<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[160292] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/160292">160292</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2013-12-08 11:01:17 -0800 (Sun, 08 Dec 2013)</dd>
</dl>
<h3>Log Message</h3>
<pre>Fold typedArray.length if typedArray is constant
https://bugs.webkit.org/show_bug.cgi?id=125252
Source/JavaScriptCore:
Reviewed by Sam Weinig.
This was meant to be easy. The problem is that there was no good place for putting
the folding of typedArray.length to a constant. You can't quite do it in the
bytecode parser because at that point you don't yet know if typedArray is really
a typed array. You can't do it as part of constant folding because the folder
assumes that it can opportunistically forward-flow a constant value without changing
the IR; this doesn't work since we need to first change the IR to register a
desired watchpoint and only after that can we introduce that constant. We could have
done it in Fixup but that would have been awkward since Fixup's code for turning a
GetById of "length" into GetArrayLength is already somewhat complex. We could have
done it in CSE but CSE is already fairly gnarly and will probably get rewritten.
So I introduced a new phase, called StrengthReduction. This phase should have any
transformations that don't requite CFA or CSE and that it would be weird to put into
those other phases.
I also took the opportunity to refactor some of the other folding code.
This also adds a test, but the test couldn't quite be a LayoutTests/js/regress so I
introduced the notion of JavaScriptCore/tests/stress.
The goal of this patch isn't really to improve performance or anything like that.
It adds an optimization for completeness, and in doing so it unlocks a bunch of new
possibilities. The one that I'm most excited about is revealing array length checks
in DFG IR, which will allow for array bounds check hoisting and elimination.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetFoldableView):
(JSC::DFG::Graph::tryGetFoldableViewForChild1):
* dfg/DFGGraph.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasTypedArray):
(JSC::DFG::Node::typedArray):
* dfg/DFGNodeType.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
(JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStrengthReductionPhase.cpp: Added.
(JSC::DFG::StrengthReductionPhase::StrengthReductionPhase):
(JSC::DFG::StrengthReductionPhase::run):
(JSC::DFG::StrengthReductionPhase::handleNode):
(JSC::DFG::StrengthReductionPhase::foldTypedArrayPropertyToConstant):
(JSC::DFG::performStrengthReduction):
* dfg/DFGStrengthReductionPhase.h: Added.
* dfg/DFGWatchpointCollectionPhase.cpp:
(JSC::DFG::WatchpointCollectionPhase::handle):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::typedArrayLength):
* jsc.cpp:
(GlobalObject::finishCreation):
(functionTransferArrayBuffer):
* runtime/ArrayBufferView.h:
* tests/stress: Added.
* tests/stress/fold-typed-array-properties.js: Added.
(foo):
Tools:
Reviewed by Sam Weinig.
Add Source/JavaScriptCore/tests/stress to the set of JS tests. This is where you
should put tests that run just like JSRegress but don't run as part of LayoutTests.
Currently I'm using it for tests that require some surgical support from jsc.cpp.
* Scripts/run-javascriptcore-tests:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreCMakeListstxt">trunk/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreGNUmakefilelistam">trunk/Source/JavaScriptCore/GNUmakefile.list.am</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj">trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh">trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGClobberizeh">trunk/Source/JavaScriptCore/dfg/DFGClobberize.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGFixupPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGGraphcpp">trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGGraphh">trunk/Source/JavaScriptCore/dfg/DFGGraph.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodeh">trunk/Source/JavaScriptCore/dfg/DFGNode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodeTypeh">trunk/Source/JavaScriptCore/dfg/DFGNodeType.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPlancpp">trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPredictionPropagationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSafeToExecuteh">trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGWatchpointCollectionPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLCapabilitiescpp">trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejsccpp">trunk/Source/JavaScriptCore/jsc.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeArrayBufferViewh">trunk/Source/JavaScriptCore/runtime/ArrayBufferView.h</a></li>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
<li><a href="#trunkToolsScriptsrunjavascriptcoretests">trunk/Tools/Scripts/run-javascriptcore-tests</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoredfgDFGStrengthReductionPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGStrengthReductionPhaseh">trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.h</a></li>
<li>trunk/Source/JavaScriptCore/tests/stress/</li>
<li><a href="#trunkSourceJavaScriptCoretestsstressfoldtypedarraypropertiesjs">trunk/Source/JavaScriptCore/tests/stress/fold-typed-array-properties.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/CMakeLists.txt (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/CMakeLists.txt 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/CMakeLists.txt 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -166,6 +166,7 @@
</span><span class="cx"> dfg/DFGSpeculativeJIT32_64.cpp
</span><span class="cx"> dfg/DFGSpeculativeJIT64.cpp
</span><span class="cx"> dfg/DFGStackLayoutPhase.cpp
</span><ins>+ dfg/DFGStrengthReductionPhase.cpp
</ins><span class="cx"> dfg/DFGThunks.cpp
</span><span class="cx"> dfg/DFGTierUpCheckInjectionPhase.cpp
</span><span class="cx"> dfg/DFGTypeCheckHoistingPhase.cpp
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/ChangeLog 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -1,3 +1,90 @@
</span><ins>+2013-12-07 Filip Pizlo <fpizlo@apple.com>
+
+ Fold typedArray.length if typedArray is constant
+ https://bugs.webkit.org/show_bug.cgi?id=125252
+
+ Reviewed by Sam Weinig.
