Ignore:
Timestamp:
May 8, 2015, 5:18:43 PM (10 years ago)
Author:
[email protected]
Message:

Extend the SaneChain optimization to Contiguous arrays
https://bugs.webkit.org/show_bug.cgi?id=144664

Reviewed by Mark Lam.

Previously if you loaded from a hole, you'd either have to take slow path for the array
load (which means C++ calls and prototype chain walks) or you'd exit (if you hadn't
gathered the necessary profiling yet). But that's unnecessary if we know that the
prototype chain is sane - i.e. has no indexed properties. Then we can just return
Undefined for the hole.

Making this change requires setting more watchpoints on the array prototype chain. But
that hit a horrible bug: ArrayPrototype still uses the static lookup tables and builds
itself up lazily. This means that this increased the number of recompilations we'd get
due to the array prototype chain being built up.

So, this change also removes the laziness and static tables from ArrayPrototype.

But to make that change, I also had to add a helper for eagerly building up a prototype
that has builtin functions.

  • CMakeLists.txt:
  • DerivedSources.make:
  • dfg/DFGArrayMode.h:
  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileGetByVal):

  • runtime/ArrayPrototype.cpp:

(JSC::ArrayPrototype::finishCreation):
(JSC::ArrayPrototype::getOwnPropertySlot): Deleted.

  • runtime/ArrayPrototype.h:
  • runtime/JSObject.h:
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/runtime/JSObject.h

    r183935 r184032  
    22 *  Copyright (C) 1999-2001 Harri Porten ([email protected])
    33 *  Copyright (C) 2001 Peter Kelly ([email protected])
    4  *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2012, 2013, 2014 Apple Inc. All rights reserved.
     4 *  Copyright (C) 2003-2009, 2012-2015 Apple Inc. All rights reserved.
    55 *
    66 *  This library is free software; you can redistribute it and/or
     
    15581558    JSC_NATIVE_INTRINSIC_FUNCTION(jsName, cppName, (attributes), (length), NoIntrinsic)
    15591559
     1560// Identical helpers but for builtins. Note that currently, we don't support builtins that are
     1561// also intrinsics, but we probably will do that eventually.
     1562#define JSC_BUILTIN_FUNCTION(jsName, generatorName, attributes) \
     1563    putDirectBuiltinFunction(\
     1564        vm, globalObject, makeIdentifier(vm, (jsName)), (generatorName)(vm), (attributes))
     1565
    15601566} // namespace JSC
    15611567
Note: See TracChangeset for help on using the changeset viewer.