Ignore:
Timestamp:
Dec 16, 2011, 6:40:35 PM (13 years ago)
Author:
[email protected]
Message:

Reverted r103120, this breaks v8 on ARMv7 DFG.

  • dfg/DFGAbstractState.cpp:

(JSC::DFG::AbstractState::execute):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGNode.h:
  • dfg/DFGPropagator.cpp:

(JSC::DFG::Propagator::propagateArithNodeFlags):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::byValIsPure):
(JSC::DFG::Propagator::clobbersWorld):
(JSC::DFG::Propagator::getByValLoadElimination):
(JSC::DFG::Propagator::checkStructureLoadElimination):
(JSC::DFG::Propagator::getByOffsetLoadElimination):
(JSC::DFG::Propagator::getPropertyStorageLoadElimination):
(JSC::DFG::Propagator::getIndexedPropertyStorageLoadElimination):
(JSC::DFG::Propagator::performNodeCSE):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compilePutByValForByteArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
(JSC::DFG::SpeculativeJIT::compilePutByValForFloatTypedArray):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

    r103120 r103138  
    15461546}
    15471547
    1548 void SpeculativeJIT::compilePutByValForByteArray(Node& node)
    1549 {
    1550     NodeIndex baseIndex = m_jit.graph().m_varArgChildren[node.firstChild()];
    1551     NodeIndex propertyIndex = m_jit.graph().m_varArgChildren[node.firstChild() + 1];
    1552     NodeIndex valueIndex = m_jit.graph().m_varArgChildren[node.firstChild() + 2];
    1553     NodeIndex storageIndex = m_jit.graph().m_varArgChildren[node.firstChild() + 3];
    1554    
    1555     if (!isByteArrayPrediction(m_state.forNode(baseIndex).m_type)) {
    1556         SpeculateCellOperand base(this, baseIndex);
    1557         speculationCheck(BadType, JSValueSource::unboxedCell(base.gpr()), baseIndex, m_jit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(base.gpr(), JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(&JSByteArray::s_info)));
    1558     }
     1548void SpeculativeJIT::compilePutByValForByteArray(GPRReg base, GPRReg property, Node& node)
     1549{
     1550    NodeIndex baseIndex = node.child1();
     1551    NodeIndex valueIndex = node.child3();
     1552   
     1553    if (!isByteArrayPrediction(m_state.forNode(baseIndex).m_type))
     1554        speculationCheck(BadType, JSValueSource::unboxedCell(base), baseIndex, m_jit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(base, JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(&JSByteArray::s_info)));
    15591555    GPRTemporary value;
    15601556    GPRReg valueGPR;
     
    16031599        valueGPR = gpr;
    16041600    }
    1605     StorageOperand storage(this, storageIndex);
    1606     SpeculateIntegerOperand property(this, propertyIndex);
     1601    ASSERT_UNUSED(valueGPR, valueGPR != property);
     1602    ASSERT(valueGPR != base);
     1603    GPRTemporary storage(this);
    16071604    GPRReg storageReg = storage.gpr();
    1608     MacroAssembler::Jump outOfBounds = m_jit.branch32(MacroAssembler::AboveOrEqual, property.gpr(), MacroAssembler::Address(storageReg, ByteArray::offsetOfSize()));
    1609     m_jit.store8(value.gpr(), MacroAssembler::BaseIndex(storageReg, property.gpr(), MacroAssembler::TimesOne, ByteArray::offsetOfData()));
     1605    ASSERT(valueGPR != storageReg);
     1606    m_jit.loadPtr(MacroAssembler::Address(base, JSByteArray::offsetOfStorage()), storageReg);
     1607    MacroAssembler::Jump outOfBounds = m_jit.branch32(MacroAssembler::AboveOrEqual, property, MacroAssembler::Address(storageReg, ByteArray::offsetOfSize()));
     1608    m_jit.store8(value.gpr(), MacroAssembler::BaseIndex(storageReg, property, MacroAssembler::TimesOne, ByteArray::offsetOfData()));
    16101609    outOfBounds.link(&m_jit);
    16111610    noResult(m_compileIndex);
     