+
+ This was meant to be easy. The problem is that there was no good place for putting
+ the folding of typedArray.length to a constant. You can't quite do it in the
+ bytecode parser because at that point you don't yet know if typedArray is really
+ a typed array. You can't do it as part of constant folding because the folder
+ assumes that it can opportunistically forward-flow a constant value without changing
+ the IR; this doesn't work since we need to first change the IR to register a
+ desired watchpoint and only after that can we introduce that constant. We could have
+ done it in Fixup but that would have been awkward since Fixup's code for turning a
+ GetById of "length" into GetArrayLength is already somewhat complex. We could have
+ done it in CSE but CSE is already fairly gnarly and will probably get rewritten.
+
+ So I introduced a new phase, called StrengthReduction. This phase should have any
+ transformations that don't requite CFA or CSE and that it would be weird to put into
+ those other phases.
+
+ I also took the opportunity to refactor some of the other folding code.
+
+ This also adds a test, but the test couldn't quite be a LayoutTests/js/regress so I
+ introduced the notion of JavaScriptCore/tests/stress.
+
+ The goal of this patch isn't really to improve performance or anything like that.
+ It adds an optimization for completeness, and in doing so it unlocks a bunch of new
+ possibilities. The one that I'm most excited about is revealing array length checks
+ in DFG IR, which will allow for array bounds check hoisting and elimination.
+
+ * CMakeLists.txt:
+ * GNUmakefile.list.am:
+ * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::::executeEffects):
+ * dfg/DFGClobberize.h:
+ (JSC::DFG::clobberize):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::tryGetFoldableView):
+ (JSC::DFG::Graph::tryGetFoldableViewForChild1):
+ * dfg/DFGGraph.h:
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasTypedArray):
+ (JSC::DFG::Node::typedArray):
+ * dfg/DFGNodeType.h:
+ * dfg/DFGPlan.cpp:
+ (JSC::DFG::Plan::compileInThreadImpl):
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::safeToExecute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
+ (JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGStrengthReductionPhase.cpp: Added.
+ (JSC::DFG::StrengthReductionPhase::StrengthReductionPhase):
+ (JSC::DFG::StrengthReductionPhase::run):
+ (JSC::DFG::StrengthReductionPhase::handleNode):
+ (JSC::DFG::StrengthReductionPhase::foldTypedArrayPropertyToConstant):
+ (JSC::DFG::performStrengthReduction):
+ * dfg/DFGStrengthReductionPhase.h: Added.
+ * dfg/DFGWatchpointCollectionPhase.cpp:
+ (JSC::DFG::WatchpointCollectionPhase::handle):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::compileNode):
+ (JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage):
+ (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
+ (JSC::FTL::LowerDFGToLLVM::typedArrayLength):
+ * jsc.cpp:
+ (GlobalObject::finishCreation):
+ (functionTransferArrayBuffer):
+ * runtime/ArrayBufferView.h:
+ * tests/stress: Added.
+ * tests/stress/fold-typed-array-properties.js: Added.
+ (foo):
+
</ins><span class="cx"> 2013-12-07 peavo@outlook.com <peavo@outlook.com>
</span><span class="cx">
</span><span class="cx"> [Win][64-bit] Hitting breakpoint assembler instruction in callToJavaScript.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreGNUmakefilelistam"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/GNUmakefile.list.am (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/GNUmakefile.list.am 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/GNUmakefile.list.am 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -379,6 +379,8 @@
</span><span class="cx"> Source/JavaScriptCore/dfg/DFGSSAConversionPhase.h \
</span><span class="cx"> Source/JavaScriptCore/dfg/DFGStackLayoutPhase.cpp \
</span><span class="cx"> Source/JavaScriptCore/dfg/DFGStackLayoutPhase.h \
</span><ins>+ Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp \
+ Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.h \
</ins><span class="cx"> Source/JavaScriptCore/dfg/DFGStructureAbstractValue.h \
</span><span class="cx"> Source/JavaScriptCore/dfg/DFGTierUpCheckInjectionPhase.cpp \
</span><span class="cx"> Source/JavaScriptCore/dfg/DFGTierUpCheckInjectionPhase.h \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorevcxprojJavaScriptCorevcxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -412,6 +412,7 @@
</span><span class="cx"> <ClCompile Include="..\dfg\DFGSpeculativeJIT64.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGSSAConversionPhase.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGStackLayoutPhase.cpp" />
</span><ins>+ <ClCompile Include="..\dfg\DFGStrengthReductionPhase.cpp" />
</ins><span class="cx"> <ClCompile Include="..\dfg\DFGThunks.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGTierUpCheckInjectionPhase.cpp" />
</span><span class="cx"> <ClCompile Include="..\dfg\DFGToFTLDeferredCompilationCallback.cpp" />
</span><span class="lines">@@ -918,6 +919,7 @@
</span><span class="cx"> <ClInclude Include="..\dfg\DFGSpeculativeJIT.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGSSAConversionPhase.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGStackLayoutPhase.h" />
</span><ins>+ <ClInclude Include="..\dfg\DFGStrengthReductionPhase.h" />
</ins><span class="cx"> <ClInclude Include="..\dfg\DFGStructureAbstractValue.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGThunks.h" />
</span><span class="cx"> <ClInclude Include="..\dfg\DFGTierUpCheckInjectionPhase.h" />
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -379,6 +379,8 @@
</span><span class="cx"> 0FC09792146A6F7300CF2442 /* DFGOSRExitCompiler.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FC0978F146A6F6300CF2442 /* DFGOSRExitCompiler.cpp */; };
</span><span class="cx"> 0FC097A1146B28CA00CF2442 /* DFGThunks.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FC0979F146B28C700CF2442 /* DFGThunks.cpp */; };
</span><span class="cx"> 0FC097A2146B28CC00CF2442 /* DFGThunks.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FC097A0146B28C700CF2442 /* DFGThunks.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0FC20CB51852E2C600C9E954 /* DFGStrengthReductionPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FC20CB31852E2C600C9E954 /* DFGStrengthReductionPhase.cpp */; };
