC::DFG::AtTailAbstractState::isValid):
(JSC::DFG::AtTailAbstractState::setDidClobber):
(JSC::DFG::AtTailAbstractState::setIsValid):
(JSC::DFG::AtTailAbstractState::setBranchDirection):
(JSC::DFG::AtTailAbstractState::setFoundConstants):
(JSC::DFG::AtTailAbstractState::haveStructures):
(JSC::DFG::AtTailAbstractState::setHaveStructures):
- dfg/DFGBasicBlock.h:
(JSC::DFG::BasicBlock::insertBeforeLast):
- dfg/DFGBasicBlockInlines.h:
(DFG):
- dfg/DFGClobberSet.cpp:
(JSC::DFG::ClobberSet::add):
(JSC::DFG::ClobberSet::addAll):
- dfg/DFGClobberize.cpp:
(JSC::DFG::doesWrites):
- dfg/DFGClobberize.h:
(DFG):
- dfg/DFGDCEPhase.cpp:
(JSC::DFG::DCEPhase::DCEPhase):
(JSC::DFG::DCEPhase::run):
(JSC::DFG::DCEPhase::fixupBlock):
(DCEPhase):
- dfg/DFGEdgeDominates.h: Added.
(DFG):
(EdgeDominates):
(JSC::DFG::EdgeDominates::EdgeDominates):
(JSC::DFG::EdgeDominates::operator()):
(JSC::DFG::EdgeDominates::result):
(JSC::DFG::edgesDominate):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::checkArray):
- dfg/DFGLICMPhase.cpp: Added.
(LICMPhase):
(JSC::DFG::LICMPhase::LICMPhase):
(JSC::DFG::LICMPhase::run):
(JSC::DFG::LICMPhase::attemptHoist):
(DFG):
(JSC::DFG::performLICM):
- dfg/DFGLICMPhase.h: Added.
(DFG):
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
- 9:52 PM Changeset in webkit [153032] by
-
- 3 edits in trunk/Source/WebCore
StickyPositionConstraints should store the constrainingRectAtLastLayout
https://bugs.webkit.org/show_bug.cgi?id=118999
Reviewed by Simon Fraser.
Much like how FixedPositionConstraints store a viewportRectAtLastLayout,
StickyConstraints should store a constrainingRectAtLastLayout. We'll need this to
get sticky right in overflow areas once overflow areas scroll on the scrolling
thread.
- page/scrolling/ScrollingConstraints.h:
(WebCore::StickyPositionViewportConstraints::StickyPositionViewportConstraints):
(WebCore::StickyPositionViewportConstraints::constrainingRectAtLastLayout):
(WebCore::StickyPositionViewportConstraints::setConstrainingRectAtLastLayout):
- rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::computeStickyPositionConstraints):
- 7:30 PM Changeset in webkit [153031] by
-
- 11 edits in branches/safari-537-branch/Source
Merged r153017. <rdar://problem/14511268>
- 7:16 PM Changeset in webkit [153030] by
-
- 3 edits in branches/safari-537-branch/Source/WebCore
Merged r153014. <rdar://problem/14516421>
- 7:12 PM Changeset in webkit [153029] by
-
- 2 edits in branches/safari-537-branch/Source/WebCore
Merged r153013. <rdar://problem/14511232>
- 7:10 PM Changeset in webkit [153028] by
-
- 2 edits in branches/safari-537-branch/Source/WebCore
Merged r152989. <rdar://problem/13580220>
- 7:08 PM Changeset in webkit [153027] by
-
- 2 edits in branches/safari-537-branch/Source/WebKit2
Merged r152984. <rdar://problem/14155030>
- 7:04 PM Changeset in webkit [153026] by
-
- 4 edits in branches/safari-537-branch
Merged r152951. <rdar://problem/14504480>
- 7:03 PM Changeset in webkit [153025] by
-
- 2 edits in branches/safari-537-branch/Tools
Merged r152484. <rdar://problem/14504480>
- 6:51 PM Changeset in webkit [153024] by
-
- 2 edits in branches/safari-537-branch/Source/WebKit2
Merged r152950. <rdar://problem/14496721>
- 6:47 PM Changeset in webkit [153023] by
-
- 3 edits in branches/safari-537-branch/Source/WebKit2
Merged r152787. <rdar://problem/14418799>
- 6:43 PM Changeset in webkit [153022] by
-
- 2 edits in trunk/Source/WebCore
DateInputType constructor initiate incorrect base class
https://bugs.webkit.org/show_bug.cgi?id=118962
Patch by Santosh Mahto <santosh.ma@samsung.com> on 2013-07-22
Reviewed by Gyuyoung Kim.
No new test required since solving code error
- html/DateInputType.cpp:
(WebCore::DateInputType::DateInputType):
Corrected the base class instantiation in constructor.
- 6:24 PM Changeset in webkit [153021] by
-
- 15 edits9 copies in branches/safari-537-branch
Merged r152941. <rdar://problem/14475779>
- 6:16 PM Changeset in webkit [153020] by
-
- 2 edits in branches/safari-537-branch
Merged r152939. <rdar://problem/14497952>
- 6:15 PM Changeset in webkit [153019] by
-
- 5 edits in branches/safari-537-branch
Merged r152939. <rdar://problem/14365153>
- 6:03 PM Changeset in webkit [153018] by
-
- 14 edits50 copies in branches/safari-537-branch
Merged r152911. <rdar://problem/14109351>
- 6:02 PM Changeset in webkit [153017] by
-
- 11 edits in trunk/Source
Plug-in unavailability indicator should not be displayed if a blocked plugin's indicator is clipped
https://bugs.webkit.org/show_bug.cgi?id=118998
<rdar://problem/14511268>
Reviewed by Anders Carlsson.
- html/HTMLEmbedElement.cpp:
(WebCore::HTMLEmbedElement::updateWidget):
- html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::updateWidget):
- html/HTMLPlugInElement.cpp:
(WebCore::HTMLPlugInElement::defaultEventHandler):
(WebCore::HTMLPlugInElement::supportsFocus):
- html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary):
- loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::createJavaAppletWidget):
(WebCore::SubframeLoader::loadPlugin):
- page/FrameView.cpp:
(WebCore::FrameView::updateWidget):
Rename showsUnavailablePluginIndicator to isPluginUnavailable, since being unavailable
and actually showing the indicator are two totally different things.
- WebCore.exp.in: Expose setUnavailablePluginIndicatorIsHidden.
- rendering/RenderEmbeddedObject.cpp:
(WebCore::RenderEmbeddedObject::RenderEmbeddedObject):
Rename m_showsUnavailablePluginIndicator to m_isPluginUnavailable.
Add m_isUnavailablePluginIndicatorHidden, defaulting to false.
(WebCore::RenderEmbeddedObject::setPluginUnavailabilityReasonWithDescription):
Set m_isPluginUnavailable when we get an unavailability reason.
(WebCore::RenderEmbeddedObject::paint):
(WebCore::RenderEmbeddedObject::setUnavailablePluginIndicatorIsHidden): Added.
- rendering/RenderEmbeddedObject.h:
(WebCore::RenderEmbeddedObject::isPluginUnavailable): Added.
(WebCore::RenderEmbeddedObject::showsUnavailablePluginIndicator):
Repurpose "showsUnavailablePluginIndicator" to actually represent whether
the indicator is displayed (i.e. the plugin is unavailable, and the
indicator is not hidden).
- 5:54 PM Changeset in webkit [153016] by
-
- 3 edits2 copies in branches/safari-537-branch
Merged r152907. <rdar://problem/14494580>
- 5:51 PM Changeset in webkit [153015] by
-
- 2 edits in branches/safari-537-branch/Source/JavaScriptCore
Merged r152882. <rdar://problem/14488577>
- 5:14 PM Changeset in webkit [153014] by
-
- 3 edits in trunk/Source/WebCore
RenderEmbeddedObject::isReplacementObscured should include the arrow in its area-of-interest
https://bugs.webkit.org/show_bug.cgi?id=118995
<rdar://problem/14516421>
Reviewed by Anders Carlsson.
- rendering/RenderEmbeddedObject.cpp:
(WebCore::RenderEmbeddedObject::unavailablePluginIndicatorBounds):
Rename method from replacementTextRect to unavailablePluginIndicatorBounds for accuracy.
Use the bounding box of the indicator's path, which includes the rounded rect behind
the text as well as the arrow button.
(WebCore::RenderEmbeddedObject::isReplacementObscured):
- rendering/RenderEmbeddedObject.h:
- 5:05 PM Changeset in webkit [153013] by
-
- 2 edits in trunk/Source/WebCore
<applet> plugins are instantiated post-attach (instead of post-layout like for object and embed)
https://bugs.webkit.org/show_bug.cgi?id=118994
<rdar://problem/14511232>
Reviewed by Anders Carlsson.
Make <applet> consistent with <object> and <embed>, deferring plugin
instantiation to post-layout, so that layout is up-to-date if anything
needs it (like RenderEmbeddedObject::isReplacementObscured) during creation.
- html/HTMLAppletElement.cpp:
(WebCore::HTMLAppletElement::updateWidget):
Copy code from HTMLObjectElement/HTMLEmbedElement that defers plugin
creation until post-layout tasks. Java is always an NPAPI plugin, so
we should always defer if requested.
- 4:53 PM Changeset in webkit [153012] by
-
- 4 edits in branches/safari-537-branch
Merged r152874. <rdar://problem/14473010>
- 4:43 PM Changeset in webkit [153011] by
-
- 2 edits in branches/safari-537-branch/Source/JavaScriptCore
Merged r152868. <rdar://problem/14486297>
- 4:37 PM Changeset in webkit [153010] by
-
- 3 edits in branches/safari-537-branch/Source/WebKit2
Merged r152866. <rdar://problem/14474988>
- 4:34 PM Changeset in webkit [153009] by
-
- 4 edits in branches/safari-537-branch/Source/WebKit2
Merged r152862. <rdar://problem/13826348>
- 3:33 PM Changeset in webkit [153008] by
-
- 2 edits in branches/safari-537-branch/Source/WebCore
Merged r152858. <rdar://problem/14480588>
- 3:29 PM Changeset in webkit [153007] by
-
- 2 edits in trunk/Source/WTF
String::lower() - Skip to slow path on the first failure
https://bugs.webkit.org/show_bug.cgi?id=118885
Reviewed by Andreas Kling.
