<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[159834] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/159834">159834</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2013-11-27 23:10:10 -0800 (Wed, 27 Nov 2013)</dd>
</dl>
<h3>Log Message</h3>
<pre>Infer one-time scopes
https://bugs.webkit.org/show_bug.cgi?id=124812
Source/JavaScriptCore:
Reviewed by Oliver Hunt.
This detects JSActivations that are created only once. The JSActivation pointer is then
baked into the machine code.
This takes advantage of the one-time scope inference to reduce the number of
indirections needed to get to a closure variable in case where the scope is only
allocated once. This isn't really a speed-up since in the common case the total number
of instruction bytes needed to load the scope from the stack is about equal to the
number of instruction bytes needed to materialize the absolute address of a scoped
variable. But, this is a necessary prerequisite to
https://bugs.webkit.org/show_bug.cgi?id=124630, so it's probably a good idea anyway.
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finalizeUnconditionally):
* bytecode/Instruction.h:
* bytecode/Opcode.h:
(JSC::padOpcodeName):
* bytecode/Watchpoint.h:
(JSC::WatchpointSet::notifyWrite):
(JSC::InlineWatchpointSet::notifyWrite):
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitResolveScope):
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::scopedVarLoadElimination):
(JSC::DFG::CSEPhase::scopedVarStoreElimination):
(JSC::DFG::CSEPhase::getLocalLoadElimination):
(JSC::DFG::CSEPhase::setLocalStoreElimination):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetRegisters):
* dfg/DFGGraph.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::varNumber):
(JSC::DFG::Node::hasSymbolTable):
(JSC::DFG::Node::symbolTable):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGWatchpointCollectionPhase.cpp:
(JSC::DFG::WatchpointCollectionPhase::handle):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/JSActivation.h:
(JSC::JSActivation::create):
* runtime/JSScope.cpp:
(JSC::abstractAccess):
(JSC::JSScope::abstractResolve):
* runtime/JSScope.h:
(JSC::ResolveOp::ResolveOp):
* runtime/JSVariableObject.h:
(JSC::JSVariableObject::registers):
* runtime/SymbolTable.cpp:
(JSC::SymbolTable::SymbolTable):
* runtime/SymbolTable.h:
LayoutTests:
Reviewed by Oliver Hunt.
* js/regress/infer-one-time-closure-expected.txt: Added.
* js/regress/infer-one-time-closure-ten-vars-expected.txt: Added.
* js/regress/infer-one-time-closure-ten-vars.html: Added.
* js/regress/infer-one-time-closure-two-vars-expected.txt: Added.
* js/regress/infer-one-time-closure-two-vars.html: Added.
* js/regress/infer-one-time-closure.html: Added.
* js/regress/infer-one-time-deep-closure-expected.txt: Added.
* js/regress/infer-one-time-deep-closure.html: Added.
* js/regress/script-tests/infer-one-time-closure-ten-vars.js: Added.
* js/regress/script-tests/infer-one-time-closure-two-vars.js: Added.
* js/regress/script-tests/infer-one-time-closure.js: Added.
* js/regress/script-tests/infer-one-time-deep-closure.js: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockcpp">trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeInstructionh">trunk/Source/JavaScriptCore/bytecode/Instruction.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeOpcodeh">trunk/Source/JavaScriptCore/bytecode/Opcode.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeWatchpointh">trunk/Source/JavaScriptCore/bytecode/Watchpoint.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorcpp">trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh">trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp">trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGCSEPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGClobberizeh">trunk/Source/JavaScriptCore/dfg/DFGClobberize.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGFixupPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGGraphcpp">trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGGraphh">trunk/Source/JavaScriptCore/dfg/DFGGraph.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodeh">trunk/Source/JavaScriptCore/dfg/DFGNode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodeTypeh">trunk/Source/JavaScriptCore/dfg/DFGNodeType.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPredictionPropagationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSafeToExecuteh">trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGWatchpointCollectionPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLCapabilitiescpp">trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLowLevelInterpreter32_64asm">trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLowLevelInterpreter64asm">trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSActivationh">trunk/Source/JavaScriptCore/runtime/JSActivation.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSScopecpp">trunk/Source/JavaScriptCore/runtime/JSScope.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSScopeh">trunk/Source/JavaScriptCore/runtime/JSScope.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSVariableObjecth">trunk/Source/JavaScriptCore/runtime/JSVariableObject.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSymbolTablecpp">trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeSymbolTableh">trunk/Source/JavaScriptCore/runtime/SymbolTable.h</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsjsregressinferonetimeclosureexpectedtxt">trunk/LayoutTests/js/regress/infer-one-time-closure-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressinferonetimeclosuretenvarsexpectedtxt">trunk/LayoutTests/js/regress/infer-one-time-closure-ten-vars-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressinferonetimeclosuretenvarshtml">trunk/LayoutTests/js/regress/infer-one-time-closure-ten-vars.html</a></li>
<li><a href="#trunkLayoutTestsjsregressinferonetimeclosuretwovarsexpectedtxt">trunk/LayoutTests/js/regress/infer-one-time-closure-two-vars-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressinferonetimeclosuretwovarshtml">trunk/LayoutTests/js/regress/infer-one-time-closure-two-vars.html</a></li>
<li><a href="#trunkLayoutTestsjsregressinferonetimeclosurehtml">trunk/LayoutTests/js/regress/infer-one-time-closure.html</a></li>
<li><a href="#trunkLayoutTestsjsregressinferonetimedeepclosureexpectedtxt">trunk/LayoutTests/js/regress/infer-one-time-deep-closure-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressinferonetimedeepclosurehtml">trunk/LayoutTests/js/regress/infer-one-time-deep-closure.html</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsinferonetimeclosuretenvarsjs">trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure-ten-vars.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsinferonetimeclosuretwovarsjs">trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure-two-vars.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsinferonetimeclosurejs">trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsinferonetimedeepclosurejs">trunk/LayoutTests/js/regress/script-tests/infer-one-time-deep-closure.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/LayoutTests/ChangeLog 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -1,3 +1,23 @@
</span><ins>+2013-11-27 Filip Pizlo <fpizlo@apple.com>
+
+ Infer one-time scopes
+ https://bugs.webkit.org/show_bug.cgi?id=124812
+
+ Reviewed by Oliver Hunt.