+ 0FC20CB61852E2C600C9E954 /* DFGStrengthReductionPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FC20CB41852E2C600C9E954 /* DFGStrengthReductionPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 0FC314121814559100033232 /* RegisterSet.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FC314101814559100033232 /* RegisterSet.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FC314131814559100033232 /* TempRegisterSet.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FC314111814559100033232 /* TempRegisterSet.cpp */; };
</span><span class="cx"> 0FC3141518146D7000033232 /* RegisterSet.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FC3141418146D7000033232 /* RegisterSet.cpp */; };
</span><span class="lines">@@ -541,9 +543,9 @@
</span><span class="cx"> 0FFB921E16D02F470055A5DB /* DFGVariadicFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = 0F85A31E16AB76AE0077571E /* DFGVariadicFunction.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FFB921F16D033050055A5DB /* (null) in Headers */ = {isa = PBXBuildFile; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FFB922016D033B70055A5DB /* NodeConstructors.h in Headers */ = {isa = PBXBuildFile; fileRef = 930DAD030FB1EB1A0082D205 /* NodeConstructors.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ 0FFC99D1184EC8AD009C10AB /* ConstantMode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FFC99D0184EC8AD009C10AB /* ConstantMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> 0FFC99D4184EE318009C10AB /* ArrayBufferNeuteringWatchpoint.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FFC99D2184EE318009C10AB /* ArrayBufferNeuteringWatchpoint.cpp */; };
</span><span class="cx"> 0FFC99D5184EE318009C10AB /* ArrayBufferNeuteringWatchpoint.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FFC99D3184EE318009C10AB /* ArrayBufferNeuteringWatchpoint.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><del>- 0FFC99D1184EC8AD009C10AB /* ConstantMode.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FFC99D0184EC8AD009C10AB /* ConstantMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><span class="cx"> 0FFFC95714EF90A000C72532 /* DFGCFAPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FFFC94B14EF909500C72532 /* DFGCFAPhase.cpp */; };
</span><span class="cx"> 0FFFC95814EF90A200C72532 /* DFGCFAPhase.h in Headers */ = {isa = PBXBuildFile; fileRef = 0FFFC94C14EF909500C72532 /* DFGCFAPhase.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 0FFFC95914EF90A600C72532 /* DFGCSEPhase.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FFFC94D14EF909500C72532 /* DFGCSEPhase.cpp */; };
</span><span class="lines">@@ -1701,6 +1703,8 @@
</span><span class="cx"> 0FC0978F146A6F6300CF2442 /* DFGOSRExitCompiler.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGOSRExitCompiler.cpp; path = dfg/DFGOSRExitCompiler.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FC0979F146B28C700CF2442 /* DFGThunks.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGThunks.cpp; path = dfg/DFGThunks.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FC097A0146B28C700CF2442 /* DFGThunks.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGThunks.h; path = dfg/DFGThunks.h; sourceTree = "<group>"; };
</span><ins>+ 0FC20CB31852E2C600C9E954 /* DFGStrengthReductionPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGStrengthReductionPhase.cpp; path = dfg/DFGStrengthReductionPhase.cpp; sourceTree = "<group>"; };
+ 0FC20CB41852E2C600C9E954 /* DFGStrengthReductionPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGStrengthReductionPhase.h; path = dfg/DFGStrengthReductionPhase.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0FC314101814559100033232 /* RegisterSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RegisterSet.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FC314111814559100033232 /* TempRegisterSet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = TempRegisterSet.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FC3141418146D7000033232 /* RegisterSet.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RegisterSet.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -1848,9 +1852,9 @@
</span><span class="cx"> 0FF729A1166AD347000F5BA3 /* ProfilerOriginStack.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = ProfilerOriginStack.cpp; path = profiler/ProfilerOriginStack.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FF729A2166AD347000F5BA3 /* ProfilerOriginStack.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ProfilerOriginStack.h; path = profiler/ProfilerOriginStack.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FF922CF14F46B130041A24E /* JSCLLIntOffsetsExtractor */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = JSCLLIntOffsetsExtractor; sourceTree = BUILT_PRODUCTS_DIR; };
</span><ins>+ 0FFC99D0184EC8AD009C10AB /* ConstantMode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ConstantMode.h; sourceTree = "<group>"; };
</ins><span class="cx"> 0FFC99D2184EE318009C10AB /* ArrayBufferNeuteringWatchpoint.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ArrayBufferNeuteringWatchpoint.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FFC99D3184EE318009C10AB /* ArrayBufferNeuteringWatchpoint.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ArrayBufferNeuteringWatchpoint.h; sourceTree = "<group>"; };
</span><del>- 0FFC99D0184EC8AD009C10AB /* ConstantMode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ConstantMode.h; sourceTree = "<group>"; };
</del><span class="cx"> 0FFFC94B14EF909500C72532 /* DFGCFAPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCFAPhase.cpp; path = dfg/DFGCFAPhase.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 0FFFC94C14EF909500C72532 /* DFGCFAPhase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGCFAPhase.h; path = dfg/DFGCFAPhase.h; sourceTree = "<group>"; };
</span><span class="cx"> 0FFFC94D14EF909500C72532 /* DFGCSEPhase.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = DFGCSEPhase.cpp; path = dfg/DFGCSEPhase.cpp; sourceTree = "<group>"; };