    17041703}
    17051704
    1706 void SpeculativeJIT::compilePutByValForIntTypedArray(const TypedArrayDescriptor& descriptor, Node& node, size_t elementSize, TypedArraySpeculationRequirements speculationRequirements, TypedArraySignedness signedness)
    1707 {
    1708     NodeIndex baseIndex = m_jit.graph().m_varArgChildren[node.firstChild()];
    1709     NodeIndex propertyIndex = m_jit.graph().m_varArgChildren[node.firstChild() + 1];
    1710     NodeIndex valueIndex = m_jit.graph().m_varArgChildren[node.firstChild() + 2];
    1711     NodeIndex storageIndex = m_jit.graph().m_varArgChildren[node.firstChild() + 3];
    1712 
    1713     if (speculationRequirements != NoTypedArrayTypeSpecCheck) {
    1714         SpeculateCellOperand base(this, baseIndex);
    1715         speculationCheck(BadType, JSValueSource::unboxedCell(base.gpr()), baseIndex, m_jit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(base.gpr()), MacroAssembler::TrustedImmPtr(descriptor.m_classInfo)));
    1716     }
    1717    
    1718     StorageOperand storage(this, storageIndex);
    1719     GPRReg storageReg = storage.gpr();
    1720     SpeculateIntegerOperand property(this, propertyIndex);
    1721     GPRReg propertyReg = property.gpr();
    1722     MacroAssembler::Jump outOfBounds;
    1723     if (speculationRequirements != NoTypedArrayTypeSpecCheck || speculationRequirements != NoTypedArraySpecCheck) {
    1724         SpeculateCellOperand base(this, baseIndex);
    1725         if (speculationRequirements != NoTypedArrayTypeSpecCheck)
    1726             speculationCheck(BadType, JSValueSource::unboxedCell(base.gpr()), baseIndex, m_jit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(base.gpr(), JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(descriptor.m_classInfo)));
    1727         if (speculationRequirements != NoTypedArraySpecCheck)
    1728             outOfBounds = m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(base.gpr(), descriptor.m_lengthOffset));
    1729     }
     1705void SpeculativeJIT::compilePutByValForIntTypedArray(const TypedArrayDescriptor& descriptor, GPRReg base, GPRReg property, Node& node, size_t elementSize, TypedArraySpeculationRequirements speculationRequirements, TypedArraySignedness signedness)
     1706{
     1707    NodeIndex baseIndex = node.child1();
     1708    NodeIndex valueIndex = node.child3();
     1709   
     1710    if (speculationRequirements != NoTypedArrayTypeSpecCheck)
     1711        speculationCheck(BadType, JSValueSource::unboxedCell(base), baseIndex, m_jit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(base, JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(descriptor.m_classInfo)));
    17301712    GPRTemporary value;
    17311713    GPRReg valueGPR;
     
    17691751        valueGPR = gpr;
    17701752    }
     1753    ASSERT_UNUSED(valueGPR, valueGPR != property);
     1754    ASSERT(valueGPR != base);
     1755    GPRTemporary storage(this);
     1756    GPRReg storageReg = storage.gpr();
     1757    ASSERT(valueGPR != storageReg);
     1758    m_jit.loadPtr(MacroAssembler::Address(base, descriptor.m_storageOffset), storageReg);
     1759    MacroAssembler::Jump outOfBounds;
     1760    if (speculationRequirements != NoTypedArraySpecCheck)
     1761        outOfBounds = m_jit.branch32(MacroAssembler::AboveOrEqual, property, MacroAssembler::Address(base, descriptor.m_lengthOffset));
    17711762
    17721763    switch (elementSize) {
    17731764    case 1:
    1774         m_jit.store8(value.gpr(), MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesOne));
     1765        m_jit.store8(value.gpr(), MacroAssembler::BaseIndex(storageReg, property, MacroAssembler::TimesOne));
    17751766        break;
    17761767    case 2:
    1777         m_jit.store16(value.gpr(), MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesTwo));
     1768        m_jit.store16(value.gpr(), MacroAssembler::BaseIndex(storageReg, property, MacroAssembler::TimesTwo));
    17781769        break;
    17791770    case 4:
    1780         m_jit.store32(value.gpr(), MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesFour));
     1771        m_jit.store32(value.gpr(), MacroAssembler::BaseIndex(storageReg, property, MacroAssembler::TimesFour));
    17811772        break;
    17821773    default:
     