In the 8 bits case, we don't need to know the state of the full string before changing characters
to their lowercase variant.
Just fail immediately and start transforming characters from the point of failure.
This avoid reading the string twice when the uppercase character is not at the end of the string.
- wtf/text/StringImpl.cpp:
(WTF::StringImpl::lower):
- 3:26 PM Changeset in webkit [153006] by
-
- 4 edits in branches/safari-537-branch/Source
Merged r152848. <rdar://problem/14481659>
- 3:23 PM Changeset in webkit [153005] by
-
- 4 edits in trunk/Source/WebCore
Do not allocate 2 AtomicString just to do a comparison in HTMLAnchorElement::setRel()
https://bugs.webkit.org/show_bug.cgi?id=118941
Reviewed by Gavin Barraclough.
Currently, the only type of link relation supported by HTMLAnchorElement is RelationNoReferrer.
To find the value, we create a SpaceSplitString with the input value of the attribute (which
create one or more AtomicString depending on the input). Then we create a new AtomicString for
the literal "noreferrer". Finally, we compare the pointers and throw away all the AtomicStrings.
This causes a lot of memory operations for something really simple.
This patch adds a little helper method to SpaceSplitString to find a literal in the input. The only
allocation happens if we need to foldCase(). The following operations are done without allocating
new buffer and without hashing the input.
- dom/SpaceSplitString.cpp:
(WebCore::tokenizeSpaceSplitString):
(WebCore::AppendTokenToVectorTokenProcessor::AppendTokenToVectorTokenProcessor):
(WebCore::AppendTokenToVectorTokenProcessor::processToken):
(WebCore::SpaceSplitStringData::createVector):
(WebCore::TokenIsEqualToCStringTokenProcessor::TokenIsEqualToCStringTokenProcessor):
(WebCore::TokenIsEqualToCStringTokenProcessor::processToken):
(WebCore::TokenIsEqualToCStringTokenProcessor::referenceStringWasFound):
(WebCore::SpaceSplitString::spaceSplitStringContainsValue):
- dom/SpaceSplitString.h:
(WebCore::SpaceSplitString::spaceSplitStringContainsValue):
- html/HTMLAnchorElement.cpp:
(WebCore::HTMLAnchorElement::setRel):
- 3:17 PM Changeset in webkit [153004] by
-
- 2 edits in branches/safari-537-branch/Source/WebCore
Merged r152839. <rdar://problem/14247011>
- 3:10 PM Changeset in webkit [153003] by
-
- 7 edits3 adds in trunk
segfault in RenderLayerCompositor when the iframe's position attribute is changed and it embeds <object>.
https://bugs.webkit.org/show_bug.cgi?id=118965
Patch by Zalan Bujtas <Alan Bujtas> on 2013-07-22
Reviewed by Simon Fraser.
Do not change the composition state unless we can reliably figure out the iframe's size.
If the renderer is not yet attached, its size is not computable.
Source/WebCore:
Test: compositing/iframes/iframe-position-absolute-with-padding-percentage-crash.html
- rendering/RenderLayerCompositor.cpp:
(WebCore::RenderLayerCompositor::requiresCompositingForFrame):
LayoutTests:
- compositing/iframes/iframe-position-absolute-with-padding-percentage-crash-expected.txt: Added.
- compositing/iframes/iframe-position-absolute-with-padding-percentage-crash.html: Added.
- compositing/iframes/resources/embed-tag-with-composition.html: Added.
- platform/efl/TestExpectations: skip
- platform/efl-wk2/TestExpectations: skip
- platform/qt-5.0-wk1/TestExpectations: skip
- platform/qt-5.0-wk2/TestExpectations: skip
- 3:04 PM Changeset in webkit [153002] by
-
- 3 edits2 adds in trunk
AX: VoiceOver only read the first column in a safari table
https://bugs.webkit.org/show_bug.cgi?id=118992
Reviewed by Tim Horton.
Source/WebCore:
In case the first section has fewer columns than the rest of the table, the AXTable was only reporting the number of
columns for the first section. We need to take the max number of columns out of all sections.
Test: accessibility/table-with-mismatch-column-count-in-initial-section.html
- accessibility/AccessibilityTable.cpp:
(WebCore::AccessibilityTable::addChildren):
LayoutTests:
- accessibility/table-with-mismatch-column-count-in-initial-section-expected.txt: Added.
- accessibility/table-with-mismatch-column-count-in-initial-section.html: Added.
- 2:59 PM Changeset in webkit [153001] by
-
- 18 edits in branches/safari-537-branch
Merged r152824. <rdar://problem/14209318>
- 2:50 PM Changeset in webkit [153000] by
-
- 38 edits1 delete in branches/safari-537-branch
Rollout of r152701. <rdar://problem/14209318>
- 2:48 PM Changeset in webkit [152999] by
-
- 4 edits in branches/safari-537-branch/LayoutTests
Rollout of r152703. <rdar://problem/14209318>
- 2:32 PM Changeset in webkit [152998] by
-
- 7 edits2 adds in trunk
StickyPositionContraints should not need to change to account for a RenderLayer's
scrollOffset
https://bugs.webkit.org/show_bug.cgi?id=118958
-and corresponding-
<rdar://problem/12469203>
Reviewed by Simon Fraser.
Source/WebCore:
Before this patch, to get sticky offsets right in overflow areas, the
StickyPositionConstraints changed on every scroll to factor it in. This will be a
problem once we can scroll overflow areas on the scrolling thread. The constraints
should never have to change to account for the scroll position. This patch fixes
that issue by changing the StickyPositionViewportConstraints’s containerBlockRect
and stickyBoxRect to be in a coordinate space that is relative to the scrolling
ancestor rather than being absolute. This patch also removes ‘absolute’ from those
variable names since they are no longer absolute.
A few re-names in the StickyPositionViewportConstraints class. The parameter to
computeStickyOffset() used to be called viewportRect, and is now called
constrainingRect. m_absoluteStickyBoxRect is now m_stickyBoxRect, and
m_absoluteContainingBlockRect is now m_containingBlockRect. And finally,
layerPositionForViewportRect() is now layerPositionForConstrainingRect()
- page/scrolling/ScrollingConstraints.cpp:
(WebCore::StickyPositionViewportConstraints::computeStickyOffset):
(WebCore::StickyPositionViewportConstraints::layerPositionForConstrainingRect):
- page/scrolling/ScrollingConstraints.h:
(WebCore::StickyPositionViewportConstraints::StickyPositionViewportConstraints):
(WebCore::StickyPositionViewportConstraints::containingBlockRect):
(WebCore::StickyPositionViewportConstraints::setContainingBlockRect):
(WebCore::StickyPositionViewportConstraints::stickyBoxRect):
(WebCore::StickyPositionViewportConstraints::setStickyBoxRect):
(WebCore::StickyPositionViewportConstraints::operator==):
Accounting for the re-names.
- page/scrolling/ScrollingStateStickyNode.cpp:
(WebCore::ScrollingStateStickyNode::syncLayerPositionForViewportRect):
(WebCore::ScrollingStateStickyNode::dumpProperties):
- page/scrolling/mac/ScrollingTreeStickyNode.mm:
(WebCore::ScrollingTreeStickyNode::parentScrollPositionDidChange):
Compute all values relative to the scrolling ancestor. This requires some juggling
in the overflow case to factor border and padding in or out.
- rendering/RenderBoxModelObject.cpp:
(WebCore::RenderBoxModelObject::computeStickyPositionConstraints):
This is where the scrollOffset should be factored in.
(WebCore::RenderBoxModelObject::stickyPositionOffset):
LayoutTests:
This tests stick in overflow areas where the sticky’s containing block overflows
the overflow area. The sticky object should not extend beyond the overflow area in
that case.
- fast/css/sticky/sticky-top-overflow-container-overflow-expected.html: Added.
- fast/css/sticky/sticky-top-overflow-container-overflow.html: Added.
- 2:24 PM Changeset in webkit [152997] by
-
- 7 edits2 copies in branches/safari-537-branch
Merged r152793. <rdar://problem/14152444>
- 2:21 PM Changeset in webkit [152996] by
-
- 11 edits in branches/safari-537-branch
Merged r152788. <rdar://problem/14421609>
- 2:17 PM Changeset in webkit [152995] by
-
- 3 edits2 copies in branches/safari-537-branch
Merged r152783. <rdar://problem/13540428>
- 2:15 PM Changeset in webkit [152994] by
-
- 2 edits in branches/safari-537-branch/Websites/bugs.webkit.org
Merged r152751. <rdar://problem/14450661>
- 2:12 PM Changeset in webkit [152993] by
-
- 2 edits in branches/safari-537-branch/Source/WebCore
Merged r152743. <rdar://problem/14459780>
- 2:09 PM Changeset in webkit [152992] by
-
- 2 edits in branches/safari-537-branch/Source/JavaScriptCore
Merged r152737. <rdar://problem/14435663>
- 2:07 PM Changeset in webkit [152991] by
-
- 3 edits4 copies in branches/safari-537-branch
Merged r152721. <rdar://problem/14446514>
- 1:56 PM Changeset in webkit [152990] by
-
- 2 edits in branches/safari-537-branch/Source/WebInspectorUI
Merged r152651. <rdar://problem/14406853>
- 1:54 PM Changeset in webkit [152989] by
-
- 2 edits in trunk/Source/WebCore
PlugIn content can disappear after restarting
https://bugs.webkit.org/show_bug.cgi?id=118982
Reviewed by Simon Fraser.
When a snapshotted plug-in is restarted, we inserted its compositing
layer back into the tree, but didn't recalculate style. This meant
that a subsequent compositing tree operation (such as any hardware
animation) could cause the content to disappear.
- html/HTMLPlugInImageElement.cpp:
(WebCore::HTMLPlugInImageElement::setDisplayState): Force a style recalc.
(WebCore::HTMLPlugInImageElement::removeSnapshotTimerFired): Ditto.