</span><span class="lines">@@ -3962,6 +3966,8 @@
</span><span class="cx"> A7D89CF117A0B8CC00773AD8 /* DFGSSAConversionPhase.h */,
</span><span class="cx"> 0F9FB4F217FCB91700CB67F8 /* DFGStackLayoutPhase.cpp */,
</span><span class="cx"> 0F9FB4F317FCB91700CB67F8 /* DFGStackLayoutPhase.h */,
</span><ins>+ 0FC20CB31852E2C600C9E954 /* DFGStrengthReductionPhase.cpp */,
+ 0FC20CB41852E2C600C9E954 /* DFGStrengthReductionPhase.h */,
</ins><span class="cx"> 0F63947615DCE347006A597C /* DFGStructureAbstractValue.h */,
</span><span class="cx"> 0FC0979F146B28C700CF2442 /* DFGThunks.cpp */,
</span><span class="cx"> 0FC097A0146B28C700CF2442 /* DFGThunks.h */,
</span><span class="lines">@@ -4584,6 +4590,7 @@
</span><span class="cx"> 0FAF7EFE165BA91F000C8455 /* JITDisassembler.h in Headers */,
</span><span class="cx"> A5BA15F0182345AF00A82E69 /* RemoteInspectorDebuggable.h in Headers */,
</span><span class="cx"> 0F46808214BA572D00BFE272 /* JITExceptions.h in Headers */,
</span><ins>+ 0FC20CB61852E2C600C9E954 /* DFGStrengthReductionPhase.h in Headers */,
</ins><span class="cx"> 0FB14E1F18124ACE009B6B4D /* JITInlineCacheGenerator.h in Headers */,
</span><span class="cx"> 86CC85A10EE79A4700288682 /* JITInlines.h in Headers */,
</span><span class="cx"> 0F24E54D17EE274900ABB217 /* JITOperations.h in Headers */,
</span><span class="lines">@@ -5480,6 +5487,7 @@
</span><span class="cx"> 0F235BEB17178E7300690C7F /* DFGOSRExitBase.cpp in Sources */,
</span><span class="cx"> 0FC09792146A6F7300CF2442 /* DFGOSRExitCompiler.cpp in Sources */,
</span><span class="cx"> 0FC09776146943B000CF2442 /* DFGOSRExitCompiler32_64.cpp in Sources */,
</span><ins>+ 0FC20CB51852E2C600C9E954 /* DFGStrengthReductionPhase.cpp in Sources */,
</ins><span class="cx"> 0FC0977214693AF900CF2442 /* DFGOSRExitCompiler64.cpp in Sources */,
</span><span class="cx"> 0F7025A91714B0FA00382C0E /* DFGOSRExitCompilerCommon.cpp in Sources */,
</span><span class="cx"> 0FEFC9AA1681A3B300567F53 /* DFGOSRExitJumpPlaceholder.cpp in Sources */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -1148,6 +1148,7 @@
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> case FunctionReentryWatchpoint:
</span><ins>+ case TypedArrayWatchpoint:
</ins><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> case CreateArguments:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGClobberizeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGClobberize.h (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGClobberize.h 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGClobberize.h 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -144,7 +144,9 @@
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> case VariableWatchpoint:
</span><ins>+ case TypedArrayWatchpoint:
</ins><span class="cx"> read(Watchpoint_fire);
</span><ins>+ write(SideState);
</ins><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> case NotifyWrite:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGFixupPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -95,17 +95,6 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case BitOr: {
</span><del>- // Optimize X|0 -> X.
- if (node->child2()->isConstant()) {
- JSValue C2 = m_graph.valueOfJSConstant(node->child2().node());
- if (C2.isInt32() && !C2.asInt32()) {
- m_insertionSet.insertNode(m_indexInBlock, SpecNone, Phantom, node->codeOrigin,
- Edge(node->child2().node(), KnownInt32Use));
- node->children.removeEdge(1);
- node->convertToIdentity();
- break;
- }
- }
</del><span class="cx"> fixIntEdge(node->child1());
</span><span class="cx"> fixIntEdge(node->child2());
</span><span class="cx"> break;
</span><span class="lines">@@ -951,6 +940,7 @@
</span><span class="cx"> case ExtractOSREntryLocal:
</span><span class="cx"> case LoopHint:
</span><span class="cx"> case FunctionReentryWatchpoint:
</span><ins>+ case TypedArrayWatchpoint:
</ins><span class="cx"> break;
</span><span class="cx"> #else
</span><span class="cx"> default:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGGraphcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGGraph.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -740,10 +740,8 @@
</span><span class="cx"> return activation->registers();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-JSArrayBufferView* Graph::tryGetFoldableView(Node* node, ArrayMode arrayMode)
</del><ins>+JSArrayBufferView* Graph::tryGetFoldableView(Node* node)
</ins><span class="cx"> {
</span><del>- if (arrayMode.typedArrayType() == NotTypedArray)
- return 0;
</del><span class="cx"> if (!node->hasConstant())
</span><span class="cx"> return 0;
</span><span class="cx"> JSArrayBufferView* view = jsDynamicCast<JSArrayBufferView*>(valueOfJSConstant(node));
</span><span class="lines">@@ -754,6 +752,18 @@
</span><span class="cx"> return view;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+JSArrayBufferView* Graph::tryGetFoldableView(Node* node, ArrayMode arrayMode)
+{
+ if (arrayMode.typedArrayType() == NotTypedArray)
+ return 0;
+ return tryGetFoldableView(node);
+}
+
+JSArrayBufferView* Graph::tryGetFoldableViewForChild1(Node* node)
+{
+ return tryGetFoldableView(child(node, 0).node(), node->arrayMode());
+}
+
</ins><span class="cx"> } } // namespace JSC::DFG
</span><span class="cx">
</span><span class="cx"> #endif
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGGraphh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGGraph.h (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGGraph.h 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGGraph.h 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -806,7 +806,9 @@
</span><span class="cx"> JSActivation* tryGetActivation(Node*);
</span><span class="cx"> WriteBarrierBase<Unknown>* tryGetRegisters(Node*);
</span><span class="cx">
</span><ins>+ JSArrayBufferView* tryGetFoldableView(Node*);
</ins><span class="cx"> JSArrayBufferView* tryGetFoldableView(Node*, ArrayMode);
</span><ins>+ JSArrayBufferView* tryGetFoldableViewForChild1(Node*);
</ins><span class="cx">
</span><span class="cx"> VM& m_vm;
</span><span class="cx"> Plan& m_plan;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNode.h (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNode.h 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGNode.h 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -972,6 +972,16 @@
