Changeset 163027 in webkit for trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
- Timestamp:
- Jan 29, 2014, 11:18:54 AM (12 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r161438 r163027 1347 1347 1348 1348 m_jit.jitAssertHasValidCallFrame(); 1349 m_jit.jitAssertTagsInPlace(); 1350 m_jit.jitAssertArgumentCountSane(); 1349 1351 1350 1352 for (size_t i = 0; i < m_block->variablesAtHead.numberOfArguments(); ++i) { … … 1533 1535 } 1534 1536 1537 void SpeculativeJIT::prepareJITCodeForTierUp() 1538 { 1539 unsigned numberOfCalls = 0; 1540 1541 for (BlockIndex blockIndex = m_jit.graph().numBlocks(); blockIndex--;) { 1542 BasicBlock* block = m_jit.graph().block(blockIndex); 1543 if (!block) 1544 continue; 1545 1546 for (unsigned nodeIndex = block->size(); nodeIndex--;) { 1547 Node* node = block->at(nodeIndex); 1548 1549 switch (node->op()) { 1550 case Call: 1551 case Construct: 1552 numberOfCalls++; 1553 break; 1554 1555 default: 1556 break; 1557 } 1558 } 1559 } 1560 1561 m_jit.jitCode()->slowPathCalls.fill(0, numberOfCalls); 1562 } 1563 1535 1564 bool SpeculativeJIT::compile() 1536 1565 { 1537 1566 checkArgumentTypes(); 1538 1567 1568 if (m_jit.graph().m_plan.willTryToTierUp) 1569 prepareJITCodeForTierUp(); 1570 1539 1571 ASSERT(!m_currentNode); 1540 1572 for (BlockIndex blockIndex = 0; blockIndex < m_jit.graph().numBlocks(); ++blockIndex) { … … 2391 2423 ASSERT(valueGPR != storageReg); 2392 2424 MacroAssembler::Jump outOfBounds = jumpForTypedArrayOutOfBounds(node, base, property); 2425 if (node->arrayMode().isInBounds() && outOfBounds.isSet()) { 2426 speculationCheck(OutOfBounds, JSValueSource(), 0, outOfBounds); 2427 outOfBounds = MacroAssembler::Jump(); 2428 } 2393 2429 2394 2430 switch (elementSize(type)) { … … 2466 2502 2467 2503 MacroAssembler::Jump outOfBounds = jumpForTypedArrayOutOfBounds(node, base, property); 2504 if (node->arrayMode().isInBounds() && outOfBounds.isSet()) { 2505 speculationCheck(OutOfBounds, JSValueSource(), 0, outOfBounds); 2506 outOfBounds = MacroAssembler::Jump(); 2507 } 2468 2508 2469 2509 switch (elementSize(type)) { … … 3430 3470 GPRReg multiplyAnswerGPR = multiplyAnswer.gpr(); 3431 3471 3472 JITCompiler::JumpList done; 3473 3474 if (shouldCheckOverflow(node->arithMode())) 3475 speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchTest32(JITCompiler::Zero, divisorGPR)); 3476 else { 3477 JITCompiler::Jump denominatorNotZero = m_jit.branchTest32(JITCompiler::NonZero, divisorGPR); 3478 m_jit.move(divisorGPR, quotientThenRemainderGPR); 3479 done.append(m_jit.jump()); 3480 denominatorNotZero.link(&m_jit); 3481 } 3482 3432 3483 m_jit.assembler().sdiv(quotientThenRemainderGPR, dividendGPR, divisorGPR); 3433 3484 // FIXME: It seems like there are cases where we don't need this? What if we have … … 3446 3497 } 3447 3498 3499 done.link(&m_jit); 3500 3448 3501 int32Result(quotientThenRemainderGPR, node); 3449 3502 #elif CPU(ARM64) … … 3456 3509 GPRReg multiplyAnswerGPR = multiplyAnswer.gpr(); 3457 3510 3511 JITCompiler::JumpList done; 3512 3513 if (shouldCheckOverflow(node->arithMode())) 3514 speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchTest32(JITCompiler::Zero, divisorGPR)); 3515 else { 3516 JITCompiler::Jump denominatorNotZero = m_jit.branchTest32(JITCompiler::NonZero, divisorGPR); 3517 m_jit.move(divisorGPR, quotientThenRemainderGPR); 3518 done.append(m_jit.jump()); 3519 denominatorNotZero.link(&m_jit); 3520 } 3521 3458 3522 m_jit.assembler().sdiv<32>(quotientThenRemainderGPR, dividendGPR, divisorGPR); 3459 3523 // FIXME: It seems like there are cases where we don't need this? What if we have … … 3471 3535 numeratorPositive.link(&m_jit); 3472 3536 } 3537 3538 done.link(&m_jit); 3473 3539 3474 3540 int32Result(quotientThenRemainderGPR, node);
Note:
See TracChangeset
for help on using the changeset viewer.
