Changeset 108934 in webkit for trunk/Source/JavaScriptCore/jit/JIT.h

Timestamp:

Feb 26, 2012, 2:41:41 PM (13 years ago)

Author:

[email protected]

Message:

Implement fast path for op_new_array in the baseline JIT
​https://bugs.webkit.org/show_bug.cgi?id=78612

Reviewed by Filip Pizlo.

heap/CopiedAllocator.h:
(CopiedAllocator): Friended the JIT to allow access to m_currentOffset.

• heap/CopiedSpace.h:

(CopiedSpace): Friended the JIT to allow access to isOversize.
(JSC::CopiedSpace::allocator):

• heap/Heap.h:

(JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
can use it for simple allocation i.e. when we can just bump the offset without having to
do anything else.

• jit/JIT.cpp:

(JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
we have to bail out because the fast allocation path fails for whatever reason.

• jit/JIT.h:

(JIT):

• jit/JITInlineMethods.h:

(JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to
allocate generic backing stores. This function is used by emitAllocateJSArray.
(JSC):
(JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to
more easily allocate JSArrays. This function is used by emit_op_new_array and I expect
it will also be used for emit_op_new_array_buffer.

• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does
a stub call for oversize arrays.
(JSC):
(JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we
fail in any way on the fast path.

• runtime/JSArray.cpp:

(JSC):

• runtime/JSArray.h: Added lots of offset functions for all the fields that we need to

initialize in the JIT.
(ArrayStorage):
(JSC::ArrayStorage::lengthOffset):
(JSC::ArrayStorage::numValuesInVectorOffset):
(JSC::ArrayStorage::allocBaseOffset):
(JSC::ArrayStorage::vectorOffset):
(JSArray):
(JSC::JSArray::sparseValueMapOffset):
(JSC::JSArray::subclassDataOffset):
(JSC::JSArray::indexBiasOffset):
(JSC):
(JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
to being a static function in the JSArray class. This move allows the JIT to call it to
see what size it should allocate.

File:

• trunk/Source/JavaScriptCore/jit/JIT.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/jit/JIT.h

@@ -337 +337 @@
 
         template<typename ClassType, bool destructor, typename StructureType> void emitAllocateBasicJSObject(StructureType, RegisterID result, RegisterID storagePtr);
+        void emitAllocateBasicStorage(size_t, RegisterID result, RegisterID storagePtr);
         template<typename T> void emitAllocateJSFinalObject(T structure, RegisterID result, RegisterID storagePtr);
         void emitAllocateJSFunction(FunctionExecutable*, RegisterID scopeChain, RegisterID result, RegisterID storagePtr);
+        void emitAllocateJSArray(unsigned valuesRegister, unsigned length, RegisterID cellResult, RegisterID storageResult, RegisterID storagePtr);
         
 #if ENABLE(VALUE_PROFILER)
@@ -958 +960 @@
         void emitSlow_op_new_func(Instruction*, Vector<SlowCaseEntry>::iterator&);
         void emitSlow_op_new_func_exp(Instruction*, Vector<SlowCaseEntry>::iterator&);
-
+        void emitSlow_op_new_array(Instruction*, Vector<SlowCaseEntry>::iterator&);
         
         void emitRightShift(Instruction*, bool isUnsigned);