</span><span class="cx"> {
</span><span class="cx"> return reinterpret_cast<VariableWatchpointSet*>(m_opInfo);
</span><span class="cx"> }
</span><ins>+
+ bool hasTypedArray()
+ {
+ return op() == TypedArrayWatchpoint;
+ }
+
+ JSArrayBufferView* typedArray()
+ {
+ return reinterpret_cast<JSArrayBufferView*>(m_opInfo);
+ }
</ins><span class="cx">
</span><span class="cx"> bool hasStructureTransitionData()
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodeTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNodeType.h (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNodeType.h 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGNodeType.h 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -171,6 +171,7 @@
</span><span class="cx"> macro(Arrayify, NodeMustGenerate) \
</span><span class="cx"> macro(ArrayifyToStructure, NodeMustGenerate) \
</span><span class="cx"> macro(GetIndexedPropertyStorage, NodeResultStorage) \
</span><ins>+ macro(TypedArrayWatchpoint, NodeMustGenerate) \
</ins><span class="cx"> macro(GetByOffset, NodeResultJS) \
</span><span class="cx"> macro(PutByOffset, NodeMustGenerate) \
</span><span class="cx"> macro(GetArrayLength, NodeResultInt32) \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPlancpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGPlan.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -53,6 +53,7 @@
</span><span class="cx"> #include "DFGResurrectionForValidationPhase.h"
</span><span class="cx"> #include "DFGSSAConversionPhase.h"
</span><span class="cx"> #include "DFGStackLayoutPhase.h"
</span><ins>+#include "DFGStrengthReductionPhase.h"
</ins><span class="cx"> #include "DFGTierUpCheckInjectionPhase.h"
</span><span class="cx"> #include "DFGTypeCheckHoistingPhase.h"
</span><span class="cx"> #include "DFGUnificationPhase.h"
</span><span class="lines">@@ -203,6 +204,7 @@
</span><span class="cx"> if (validationEnabled())
</span><span class="cx"> validate(dfg);
</span><span class="cx">
</span><ins>+ changed |= performStrengthReduction(dfg);
</ins><span class="cx"> performCFA(dfg);
</span><span class="cx"> changed |= performConstantFolding(dfg);
</span><span class="cx"> changed |= performArgumentsSimplification(dfg);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPredictionPropagationPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -577,6 +577,7 @@
</span><span class="cx"> case LoopHint:
</span><span class="cx"> case NotifyWrite:
</span><span class="cx"> case FunctionReentryWatchpoint:
</span><ins>+ case TypedArrayWatchpoint:
</ins><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> // This gets ignored because it already has a prediction.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSafeToExecuteh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -244,6 +244,7 @@
</span><span class="cx"> case InvalidationPoint:
</span><span class="cx"> case NotifyWrite:
</span><span class="cx"> case FunctionReentryWatchpoint:
</span><ins>+ case TypedArrayWatchpoint:
</ins><span class="cx"> return true;
</span><span class="cx">
</span><span class="cx"> case GetByVal:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -2329,7 +2329,7 @@
</span><span class="cx"> {
</span><span class="cx"> if (node->op() == PutByValAlias)
</span><span class="cx"> return JITCompiler::Jump();
</span><del>- if (JSArrayBufferView* view = m_jit.graph().tryGetFoldableView(m_jit.graph().child(node, 0).node(), node->arrayMode())) {
</del><ins>+ if (JSArrayBufferView* view = m_jit.graph().tryGetFoldableViewForChild1(node)) {
</ins><span class="cx"> uint32_t length = view->length();
</span><span class="cx"> Node* indexNode = m_jit.graph().child(node, 1).node();
</span><span class="cx"> if (m_jit.graph().isInt32Constant(indexNode) && static_cast<uint32_t>(m_jit.graph().valueOfInt32Constant(indexNode)) < length)
</span><span class="lines">@@ -4044,8 +4044,7 @@
</span><span class="cx">
</span><span class="cx"> bool SpeculativeJIT::compileConstantIndexedPropertyStorage(Node* node)
</span><span class="cx"> {
</span><del>- JSArrayBufferView* view = m_jit.graph().tryGetFoldableView(
- node->child1().node(), node->arrayMode());
</del><ins>+ JSArrayBufferView* view = m_jit.graph().tryGetFoldableViewForChild1(node);
</ins><span class="cx"> if (!view)
</span><span class="cx"> return false;
</span><span class="cx"> if (view->mode() == FastTypedArray)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -3591,7 +3591,8 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case AllocationProfileWatchpoint: {
</del><ins>+ case AllocationProfileWatchpoint:
+ case TypedArrayWatchpoint: {
</ins><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -3895,7 +3895,8 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case AllocationProfileWatchpoint: {
</del><ins>+ case AllocationProfileWatchpoint:
+ case TypedArrayWatchpoint: {
</ins><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGStrengthReductionPhasecpp"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp (0 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -0,0 +1,132 @@
</span><ins>+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGStrengthReductionPhase.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGGraph.h"
+#include "DFGInsertionSet.h"
+#include "DFGPhase.h"
+#include "DFGPredictionPropagationPhase.h"
+#include "DFGVariableAccessDataDump.h"
+#include "Operations.h"
+
+namespace JSC { namespace DFG {
+
+class StrengthReductionPhase : public Phase {
+public:
+ StrengthReductionPhase(Graph& graph)
+ : Phase(graph, "strength reduction")
+ , m_insertionSet(graph)
+ {
+ }
+
+ bool run()
+ {
+ ASSERT(m_graph.m_fixpointState == FixpointNotConverged);
+
+ m_changed = false;
+
+ for (BlockIndex blockIndex = m_graph.numBlocks(); blockIndex--;) {
+ m_block = m_graph.block(blockIndex);
+ if (!m_block)
+ continue;
+ for (m_nodeIndex = 0; m_nodeIndex < m_block->size(); ++m_nodeIndex) {
+ m_node = m_block->at(m_nodeIndex);
+ handleNode();
+ }
+ m_insertionSet.execute(m_block);
+ }
+
+ return m_changed;
+ }
+
+private:
+ void handleNode()
+ {
+ switch (m_node->op()) {
+ case BitOr:
+ // Optimize X|0 -> X.