    18331824}
    18341825
    1835 void SpeculativeJIT::compilePutByValForFloatTypedArray(const TypedArrayDescriptor& descriptor, Node& node, size_t elementSize, TypedArraySpeculationRequirements speculationRequirements)
    1836 {
    1837     NodeIndex baseIndex = m_jit.graph().m_varArgChildren[node.firstChild()];
    1838     NodeIndex propertyIndex = m_jit.graph().m_varArgChildren[node.firstChild() + 1];
    1839     NodeIndex valueIndex = m_jit.graph().m_varArgChildren[node.firstChild() + 2];
    1840     NodeIndex storageIndex = m_jit.graph().m_varArgChildren[node.firstChild() + 3];
     1826void SpeculativeJIT::compilePutByValForFloatTypedArray(const TypedArrayDescriptor& descriptor, GPRReg base, GPRReg property, Node& node, size_t elementSize, TypedArraySpeculationRequirements speculationRequirements)
     1827{
     1828    NodeIndex baseIndex = node.child1();
     1829    NodeIndex valueIndex = node.child3();
    18411830   
    18421831    SpeculateDoubleOperand valueOp(this, valueIndex);
    1843     SpeculateStrictInt32Operand property(this, propertyIndex);
    1844     StorageOperand storage(this, storageIndex);
     1832   
     1833    if (speculationRequirements != NoTypedArrayTypeSpecCheck)
     1834        speculationCheck(BadType, JSValueSource::unboxedCell(base), baseIndex, m_jit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(base, JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(descriptor.m_classInfo)));
     1835   
     1836    GPRTemporary result(this);
     1837   
     1838    GPRTemporary storage(this);
    18451839    GPRReg storageReg = storage.gpr();
    1846     GPRReg propertyReg = property.gpr();
    1847    
     1840   
     1841    m_jit.loadPtr(MacroAssembler::Address(base, descriptor.m_storageOffset), storageReg);
    18481842    MacroAssembler::Jump outOfBounds;
    1849     if (speculationRequirements != NoTypedArrayTypeSpecCheck || speculationRequirements != NoTypedArraySpecCheck) {
    1850         SpeculateCellOperand base(this, baseIndex);
    1851         if (speculationRequirements != NoTypedArrayTypeSpecCheck)
    1852             speculationCheck(BadType, JSValueSource::unboxedCell(base.gpr()), baseIndex, m_jit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(base.gpr(), JSCell::classInfoOffset()), MacroAssembler::TrustedImmPtr(descriptor.m_classInfo)));
    1853         if (speculationRequirements != NoTypedArraySpecCheck)
    1854             outOfBounds = m_jit.branch32(MacroAssembler::AboveOrEqual, propertyReg, MacroAssembler::Address(base.gpr(), descriptor.m_lengthOffset));
    1855     }
    1856    
    1857 
     1843    if (speculationRequirements != NoTypedArraySpecCheck)
     1844        outOfBounds = m_jit.branch32(MacroAssembler::AboveOrEqual, property, MacroAssembler::Address(base, descriptor.m_lengthOffset));
    18581845   
    18591846    switch (elementSize) {
     
    18621849        m_jit.moveDouble(valueOp.fpr(), scratch.fpr());
    18631850        m_jit.convertDoubleToFloat(valueOp.fpr(), scratch.fpr());
    1864         m_jit.storeFloat(scratch.fpr(), MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesFour));
     1851        m_jit.storeFloat(scratch.fpr(), MacroAssembler::BaseIndex(storageReg, property, MacroAssembler::TimesFour));
    18651852        break;
    18661853    }
    18671854    case 8:
    1868         m_jit.storeDouble(valueOp.fpr(), MacroAssembler::BaseIndex(storageReg, propertyReg, MacroAssembler::TimesEight));
     1855        m_jit.storeDouble(valueOp.fpr(), MacroAssembler::BaseIndex(storageReg, property, MacroAssembler::TimesEight));
    18691856        break;
    18701857    default:
Note: See TracChangeset for help on using the changeset viewer.