+
+ * js/regress/infer-one-time-closure-expected.txt: Added.
+ * js/regress/infer-one-time-closure-ten-vars-expected.txt: Added.
+ * js/regress/infer-one-time-closure-ten-vars.html: Added.
+ * js/regress/infer-one-time-closure-two-vars-expected.txt: Added.
+ * js/regress/infer-one-time-closure-two-vars.html: Added.
+ * js/regress/infer-one-time-closure.html: Added.
+ * js/regress/infer-one-time-deep-closure-expected.txt: Added.
+ * js/regress/infer-one-time-deep-closure.html: Added.
+ * js/regress/script-tests/infer-one-time-closure-ten-vars.js: Added.
+ * js/regress/script-tests/infer-one-time-closure-two-vars.js: Added.
+ * js/regress/script-tests/infer-one-time-closure.js: Added.
+ * js/regress/script-tests/infer-one-time-deep-closure.js: Added.
+
</ins><span class="cx"> 2013-11-27 Eric Carlson <eric.carlson@apple.com>
</span><span class="cx">
</span><span class="cx"> Allow the QuickTime plug-in to be replaced by script in an isolated word
</span></span></pre></div>
<a id="trunkLayoutTestsjsregressinferonetimeclosureexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/infer-one-time-closure-expected.txt (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/infer-one-time-closure-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/infer-one-time-closure-expected.txt 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/infer-one-time-closure
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressinferonetimeclosuretenvarsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/infer-one-time-closure-ten-vars-expected.txt (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/infer-one-time-closure-ten-vars-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/infer-one-time-closure-ten-vars-expected.txt 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/infer-one-time-closure-ten-vars
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressinferonetimeclosuretenvarshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/infer-one-time-closure-ten-vars.html (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/infer-one-time-closure-ten-vars.html (rev 0)
+++ trunk/LayoutTests/js/regress/infer-one-time-closure-ten-vars.html 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="resources/regress-pre.js"></script>
+<script src="script-tests/infer-one-time-closure-ten-vars.js"></script>
+<script src="resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressinferonetimeclosuretwovarsexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/infer-one-time-closure-two-vars-expected.txt (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/infer-one-time-closure-two-vars-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/infer-one-time-closure-two-vars-expected.txt 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/infer-one-time-closure-two-vars
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressinferonetimeclosuretwovarshtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/infer-one-time-closure-two-vars.html (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/infer-one-time-closure-two-vars.html (rev 0)
+++ trunk/LayoutTests/js/regress/infer-one-time-closure-two-vars.html 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="resources/regress-pre.js"></script>
+<script src="script-tests/infer-one-time-closure-two-vars.js"></script>
+<script src="resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressinferonetimeclosurehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/infer-one-time-closure.html (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/infer-one-time-closure.html (rev 0)
+++ trunk/LayoutTests/js/regress/infer-one-time-closure.html 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="resources/regress-pre.js"></script>
+<script src="script-tests/infer-one-time-closure.js"></script>
+<script src="resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressinferonetimedeepclosureexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/infer-one-time-deep-closure-expected.txt (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/infer-one-time-deep-closure-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/infer-one-time-deep-closure-expected.txt 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/infer-one-time-deep-closure
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressinferonetimedeepclosurehtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/infer-one-time-deep-closure.html (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/infer-one-time-deep-closure.html (rev 0)
+++ trunk/LayoutTests/js/regress/infer-one-time-deep-closure.html 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="resources/regress-pre.js"></script>
+<script src="script-tests/infer-one-time-deep-closure.js"></script>
+<script src="resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsinferonetimeclosuretenvarsjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure-ten-vars.js (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure-ten-vars.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure-ten-vars.js 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,31 @@
</span><ins>+function fooMaker(xParam) {
+ var x = xParam;
+ var x2 = xParam + 1;
+ var x3 = xParam + 2;
+ var x4 = xParam + 3;
+ var x5 = xParam + 4;
+ var x6 = xParam + 5;
+ var x7 = xParam + 6;
+ var x8 = xParam + 7;
+ var x9 = xParam + 8;
+ var x10 = xParam + 9;
+ return function (y) {
+ for (var i = 0; i < 1000; ++i)
+ y += x + x2 + x3 + x4 + x5 + x6 + x7 + x8 + x9 + x10;
+ return y;
+ }
+}
+
+var foo = fooMaker(42);
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo(5);
+ if (result != 465005)
+ throw "Error: bad result: " + result;
+}
+
+var result = fooMaker(23)(5);
+if (result != 275005)
+ throw "Error: bad result: " + result;
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsinferonetimeclosuretwovarsjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure-two-vars.js (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure-two-vars.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure-two-vars.js 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,23 @@
</span><ins>+function fooMaker(xParam) {
+ var x = xParam;
+ var x2 = xParam + 1;
+ return function (y) {
+ for (var i = 0; i < 1000; ++i)
+ y += x + x2;
+ return y;
+ }
+}
+
+var foo = fooMaker(42);
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo(5);
+ if (result != (42 + 43) * 1000 + 5)
+ throw "Error: bad result: " + result;
+}
+
+var result = fooMaker(23)(5);
+if (result != (23 + 24) * 1000 + 5)
+ throw "Error: bad result: " + result;
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsinferonetimeclosurejs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure.js (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/infer-one-time-closure.js 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,22 @@
</span><ins>+function fooMaker(xParam) {
+ var x = xParam;
+ return function (y) {
+ for (var i = 0; i < 1000; ++i)
+ y += x;
+ return y;
+ }
+}
+
+var foo = fooMaker(42);
+
+noInline(foo);
+
+for (var i = 0; i < 10000; ++i) {
+ var result = foo(5);
+ if (result != 42 * 1000 + 5)
+ throw "Error: bad result: " + result;
+}
+
+var result = fooMaker(23)(5);
+if (result != 23 * 1000 + 5)
+ throw "Error: bad result: " + result;
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsinferonetimedeepclosurejs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/infer-one-time-deep-closure.js (0 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/infer-one-time-deep-closure.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/infer-one-time-deep-closure.js 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+function fooMaker(aParam) {
+ var a = aParam;
+ return function(bParam) {
+ var b = bParam;
+ return function(cParam) {
+ var c = cParam;
+ return function(dParam) {
+ var d = dParam;
+ return function(eParam) {
+ var e = eParam;
+ return function (fParam) {
+ var f = a + b + c + d + e + fParam;
+ for (var i = 0; i < 1000; ++i)
+ f += a;
+ return f;
+ };
+ };
+ };
+ };
+ };
+}
+
+var foo = fooMaker(42)(1)(2)(3)(4);
+
+noInline(foo);
+
+for (var i = 0; i < 20000; ++i) {
+ var result = foo(5);
+ if (result != 42057)
+ throw "Error: bad result: " + result;
+}
+
+var result = fooMaker(23)(2)(3)(4)(5)(5);
+if (result != 23042)
+ throw "Error: bad result: " + result;
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/ChangeLog 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -1,5 +1,86 @@
</span><span class="cx"> 2013-11-27 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><ins>+ Infer one-time scopes
+ https://bugs.webkit.org/show_bug.cgi?id=124812
+
+ Reviewed by Oliver Hunt.