+ if (m_node->child2()->isConstant()) {
+ JSValue C2 = m_graph.valueOfJSConstant(m_node->child2().node());
+ if (C2.isInt32() && !C2.asInt32()) {
+ m_insertionSet.insertNode(
+ m_nodeIndex, SpecNone, Phantom, m_node->codeOrigin,
+ m_node->child2());
+ m_node->children.removeEdge(1);
+ m_node->convertToIdentity();
+ m_changed = true;
+ break;
+ }
+ }
+ break;
+
+ case GetArrayLength:
+ if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node))
+ foldTypedArrayPropertyToConstant(view, jsNumber(view->length()));
+ break;
+
+ case GetTypedArrayByteOffset:
+ if (JSArrayBufferView* view = m_graph.tryGetFoldableView(m_node->child1().node()))
+ foldTypedArrayPropertyToConstant(view, jsNumber(view->byteOffset()));
+ break;
+
+ // FIXME: The constant-folding of GetIndexedPropertyStorage should be expressed
+ // as an IR transformation in this phase.
+ // https://bugs.webkit.org/show_bug.cgi?id=125395
+
+ default:
+ break;
+ }
+ }
+
+ void foldTypedArrayPropertyToConstant(JSArrayBufferView* view, JSValue constant)
+ {
+ m_insertionSet.insertNode(
+ m_nodeIndex, SpecNone, TypedArrayWatchpoint, m_node->codeOrigin,
+ OpInfo(view));
+ m_graph.convertToConstant(m_node, constant);
+ m_changed = true;
+ }
+
+ InsertionSet m_insertionSet;
+ BasicBlock* m_block;
+ unsigned m_nodeIndex;
+ Node* m_node;
+ bool m_changed;
+};
+
+bool performStrengthReduction(Graph& graph)
+{
+ SamplingRegion samplingRegion("DFG Strength Reduction Phase");
+ return runPhase<StrengthReductionPhase>(graph);
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGStrengthReductionPhaseh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.h (0 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.h (rev 0)
+++ trunk/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.h 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -0,0 +1,45 @@
</span><ins>+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGStrengthReductionPhase_h
+#define DFGStrengthReductionPhase_h
+
+#if ENABLE(DFG_JIT)
+
+namespace JSC { namespace DFG {
+
+class Graph;
+
+// Performs simplifications that don't depend on CFA or CSE but that should be
+// fixpointed with CFA and CSE.
+
+bool performStrengthReduction(Graph&);
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGStrengthReductionPhase_h
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGWatchpointCollectionPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -95,20 +95,15 @@
</span><span class="cx"> if (m_node->arrayMode().type() == Array::String)
</span><span class="cx"> handleStringGetByVal();
</span><span class="cx">
</span><del>- if (JSArrayBufferView* view = m_graph.tryGetFoldableView(m_node->child1().node(), m_node->arrayMode()))
</del><ins>+ if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node))
</ins><span class="cx"> addLazily(view);
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> case PutByVal:
</span><del>- if (JSArrayBufferView* view = m_graph.tryGetFoldableView(m_graph.varArgChild(m_node, 0).node(), m_node->arrayMode()))
</del><ins>+ if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node))
</ins><span class="cx"> addLazily(view);
</span><span class="cx"> break;
</span><span class="cx">
</span><del>- case GetArrayLength:
- if (JSArrayBufferView* view = m_graph.tryGetFoldableView(m_node->child1().node(), m_node->arrayMode()))
- addLazily(view);
- break;
-
</del><span class="cx"> case StringCharAt:
</span><span class="cx"> handleStringGetByVal();
</span><span class="cx"> break;
</span><span class="lines">@@ -144,7 +139,7 @@
</span><span class="cx"> break;
</span><span class="cx">
</span><span class="cx"> case GetIndexedPropertyStorage:
</span><del>- if (JSArrayBufferView* view = m_graph.tryGetFoldableView(m_node->child1().node(), m_node->arrayMode())) {
</del><ins>+ if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node)) {
</ins><span class="cx"> // FIXME: It would be awesome to be able to fold the property storage for
</span><span class="cx"> // these GC-allocated typed arrays. For now it doesn't matter because the
</span><span class="cx"> // most common use-cases for constant typed arrays involve large arrays with
</span><span class="lines">@@ -155,6 +150,10 @@
</span><span class="cx"> }
</span><span class="cx"> break;
</span><span class="cx">
</span><ins>+ case TypedArrayWatchpoint:
+ addLazily(m_node->typedArray());
+ break;
+
</ins><span class="cx"> default:
</span><span class="cx"> break;
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLCapabilitiescpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -103,6 +103,7 @@
</span><span class="cx"> case StringCharCodeAt:
</span><span class="cx"> case AllocatePropertyStorage:
</span><span class="cx"> case FunctionReentryWatchpoint:
</span><ins>+ case TypedArrayWatchpoint:
</ins><span class="cx"> case VariableWatchpoint:
</span><span class="cx"> case NotifyWrite:
</span><span class="cx"> case ValueToInt32:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -266,11 +266,6 @@