- 1:52 PM Changeset in webkit [152988] by
-
- 2 edits in branches/safari-537-branch/Source/JavaScriptCore
Merged r152600. <rdar://problem/14474400>
- 12:49 PM Changeset in webkit [152987] by
-
- 2 edits5 adds in trunk/LayoutTests
Rebaseline the caret color test for the Mac port after r152612
https://bugs.webkit.org/show_bug.cgi?id=118961
Reviewed by Alexey Proskuryakov.
Added expected results of the caret color test for the Mac port.
- platform/mac-wk2/editing/caret/caret-color-expected.png: Added.
- platform/mac/TestExpectations:
- platform/mac/editing/caret/caret-color-expected.png: Added.
- platform/mac/editing/caret/caret-color-expected.txt: Added.
- 12:38 PM Changeset in webkit [152986] by
-
- 3 edits2 adds in trunk
REGRESSION(r152227) Images with compositing layer don't show up unless the containing window is resized.
https://bugs.webkit.org/show_bug.cgi?id=118951
Patch by Zalan Bujtas <Alan Bujtas> on 2013-07-22
Reviewed by Simon Fraser.
Ensure that the content rect is initialized when the image is set on the graphics layer.
RenderLayerBacking::updateGraphicsLayerGeometry() only updates the contents rect when
the associated graphics layer has a content layer. Since the image gets committed
on the graphics layer after the update calls, the contents rect is left uninitialized.
Source/WebCore:
Test: compositing/images/positioned-image-content-rect.html
- rendering/RenderLayerBacking.cpp:
(WebCore::RenderLayerBacking::updateImageContents):
LayoutTests:
- compositing/images/positioned-image-content-rect-expected.html: Added.
- compositing/images/positioned-image-content-rect.html: Added.
- 11:48 AM Changeset in webkit [152985] by
-
- 3 edits in trunk/Source/WebCore
[Old Web Inspector] When right-clicking on a DataGrid column, show editing menu option as "Edit <columnName>" instead of just "Edit"
https://bugs.webkit.org/show_bug.cgi?id=118971
Patch by Diego Pino Garcia <Diego Pino Garcia> on 2013-07-22
Reviewed by Timothy Hatcher.
- English.lproj/localizedStrings.js:
- inspector/front-end/DataGrid.js: Change "Edit" for "Edit <columnTitle>"
(WebInspector.DataGrid.prototype._contextMenuInDataTable):
- 11:25 AM Changeset in webkit [152984] by
-
- 2 edits in trunk/Source/WebKit2
Frequent MESSAGE_CHECK failures in WebPageProxy::didReceiveEvent
https://bugs.webkit.org/show_bug.cgi?id=118976
<rdar://problem/14155030>
Reviewed by Sam Weinig.
- UIProcess/WebPageProxy.cpp: (WebKit::WebPageProxy::resetStateAfterProcessExited): Clear m_gestureEventQueue, just like we clear all other event queues here.
- 11:14 AM Changeset in webkit [152983] by
-
- 2 edits in trunk/Source/WebKit
Fixed WinCairo build configurations.
https://bugs.webkit.org/show_bug.cgi?id=118932
Reviewed by Brent Fulgham.
- WebKit.vcxproj/WebKit.sln:
Made WinCairo not build AssembleBuildLogs (wasn't working, not necessary).
Made Debug_WinCairo build with Debug_WinCairo configuration.
Made 64-bit WinCairo not build QTMovieWin.
- 11:12 AM Changeset in webkit [152982] by
-
- 6 edits in trunk/Source
Added assembly files to Windows 64-bit builds.
https://bugs.webkit.org/show_bug.cgi?id=118931
Reviewed by Brent Fulgham.
Source/JavaScriptCore:
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: Added JITStubsMSVC64.asm for x64 and enabled MASM.
- JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters: Added JITStubsMSVC64.asm.
Source/WebCore:
- WebCore.vcxproj/WebCore.vcxproj: Added PaintHooks.asm for x64 and enabled MASM.
- WebCore.vcxproj/WebCore.vcxproj.filters: Added PaintHooks.asm.
- 11:10 AM Changeset in webkit [152981] by
-
- 4 edits30 adds3 deletes in trunk/LayoutTests
Unreviewed, rolling out r152968.
http://trac.webkit.org/changeset/152968
https://bugs.webkit.org/show_bug.cgi?id=118975
"I forgot to add a test" (Requested by abucur on #webkit).
- fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.html: Removed.
- fast/regions/percentage-margins-mixed-ltr-dominant-regions.html:
- fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.html: Removed.
- fast/regions/percentage-margins-mixed-rtl-dominant-regions.html:
- fast/regions/percentage-margins-rtl-variable-width-regions-expected.html: Removed.
- fast/regions/percentage-margins-rtl-variable-width-regions.html:
- platform/efl/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Added.
- platform/efl/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Added.
- platform/efl/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Added.
- platform/efl/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Added.
- platform/efl/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Added.
- platform/efl/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Added.
- platform/efl/fast/regions/percentage-margins-variable-width-regions-expected.png: Added.
- platform/efl/fast/regions/percentage-margins-variable-width-regions-expected.txt: Added.
- platform/gtk/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Added.
- platform/gtk/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Added.
- platform/gtk/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Added.
- platform/gtk/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Added.
- platform/gtk/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Added.
- platform/gtk/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Added.
- platform/gtk/fast/regions/percentage-margins-variable-width-regions-expected.png: Added.
- platform/gtk/fast/regions/percentage-margins-variable-width-regions-expected.txt: Added.
- platform/mac/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Added.
- platform/mac/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Added.
- platform/mac/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Added.
- platform/mac/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Added.
- platform/mac/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Added.
- platform/mac/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Added.
- platform/qt/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Added.
- platform/qt/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Added.
- platform/qt/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Added.
- platform/qt/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Added.
- platform/qt/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Added.
- platform/qt/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Added.
- platform/qt/fast/regions/percentage-margins-variable-width-regions-expected.png: Added.
- platform/qt/fast/regions/percentage-margins-variable-width-regions-expected.txt: Added.
- 11:06 AM Changeset in webkit [152980] by
-
- 2 edits in trunk/Source/WebCore
[BlackBerry] Fix WebGL to a 2D canvas copies.
https://bugs.webkit.org/show_bug.cgi?id=118921
https://jira.bbqnx.net/browse/BRWSR-12714
JIRA 449577
Patch by Jakob Petsovits <jpetsovits@blackberry.com> on 2013-07-22
Reviewed by George Staikos.
The transform here was converted incorrectly when it
replaced the pixel copy that was there before.
As a true draw transformation, it doesn't need the "- 1"
modification that pixel copies often require.
Fixes existing webgl/conformance/canvas tests.
- platform/graphics/blackberry/GraphicsContext3DBlackBerry.cpp:
(WebCore::GraphicsContext3D::paintToCanvas):
- 10:05 AM Changeset in webkit [152979] by
-
- 3 edits in trunk/Source/WebInspectorUI
Web Inspector: When right-clicking on a DataGrid column, show editing
menu option as "Edit <columnName>" instead of just "Edit"
https://bugs.webkit.org/show_bug.cgi?id=118970
Patch by Diego Pino Garcia <Diego Pino Garcia> on 2013-07-22
Reviewed by Timothy Hatcher.
- Localizations/en.lproj/localizedStrings.js: Add literal "Edit '%s'"
- UserInterface/DataGrid.js: Change "Edit" for "Edit <columnTitle>"
(WebInspector.DataGrid.prototype._contextMenuInDataTable):
- 10:04 AM Changeset in webkit [152978] by
-
- 2 edits in trunk/LayoutTests
Unreviewed gardening of AppleWin port. Skip some crashing tests.
- platform/win/TestExpectations:
- 9:39 AM Changeset in webkit [152977] by
-
- 1 edit2 adds in trunk/LayoutTests
[GTK] Unreviewed gardening. Added baselines needed after r110542.
- platform/gtk/fast/forms/label/labelable-elements-expected.txt: Added.
- 9:35 AM Changeset in webkit [152976] by
-
- 6 edits in trunk/Source
[Curl] Download fails for certain urls.
https://bugs.webkit.org/show_bug.cgi?id=118468
Patch by peavo@outlook.com <peavo@outlook.com> on 2013-07-22
Reviewed by Brent Fulgham.
Source/WebCore:
The current Curl download implementation has a few shortcomings:
1) Downloading from secure locations fails. We need to provide Curl with the path to a certificate file (.pem file).
2) Cookies are not set in the download request. We need to give Curl the path to the cookie file.
3) When a normal load is converted to a download, some of the headers from the original request is not sent (e.g. Referer, User agent).
- platform/network/curl/CurlDownload.cpp:
(WebCore::CurlDownload::CurlDownload): Initialize custom headers member.
(WebCore::CurlDownload::~CurlDownload): Free custom headers member.
(WebCore::CurlDownload::init): Set certificate and cookie file path.
(WebCore::CurlDownload::closeFile): Check file handle against value for invalid platform handle.
(WebCore::CurlDownload::writeDataToFile): Added utility method to write download data to file.
(WebCore::CurlDownload::addHeaders): Added utility method to add headers to request.
(WebCore::CurlDownload::didReceiveData): Use writeDataToFile utility method.
- platform/network/curl/CurlDownload.h:
Put class in WebCore namespace.
Added method to init download from resource handle, request, and response object.
Added utility method to write download data to file.
Added utility method to add headers to request.
Added custom headers member.
Source/WebKit/win:
Initialize download from provided resource handle, request, and response object.
- WebDownload.h: Use WebCore namespace for Curl download class.
- WebDownloadCurl.cpp:
(WebDownload::init): Initialize download from provided resource handle, request, and response object.
- 9:26 AM Changeset in webkit [152975] by
-
- 4 edits in trunk/Source/WebCore
[iOS] captions sometimes positioned incorrectly after fullscreen state change
https://bugs.webkit.org/show_bug.cgi?id=118912
Reviewed by Jer Noble.
- html/shadow/MediaControlElements.cpp:
(WebCore::MediaControlTextTrackContainerElement::updateDisplay): Call clearTextTrackRepresentation.
(WebCore::MediaControlTextTrackContainerElement::updateTimerFired): Call updateDisplay so
cues are re-rendered with the updated size.
(WebCore::MediaControlTextTrackContainerElement::clearTextTrackRepresentation): Cleanup the
text track representation.
(WebCore::MediaControlTextTrackContainerElement::enteredFullscreen): New, force cues to be updated.