+
+ This detects JSActivations that are created only once. The JSActivation pointer is then
+ baked into the machine code.
+
+ This takes advantage of the one-time scope inference to reduce the number of
+ indirections needed to get to a closure variable in case where the scope is only
+ allocated once. This isn't really a speed-up since in the common case the total number
+ of instruction bytes needed to load the scope from the stack is about equal to the
+ number of instruction bytes needed to materialize the absolute address of a scoped
+ variable. But, this is a necessary prerequisite to
+ https://bugs.webkit.org/show_bug.cgi?id=124630, so it's probably a good idea anyway.
+
+ * bytecode/CodeBlock.cpp:
+ (JSC::CodeBlock::dumpBytecode):
+ (JSC::CodeBlock::CodeBlock):
+ (JSC::CodeBlock::finalizeUnconditionally):
+ * bytecode/Instruction.h:
+ * bytecode/Opcode.h:
+ (JSC::padOpcodeName):
+ * bytecode/Watchpoint.h:
+ (JSC::WatchpointSet::notifyWrite):
+ (JSC::InlineWatchpointSet::notifyWrite):
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitResolveScope):
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::::executeEffects):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::scopedVarLoadElimination):
+ (JSC::DFG::CSEPhase::scopedVarStoreElimination):
+ (JSC::DFG::CSEPhase::getLocalLoadElimination):
+ (JSC::DFG::CSEPhase::setLocalStoreElimination):
+ * dfg/DFGClobberize.h:
+ (JSC::DFG::clobberize):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::tryGetRegisters):
+ * dfg/DFGGraph.h:
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::varNumber):
+ (JSC::DFG::Node::hasSymbolTable):
+ (JSC::DFG::Node::symbolTable):
+ * dfg/DFGNodeType.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::safeToExecute):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGWatchpointCollectionPhase.cpp:
+ (JSC::DFG::WatchpointCollectionPhase::handle):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::compileNode):
+ (JSC::FTL::LowerDFGToLLVM::compileGetClosureRegisters):
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * runtime/JSActivation.h:
+ (JSC::JSActivation::create):
+ * runtime/JSScope.cpp:
+ (JSC::abstractAccess):
+ (JSC::JSScope::abstractResolve):
+ * runtime/JSScope.h:
+ (JSC::ResolveOp::ResolveOp):
+ * runtime/JSVariableObject.h:
+ (JSC::JSVariableObject::registers):
+ * runtime/SymbolTable.cpp:
+ (JSC::SymbolTable::SymbolTable):
+ * runtime/SymbolTable.h:
+
+2013-11-27 Filip Pizlo <fpizlo@apple.com>
+
</ins><span class="cx"> Finally fix some obvious Bartlett bugs
</span><span class="cx"> https://bugs.webkit.org/show_bug.cgi?id=124951
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -1365,6 +1365,7 @@
</span><span class="cx"> ++it; // depth
</span><span class="cx"> printLocationAndOp(out, exec, location, it, "resolve_scope");
</span><span class="cx"> out.printf("%s, %s, %d", registerName(r0).data(), idName(id0, identifier(id0)).data(), resolveModeAndType);
</span><ins>+ ++it;
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case op_get_from_scope: {
</span><span class="lines">@@ -1764,6 +1765,8 @@
</span><span class="cx"> ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), scope, ident, Get, type);
</span><span class="cx"> instructions[i + 3].u.operand = op.type;
</span><span class="cx"> instructions[i + 4].u.operand = op.depth;
</span><ins>+ if (op.activation)
+ instructions[i + 5].u.activation.set(*vm(), ownerExecutable, op.activation);
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1781,7 +1784,9 @@
</span><span class="cx"> ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), scope, ident, Get, modeAndType.type());
</span><span class="cx">
</span><span class="cx"> instructions[i + 4].u.operand = ResolveModeAndType(modeAndType.mode(), op.type).operand();
</span><del>- if (op.structure)
</del><ins>+ if (op.type == GlobalVar || op.type == GlobalVarWithVarInjectionChecks)
+ instructions[i + 5].u.watchpointSet = op.watchpointSet;
+ else if (op.structure)
</ins><span class="cx"> instructions[i + 5].u.structure.set(*vm(), ownerExecutable, op.structure);
</span><span class="cx"> instructions[i + 6].u.pointer = reinterpret_cast<void*>(op.operand);
</span><span class="cx"> break;
</span><span class="lines">@@ -1794,10 +1799,9 @@
</span><span class="cx"> ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), scope, ident, Put, modeAndType.type());
</span><span class="cx">
</span><span class="cx"> instructions[i + 4].u.operand = ResolveModeAndType(modeAndType.mode(), op.type).operand();
</span><del>- if (op.type == GlobalVar || op.type == GlobalVarWithVarInjectionChecks) {
- ASSERT(!op.structure);
</del><ins>+ if (op.type == GlobalVar || op.type == GlobalVarWithVarInjectionChecks)
</ins><span class="cx"> instructions[i + 5].u.watchpointSet = op.watchpointSet;
</span><del>- } else if (op.structure)
</del><ins>+ else if (op.structure)
</ins><span class="cx"> instructions[i + 5].u.structure.set(*vm(), ownerExecutable, op.structure);
</span><span class="cx"> instructions[i + 6].u.pointer = reinterpret_cast<void*>(op.operand);
</span><span class="cx"> break;
</span><span class="lines">@@ -2183,6 +2187,15 @@
</span><span class="cx"> dataLogF("Clearing LLInt get callee with function %p.\n", curInstruction[2].u.jsCell.get());
</span><span class="cx"> curInstruction[2].u.jsCell.clear();
</span><span class="cx"> break;
</span><ins>+ case op_resolve_scope: {
+ WriteBarrierBase<JSActivation>& activation = curInstruction[5].u.activation;
+ if (!activation || Heap::isMarked(activation.get()))
+ break;
+ if (Options::verboseOSR())
+ dataLogF("Clearing dead activation %p.\n", activation.get());
+ activation.clear();
+ break;
+ }
</ins><span class="cx"> case op_get_from_scope:
</span><span class="cx"> case op_put_to_scope: {
</span><span class="cx"> ResolveModeAndType modeAndType =
</span><span class="lines">@@ -2193,7 +2206,7 @@
</span><span class="cx"> if (!structure || Heap::isMarked(structure.get()))
</span><span class="cx"> break;
</span><span class="cx"> if (Options::verboseOSR())
</span><del>- dataLogF("Clearing LLInt scope access with structure %p.\n", structure.get());
</del><ins>+ dataLogF("Clearing scope access with structure %p.\n", structure.get());
</ins><span class="cx"> structure.clear();
</span><span class="cx"> break;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeInstructionh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/Instruction.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/Instruction.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/bytecode/Instruction.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -117,6 +117,7 @@