</span><span class="cx"> case Phantom:
</span><span class="cx"> compilePhantom();
</span><span class="cx"> break;
</span><del>- case Flush:
- case PhantomLocal:
- case SetArgument:
- case LoopHint:
- break;
</del><span class="cx"> case ArithAdd:
</span><span class="cx"> case ValueAdd:
</span><span class="cx"> compileAddSub();
</span><span class="lines">@@ -398,10 +393,6 @@
</span><span class="cx"> case NotifyWrite:
</span><span class="cx"> compileNotifyWrite();
</span><span class="cx"> break;
</span><del>- case VariableWatchpoint:
- break;
- case FunctionReentryWatchpoint:
- break;
</del><span class="cx"> case GetMyScope:
</span><span class="cx"> compileGetMyScope();
</span><span class="cx"> break;
</span><span class="lines">@@ -472,6 +463,14 @@
</span><span class="cx"> case Int52ToValue:
</span><span class="cx"> compileInt52ToValue();
</span><span class="cx"> break;
</span><ins>+ case Flush:
+ case PhantomLocal:
+ case SetArgument:
+ case LoopHint:
+ case VariableWatchpoint:
+ case FunctionReentryWatchpoint:
+ case TypedArrayWatchpoint:
+ break;
</ins><span class="cx"> default:
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> break;
</span><span class="lines">@@ -1424,7 +1423,7 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- if (JSArrayBufferView* view = m_graph.tryGetFoldableView(m_node->child1().node(), m_node->arrayMode())) {
</del><ins>+ if (JSArrayBufferView* view = m_graph.tryGetFoldableView(m_node)) {
</ins><span class="cx"> if (view->mode() != FastTypedArray) {
</span><span class="cx"> setStorage(m_out.constIntPtr(view->vector()));
</span><span class="cx"> return;
</span><span class="lines">@@ -1797,7 +1796,7 @@
</span><span class="cx"> OutOfBounds, noValue(), 0,
</span><span class="cx"> m_out.aboveOrEqual(
</span><span class="cx"> index,
</span><del>- typedArrayLength(child1.node(), m_node->arrayMode(), base)));
</del><ins>+ typedArrayLength(child1, m_node->arrayMode(), base)));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> TypedPointer pointer = TypedPointer(
</span><span class="lines">@@ -2943,16 +2942,16 @@
</span><span class="cx"> m_out.phi(m_out.intPtr, fastButterfly, slowButterfly));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- LValue typedArrayLength(Node* baseNode, ArrayMode arrayMode, LValue base)
</del><ins>+ LValue typedArrayLength(Edge baseEdge, ArrayMode arrayMode, LValue base)
</ins><span class="cx"> {
</span><del>- if (JSArrayBufferView* view = m_graph.tryGetFoldableView(baseNode, arrayMode))
</del><ins>+ if (JSArrayBufferView* view = m_graph.tryGetFoldableView(baseEdge.node(), arrayMode))
</ins><span class="cx"> return m_out.constInt32(view->length());
</span><span class="cx"> return m_out.load32(base, m_heaps.JSArrayBufferView_length);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue typedArrayLength(Edge baseEdge, ArrayMode arrayMode)
</span><span class="cx"> {
</span><del>- return typedArrayLength(baseEdge.node(), arrayMode, lowCell(baseEdge));
</del><ins>+ return typedArrayLength(baseEdge, arrayMode, lowCell(baseEdge));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> LValue boolify(Edge edge)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejsccpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jsc.cpp (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jsc.cpp 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/jsc.cpp 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -33,6 +33,7 @@
</span><span class="cx"> #include "InitializeThreading.h"
</span><span class="cx"> #include "Interpreter.h"
</span><span class="cx"> #include "JSArray.h"
</span><ins>+#include "JSArrayBuffer.h"
</ins><span class="cx"> #include "JSFunction.h"
</span><span class="cx"> #include "JSLock.h"
</span><span class="cx"> #include "JSProxy.h"
</span><span class="lines">@@ -114,6 +115,7 @@
</span><span class="cx"> static EncodedJSValue JSC_HOST_CALL functionPreciseTime(ExecState*);
</span><span class="cx"> static EncodedJSValue JSC_HOST_CALL functionNeverInlineFunction(ExecState*);
</span><span class="cx"> static EncodedJSValue JSC_HOST_CALL functionNumberOfDFGCompiles(ExecState*);
</span><ins>+static EncodedJSValue JSC_HOST_CALL functionTransferArrayBuffer(ExecState*);
</ins><span class="cx"> static NO_RETURN_WITH_VALUE EncodedJSValue JSC_HOST_CALL functionQuit(ExecState*);
</span><span class="cx">
</span><span class="cx"> #if ENABLE(SAMPLING_FLAGS)
</span><span class="lines">@@ -235,6 +237,7 @@
</span><span class="cx"> addFunction(vm, "neverInlineFunction", functionNeverInlineFunction, 1);
</span><span class="cx"> addFunction(vm, "noInline", functionNeverInlineFunction, 1);
</span><span class="cx"> addFunction(vm, "numberOfDFGCompiles", functionNumberOfDFGCompiles, 1);
</span><ins>+ addFunction(vm, "transferArrayBuffer", functionTransferArrayBuffer, 1);
</ins><span class="cx"> #if ENABLE(SAMPLING_FLAGS)
</span><span class="cx"> addFunction(vm, "setSamplingFlags", functionSetSamplingFlags, 1);