(WebCore::MediaControlTextTrackContainerElement::exitedFullscreen): Ditto.
- html/shadow/MediaControlElements.h:
- html/shadow/MediaControls.cpp:
(WebCore::MediaControls::enteredFullscreen): Call MediaControlTextTrackContainerElement::enteredFullscreen.
(WebCore::MediaControls::exitedFullscreen): Call MediaControlTextTrackContainerElement::exitedFullscreen.
- 9:23 AM Changeset in webkit [152974] by
-
- 2 edits in trunk/LayoutTests
[Qt] Unreviewed gardening. Rebase after r152814.
Patch by Gabor Abraham <abrhm@inf.u-szeged.hu> on 2013-07-22
- platform/qt-5.0-wk1/http/tests/security/contentSecurityPolicy/object-src-none-allowed-expected.txt:
- 9:23 AM Changeset in webkit [152973] by
-
- 2 edits in trunk/Source/WTF
[Windows] Unreviewed build fix.
- WTF.vcxproj/WTFGenerated.make: Stop triggering a "Build All" when things have not changed.
- 9:19 AM Changeset in webkit [152972] by
-
- 1 edit17 adds in trunk/LayoutTests
Unreviewed gardening. Added new baselines for GTK+ after r152911.
- platform/gtk/fast/multicol/pagination/BottomToTop-bt-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/BottomToTop-lr-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/BottomToTop-rl-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/BottomToTop-tb-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/LeftToRight-bt-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/LeftToRight-lr-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/LeftToRight-rl-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/LeftToRight-tb-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/RightToLeft-bt-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/RightToLeft-lr-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/RightToLeft-rl-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/RightToLeft-tb-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/TopToBottom-bt-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/TopToBottom-lr-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/TopToBottom-rl-expected.txt: Added.
- platform/gtk/fast/multicol/pagination/TopToBottom-tb-expected.txt: Added.
- 9:10 AM Changeset in webkit [152971] by
-
- 1 edit8 adds in trunk/LayoutTests
Unreviewed gardening. Added baselines for GTK+ related to subpixel layout.
- platform/gtk/editing/selection/mixed-editability-10-expected.txt: Added.
- platform/gtk/svg/W3C-SVG-1.1/animate-elem-22-b-expected.txt: Added.
- platform/gtk/svg/W3C-SVG-1.1/animate-elem-23-t-expected.txt: Added.
- platform/gtk/svg/W3C-SVG-1.1/coords-units-03-b-expected.txt: Added.
- platform/gtk/svg/W3C-SVG-1.1/filters-comptran-01-b-expected.txt: Added.
- platform/gtk/svg/W3C-SVG-1.1/filters-example-01-b-expected.txt: Added.
- platform/gtk/svg/custom/pattern-with-transformation-expected.txt: Added.
- platform/gtk/svg/text/text-midpoint-split-bug-expected.txt: Added.
- 8:01 AM Changeset in webkit [152970] by
-
- 1 edit2 adds in trunk/LayoutTests
Unreviewed gardening. Added needed baselines for GTK after r149088.
- platform/gtk/editing/selection/5825350-1-expected.txt: Added.
- platform/gtk/editing/selection/5825350-2-expected.txt: Added.
- 7:04 AM Changeset in webkit [152969] by
-
- 2 edits in trunk/Source/WebCore
[Qt][WK1] Support direct painting without GraphicsSurface
https://bugs.webkit.org/show_bug.cgi?id=118302
Reviewed by Jocelyn Turcotte.
Configure the WebGL OpenGL context to share texture with
the HostWindow OpenGL if available, and paint accelerated
using the the now shared textures.
This should return the performance without GraphicsSurface
on the WK1 code path to what it was before r135995 (28/11 2012).
- platform/graphics/qt/GraphicsContext3DQt.cpp:
(WebCore::GraphicsContext3DPrivate::GraphicsContext3DPrivate):
(WebCore::GraphicsContext3DPrivate::paintToTextureMapper):
- 7:02 AM Changeset in webkit [152968] by
-
- 4 edits3 adds30 deletes in trunk/LayoutTests
[CSS Regions] Convert percentage-margins-* tests to ref-tests
https://bugs.webkit.org/show_bug.cgi?id=118723
Reviewed by Andreas Kling.
The patch converts the percentage margins tests for regions in ref tests.
- fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.html: Added.
- fast/regions/percentage-margins-mixed-ltr-dominant-regions.html:
- fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.html: Added.
- fast/regions/percentage-margins-mixed-rtl-dominant-regions.html:
- fast/regions/percentage-margins-rtl-variable-width-regions-expected.html: Added.
- fast/regions/percentage-margins-rtl-variable-width-regions.html:
- platform/efl/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Removed.
- platform/efl/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Removed.
- platform/efl/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Removed.
- platform/efl/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Removed.
- platform/efl/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Removed.
- platform/efl/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Removed.
- platform/efl/fast/regions/percentage-margins-variable-width-regions-expected.png: Removed.
- platform/efl/fast/regions/percentage-margins-variable-width-regions-expected.txt: Removed.
- platform/gtk/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Removed.
- platform/gtk/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Removed.
- platform/gtk/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Removed.
- platform/gtk/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Removed.
- platform/gtk/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Removed.
- platform/gtk/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Removed.
- platform/gtk/fast/regions/percentage-margins-variable-width-regions-expected.png: Removed.
- platform/gtk/fast/regions/percentage-margins-variable-width-regions-expected.txt: Removed.
- platform/mac/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Removed.
- platform/mac/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Removed.
- platform/mac/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Removed.
- platform/mac/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Removed.
- platform/mac/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Removed.
- platform/mac/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Removed.
- platform/qt/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.png: Removed.
- platform/qt/fast/regions/percentage-margins-mixed-ltr-dominant-regions-expected.txt: Removed.
- platform/qt/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.png: Removed.
- platform/qt/fast/regions/percentage-margins-mixed-rtl-dominant-regions-expected.txt: Removed.
- platform/qt/fast/regions/percentage-margins-rtl-variable-width-regions-expected.png: Removed.
- platform/qt/fast/regions/percentage-margins-rtl-variable-width-regions-expected.txt: Removed.
- platform/qt/fast/regions/percentage-margins-variable-width-regions-expected.png: Removed.
- platform/qt/fast/regions/percentage-margins-variable-width-regions-expected.txt: Removed.
- 6:39 AM Changeset in webkit [152967] by
-
- 2 edits in trunk/LayoutTests
Unreviewed gardening. Add accesibility/lists.html as 'Missing' expectation.
- platform/gtk/TestExpectations: Added test.
- 6:21 AM Changeset in webkit [152966] by
-
- 3 edits in trunk/LayoutTests
[Qt] Unreviewed gardening. Skipping failing tests.
Patch by Gabor Abraham <abrhm@inf.u-szeged.hu> on 2013-07-22
- platform/qt-5.0-wk1/TestExpectations:
- platform/qt/TestExpectations:
- 6:15 AM Changeset in webkit [152965] by
-
- 2 edits in trunk/LayoutTests
[GTK] Regression: Multiple tests fail after r152701 changed how unavailable plugins are handled
https://bugs.webkit.org/show_bug.cgi?id=118730
Unreviewed GTK gardening. Unskip tests no longer failing.
Changes from r152701 were reverted in r152814 and later reworked in r152824,
so the tests no longer fail.
Patch by Simon Pena <simon.pena@samsung.com> on 2013-07-22
- platform/gtk/TestExpectations:
- 6:03 AM Changeset in webkit [152964] by
-
- 3 edits in trunk/LayoutTests
Unreviewed gardening. Update test expectations for GTK.
- platform/gtk/accessibility/aria-option-role-expected.txt: Update
expectations to match those from EFL.
- platform/gtk/TestExpectations: Removed test from failures expectations,
now it's running as expected.
- 5:08 AM Changeset in webkit [152963] by
-
- 8 edits in trunk/Source/WebCore
Introduce toSVGUseElement(), use it
https://bugs.webkit.org/show_bug.cgi?id=118942
Reviewed by Allan Sandfeld Jensen.
As a step to change static_cast with toSVGXXX, static_cast<SVGUseElement*> can
be changed with toSVGUseElement().
No new tests, no behavior change.
- dom/EventRetargeter.h:
(WebCore::EventRetargeter::eventTargetRespectingTargetRules):
- page/EventHandler.cpp:
(WebCore::instanceAssociatedWithShadowTreeElement):
- rendering/svg/RenderSVGResourceClipper.cpp:
(WebCore::RenderSVGResourceClipper::drawContentIntoMaskImage):
- rendering/svg/RenderSVGTransformableContainer.cpp:
(WebCore::RenderSVGTransformableContainer::calculateLocalTransform):
- svg/SVGStyledElement.cpp:
(WebCore::SVGStyledElement::title):
- svg/SVGUseElement.cpp:
(WebCore::dumpInstanceTree):
(WebCore::SVGUseElement::buildInstanceTree):
(WebCore::SVGUseElement::expandUseElementsInShadowTree):
- svg/SVGUseElement.h:
(WebCore::toSVGUseElement):
- 5:07 AM Changeset in webkit [152962] by
-
- 9 edits in trunk/Source/WebCore
Use toSVGPathElement() instead of static_cast<>
https://bugs.webkit.org/show_bug.cgi?id=118960
Reviewed by Allan Sandfeld Jensen.
Though there is toSVGPathElement(), some files still use static_cast<SVGPathElement*>.
To remove all static_cast<> use, we need to change argument from SVGElement to Element.
Merge from https://src.chromium.org/viewvc/blink?view=rev&revision=154621
No new tests, no behavior change.
- rendering/svg/RenderSVGTextPath.cpp:
(WebCore::RenderSVGTextPath::layoutPath):
- rendering/svg/SVGPathData.cpp:
(WebCore::updatePathFromPathElement):
- rendering/svg/SVGRenderTreeAsText.cpp:
(WebCore::operator<<):
- svg/SVGMPathElement.cpp:
(WebCore::SVGMPathElement::pathElement):
- svg/SVGPathElement.h:
(WebCore::toSVGPathElement):
- svg/SVGPathSegList.cpp:
(WebCore::SVGPathSegList::commitChange):
- svg/properties/SVGAnimatedPathSegListPropertyTearOff.h:
(WebCore::SVGAnimatedPathSegListPropertyTearOff::animValDidChange):
- svg/properties/SVGPathSegListPropertyTearOff.cpp:
(WebCore::SVGPathSegListPropertyTearOff::contextElement):
- 4:44 AM Changeset in webkit [152961] by
-
- 2 edits in trunk/Source/WebCore
[Qt] Implement more of DOM3 KeyEvent key-identifiers
https://bugs.webkit.org/show_bug.cgi?id=118566
Reviewed by Jocelyn Turcotte.
