Ignore:
Timestamp:
Dec 13, 2019, 8:34:45 PM (5 years ago)
Author:
[email protected]
Message:

[JSC] Remove JSFixedArray, and use JSImmutableButterfly instead
https://bugs.webkit.org/show_bug.cgi?id=204402

Reviewed by Mark Lam.

JSTests:

  • stress/new-array-with-spread-cow-double.js: Added.

(shouldBe):
(shouldBeArray):
(test):

  • stress/new-array-with-spread-cow-int.js: Added.

(shouldBe):
(shouldBeArray):
(test):

  • stress/new-array-with-spread-cow.js: Added.

(shouldBe):
(shouldBeArray):
(test):

Source/JavaScriptCore:

This patch removes JSFixedArray, and use JSImmutableButterfly instead. JSFixedArray can be replaced by
JSImmutableButterfly with Contiguous shape. And further, we can create an array from JSImmutableButterfly
generated by Spread node in NewArrayBufferWithSpread.

Currently, we are always creating contiguous JSImmutableButterfly from Spread. If it takes contiguous CoW
array, we can reuse JSImmutableButterfly of the input. But if it is CoW and not contiguous shape (like,
CopyOnWriteArrayWithInt32), we create a JSImmutableButterfly and copy it to this new butterfly. We can
extend it to accept non-contiguous JSImmutableButterfly in the future.

  • JavaScriptCore.xcodeproj/project.pbxproj:
  • Sources.txt:
  • bytecompiler/BytecodeGenerator.cpp:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:
  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • dfg/DFGOperations.cpp:
  • dfg/DFGOperations.h:
  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileSpread):
(JSC::DFG::SpeculativeJIT::compileNewArrayWithSpread):
(JSC::DFG::SpeculativeJIT::compileObjectKeys):

  • ftl/FTLAbstractHeapRepository.h:
  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNewArrayWithSpread):
(JSC::FTL::DFG::LowerDFGToB3::compileSpread):
(JSC::FTL::DFG::LowerDFGToB3::toButterfly):

  • ftl/FTLOperations.cpp:

(JSC::FTL::operationMaterializeObjectInOSR):

  • interpreter/Interpreter.cpp:

(JSC::sizeOfVarargs):
(JSC::loadVarargs):

  • runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

  • runtime/JSCast.h:
  • runtime/JSFixedArray.cpp: Removed.
  • runtime/JSFixedArray.h: Removed.
  • runtime/JSImmutableButterfly.h:

(JSC::JSImmutableButterfly::createFromArray):
(JSC::JSImmutableButterfly::offsetOfPublicLength):
(JSC::JSImmutableButterfly::offsetOfVectorLength):

  • runtime/JSType.cpp:

(WTF::printInternal):

  • runtime/JSType.h:
  • runtime/VM.cpp:

(JSC::VM::VM):

  • runtime/VM.h:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/dfg/DFGClobberize.h

    r252684 r253520  
    3636#include "DOMJITSignature.h"
    3737#include "InlineCallFrame.h"
    38 #include "JSFixedArray.h"
    3938#include "JSImmutableButterfly.h"
    4039
     
    14211420
    14221421    case NewArrayWithSpread: {
    1423         // This also reads from JSFixedArray's data store, but we don't have any way of describing that yet.
    14241422        read(HeapObjectCount);
     1423        // This appears to read nothing because it's only reading immutable butterfly data.
    14251424        for (unsigned i = 0; i < node->numChildren(); i++) {
    14261425            Node* child = graph.varArgChild(node, i).node();
Note: See TracChangeset for help on using the changeset viewer.