</span><span class="cx"> ArrayAllocationProfile* arrayAllocationProfile;
</span><span class="cx"> ObjectAllocationProfile* objectAllocationProfile;
</span><span class="cx"> VariableWatchpointSet* watchpointSet;
</span><ins>+ WriteBarrierBase<JSActivation> activation;
</ins><span class="cx"> void* pointer;
</span><span class="cx"> bool* predicatePointer;
</span><span class="cx"> } u;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeOpcodeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/Opcode.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/Opcode.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/bytecode/Opcode.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -169,7 +169,7 @@
</span><span class="cx"> macro(op_get_pnames, 6) \
</span><span class="cx"> macro(op_next_pname, 7) \
</span><span class="cx"> \
</span><del>- macro(op_resolve_scope, 5) \
</del><ins>+ macro(op_resolve_scope, 6) \
</ins><span class="cx"> macro(op_get_from_scope, 8) /* has value profiling */ \
</span><span class="cx"> macro(op_put_to_scope, 7) \
</span><span class="cx"> \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeWatchpointh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/Watchpoint.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/Watchpoint.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/bytecode/Watchpoint.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -108,6 +108,14 @@
</span><span class="cx"> fireAllSlow();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void notifyWrite()
+ {
+ if (state() == ClearWatchpoint)
+ startWatching();
+ else
+ fireAll();
+ }
+
</ins><span class="cx"> int8_t* addressOfState() { return &m_state; }
</span><span class="cx"> int8_t* addressOfSetIsNotEmpty() { return &m_setIsNotEmpty; }
</span><span class="cx">
</span><span class="lines">@@ -201,6 +209,19 @@
</span><span class="cx"> WTF::storeStoreFence();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void notifyWrite()
+ {
+ if (isFat()) {
+ fat()->notifyWrite();
+ return;
+ }
+ if (decodeState(m_data) == ClearWatchpoint)
+ m_data = encodeState(IsWatched);
+ else
+ m_data = encodeState(IsInvalidated);
+ WTF::storeStoreFence();
+ }
+
</ins><span class="cx"> private:
</span><span class="cx"> static const uintptr_t IsThinFlag = 1;
</span><span class="cx"> static const uintptr_t StateMask = 6;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecompilerBytecodeGeneratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -1212,6 +1212,8 @@
</span><span class="cx">
</span><span class="cx"> RegisterID* BytecodeGenerator::emitResolveScope(RegisterID* dst, const Identifier& identifier)
</span><span class="cx"> {
</span><ins>+ m_codeBlock->addPropertyAccessInstruction(instructions().size());
+
</ins><span class="cx"> ASSERT(!m_symbolTable || !m_symbolTable->contains(identifier.impl()) || resolveType() == Dynamic);
</span><span class="cx">
</span><span class="cx"> // resolve_scope dst, id, ResolveType, depth
</span><span class="lines">@@ -1220,6 +1222,7 @@
</span><span class="cx"> instructions().append(addConstant(identifier));
</span><span class="cx"> instructions().append(resolveType());
</span><span class="cx"> instructions().append(0);
</span><ins>+ instructions().append(0);
</ins><span class="cx"> return dst;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -1145,6 +1145,9 @@
</span><span class="cx"> m_graph, m_codeBlock->globalObjectFor(node->codeOrigin)->activationStructure());
</span><span class="cx"> m_state.setHaveStructures(true);
</span><span class="cx"> break;
</span><ins>+
+ case ActivationAllocationWatchpoint:
+ break;
</ins><span class="cx">
</span><span class="cx"> case CreateArguments:
</span><span class="cx"> forNode(node).setType(SpecArguments);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -36,6 +36,7 @@
</span><span class="cx"> #include "DFGCapabilities.h"
</span><span class="cx"> #include "DFGJITCode.h"
</span><span class="cx"> #include "GetByIdStatus.h"
</span><ins>+#include "JSActivation.h"
</ins><span class="cx"> #include "Operations.h"
</span><span class="cx"> #include "PreciseJumpTargets.h"
</span><span class="cx"> #include "PutByIdStatus.h"
</span><span class="lines">@@ -3046,9 +3047,18 @@
</span><span class="cx"> set(VirtualRegister(dst), cellConstant(m_inlineStackTop->m_codeBlock->globalObject()));
</span><span class="cx"> break;
</span><span class="cx"> case ClosureVar:
</span><del>- case ClosureVarWithVarInjectionChecks:
- set(VirtualRegister(dst), getScope(m_inlineStackTop->m_codeBlock->needsActivation(), depth));
</del><ins>+ case ClosureVarWithVarInjectionChecks: {
+ JSActivation* activation = currentInstruction[5].u.activation.get();
+ if (activation
+ && activation->symbolTable()->m_activationAllocatedOnce.isStillValid()) {
+ addToGraph(ActivationAllocationWatchpoint, OpInfo(activation->symbolTable()));
+ set(VirtualRegister(dst), cellConstant(activation));
+ break;
+ }
+ set(VirtualRegister(dst),
+ getScope(m_inlineStackTop->m_codeBlock->needsActivation(), depth));
</ins><span class="cx"> break;
</span><ins>+ }
</ins><span class="cx"> case Dynamic:
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> break;
</span><span class="lines">@@ -3063,14 +3073,20 @@
</span><span class="cx"> StringImpl* uid = m_graph.identifiers()[identifierNumber];
</span><span class="cx"> ResolveType resolveType = ResolveModeAndType(currentInstruction[4].u.operand).type();
</span><span class="cx">
</span><del>- Structure* structure;
</del><ins>+ Structure* structure = 0;
+ WatchpointSet* watchpoints = 0;
</ins><span class="cx"> uintptr_t operand;
</span><span class="cx"> {
</span><span class="cx"> ConcurrentJITLocker locker(m_inlineStackTop->m_profiledBlock->m_lock);
</span><del>- structure = currentInstruction[5].u.structure.get();
</del><ins>+ if (resolveType == GlobalVar || resolveType == GlobalVarWithVarInjectionChecks)
+ watchpoints = currentInstruction[5].u.watchpointSet;
+ else
+ structure = currentInstruction[5].u.structure.get();
</ins><span class="cx"> operand = reinterpret_cast<uintptr_t>(currentInstruction[6].u.pointer);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ UNUSED_PARAM(watchpoints); // We will use this in the future. For now we set it as a way of documenting the fact that that's what index 5 is in GlobalVar mode.