Implemented as many of the key values from http://www.w3.org/TR/DOM-Level-3-Events/#key-values-list
as Qt keycodes support.
Also corrected the mapping of the Menu key, which was confused because MENU
is also the ancient Microsoft speak for the Alt keys.
- platform/qt/PlatformKeyboardEventQt.cpp:
(WebCore::keyIdentifierForQtKeyCode):
- 1:46 AM Changeset in webkit [152960] by
-
- 2 edits1 move2 adds1 delete in trunk/LayoutTests
[Qt] Unreviewed gardening. Update platform specific expectations.
- platform/qt-5.0-wk1/fast/loader/show-only-one-beforeunload-dialog-expected.txt: Added after r152941.
- platform/qt-5.0-wk1/http/tests/misc/iframe-beforeunload-dialog-matching-ancestor-securityorigin-expected.txt: Added after r152941.
- platform/qt-5.0-wk2/fast/multicol/shrink-to-column-height-for-pagination-expected.png: Removed.
- platform/qt/fast/multicol/shrink-to-column-height-for-pagination-expected.png: Added after r152911.
- platform/qt/fast/multicol/shrink-to-column-height-for-pagination-expected.txt: Renamed from LayoutTests/platform/qt-5.0-wk2/fast/multicol/shrink-to-column-height-for-pagination-expected.txt.
Jul 21, 2013:
- 9:04 PM Changeset in webkit [152959] by
-
- 5 edits6 adds in branches/dfgFourthTier/Source
fourthTier: DFG Nodes should be able to abstractly tell you what they read and what they write
https://bugs.webkit.org/show_bug.cgi?id=118910
Source/JavaScriptCore:
Reviewed by Sam Weinig.
Add the notion of AbstractHeap to the DFG. This is analogous to the AbstractHeap in
the FTL, except that the FTL's AbstractHeaps are used during LLVM lowering and are
engineered to obey LLVM TBAA logic. The FTL's AbstractHeaps are also engineered to
be inexpensive to use (they just give you a TBAA node) but expensive to create (you
create them all up front). FTL AbstractHeaps also don't actually give you the
ability to reason about aliasing; they are *just* a mechanism for lowering to TBAA.
The DFG's AbstractHeaps are engineered to be both cheap to create and cheap to use.
They also give you aliasing machinery. The DFG AbstractHeaps are represented
internally by a int64_t. Many comparisons between them are just integer comaprisons.
AbstractHeaps form a three-level hierarchy (World is the supertype of everything,
Kind with a TOP payload is a direct subtype of World, and Kind with a non-TOP
payload is the direct subtype of its corresponding TOP Kind).
Add the notion of a ClobberSet. This is the set of AbstractHeaps that you had
clobbered. It represents the set that results from unifying a bunch of
AbstractHeaps, and is intended to quickly answer overlap questions: does the given
AbstractHeap overlap any AbstractHeap in the ClobberSet? To this end, if you add an
AbstractHeap to a set, it "directly" adds the heap itself, and "super" adds all of
its ancestors. An AbstractHeap is said to overlap a set if any direct or super
member is equal to it, or if any of its ancestors are equal to a direct member.
Example #1:
- I add Variables(5). I.e. Variables is the Kind and 5 is the payload. This is a subtype of Variables, which is a subtype of World.
- You query Variables. I.e. Variables with a TOP payload, which is the supertype of Variables(X) for any X, and a subtype of World.
The set will have Variables(5) as a direct member, and Variables and World as
super members. The Variables query will immediately return true, because
Variables is indeed a super member.
Example #2:
- I add Variables(5)
- You query NamedProperties
NamedProperties is not a member at all (neither direct or super). We next
query World. World is a member, but it's a super member, so we return false.
Example #3:
- I add Variables
- You query Variables(5)
The set will have Variables as a direct member, and World as a super member.
The Variables(5) query will not find Variables(5) in the set, but then it
will query Variables. Variables is a direct member, so we return true.
Example #4:
- I add Variables
- You query NamedProperties(5)
Neither NamedProperties nor NamedProperties(5) are members. We next query
World. World is a member, but it's a super member, so we return false.
Overlap queries require that either the heap being queried is in the set (either
direct or super), or that one of its ancestors is a direct member. Another way to
think about how this works is that two heaps A and B are said to overlap if
A.isSubtypeOf(B) or B.isSubtypeOf(A). This is sound since heaps form a
single-inheritance heirarchy. Consider that we wanted to implement a set that holds
heaps and answers the question, "is any member in the set an ancestor (i.e.
supertype) of some other heap". We would have the set contain the heaps themselves,
and we would satisfy the query "A.isSubtypeOfAny(set)" by walking the ancestor
chain of A, and repeatedly querying its membership in the set. This is what the
"direct" members of our set do. Now consider the other part, where we want to ask if
any member of the set is a descendent of a heap, or "A.isSupertypeOfAny(set)". We
would implement this by implementing set.add(B) as adding not just B but also all of
B's ancestors; then we would answer A.isSupertypeOfAny(set) by just checking if A is
in the set. With two such sets - one that answers isSubtypeOfAny() and another that
answers isSupertypeOfAny() - we could answer the "do any of my heaps overlap your
heap" question. ClobberSet does this, but combines the two sets into a single
HashMap. The HashMap's value, "direct", means that the key is a member of both the
supertype set and the subtype set; if it's false then it's only a member of one of
them.
Finally, this adds a functorized clobberize() method that adds the read and write
clobbers of a DFG::Node to read and write functors. Common functors for adding to
ClobberSets, querying overlap, and doing nothing are provided. Convenient wrappers
are also provided. This allows you to say things like:
ClobberSet set;
addWrites(graph, node1, set);
if (readsOverlap(graph, node2, set))
We know that node1 may write to something that node2 may read from.
Currently this facility is only used to improve graph dumping, but it will be
instrumental in both LICM and GVN. In the future, I want to completely kill the
NodeClobbersWorld and NodeMightClobber flags, and eradicate CSEPhase's hackish way
of accomplishing almost exactly what AbstractHeap gives you.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGAbstractHeap.cpp: Added.
(DFG):
(JSC::DFG::AbstractHeap::Payload::dump):
(JSC::DFG::AbstractHeap::dump):
(WTF):
(WTF::printInternal):
- dfg/DFGAbstractHeap.h: Added.
(DFG):
(AbstractHeap):
(Payload):
(JSC::DFG::AbstractHeap::Payload::Payload):
(JSC::DFG::AbstractHeap::Payload::top):
(JSC::DFG::AbstractHeap::Payload::isTop):
(JSC::DFG::AbstractHeap::Payload::value):
(JSC::DFG::AbstractHeap::Payload::valueImpl):
(JSC::DFG::AbstractHeap::Payload::operator==):
(JSC::DFG::AbstractHeap::Payload::operator!=):
(JSC::DFG::AbstractHeap::Payload::operator<):
(JSC::DFG::AbstractHeap::Payload::isDisjoint):
(JSC::DFG::AbstractHeap::Payload::overlaps):
(JSC::DFG::AbstractHeap::AbstractHeap):
(JSC::DFG::AbstractHeap::operator!):
(JSC::DFG::AbstractHeap::kind):
(JSC::DFG::AbstractHeap::payload):
(JSC::DFG::AbstractHeap::isDisjoint):
(JSC::DFG::AbstractHeap::overlaps):
(JSC::DFG::AbstractHeap::supertype):
(JSC::DFG::AbstractHeap::hash):
(JSC::DFG::AbstractHeap::operator==):
(JSC::DFG::AbstractHeap::operator!=):
(JSC::DFG::AbstractHeap::operator<):
(JSC::DFG::AbstractHeap::isHashTableDeletedValue):
(JSC::DFG::AbstractHeap::payloadImpl):
(JSC::DFG::AbstractHeap::encode):
(JSC::DFG::AbstractHeapHash::hash):
(JSC::DFG::AbstractHeapHash::equal):
(AbstractHeapHash):
(WTF):
- dfg/DFGClobberSet.cpp: Added.
(DFG):
(JSC::DFG::ClobberSet::ClobberSet):
(JSC::DFG::ClobberSet::~ClobberSet):
(JSC::DFG::ClobberSet::add):
(JSC::DFG::ClobberSet::addAll):
(JSC::DFG::ClobberSet::contains):
(JSC::DFG::ClobberSet::overlaps):
(JSC::DFG::ClobberSet::clear):
(JSC::DFG::ClobberSet::direct):
(JSC::DFG::ClobberSet::super):
(JSC::DFG::ClobberSet::dump):
(JSC::DFG::ClobberSet::setOf):
(JSC::DFG::addReads):
(JSC::DFG::addWrites):
(JSC::DFG::addReadsAndWrites):
(JSC::DFG::readsOverlap):
(JSC::DFG::writesOverlap):
- dfg/DFGClobberSet.h: Added.
(DFG):
(ClobberSet):
(JSC::DFG::ClobberSet::isEmpty):
(ClobberSetAdd):
(JSC::DFG::ClobberSetAdd::ClobberSetAdd):
(JSC::DFG::ClobberSetAdd::operator()):
(ClobberSetOverlaps):
(JSC::DFG::ClobberSetOverlaps::ClobberSetOverlaps):
(JSC::DFG::ClobberSetOverlaps::operator()):
(JSC::DFG::ClobberSetOverlaps::result):
- dfg/DFGClobberize.cpp: Added.
(DFG):
(JSC::DFG::didWrites):
- dfg/DFGClobberize.h: Added.
(DFG):
(JSC::DFG::clobberize):
(NoOpClobberize):
(JSC::DFG::NoOpClobberize::NoOpClobberize):
(JSC::DFG::NoOpClobberize::operator()):
(CheckClobberize):
(JSC::DFG::CheckClobberize::CheckClobberize):
(JSC::DFG::CheckClobberize::operator()):
(JSC::DFG::CheckClobberize::result):
- dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
Source/WTF:
Reviewed by Sam Weinig.