</span><span class="cx"> addFunction(vm, "clearSamplingFlags", functionClearSamplingFlags, 1);
</span><span class="lines">@@ -505,6 +508,21 @@
</span><span class="cx"> return JSValue::encode(numberOfDFGCompiles(exec));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+EncodedJSValue JSC_HOST_CALL functionTransferArrayBuffer(ExecState* exec)
+{
+ if (exec->argumentCount() < 1)
+ return JSValue::encode(exec->vm().throwException(exec, createError(exec, "Not enough arguments")));
+
+ JSArrayBuffer* buffer = jsDynamicCast<JSArrayBuffer*>(exec->argument(0));
+ if (!buffer)
+ return JSValue::encode(exec->vm().throwException(exec, createError(exec, "Expected an array buffer")));
+
+ ArrayBufferContents dummyContents;
+ buffer->impl()->transfer(dummyContents);
+
+ return JSValue::encode(jsUndefined());
+}
+
</ins><span class="cx"> EncodedJSValue JSC_HOST_CALL functionQuit(ExecState*)
</span><span class="cx"> {
</span><span class="cx"> exit(EXIT_SUCCESS);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeArrayBufferViewh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ArrayBufferView.h (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ArrayBufferView.h 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Source/JavaScriptCore/runtime/ArrayBufferView.h 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -79,6 +79,8 @@
</span><span class="cx">
</span><span class="cx"> // Helper to verify that a given sub-range of an ArrayBuffer is
</span><span class="cx"> // within range.
</span><ins>+ // FIXME: This should distinguish between alignment errors and bounds errors.
+ // https://bugs.webkit.org/show_bug.cgi?id=125391
</ins><span class="cx"> template <typename T>
</span><span class="cx"> static bool verifySubRange(
</span><span class="cx"> PassRefPtr<ArrayBuffer> buffer,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoretestsstressfoldtypedarraypropertiesjs"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/tests/stress/fold-typed-array-properties.js (0 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/tests/stress/fold-typed-array-properties.js (rev 0)
+++ trunk/Source/JavaScriptCore/tests/stress/fold-typed-array-properties.js 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -0,0 +1,39 @@
</span><ins>+var a = new Int32Array(new ArrayBuffer(100), 4, 1);
+
+if (a.length != 1)
+ throw "Error: bad length: " + a.length;
+if (a.byteOffset != 4)
+ throw "Error: bad offset: " + a.byteOffset;
+if (a.byteLength != 4)
+ throw "Error: bad byte length: " + a.byteLength;
+
+function foo() {
+ if (a.length != 1)
+ throw "Error: bad length: " + a.length;
+ if (a.byteOffset != 4)
+ throw "Error: bad offset: " + a.byteOffset;
+ if (a.byteLength != 4)
+ throw "Error: bad byte length: " + a.byteLength;
+}
+
+for (var i = 0; i < 1000000; ++i)
+ foo();
+
+transferArrayBuffer(a.buffer);
+
+var didThrow = false;
+try {
+ foo();
+} catch (e) {
+ didThrow = true;
+}
+
+if (!didThrow)
+ throw "Should have thrown.";
+
+if (a.length != 0)
+ throw "Error: bad length: " + a.length;
+if (a.byteOffset != 0)
+ throw "Error: bad offset: " + a.byteOffset;
+if (a.byteLength != 0)
+ throw "Error: bad byte length: " + a.byteLength;
</ins></span></pre></div>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Tools/ChangeLog 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -1,3 +1,16 @@
</span><ins>+2013-12-07 Filip Pizlo <fpizlo@apple.com>
+
+ Fold typedArray.length if typedArray is constant
+ https://bugs.webkit.org/show_bug.cgi?id=125252
+
+ Reviewed by Sam Weinig.
+
+ Add Source/JavaScriptCore/tests/stress to the set of JS tests. This is where you
+ should put tests that run just like JSRegress but don't run as part of LayoutTests.
+ Currently I'm using it for tests that require some surgical support from jsc.cpp.
+
+ * Scripts/run-javascriptcore-tests:
+
</ins><span class="cx"> 2013-12-08 Zan Dobersek <zdobersek@igalia.com>
</span><span class="cx">
</span><span class="cx"> [gdb] Update printers for WTF::CString, JSC::JSString
</span></span></pre></div>
<a id="trunkToolsScriptsrunjavascriptcoretests"></a>
<div class="modfile"><h4>Modified: trunk/Tools/Scripts/run-javascriptcore-tests (160291 => 160292)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/Scripts/run-javascriptcore-tests 2013-12-08 18:57:01 UTC (rev 160291)
+++ trunk/Tools/Scripts/run-javascriptcore-tests 2013-12-08 19:01:17 UTC (rev 160292)
</span><span class="lines">@@ -239,6 +239,7 @@
</span><span class="cx"> "PerformanceTests/SunSpider/tests/sunspider-1.0",
</span><span class="cx"> "PerformanceTests/SunSpider/tests/v8-v6",
</span><span class="cx"> "Source/JavaScriptCore/tests/mozilla/mozilla-tests.yaml",
</span><ins>+ "Source/JavaScriptCore/tests/stress",
</ins><span class="cx"> "LayoutTests/js/regress/script-tests",
</span><span class="cx"> "PerformanceTests/SunSpider/profiler-test.yaml",
</span><span class="cx"> "LayoutTests/jsc-layout-tests.yaml"
</span></span></pre>
</div>
</div>
</body>
</html>