Ignore:
Timestamp:
Oct 19, 2009, 3:59:41 PM (16 years ago)
Author:
[email protected]
Message:

Tightened up some put_by_id_transition code generation.
https://bugs.webkit.org/show_bug.cgi?id=30539

Patch by Geoffrey Garen <[email protected]> on 2009-10-19
Reviewed by Oliver Hunt.

  • jit/JIT.h:
  • jit/JITPropertyAccess.cpp:

(JSC::JIT::testPrototype):
(JSC::JIT::privateCompilePutByIdTransition): No need to do object type
checks or read Structures and prototypes from objects: they're all known
constants at compile time.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/jit/JITPropertyAccess.cpp

    r49065 r49820  
    522522}
    523523
     524void JIT::testPrototype(Structure* structure, JumpList& failureCases)
     525{
     526    if (structure->m_prototype.isNull())
     527        return;
     528
     529    failureCases.append(branchPtr(NotEqual, AbsoluteAddress(&asCell(structure->m_prototype)->m_structure), ImmPtr(asCell(structure->m_prototype)->m_structure)));
     530}
     531
    524532void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, size_t cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress)
    525533{
     
    528536    JumpList failureCases;
    529537    failureCases.append(branch32(NotEqual, regT1, Imm32(JSValue::CellTag)));
    530 
    531     loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
    532     failureCases.append(branchPtr(NotEqual, regT2, ImmPtr(oldStructure)));
     538    failureCases.append(branchPtr(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), ImmPtr(oldStructure)));
     539    testPrototype(oldStructure, failureCases);
    533540
    534541    // Verify that nothing in the prototype chain has a setter for this property.
    535     for (RefPtr<Structure>* it = chain->head(); *it; ++it) {
    536         loadPtr(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype)), regT2);
    537         loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
    538         failureCases.append(branchPtr(NotEqual, regT2, ImmPtr(it->get())));
    539     }
     542    for (RefPtr<Structure>* it = chain->head(); *it; ++it)
     543        testPrototype(it->get(), failureCases);
    540544
    541545    // Reallocate property storage if needed.
     
    13481352}
    13491353
     1354void JIT::testPrototype(Structure* structure, JumpList& failureCases)
     1355{
     1356    if (structure->m_prototype.isNull())
     1357        return;
     1358
     1359    move(ImmPtr(&asCell(structure->m_prototype)->m_structure), regT2);
     1360    move(ImmPtr(asCell(structure->m_prototype)->m_structure), regT3);
     1361    failureCases.append(branchPtr(NotEqual, Address(regT2), regT3));
     1362}
     1363
    13501364void JIT::privateCompilePutByIdTransition(StructureStubInfo* stubInfo, Structure* oldStructure, Structure* newStructure, size_t cachedOffset, StructureChain* chain, ReturnAddressPtr returnAddress)
    13511365{
     
    13541368    failureCases.append(emitJumpIfNotJSCell(regT0));
    13551369    failureCases.append(branchPtr(NotEqual, Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), ImmPtr(oldStructure)));
    1356     JumpList successCases;
    1357 
    1358     // ecx = baseObject
    1359     loadPtr(Address(regT0, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
    1360     // proto(ecx) = baseObject->structure()->prototype()
    1361     failureCases.append(branch32(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo) + OBJECT_OFFSETOF(TypeInfo, m_type)), Imm32(ObjectType)));
    1362 
    1363     loadPtr(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype)), regT2);
    1364    
     1370    testPrototype(oldStructure, failureCases);
     1371
    13651372    // ecx = baseObject->m_structure
    1366     for (RefPtr<Structure>* it = chain->head(); *it; ++it) {
    1367         // null check the prototype
    1368         successCases.append(branchPtr(Equal, regT2, ImmPtr(JSValue::encode(jsNull()))));
    1369 
    1370         // Check the structure id
    1371         failureCases.append(branchPtr(NotEqual, Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), ImmPtr(it->get())));
    1372        
    1373         loadPtr(Address(regT2, OBJECT_OFFSETOF(JSCell, m_structure)), regT2);
    1374         failureCases.append(branch32(NotEqual, Address(regT2, OBJECT_OFFSETOF(Structure, m_typeInfo) + OBJECT_OFFSETOF(TypeInfo, m_type)), Imm32(ObjectType)));
    1375         loadPtr(Address(regT2, OBJECT_OFFSETOF(Structure, m_prototype)), regT2);
    1376     }
    1377 
    1378     successCases.link(this);
     1373    for (RefPtr<Structure>* it = chain->head(); *it; ++it)
     1374        testPrototype(it->get(), failureCases);
    13791375
    13801376    Call callTarget;
Note: See TracChangeset for help on using the changeset viewer.