Fix compile goof in sortedListDump().
- wtf/ListDump.h:
(WTF::sortedListDump):
- 8:57 PM Changeset in webkit [152958] by
-
- 4 edits in branches/dfgFourthTier/Source/JavaScriptCore
fourthTier: It should be easy to figure out which blocks nodes belong to
https://bugs.webkit.org/show_bug.cgi?id=118957
Reviewed by Sam Weinig.
- dfg/DFGGraph.cpp:
(DFG):
(JSC::DFG::Graph::initializeNodeOwners):
- dfg/DFGGraph.h:
(Graph):
- dfg/DFGNode.h:
- 8:36 PM Changeset in webkit [152957] by
-
- 18 edits in branches/dfgFourthTier/Source/JavaScriptCore
fourthTier: NodeExitsForward shouldn't be duplicated in NodeType
https://bugs.webkit.org/show_bug.cgi?id=118956
Reviewed by Sam Weinig.
We had two way of expressing that something exits forward: the NodeExitsForward
flag and the word 'Forward' in the NodeType. That's kind of dumb. This patch
makes it just be a flag.
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
- dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::int32ToDoubleCSE):
(JSC::DFG::CSEPhase::checkStructureElimination):
(JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
(JSC::DFG::CSEPhase::putStructureStoreElimination):
(JSC::DFG::CSEPhase::checkArrayElimination):
(JSC::DFG::CSEPhase::performNodeCSE):
- dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
- dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::injectInt32ToDoubleNode):
- dfg/DFGMinifiedNode.h:
(JSC::DFG::belongsInMinifiedGraph):
(JSC::DFG::MinifiedNode::hasChild):
- dfg/DFGNode.h:
(JSC::DFG::Node::convertToStructureTransitionWatchpoint):
(JSC::DFG::Node::hasStructureSet):
(JSC::DFG::Node::hasStructure):
(JSC::DFG::Node::hasArrayMode):
(JSC::DFG::Node::willHaveCodeGenOrOSR):
- dfg/DFGNodeType.h:
(DFG):
(JSC::DFG::needsOSRForwardRewiring):
- dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
- dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileInt32ToDouble):
- dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
- dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::run):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):
- dfg/DFGVariableEventStream.cpp:
(JSC::DFG::VariableEventStream::reconstruct):
- ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
- 8:24 PM Changeset in webkit [152956] by
-
- 2 edits in trunk/Source/WebInspectorUI
Web Inspector: Cleanup InspectorFrontendHostStub.js
https://bugs.webkit.org/show_bug.cgi?id=118959
Patch by Seokju Kwon <Seokju Kwon> on 2013-07-21
Reviewed by Timothy Hatcher.
Remove some functions because we dont use on New Inspector.
- UserInterface/InspectorFrontendHostStub.js:
(.WebInspector.InspectorFrontendHostStub):
(.WebInspector.InspectorFrontendHostStub.prototype.save):
- 5:13 PM Changeset in webkit [152955] by
-
- 7 edits in trunk/Source/WebCore
Introduce toSVGGradientElement(), use it
https://bugs.webkit.org/show_bug.cgi?id=118943
Reviewed by Andreas Kling.
As a step to change static_cast with toSVGXXX, static_cast<SVGGradientElement*> can
be changed with toSVGGradientElement().
No new tests, no behavior change.
- rendering/svg/RenderSVGGradientStop.cpp:
(WebCore::RenderSVGGradientStop::gradientElement):
- rendering/svg/RenderSVGResourceGradient.cpp:
(WebCore::RenderSVGResourceGradient::applyResource):
- rendering/svg/SVGResources.cpp:
(WebCore::targetReferenceFromResource):
- svg/SVGGradientElement.h:
(WebCore::toSVGGradientElement):
- svg/SVGLinearGradientElement.cpp:
(WebCore::SVGLinearGradientElement::collectGradientAttributes):
- svg/SVGRadialGradientElement.cpp:
(WebCore::SVGRadialGradientElement::collectGradientAttributes):
- 4:42 PM Changeset in webkit [152954] by
-
- 10 edits in branches/dfgFourthTier/Source/JavaScriptCore
fourthTier: It should be possible for a DFG::Node to claim to exit to one CodeOrigin, but then claim that it belongs to a different CodeOrigin for all other purposes
https://bugs.webkit.org/show_bug.cgi?id=118946
Reviewed by Geoffrey Garen.
We want to decouple the exit target code origin of a node from the code origin
for all other purposes. The purposes of code origins are:
- Where the node will exit, if it exits. The exit target should be consistent with the surrounding nodes, in that if you just looked at the code origins of nodes in the graph, they would be consistent with the code origins in bytecode. This is necessary for live-at-bytecode analyses to work, and to preserve the original bytecode semantics when exiting.
- What kind of code the node came from, for semantics thingies. For example, we might use the code origin to find the node's global object for doing an original array check. Or we might use it to determine if the code is in strict mode. Or other similar things. When we use the code origin in this way, we're basically using it as a way of describing the node's meta-data without putting it into the node directly, to save space. In the absurd extreme you could imagine nodes not even having NodeTypes or NodeFlags, and just using the CodeOrigin to determine what bytecode the node originated from. We won't do that, but you can think of this use of code origins as just a way of compressing meta-data.
- What code origin we should supply profiling to, if we exit. This is closely related to the semantics thingies, in that the exit profiling is a persistent kind of semantic meta-data that survives between recompiles, and the only way to do that is to ascribe it to the original bytecode via the code origin.
If we hoist a node, we need to change the exit target code origin, but we must not
change the code origin for other purposes. The best way to do this is to decouple
the two kinds of code origin.
OSR exit data structures already do this, because they may edit the exit target
code origin while keeping the code origin for profiling intact. This happens for
forward exits. So, we just need to thread separation all the way back to DFG::Node.
That's what this patch does.
- dfg/DFGNode.h:
(JSC::DFG::Node::Node):
(Node):
- dfg/DFGOSRExit.cpp:
(JSC::DFG::OSRExit::OSRExit):
- dfg/DFGOSRExitBase.h:
(JSC::DFG::OSRExitBase::OSRExitBase):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::checkArgumentTypes):
- dfg/DFGSpeculativeJIT.h:
(SpeculativeJIT):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(LowerDFGToLLVM):
- ftl/FTLOSRExit.cpp:
(JSC::FTL::OSRExit::OSRExit):
- ftl/FTLOSRExit.h:
(OSRExit):
- 2:44 PM Changeset in webkit [152953] by
-
- 6 edits1 add in branches/dfgFourthTier/Source/JavaScriptCore
fourthTier: each DFG node that relies on other nodes to do their type checks should be able to tell you if those type checks happened
https://bugs.webkit.org/show_bug.cgi?id=118866
Reviewed by Sam Weinig.
Adds a safeToExecute() method that takes a node and an abstract state and tells you
if the node will run without crashing under that state.
- JavaScriptCore.xcodeproj/project.pbxproj:
- bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
- dfg/DFGCFAPhase.cpp:
(CFAPhase):
(JSC::DFG::CFAPhase::CFAPhase):
(JSC::DFG::CFAPhase::run):
(JSC::DFG::CFAPhase::performBlockCFA):
(JSC::DFG::CFAPhase::performForwardCFA):
- dfg/DFGSafeToExecute.h: Added.
(DFG):
(SafeToExecuteEdge):
(JSC::DFG::SafeToExecuteEdge::SafeToExecuteEdge):
(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::SafeToExecuteEdge::result):
(JSC::DFG::safeToExecute):
- dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::isValidOffset):
(StructureAbstractValue):
- runtime/Options.h:
(JSC):
- 2:28 PM Changeset in webkit [152952] by
-
- 9 edits3 adds in branches/dfgFourthTier
fourthTier: FTL should be able to generate LLVM IR that uses an intrinsic for OSR exit
https://bugs.webkit.org/show_bug.cgi?id=118948
Source/JavaScriptCore:
Reviewed by Sam Weinig.
- Add the ability to generate LLVM IR but then not use it, via --llvmAlwaysFails=true. This allows doing "what if" experiments with IR generation, even if the generated IR can't yet execute.
- Add an OSR exit path that just calls an intrinsic that combines the branch and the off-ramp.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
- ftl/FTLFail.cpp: Added.
(FTL):
(JSC::FTL::fail):
- ftl/FTLFail.h: Added.
(FTL):
- ftl/FTLIntrinsicRepository.h:
(FTL):
- ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
- runtime/Options.h:
(JSC):
Tools:
Reviewed by Sam Weinig.
- Make ReducedFTL capable of dealing with code that uses the fake OSR exit intrinsic, by exporting it as a function.
- Make combineModules.rb idempotent. Sometimes it's convenient to run a file through it even if you know that you've already done so. See processIRDump.sh.
- Add a script, processIRDump.sh, that takes the output of --dumpLLVMIR=true and runs it through ReducedFTL automatically. You typically want to say something like:
jsc --dumpLLVMIR=true <program(s)> > jsc-output.txt
./processIRDump.sh --timing < jsc-output.txt
- ReducedFTL/ReducedFTL.c:
(webkit_osr_exit):
- ReducedFTL/combineModules.rb:
- ReducedFTL/processIRDump.sh: Added.
- 12:05 PM Changeset in webkit [152951] by
-
- 4 edits in trunk
KURL creates duplicate strings when completing data: URIs.
<http://webkit.org/b/118952>
<rdar://problem/14504480>
Reviewed by Anders Carlsson.
Source/WebCore:
When checking if the original URL input string can be reused, compare against the part
of the parsing buffer that we would actually return, not the entire buffer.
632 kB progression on <http://www.nytimes.com/>
Test: KURLTest.KURLDataURIStringSharing
- platform/KURL.cpp:
(WebCore::KURL::parse):
Tools:
- TestWebKitAPI/Tests/WebCore/KURL.cpp:
(TestWebKitAPI::TEST_F):
- 11:55 AM Changeset in webkit [152950] by
-
- 2 edits in trunk/Source/WebKit2
Java Updater not launched on Lion and Mountain Lion
https://bugs.webkit.org/show_bug.cgi?id=118953
<rdar://problem/14496721>
Reviewed by Sam Weinig.
