Changeset 62896 in webkit for trunk/JavaScriptCore/bytecompiler


Ignore:
Timestamp:
Jul 8, 2010, 10:47:49 PM (15 years ago)
Author:
[email protected]
Message:

2010-07-08 Oliver Hunt <[email protected]>

Reviewed by Sam Weinig.

Property declarations in an object literal should not consider the prototype chain when being added to the new object
https://bugs.webkit.org/show_bug.cgi?id=41929

To fix this all we need to do is ensure that all new properties are
added with putDirect rather than a fully generic call to put. This
is safe as an object literal is by definition going to produce a
completely normal object.

Rather than duplicating all the put_by_id logic we add an additional
flag to op_put_by_id to indicate it should be using putDirect. In
the interpreter this adds a runtime branch, but in the jit this is
essentially free as the branch is taken at compile time. This does
actually improve object literal creation time even in the interpreter
as we no longer need to walk the prototype chain to verify that the
cached put is safe.

We still emit normal put_by_id code when emitting proto as we want
to get the correct handling for changing the prototype.

Sunspider claims this is a 0.7% speedup which is conceivably real due
to the performance improvement in object literals, but I suspect its
really just the result of code motion.

  • bytecode/Opcode.h:
  • bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitPutById): (JSC::BytecodeGenerator::emitDirectPutById):
  • bytecompiler/BytecodeGenerator.h:
  • bytecompiler/NodesCodegen.cpp: (JSC::PropertyListNode::emitBytecode):
  • interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute):
  • jit/JIT.h: (JSC::JIT::compilePutByIdTransition):
  • jit/JITPropertyAccess.cpp: (JSC::JIT::emit_op_put_by_id): (JSC::JIT::emitSlow_op_put_by_id): (JSC::JIT::privateCompilePutByIdTransition): (JSC::JIT::patchPutByIdReplace):
  • jit/JITPropertyAccess32_64.cpp: (JSC::JIT::emitSlow_op_put_by_id): (JSC::JIT::privateCompilePutByIdTransition): (JSC::JIT::patchPutByIdReplace):
  • jit/JITStubs.cpp: (JSC::JITThunks::tryCachePutByID): (JSC::DEFINE_STUB_FUNCTION):
  • jit/JITStubs.h: (JSC::):
  • runtime/JSGlobalData.cpp: (JSC::JSGlobalData::JSGlobalData):
  • runtime/JSObject.h: (JSC::JSObject::putDirect): (JSC::JSValue::putDirect):
  • runtime/JSValue.h:

2010-07-08 Oliver Hunt <[email protected]>

Reviewed by Sam Weinig.

Property declarations in an object literal should not consider the prototype chain when being added to the new object
https://bugs.webkit.org/show_bug.cgi?id=41929

Add tests to ensure correct behaviour of object literals when there
are setters on the prototype chain.

  • fast/js/object-literal-direct-put-expected.txt: Added.
  • fast/js/object-literal-direct-put.html: Added.
  • fast/js/script-tests/object-literal-direct-put.js: Added.
  • ietestcenter/Javascript/15.4.4.14-9-b-i-6-expected.txt:
  • ietestcenter/Javascript/15.4.4.15-8-b-i-6-expected.txt:
  • platform/chromium/test_expectations.txt:
Location:
trunk/JavaScriptCore/bytecompiler
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

    r61430 r62896  
    12811281    instructions().append(0);
    12821282    instructions().append(0);
     1283    instructions().append(0);
     1284    return value;
     1285}
     1286
     1287RegisterID* BytecodeGenerator::emitDirectPutById(RegisterID* base, const Identifier& property, RegisterID* value)
     1288{
     1289#if ENABLE(JIT)
     1290    m_codeBlock->addStructureStubInfo(StructureStubInfo(access_put_by_id));
     1291#else
     1292    m_codeBlock->addPropertyAccessInstruction(instructions().size());
     1293#endif
     1294   
     1295    emitOpcode(op_put_by_id);
     1296    instructions().append(base->index());
     1297    instructions().append(addConstant(property));
     1298    instructions().append(value->index());
     1299    instructions().append(0);
     1300    instructions().append(0);
     1301    instructions().append(0);
     1302    instructions().append(0);
     1303    instructions().append(property != m_globalData->propertyNames->underscoreProto);
    12831304    return value;
    12841305}

  • trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.h

    r61430 r62896  
    329329        RegisterID* emitGetById(RegisterID* dst, RegisterID* base, const Identifier& property);
    330330        RegisterID* emitPutById(RegisterID* base, const Identifier& property, RegisterID* value);
     331        RegisterID* emitDirectPutById(RegisterID* base, const Identifier& property, RegisterID* value);
    331332        RegisterID* emitDeleteById(RegisterID* dst, RegisterID* base, const Identifier&);
    332333        RegisterID* emitGetByVal(RegisterID* dst, RegisterID* base, RegisterID* property);

  • trunk/JavaScriptCore/bytecompiler/NodesCodegen.cpp

    r61623 r62896  
    267267        switch (p->m_node->m_type) {
    268268            case PropertyNode::Constant: {
    269                 generator.emitPutById(newObj.get(), p->m_node->name(), value);
     269                generator.emitDirectPutById(newObj.get(), p->m_node->name(), value);
    270270                break;
    271271            }
Note: See TracChangeset for help on using the changeset viewer.