Changeset 102723 in webkit for trunk/Source/JavaScriptCore/bytecode/CodeOrigin.h

Timestamp:

Dec 13, 2011, 5:46:36 PM (13 years ago)

Author:

[email protected]

Message:

DFG OSR exit for UInt32ToNumber should roll forward, not roll backward
​https://bugs.webkit.org/show_bug.cgi?id=74463

Source/JavaScriptCore:

Reviewed by Gavin Barraclough.

Implements roll-forward OSR exit for UInt32ToNumber, which requires ValueRecoveries knowing
how to execute the slow path of UInt32ToNumber.

• bytecode/CodeBlock.h:

(JSC::CodeBlock::lastOSRExit):

• bytecode/CodeOrigin.h:

(JSC::CodeOrigin::operator!=):

• bytecode/ValueRecovery.h:

(JSC::ValueRecovery::uint32InGPR):
(JSC::ValueRecovery::gpr):
(JSC::ValueRecovery::dump):

• dfg/DFGAssemblyHelpers.cpp:
• dfg/DFGAssemblyHelpers.h:
• dfg/DFGOSRExit.h:

(JSC::DFG::OSRExit::valueRecoveryForOperand):

• dfg/DFGOSRExitCompiler32_64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

• dfg/DFGOSRExitCompiler64.cpp:

(JSC::DFG::OSRExitCompiler::compileExit):

• dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
(JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray):

• dfg/DFGSpeculativeJIT.h:
• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::nonSpeculativeUInt32ToNumber):
(JSC::DFG::SpeculativeJIT::compile):

LayoutTests:

Reviewed by Gavin Barraclough.

• fast/js/dfg-uint32-to-number-expected.txt: Added.
• fast/js/dfg-uint32-to-number.html: Added.
• fast/js/script-tests/dfg-uint32-to-number.js: Added.

(foo):

File:

• trunk/Source/JavaScriptCore/bytecode/CodeOrigin.h (modified) (1 diff)

trunk/Source/JavaScriptCore/bytecode/CodeOrigin.h

@@ -74 +74 @@
     bool operator==(const CodeOrigin& other) const;
     
+    bool operator!=(const CodeOrigin& other) const { return !(*this == other); }
+    
 #ifndef NDEBUG
     // Get the inline stack. This is slow, and is intended for debugging only.