On Lion and Mountain Lion, -[NSURL isEqual:] will return NO for two file URLs if one of
them has "localhost" specified, even if the paths are otherwise equal. Work around this by
comparing the paths directly.
- UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
(WebKit::isJavaUpdaterURL):
Jul 20, 2013:
- 6:45 PM Changeset in webkit [152949] by
-
- 2 edits1 delete in trunk/Source/JavaScriptCore
[Windows] Remove unneeded custom stdint.h now that we build on VS2010.
https://bugs.webkit.org/show_bug.cgi?id=118868.
Reviewed by Anders Carlsson.
- os-win32/stdint.h: Removed.
- GNUmakefile.list.am: Removed reference to os-win32/stdint.h
- 6:02 PM Changeset in webkit [152948] by
-
- 6 edits in trunk/Source/WebCore
Add ASCIILiteral() on strings allocated often enough to appear in my Instruments
https://bugs.webkit.org/show_bug.cgi?id=118937
Reviewed by Alexey Proskuryakov.
- html/BaseCheckableInputType.cpp:
(WebCore::BaseCheckableInputType::saveFormControlState):
(WebCore::BaseCheckableInputType::fallbackValue):
- html/HTMLTextFormControlElement.cpp:
(WebCore::HTMLTextFormControlElement::updatePlaceholderVisibility):
- inspector/InspectorApplicationCacheAgent.cpp:
(WebCore::InspectorApplicationCacheAgent::InspectorApplicationCacheAgent):
- loader/cache/CachedScript.cpp:
(WebCore::CachedScript::CachedScript):
- platform/network/ResourceRequestBase.h:
(WebCore::ResourceRequestBase::ResourceRequestBase):
- 5:31 PM Changeset in webkit [152947] by
-
- 2 edits in branches/dfgFourthTier/Tools
fourthTier: We should use the no-asserts build of LLVM if that's what the user configured
https://bugs.webkit.org/show_bug.cgi?id=118947
Reviewed by Dan Bernstein.
- Scripts/copy-webkitlibraries-to-product-directory:
- 3:23 PM Changeset in webkit [152946] by
-
- 43 edits1 move3 adds77 deletes in trunk/Source
Updated ANGLE is leaking like a sieve
https://bugs.webkit.org/show_bug.cgi?id=118939
Rollout 152863, r152821, r152929 and r152755.
Source/ThirdParty/ANGLE:
- ANGLE.plist:
- ANGLE.xcodeproj/project.pbxproj:
- DerivedSources.make: Removed.
- GNUmakefile.am:
- Target.pri:
- include/GLSLANG/ShaderLang.h:
- src/compiler/BaseTypes.h:
(getQualifierString):
- src/compiler/Common.h:
(EncodeSourceLoc):
(DecodeSourceLoc):
- src/compiler/Compiler.cpp:
(TCompiler::TCompiler):
(TCompiler::Init):
(TCompiler::compile):
(TCompiler::detectRecursion):
- src/compiler/ConstantUnion.h:
(ConstantUnion::ConstantUnion):
- src/compiler/DetectCallDepth.cpp: Removed.
- src/compiler/DetectRecursion.cpp: Added.
(DetectRecursion::FunctionNode::FunctionNode):
(DetectRecursion::FunctionNode::getName):
(DetectRecursion::FunctionNode::addCallee):
(DetectRecursion::FunctionNode::detectRecursion):
(DetectRecursion::DetectRecursion):
(DetectRecursion::~DetectRecursion):
(DetectRecursion::visitAggregate):
(DetectRecursion::detectRecursion):
(DetectRecursion::findFunctionByName):
- src/compiler/DetectRecursion.h: Renamed from Source/ThirdParty/ANGLE/src/compiler/DetectCallDepth.h.
- src/compiler/Diagnostics.cpp:
(TDiagnostics::writeInfo):
- src/compiler/ForLoopUnroll.cpp:
(ForLoopUnroll::evaluateIntConstant):
- src/compiler/InfoSink.cpp:
(TInfoSinkBase::prefix):
(TInfoSinkBase::location):
(TInfoSinkBase::message):
- src/compiler/InfoSink.h:
- src/compiler/Initialize.cpp:
(BuiltInFunctionsCommon):
(BuiltInFunctionsVertex):
(TBuiltIns::initialize):
(IdentifyBuiltIns):
(InitExtensionBehavior):
- src/compiler/Intermediate.cpp:
(TIntermediate::addSymbol):
(TIntermediate::addBinaryMath):
(TIntermediate::addAssign):
(TIntermediate::addIndex):
(TIntermediate::addUnaryMath):
(TIntermediate::setAggregateOperator):
(TIntermediate::addConversion):
(TIntermediate::growAggregate):
(TIntermediate::makeAggregate):
(TIntermediate::addSelection):
(TIntermediate::addComma):
(TIntermediate::addConstantUnion):
(TIntermediate::addSwizzle):
(TIntermediate::addLoop):
(TIntermediate::addBranch):
(TIntermUnary::promote):
(TIntermBinary::promote):
(CompareStruct):
(CompareStructure):
(TIntermConstantUnion::fold):
(TIntermediate::promoteConstantUnion):
- src/compiler/OutputGLSL.cpp:
(TOutputGLSL::writeVariablePrecision):
- src/compiler/OutputGLSL.h:
- src/compiler/OutputGLSLBase.cpp:
(TOutputGLSLBase::writeVariableType):
(TOutputGLSLBase::writeConstantUnion):
(TOutputGLSLBase::visitBinary):
(TOutputGLSLBase::visitAggregate):
(TOutputGLSLBase::getTypeName):
(TOutputGLSLBase::hashFunctionName):
- src/compiler/OutputGLSLBase.h:
- src/compiler/OutputHLSL.cpp:
(sh::OutputHLSL::OutputHLSL):
(sh::OutputHLSL::header):
(sh::OutputHLSL::visitSymbol):
(sh::OutputHLSL::visitBinary):
(sh::OutputHLSL::visitAggregate):
(sh::OutputHLSL::visitSelection):
(sh::OutputHLSL::visitLoop):
(sh::OutputHLSL::handleExcessiveLoop):
(sh::OutputHLSL::typeString):
(sh::OutputHLSL::initializer):
(sh::OutputHLSL::addConstructor):
(sh::OutputHLSL::writeConstantUnion):
(sh::OutputHLSL::decorateField):
- src/compiler/OutputHLSL.h:
- src/compiler/ParseHelper.cpp:
(TParseContext::parseVectorFields):
(TParseContext::parseMatrixFields):
(TParseContext::error):
(TParseContext::warning):
(TParseContext::assignError):
(TParseContext::unaryOpError):
(TParseContext::binaryOpError):
(TParseContext::precisionErrorCheck):
(TParseContext::lValueErrorCheck):
(TParseContext::globalErrorCheck):
(TParseContext::reservedErrorCheck):
(TParseContext::constructorErrorCheck):
(TParseContext::voidErrorCheck):
(TParseContext::boolErrorCheck):
(TParseContext::samplerErrorCheck):
(TParseContext::structQualifierErrorCheck):
(TParseContext::parameterSamplerErrorCheck):
(TParseContext::containsSampler):
(TParseContext::arraySizeErrorCheck):
(TParseContext::arrayQualifierErrorCheck):
(TParseContext::arrayTypeErrorCheck):
(TParseContext::arrayErrorCheck):
(TParseContext::arraySetMaxSize):
(TParseContext::nonInitConstErrorCheck):
(TParseContext::nonInitErrorCheck):
(TParseContext::paramErrorCheck):
(TParseContext::extensionErrorCheck):
(TParseContext::handleExtensionDirective):
(TParseContext::handlePragmaDirective):
(TParseContext::findFunction):
(TParseContext::executeInitializer):
(TParseContext::addConstructor):
(TParseContext::constructBuiltIn):
(TParseContext::constructStruct):
(TParseContext::addConstVectorNode):
(TParseContext::addConstMatrixNode):
(TParseContext::addConstArrayNode):
(TParseContext::addConstStruct):
(TParseContext::enterStructDeclaration):
(TParseContext::structNestingErrorCheck):
- src/compiler/ParseHelper.h:
(TParseContext::TParseContext):
(TParseContext::pragma):
- src/compiler/PoolAlloc.cpp:
(TPoolAllocator::allocate):
- src/compiler/ShHandle.h:
- src/compiler/ShaderLang.cpp:
(ShInitBuiltInResources):
- src/compiler/SymbolTable.cpp:
(TType::TType):
(TType::buildMangledName):
(TType::getStructSize):
(TType::computeDeepestStructNesting):
(TType::isStructureContainingArrays):
(TSymbolTableLevel::relateToExtension):
(TSymbol::TSymbol):
(TVariable::TVariable):
(TVariable::clone):
(TFunction::TFunction):
(TFunction::clone):
(TSymbolTableLevel::clone):
(TSymbolTable::copyTable):
- src/compiler/SymbolTable.h:
(TVariable::TVariable):
(TVariable::updateArrayInformationType):
(TVariable::getArrayInformationType):
(TParameter::copyParam):
(TFunction::relateToExtension):
(TFunction::getExtension):
- src/compiler/Types.h:
(NewPoolTTypeList):
(TType::TType):
(TType::copyType):
(TType::clone):
(TType::getObjectSize):
(TType::getMaxArraySize):
(TType::setMaxArraySize):
(TType::clearArrayness):
(TType::setArrayInformationType):
(TType::getArrayInformationType):
(TType::getStruct):
(TType::setStruct):
(TType::getTypeName):
(TType::setTypeName):
(TType::isField):
(TType::getFieldName):
(TType::setFieldName):
(TType::getMangledName):
(TType::getDeepestStructNesting):
(TPublicType::setBasic):
- src/compiler/VariableInfo.cpp:
(getUserDefinedVariableInfo):
- src/compiler/builtin_symbol_table.cpp: Removed.
- src/compiler/builtin_symbol_table.h: Removed.
- src/compiler/builtin_symbols.json: Removed.
- src/compiler/generate_builtin_symbol_table.py: Removed.