+
</ins><span class="cx"> SpeculatedType prediction = getPrediction();
</span><span class="cx"> JSGlobalObject* globalObject = m_inlineStackTop->m_codeBlock->globalObject();
</span><span class="cx">
</span><span class="lines">@@ -3101,7 +3117,7 @@
</span><span class="cx"> set(VirtualRegister(dst), addToGraph(GetGlobalVar, OpInfo(operand), OpInfo(prediction)));
</span><span class="cx"> break;
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> addToGraph(VariableWatchpoint, OpInfo(watchpointSet));
</span><span class="cx"> if (specificValue.isCell())
</span><span class="cx"> set(VirtualRegister(dst), cellConstant(specificValue.asCell()));
</span><span class="lines">@@ -3110,11 +3126,13 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx"> case ClosureVar:
</span><del>- case ClosureVarWithVarInjectionChecks:
</del><ins>+ case ClosureVarWithVarInjectionChecks: {
+ Node* scopeNode = get(VirtualRegister(scope));
</ins><span class="cx"> set(VirtualRegister(dst),
</span><span class="cx"> addToGraph(GetClosureVar, OpInfo(operand), OpInfo(prediction),
</span><del>- addToGraph(GetClosureRegisters, get(VirtualRegister(scope)))));
</del><ins>+ addToGraph(GetClosureRegisters, scopeNode)));
</ins><span class="cx"> break;
</span><ins>+ }
</ins><span class="cx"> case Dynamic:
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGCSEPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGCSEPhase.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -227,7 +227,7 @@
</span><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- Node* scopedVarLoadElimination(Node* registers, unsigned varNumber)
</del><ins>+ Node* scopedVarLoadElimination(Node* registers, int varNumber)
</ins><span class="cx"> {
</span><span class="cx"> for (unsigned i = m_indexInBlock; i--;) {
</span><span class="cx"> Node* node = m_currentBlock->at(i);
</span><span class="lines">@@ -296,7 +296,7 @@
</span><span class="cx"> return 0;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- Node* scopedVarStoreElimination(Node* scope, Node* registers, unsigned varNumber)
</del><ins>+ Node* scopedVarStoreElimination(Node* scope, Node* registers, int varNumber)
</ins><span class="cx"> {
</span><span class="cx"> for (unsigned i = m_indexInBlock; i--;) {
</span><span class="cx"> Node* node = m_currentBlock->at(i);
</span><span class="lines">@@ -316,7 +316,8 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case GetLocal: {
</del><ins>+ case GetLocal:
+ case SetLocal: {
</ins><span class="cx"> VariableAccessData* variableAccessData = node->variableAccessData();
</span><span class="cx"> if (variableAccessData->isCaptured()
</span><span class="cx"> && variableAccessData->local() == static_cast<VirtualRegister>(varNumber))
</span><span class="lines">@@ -829,6 +830,7 @@
</span><span class="cx"> }
</span><span class="cx"> break;
</span><span class="cx">
</span><ins>+ case GetClosureVar:
</ins><span class="cx"> case PutClosureVar:
</span><span class="cx"> if (static_cast<VirtualRegister>(node->varNumber()) == local)
</span><span class="cx"> return 0;
</span><span class="lines">@@ -882,6 +884,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case GetClosureVar:
</span><ins>+ case PutClosureVar:
</ins><span class="cx"> if (static_cast<VirtualRegister>(node->varNumber()) == local)
</span><span class="cx"> result.mayBeAccessed = true;
</span><span class="cx"> break;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGClobberizeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGClobberize.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGClobberize.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGClobberize.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -155,9 +155,14 @@
</span><span class="cx"> case CreateActivation:
</span><span class="cx"> case CreateArguments:
</span><span class="cx"> write(SideState);
</span><ins>+ write(Watchpoint_fire);
</ins><span class="cx"> read(GCState);
</span><span class="cx"> write(GCState);
</span><span class="cx"> return;
</span><ins>+
+ case ActivationAllocationWatchpoint:
+ read(Watchpoint_fire);
+ return;
</ins><span class="cx">
</span><span class="cx"> // These are forward-exiting nodes that assume that the subsequent instruction
</span><span class="cx"> // is a MovHint, and they try to roll forward over this MovHint in their
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGFixupPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -954,6 +954,7 @@
</span><span class="cx"> case Unreachable:
</span><span class="cx"> case ExtractOSREntryLocal:
</span><span class="cx"> case LoopHint:
</span><ins>+ case ActivationAllocationWatchpoint:
</ins><span class="cx"> break;
</span><span class="cx"> #else
</span><span class="cx"> default:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGGraphcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -35,6 +35,7 @@
</span><span class="cx"> #include "FullBytecodeLiveness.h"
</span><span class="cx"> #include "FunctionExecutableDump.h"
</span><span class="cx"> #include "JIT.h"
</span><ins>+#include "JSActivation.h"
</ins><span class="cx"> #include "OperandsInlines.h"
</span><span class="cx"> #include "Operations.h"
</span><span class="cx"> #include <wtf/CommaPrinter.h>
</span><span class="lines">@@ -722,6 +723,18 @@
</span><span class="cx"> return std::max(frameRegisterCount(), requiredRegisterCountForExit());
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+WriteBarrierBase<Unknown>* Graph::tryGetRegisters(Node* node)
+{
+ if (!node->hasConstant())
+ return 0;
+ JSActivation* activation = jsDynamicCast<JSActivation*>(valueOfJSConstant(node));
+ if (!activation)
+ return 0;
+ if (!activation->isTornOff())
+ return 0;
+ return activation->registers();
+}
+
</ins><span class="cx"> } } // namespace JSC::DFG
</span><span class="cx">
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGGraphh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGGraph.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGGraph.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGGraph.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -791,6 +791,8 @@
</span><span class="cx"> unsigned requiredRegisterCountForExit();
</span><span class="cx"> unsigned requiredRegisterCountForExecutionAndExit();
