Changeset 157656 in webkit for trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp

Timestamp:

Oct 18, 2013, 5:09:28 PM (12 years ago)

Author:

[email protected]

Message:

Spread operator should be performing direct "puts" and not triggering setters
​https://bugs.webkit.org/show_bug.cgi?id=123047

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

Add a new opcode -- op_put_by_val_directue -- and make use of it in the spread
to array construct. This required a new PutByValDirect node to be introduced to
the DFG. The current implementation simply changes the slow path function that
is called, but in future this could be made faster as it does not need to check
the prototype chain.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):

• bytecode/Opcode.h:

(JSC::padOpcodeName):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitDirectPutByVal):

• bytecompiler/BytecodeGenerator.h:
• bytecompiler/NodesCodegen.cpp:

(JSC::ArrayNode::emitBytecode):

• dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::::executeEffects):

• dfg/DFGBackwardsPropagationPhase.cpp:

(JSC::DFG::BackwardsPropagationPhase::propagate):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

• dfg/DFGCSEPhase.cpp:

(JSC::DFG::CSEPhase::getArrayLengthElimination):
(JSC::DFG::CSEPhase::getByValLoadElimination):
(JSC::DFG::CSEPhase::checkStructureElimination):
(JSC::DFG::CSEPhase::structureTransitionWatchpointElimination):
(JSC::DFG::CSEPhase::getByOffsetLoadElimination):
(JSC::DFG::CSEPhase::putByOffsetStoreElimination):
(JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
(JSC::DFG::CSEPhase::performNodeCSE):

• dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

• dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

• dfg/DFGGraph.h:

(JSC::DFG::Graph::clobbersWorld):

• dfg/DFGNode.h:

(JSC::DFG::Node::hasArrayMode):

• dfg/DFGNodeType.h:
• dfg/DFGOperations.cpp:

(JSC::DFG::putByVal):
(JSC::DFG::operationPutByValInternal):

• dfg/DFGOperations.h:
• dfg/DFGPredictionPropagationPhase.cpp:

(JSC::DFG::PredictionPropagationPhase::propagate):
(JSC::DFG::PredictionPropagationPhase::doDoubleVoting):

• dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGTypeCheckHoistingPhase.cpp:

(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantArrayChecks):

• jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompileSlowCases):

• jit/JIT.h:

(JSC::JIT::compileDirectPutByVal):

• jit/JITOperations.cpp:
• jit/JITOperations.h:
• jit/JITPropertyAccess.cpp:

(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::privateCompilePutByVal):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emitSlow_op_put_by_val):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):

• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:

LayoutTests:

Add a new testcase for the setter case. run-javascriptcore-tests hits this with
the llint, baseline, and dfg.

• js/basic-spread-expected.txt:
• js/script-tests/basic-spread.js:

(Array):

File:

• trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp

@@ -546 +546 @@
 #ifndef NDEBUG
         // These get ignored because they don't return anything.
+        case PutByValDirect:
         case PutByVal:
         case PutClosureVar:
@@ -727 +728 @@
             break;
         }
-                
+
+        case PutByValDirect:
         case PutByVal:
         case PutByValAlias: {