- src/compiler/glslang.l:
- src/compiler/glslang.y:
- src/compiler/glslang_lex.cpp:
(yy_get_previous_state):
(yy_try_NUL_trans):
(yy_push_state):
(yy_pop_state):
(yy_top_state):
(string_input):
(check_type):
(reserved_word):
(yyerror):
(glslang_scan):
- src/compiler/glslang_tab.cpp:
- src/compiler/glslang_tab.h:
- src/compiler/intermOut.cpp:
(TOutputTraverser::visitUnary):
(TOutputTraverser::visitAggregate):
(TOutputTraverser::visitConstantUnion):
- src/compiler/intermediate.h:
(TIntermNode::TIntermNode):
(TIntermNode::getLine):
(TIntermNode::setLine):
(TIntermNode::~TIntermNode):
(TIntermConstantUnion::setUnionArrayPointer):
(TIntermAggregate::TIntermAggregate):
(TIntermAggregate::setEndLine):
(TIntermAggregate::getEndLine):
(TIntermTraverser::TIntermTraverser):
(TIntermTraverser::incrementDepth):
- src/compiler/localintermediate.h:
- src/compiler/parseConst.cpp:
(TConstTraverser::visitSymbol):
(TConstTraverser::visitBinary):
(TConstTraverser::visitUnary):
(TConstTraverser::visitAggregate):
(TConstTraverser::visitSelection):
(TConstTraverser::visitConstantUnion):
(TConstTraverser::visitLoop):
(TConstTraverser::visitBranch):
(TIntermediate::parseConstTree):
- src/compiler/timing/RestrictVertexShaderTiming.cpp:
(RestrictVertexShaderTiming::visitSymbol):
- src/libEGL/Config.cpp: Removed.
- src/libEGL/Config.h: Removed.
- src/libEGL/Display.cpp: Removed.
- src/libEGL/Display.h: Removed.
- src/libEGL/README: Added.
- src/libEGL/ShaderCache.h: Removed.
- src/libEGL/Surface.cpp: Removed.
- src/libEGL/Surface.h: Removed.
- src/libEGL/libEGL.cpp: Removed.
- src/libEGL/libEGL.def: Removed.
- src/libEGL/libEGL.rc: Removed.
- src/libEGL/libEGL.vcxproj: Removed.
- src/libEGL/libEGL.vcxproj.filters: Removed.
- src/libEGL/main.cpp: Removed.
- src/libEGL/main.h: Removed.
- src/libEGL/resource.h: Removed.
- src/libGLESv2/BinaryStream.h: Removed.
- src/libGLESv2/Blit.cpp: Removed.
- src/libGLESv2/Blit.h: Removed.
- src/libGLESv2/Buffer.cpp: Removed.
- src/libGLESv2/Buffer.h: Removed.
- src/libGLESv2/Context.cpp: Removed.
- src/libGLESv2/Context.h: Removed.
- src/libGLESv2/D3DConstantTable.cpp: Removed.
- src/libGLESv2/D3DConstantTable.h: Removed.
- src/libGLESv2/Fence.cpp: Removed.
- src/libGLESv2/Fence.h: Removed.
- src/libGLESv2/Float16ToFloat32.cpp: Removed.
- src/libGLESv2/Float16ToFloat32.py: Removed.
- src/libGLESv2/Framebuffer.cpp: Removed.
- src/libGLESv2/Framebuffer.h: Removed.
- src/libGLESv2/HandleAllocator.cpp: Removed.
- src/libGLESv2/HandleAllocator.h: Removed.
- src/libGLESv2/IndexDataManager.cpp: Removed.
- src/libGLESv2/IndexDataManager.h: Removed.
- src/libGLESv2/Program.cpp: Removed.
- src/libGLESv2/Program.h: Removed.
- src/libGLESv2/ProgramBinary.cpp: Removed.
- src/libGLESv2/ProgramBinary.h: Removed.
- src/libGLESv2/Query.cpp: Removed.
- src/libGLESv2/Query.h: Removed.
- src/libGLESv2/README: Added.
- src/libGLESv2/Renderbuffer.cpp: Removed.
- src/libGLESv2/Renderbuffer.h: Removed.
- src/libGLESv2/ResourceManager.cpp: Removed.
- src/libGLESv2/ResourceManager.h: Removed.
- src/libGLESv2/Shader.cpp: Removed.
- src/libGLESv2/Shader.h: Removed.
- src/libGLESv2/Texture.cpp: Removed.
- src/libGLESv2/Texture.h: Removed.
- src/libGLESv2/TextureSSE2.cpp: Removed.
- src/libGLESv2/VertexDataManager.cpp: Removed.
- src/libGLESv2/VertexDataManager.h: Removed.
- src/libGLESv2/libGLESv2.cpp: Removed.
- src/libGLESv2/libGLESv2.def: Removed.
- src/libGLESv2/libGLESv2.rc: Removed.
- src/libGLESv2/libGLESv2.vcxproj: Removed.
- src/libGLESv2/libGLESv2.vcxproj.filters: Removed.
- src/libGLESv2/main.cpp: Removed.
- src/libGLESv2/main.h: Removed.
- src/libGLESv2/mathutil.h: Removed.
- src/libGLESv2/resource.h: Removed.
- src/libGLESv2/shaders/Blit.ps: Removed.
- src/libGLESv2/shaders/Blit.vs: Removed.
- src/libGLESv2/shaders/componentmaskps.h: Removed.
- src/libGLESv2/shaders/flipyvs.h: Removed.
- src/libGLESv2/shaders/generate_shaders.bat: Removed.
- src/libGLESv2/shaders/luminanceps.h: Removed.
- src/libGLESv2/shaders/passthroughps.h: Removed.
- src/libGLESv2/shaders/standardvs.h: Removed.
- src/libGLESv2/utilities.cpp: Removed.
- src/libGLESv2/utilities.h: Removed.
- src/libGLESv2/vertexconversion.h: Removed.
Source/WebCore:
- CMakeLists.txt:
- 11:39 AM Changeset in webkit [152945] by
-
- 4 edits1 add in branches/dfgFourthTier/Source/JavaScriptCore
fourthTier: StringObjectUse uses structures, and CSE should know that
https://bugs.webkit.org/show_bug.cgi?id=118940
Reviewed by Geoffrey Garen.
This is asymptomatic right now, but we should fix it.
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::putStructureStoreElimination):
- dfg/DFGEdgeUsesStructure.h: Added.
(DFG):
(EdgeUsesStructure):
(JSC::DFG::EdgeUsesStructure::EdgeUsesStructure):
(JSC::DFG::EdgeUsesStructure::operator()):
(JSC::DFG::EdgeUsesStructure::result):
(JSC::DFG::edgesUseStructure):
- dfg/DFGUseKind.h:
(DFG):
(JSC::DFG::usesStructure):
- 10:58 AM Changeset in webkit [152944] by
-
- 9 edits13 adds in branches/dfgFourthTier
fourthTier: String GetByVal out-of-bounds handling is so wrong
https://bugs.webkit.org/show_bug.cgi?id=118935
Source/JavaScriptCore:
Reviewed by Geoffrey Garen.
Bunch of String GetByVal out-of-bounds fixes:
- Even if the string proto chain is sane, we need to watch out for negative indices. They may get values or call getters in the prototypes, since proto sanity doesn't check for negative indexed properties, as they are not technically indexed properties.
- GetByVal String out-of-bounds does in fact clobberWorld(). CSE should be given this information.
- GetByVal String out-of-bounds does in fact clobberWorld(). CFA should be given this information.
Also fixed some other things:
- If the DFG is disabled, the testRunner should pretend that we've done a bunch of DFG compiles. That's necessary to prevent the tests from timing out.
- Disassembler shouldn't try to dump source code since it's not safe in the concurrent JIT.
- API/JSCTestRunnerUtils.cpp:
(JSC::numberOfDFGCompiles):
- JavaScriptCore.xcodeproj/project.pbxproj:
- dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
- dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::dumpHeader):
- dfg/DFGGraph.h:
(JSC::DFG::Graph::byValIsPure):
- dfg/DFGSaneStringGetByValSlowPathGenerator.h: Added.
(DFG):
(SaneStringGetByValSlowPathGenerator):
(JSC::DFG::SaneStringGetByValSlowPathGenerator::SaneStringGetByValSlowPathGenerator):
(JSC::DFG::SaneStringGetByValSlowPathGenerator::generateInternal):
- dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
LayoutTests:
Reviewed by Geoffrey Garen.
- fast/js/dfg-string-out-of-bounds-check-structure-expected.txt: Added.
- fast/js/dfg-string-out-of-bounds-check-structure.html: Added.
- fast/js/dfg-string-out-of-bounds-cse-expected.txt: Added.
- fast/js/dfg-string-out-of-bounds-cse.html: Added.
- fast/js/dfg-string-out-of-bounds-negative-check-structure-expected.txt: Added.
- fast/js/dfg-string-out-of-bounds-negative-check-structure.html: Added.
- fast/js/dfg-string-out-of-bounds-negative-proto-value-expected.txt: Added.
- fast/js/dfg-string-out-of-bounds-negative-proto-value.html: Added.
- fast/js/jsc-test-list:
- fast/js/script-tests/dfg-string-out-of-bounds-check-structure.js: Added.
(foo):
- fast/js/script-tests/dfg-string-out-of-bounds-cse.js: Added.
(foo):
- fast/js/script-tests/dfg-string-out-of-bounds-negative-check-structure.js: Added.
(foo):
(while):
- fast/js/script-tests/dfg-string-out-of-bounds-negative-proto-value.js: Added.
(foo):
- 12:26 AM Changeset in webkit [152943] by
-
- 2 edits in trunk/Source/WebCore
Pagination: Do not paint the baseBackgroundColor if asked to skipRootBackground.
https://bugs.webkit.org/show_bug.cgi?id=118933
Reviewed by Simon Fraser.
Captions rendered through TextTrackRepresentation are rendered with a background
color when in paginated views. Do not fill the paint area with the
baseBackgroundColor when the paint flags include SkipRootBackground.
- rendering/RenderView.cpp:
(WebCore::RenderView::paint):
- 12:02 AM Changeset in webkit [152942] by
-
- 1 copy in releases/WebKitGTK/webkit-2.0.4
Tagging the WebKitGTK+ 2.0.4 release