</span><span class="cx">
</span><ins>+ WriteBarrierBase<Unknown>* tryGetRegisters(Node*);
+
</ins><span class="cx"> VM& m_vm;
</span><span class="cx"> Plan& m_plan;
</span><span class="cx"> CodeBlock* m_codeBlock;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNode.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNode.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGNode.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -742,7 +742,7 @@
</span><span class="cx"> return op() == GetClosureVar || op() == PutClosureVar;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- unsigned varNumber()
</del><ins>+ int varNumber()
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(hasVarNumber());
</span><span class="cx"> return m_opInfo;
</span><span class="lines">@@ -757,7 +757,7 @@
</span><span class="cx"> {
</span><span class="cx"> return bitwise_cast<WriteBarrier<Unknown>*>(m_opInfo);
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> bool hasResult()
</span><span class="cx"> {
</span><span class="cx"> return m_flags & NodeResultMask;
</span><span class="lines">@@ -1061,6 +1061,17 @@
</span><span class="cx"> return m_opInfo;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ bool hasSymbolTable()
+ {
+ return op() == ActivationAllocationWatchpoint;
+ }
+
+ SymbolTable* symbolTable()
+ {
+ ASSERT(hasSymbolTable());
+ return reinterpret_cast<SymbolTable*>(m_opInfo);
+ }
+
</ins><span class="cx"> bool hasArrayMode()
</span><span class="cx"> {
</span><span class="cx"> switch (op()) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodeTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNodeType.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNodeType.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGNodeType.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -187,6 +187,7 @@
</span><span class="cx"> macro(NotifyWrite, NodeMustGenerate) \
</span><span class="cx"> macro(VariableWatchpoint, NodeMustGenerate) \
</span><span class="cx"> macro(VarInjectionWatchpoint, NodeMustGenerate) \
</span><ins>+ macro(ActivationAllocationWatchpoint, NodeMustGenerate) \
</ins><span class="cx"> macro(CheckFunction, NodeMustGenerate) \
</span><span class="cx"> macro(AllocationProfileWatchpoint, NodeMustGenerate) \
</span><span class="cx"> \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPredictionPropagationPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -583,6 +583,7 @@
</span><span class="cx"> case Unreachable:
</span><span class="cx"> case LoopHint:
</span><span class="cx"> case NotifyWrite:
</span><ins>+ case ActivationAllocationWatchpoint:
</ins><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> // This gets ignored because it already has a prediction.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSafeToExecuteh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -243,6 +243,7 @@
</span><span class="cx"> case Int52ToValue:
</span><span class="cx"> case InvalidationPoint:
</span><span class="cx"> case NotifyWrite:
</span><ins>+ case ActivationAllocationWatchpoint:
</ins><span class="cx"> return true;
</span><span class="cx">
</span><span class="cx"> case GetByVal:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -3686,6 +3686,14 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case GetClosureRegisters: {
</span><ins>+ if (WriteBarrierBase<Unknown>* registers = m_jit.graph().tryGetRegisters(node->child1().node())) {
+ GPRTemporary result(this);
+ GPRReg resultGPR = result.gpr();
+ m_jit.move(TrustedImmPtr(registers), resultGPR);
+ storageResult(resultGPR);
+ break;
+ }
+
</ins><span class="cx"> SpeculateCellOperand scope(this, node->child1());
</span><span class="cx"> GPRTemporary result(this);
</span><span class="cx"> GPRReg scopeGPR = scope.gpr();
</span><span class="lines">@@ -3720,7 +3728,7 @@
</span><span class="cx">
</span><span class="cx"> m_jit.store32(valueTagGPR, JITCompiler::Address(registersGPR, node->varNumber() * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag)));
</span><span class="cx"> m_jit.store32(valuePayloadGPR, JITCompiler::Address(registersGPR, node->varNumber() * sizeof(Register) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
</span><del>- writeBarrier(scopeGPR, valueTagGPR, node->child2(), WriteBarrierForVariableAccess, scratchGPR);
</del><ins>+ writeBarrier(scopeGPR, valueTagGPR, node->child3(), WriteBarrierForVariableAccess, scratchGPR);
</ins><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="lines">@@ -4345,6 +4353,11 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case ActivationAllocationWatchpoint: {
+ noResult(node);
+ break;
+ }
+
</ins><span class="cx"> case CreateArguments: {
</span><span class="cx"> JSValueOperand value(this, node->child1());
</span><span class="cx"> GPRTemporary result(this, Reuse, value, PayloadWord);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -3990,6 +3990,14 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case GetClosureRegisters: {
</span><ins>+ if (WriteBarrierBase<Unknown>* registers = m_jit.graph().tryGetRegisters(node->child1().node())) {
+ GPRTemporary result(this);
+ GPRReg resultGPR = result.gpr();
+ m_jit.move(TrustedImmPtr(registers), resultGPR);
+ storageResult(resultGPR, node);
+ break;
+ }
+
</ins><span class="cx"> SpeculateCellOperand scope(this, node->child1());
</span><span class="cx"> GPRTemporary result(this);
</span><span class="cx"> GPRReg scopeGPR = scope.gpr();
</span><span class="lines">@@ -4620,6 +4628,11 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ case ActivationAllocationWatchpoint: {
+ noResult(node);
+ break;
+ }
+
</ins><span class="cx"> case CreateArguments: {
</span><span class="cx"> JSValueOperand value(this, node->child1());
</span><span class="cx"> GPRTemporary result(this, Reuse, value);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGWatchpointCollectionPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -126,6 +126,10 @@
</span><span class="cx"> addLazily(globalObject()->varInjectionWatchpoint());
</span><span class="cx"> break;
</span><span class="cx">
</span><ins>+ case ActivationAllocationWatchpoint:
+ addLazily(m_node->symbolTable()->m_activationAllocatedOnce);
+ break;
+
</ins><span class="cx"> default:
