Ignore:
Timestamp:
Jun 26, 2012, 12:42:05 PM (13 years ago)
Author:
[email protected]
Message:

DFG::operationNewArray is unnecessarily slow, and may use the wrong array
prototype when inlined
https://bugs.webkit.org/show_bug.cgi?id=89821

Source/JavaScriptCore:

Reviewed by Geoffrey Garen.

Fixes all array allocations to use the right structure, and hence the right prototype. Adds
inlining of new Array(...) with a non-zero number of arguments. Optimizes allocations of
empty arrays.

  • dfg/DFGAbstractState.cpp:

(JSC::DFG::AbstractState::execute):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):

  • dfg/DFGCCallHelpers.h:

(JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
(CCallHelpers):

  • dfg/DFGNodeType.h:

(DFG):

  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::callOperation):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • runtime/JSArray.h:

(JSC):
(JSC::constructArray):

  • runtime/JSGlobalObject.h:

(JSC):
(JSC::constructArray):

LayoutTests:

Rubber stamped by Geoffrey Garen.

  • fast/js/dfg-cross-global-object-inline-new-array-expected.txt: Added.
  • fast/js/dfg-cross-global-object-inline-new-array-literal-expected.txt: Added.
  • fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables-expected.txt: Added.
  • fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables.html: Added.
  • fast/js/dfg-cross-global-object-inline-new-array-literal.html: Added.
  • fast/js/dfg-cross-global-object-inline-new-array-with-elements-expected.txt: Added.
  • fast/js/dfg-cross-global-object-inline-new-array-with-elements.html: Added.
  • fast/js/dfg-cross-global-object-inline-new-array-with-size-expected.txt: Added.
  • fast/js/dfg-cross-global-object-inline-new-array-with-size.html: Added.
  • fast/js/dfg-cross-global-object-inline-new-array.html: Added.
  • fast/js/script-tests/cross-global-object-inline-global-var.js:

(done):

  • fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal-with-variables.js: Added.

(foo):
(done):
(doit):

  • fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal.js: Added.

(foo):
(done):
(doit):

  • fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-elements.js: Added.

(foo):
(done):
(doit):

  • fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-size.js: Added.

(foo):
(done):
(doit):

  • fast/js/script-tests/dfg-cross-global-object-inline-new-array.js: Added.

(foo):
(done):
(doit):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/JSArray.h

    r116828 r121280  
    381381        return size;
    382382    }
     383
     384    inline JSArray* constructArray(ExecState* exec, Structure* arrayStructure, const ArgList& values)
     385    {
     386        JSGlobalData& globalData = exec->globalData();
     387        unsigned length = values.size();
     388        JSArray* array = JSArray::tryCreateUninitialized(globalData, arrayStructure, length);
     389
     390        // FIXME: we should probably throw an out of memory error here, but
     391        // when making this change we should check that all clients of this
     392        // function will correctly handle an exception being thrown from here.
     393        if (!array)
     394            CRASH();
     395
     396        for (unsigned i = 0; i < length; ++i)
     397            array->initializeIndex(globalData, i, values.at(i));
     398        array->completeInitialization(length);
     399        return array;
     400    }
    383401   
    384     } // namespace JSC
     402    inline JSArray* constructArray(ExecState* exec, Structure* arrayStructure, const JSValue* values, unsigned length)
     403    {
     404        JSGlobalData& globalData = exec->globalData();
     405        JSArray* array = JSArray::tryCreateUninitialized(globalData, arrayStructure, length);
     406
     407        // FIXME: we should probably throw an out of memory error here, but
     408        // when making this change we should check that all clients of this
     409        // function will correctly handle an exception being thrown from here.
     410        if (!array)
     411            CRASH();
     412
     413        for (unsigned i = 0; i < length; ++i)
     414            array->initializeIndex(globalData, i, values[i]);
     415        array->completeInitialization(length);
     416        return array;
     417    }
     418
     419} // namespace JSC
    385420
    386421#endif // JSArray_h
Note: See TracChangeset for help on using the changeset viewer.