</span><span class="cx"> break;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLCapabilitiescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -102,6 +102,7 @@
</span><span class="cx"> case CheckFunction:
</span><span class="cx"> case StringCharCodeAt:
</span><span class="cx"> case AllocatePropertyStorage:
</span><ins>+ case ActivationAllocationWatchpoint:
</ins><span class="cx"> case VariableWatchpoint:
</span><span class="cx"> case NotifyWrite:
</span><span class="cx"> // These are OK.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -399,6 +399,8 @@
</span><span class="cx"> break;
</span><span class="cx"> case VariableWatchpoint:
</span><span class="cx"> break;
</span><ins>+ case ActivationAllocationWatchpoint:
+ break;
</ins><span class="cx"> case GetMyScope:
</span><span class="cx"> compileGetMyScope();
</span><span class="cx"> break;
</span><span class="lines">@@ -2192,6 +2194,11 @@
</span><span class="cx">
</span><span class="cx"> void compileGetClosureRegisters()
</span><span class="cx"> {
</span><ins>+ if (WriteBarrierBase<Unknown>* registers = m_graph.tryGetRegisters(m_node->child1().node())) {
+ setStorage(m_out.constIntPtr(registers));
+ return;
+ }
+
</ins><span class="cx"> setStorage(m_out.loadPtr(
</span><span class="cx"> lowCell(m_node->child1()), m_heaps.JSVariableObject_registers));
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLowLevelInterpreter32_64asm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -2006,39 +2006,39 @@
</span><span class="cx"> #rGlobalProperty:
</span><span class="cx"> bineq t0, GlobalProperty, .rGlobalVar
</span><span class="cx"> getGlobalObject(1)
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rGlobalVar:
</span><span class="cx"> bineq t0, GlobalVar, .rClosureVar
</span><span class="cx"> getGlobalObject(1)
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rClosureVar:
</span><span class="cx"> bineq t0, ClosureVar, .rGlobalPropertyWithVarInjectionChecks
</span><span class="cx"> resolveScope()
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rGlobalPropertyWithVarInjectionChecks:
</span><span class="cx"> bineq t0, GlobalPropertyWithVarInjectionChecks, .rGlobalVarWithVarInjectionChecks
</span><span class="cx"> varInjectionCheck(.rDynamic)
</span><span class="cx"> getGlobalObject(1)
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rGlobalVarWithVarInjectionChecks:
</span><span class="cx"> bineq t0, GlobalVarWithVarInjectionChecks, .rClosureVarWithVarInjectionChecks
</span><span class="cx"> varInjectionCheck(.rDynamic)
</span><span class="cx"> getGlobalObject(1)
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rClosureVarWithVarInjectionChecks:
</span><span class="cx"> bineq t0, ClosureVarWithVarInjectionChecks, .rDynamic
</span><span class="cx"> varInjectionCheck(.rDynamic)
</span><span class="cx"> resolveScope()
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rDynamic:
</span><span class="cx"> callSlowPath(_llint_slow_path_resolve_scope)
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> macro loadWithStructureCheck(operand, slowPath)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLowLevelInterpreter64asm"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -1831,39 +1831,39 @@
</span><span class="cx"> #rGlobalProperty:
</span><span class="cx"> bineq t0, GlobalProperty, .rGlobalVar
</span><span class="cx"> getGlobalObject(1)
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rGlobalVar:
</span><span class="cx"> bineq t0, GlobalVar, .rClosureVar
</span><span class="cx"> getGlobalObject(1)
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rClosureVar:
</span><span class="cx"> bineq t0, ClosureVar, .rGlobalPropertyWithVarInjectionChecks
</span><span class="cx"> resolveScope()
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rGlobalPropertyWithVarInjectionChecks:
</span><span class="cx"> bineq t0, GlobalPropertyWithVarInjectionChecks, .rGlobalVarWithVarInjectionChecks
</span><span class="cx"> varInjectionCheck(.rDynamic)
</span><span class="cx"> getGlobalObject(1)
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rGlobalVarWithVarInjectionChecks:
</span><span class="cx"> bineq t0, GlobalVarWithVarInjectionChecks, .rClosureVarWithVarInjectionChecks
</span><span class="cx"> varInjectionCheck(.rDynamic)
</span><span class="cx"> getGlobalObject(1)
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rClosureVarWithVarInjectionChecks:
</span><span class="cx"> bineq t0, ClosureVarWithVarInjectionChecks, .rDynamic
</span><span class="cx"> varInjectionCheck(.rDynamic)
</span><span class="cx"> resolveScope()
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx"> .rDynamic:
</span><span class="cx"> callSlowPath(_llint_slow_path_resolve_scope)
</span><del>- dispatch(5)
</del><ins>+ dispatch(6)
</ins><span class="cx">
</span><span class="cx">
</span><span class="cx"> macro loadWithStructureCheck(operand, slowPath)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSActivationh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSActivation.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSActivation.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/runtime/JSActivation.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -50,6 +50,7 @@
</span><span class="cx"> {
</span><span class="cx"> SymbolTable* symbolTable = codeBlock->symbolTable();
</span><span class="cx"> ASSERT(codeBlock->codeType() == FunctionCode);
</span><ins>+ symbolTable->m_activationAllocatedOnce.notifyWrite();
</ins><span class="cx"> JSActivation* activation = new (
</span><span class="cx"> NotNull,
</span><span class="cx"> allocateCell<JSActivation>(
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSScopecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSScope.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSScope.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/runtime/JSScope.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -53,19 +53,19 @@
</span><span class="cx"> if (JSActivation* activation = jsDynamicCast<JSActivation*>(scope)) {
</span><span class="cx"> if (ident == exec->propertyNames().arguments) {
</span><span class="cx"> // We know the property will be at this activation scope, but we don't know how to cache it.
</span><del>- op = ResolveOp(Dynamic, 0, 0, 0, 0);
</del><ins>+ op = ResolveOp(Dynamic, 0, 0, 0, 0, 0);
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> SymbolTableEntry entry = activation->symbolTable()->get(ident.impl());
</span><span class="cx"> if (entry.isReadOnly() && getOrPut == Put) {
</span><span class="cx"> // We know the property will be at this activation scope, but we don't know how to cache it.
</span><del>- op = ResolveOp(Dynamic, 0, 0, 0, 0);
</del><ins>+ op = ResolveOp(Dynamic, 0, 0, 0, 0, 0);
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (!entry.isNull()) {
</span><del>- op = ResolveOp(makeType(ClosureVar, needsVarInjectionChecks), depth, activation->structure(), 0, entry.getIndex());
</del><ins>+ op = ResolveOp(makeType(ClosureVar, needsVarInjectionChecks), depth, 0, activation, 0, entry.getIndex());
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -79,12 +79,12 @@
</span><span class="cx"> if (!entry.isNull()) {
</span><span class="cx"> if (getOrPut == Put && entry.isReadOnly()) {
</span><span class="cx"> // We know the property will be at global scope, but we don't know how to cache it.
</span><del>- op = ResolveOp(Dynamic, 0, 0, 0, 0);
</del><ins>+ op = ResolveOp(Dynamic, 0, 0, 0, 0, 0);
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> op = ResolveOp(
</span><del>- makeType(GlobalVar, needsVarInjectionChecks), depth, 0, entry.watchpointSet(),
</del><ins>+ makeType(GlobalVar, needsVarInjectionChecks), depth, 0, 0, entry.watchpointSet(),
</ins><span class="cx"> reinterpret_cast<uintptr_t>(globalObject->registerAt(entry.getIndex()).slot()));
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="lines">@@ -96,15 +96,15 @@
</span><span class="cx"> || (globalObject->structure()->hasReadOnlyOrGetterSetterPropertiesExcludingProto() && getOrPut == Put)) {
</span><span class="cx"> // We know the property will be at global scope, but we don't know how to cache it.
</span><span class="cx"> ASSERT(!scope->next());
</span><del>- op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, 0, 0, 0);
</del><ins>+ op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, 0, 0, 0, 0);
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, globalObject->structure(), 0, slot.cachedOffset());
</del><ins>+ op = ResolveOp(makeType(GlobalProperty, needsVarInjectionChecks), depth, globalObject->structure(), 0, 0, slot.cachedOffset());
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- op = ResolveOp(Dynamic, 0, 0, 0, 0);
</del><ins>+ op = ResolveOp(Dynamic, 0, 0, 0, 0, 0);
</ins><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -142,7 +142,7 @@
</span><span class="cx">
</span><span class="cx"> ResolveOp JSScope::abstractResolve(ExecState* exec, JSScope* scope, const Identifier& ident, GetOrPut getOrPut, ResolveType unlinkedType)
</span><span class="cx"> {
</span><del>- ResolveOp op(Dynamic, 0, 0, 0, 0);
</del><ins>+ ResolveOp op(Dynamic, 0, 0, 0, 0, 0);
</ins><span class="cx"> if (unlinkedType == Dynamic)
</span><span class="cx"> return op;
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSScopeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSScope.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSScope.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/runtime/JSScope.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -96,10 +96,11 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> struct ResolveOp {
</span><del>- ResolveOp(ResolveType type, size_t depth, Structure* structure, VariableWatchpointSet* watchpointSet, uintptr_t operand)
</del><ins>+ ResolveOp(ResolveType type, size_t depth, Structure* structure, JSActivation* activation, VariableWatchpointSet* watchpointSet, uintptr_t operand)
</ins><span class="cx"> : type(type)
</span><span class="cx"> , depth(depth)
</span><span class="cx"> , structure(structure)
</span><ins>+ , activation(activation)
</ins><span class="cx"> , watchpointSet(watchpointSet)
</span><span class="cx"> , operand(operand)
</span><span class="cx"> {
</span><span class="lines">@@ -108,6 +109,7 @@
</span><span class="cx"> ResolveType type;
</span><span class="cx"> size_t depth;
</span><span class="cx"> Structure* structure;
</span><ins>+ JSActivation* activation;
</ins><span class="cx"> VariableWatchpointSet* watchpointSet;
</span><span class="cx"> uintptr_t operand;
</span><span class="cx"> };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSVariableObjecth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSVariableObject.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSVariableObject.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/runtime/JSVariableObject.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -46,6 +46,7 @@
</span><span class="cx"> public:
</span><span class="cx"> typedef JSSymbolTableObject Base;
</span><span class="cx">
</span><ins>+ WriteBarrierBase<Unknown>* registers() { return m_registers; }
</ins><span class="cx"> WriteBarrierBase<Unknown>& registerAt(int index) const { return m_registers[index]; }
</span><span class="cx">
</span><span class="cx"> WriteBarrierBase<Unknown>* const * addressOfRegisters() const { return &m_registers; }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSymbolTablecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/runtime/SymbolTable.cpp 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -99,6 +99,7 @@
</span><span class="cx"> , m_usesNonStrictEval(false)
</span><span class="cx"> , m_captureStart(0)
</span><span class="cx"> , m_captureEnd(0)
</span><ins>+ , m_activationAllocatedOnce(ClearWatchpoint)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeSymbolTableh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/SymbolTable.h (159833 => 159834)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/SymbolTable.h 2013-11-28 04:34:08 UTC (rev 159833)
+++ trunk/Source/JavaScriptCore/runtime/SymbolTable.h 2013-11-28 07:10:10 UTC (rev 159834)
</span><span class="lines">@@ -497,6 +497,8 @@
</span><span class="cx"> std::unique_ptr<WatchpointCleanup> m_watchpointCleanup;
</span><span class="cx">
</span><span class="cx"> public:
</span><ins>+ InlineWatchpointSet m_activationAllocatedOnce;
+
</ins><span class="cx"> mutable ConcurrentJITLock m_lock;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>