<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[165208] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/165208">165208</a></dd>
<dt>Author</dt> <dd>oliver@apple.com</dd>
<dt>Date</dt> <dd>2014-03-06 13:27:13 -0800 (Thu, 06 Mar 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>Support caching of custom setters
https://bugs.webkit.org/show_bug.cgi?id=129519
Reviewed by Filip Pizlo.
Source/JavaScriptCore:
This patch adds caching of assignment to properties that
are backed by C functions. This provides most of the leg
work required to start supporting setters, and resolves
the remaining regressions from moving DOM properties up
the prototype chain.
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/PolymorphicPutByIdList.cpp:
(JSC::PutByIdAccess::visitWeak):
(JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
(JSC::PolymorphicPutByIdList::from):
* bytecode/PolymorphicPutByIdList.h:
(JSC::PutByIdAccess::transition):
(JSC::PutByIdAccess::replace):
(JSC::PutByIdAccess::customSetter):
(JSC::PutByIdAccess::isCustom):
(JSC::PutByIdAccess::oldStructure):
(JSC::PutByIdAccess::chain):
(JSC::PutByIdAccess::stubRoutine):
* bytecode/PutByIdStatus.cpp:
(JSC::PutByIdStatus::computeForStubInfo):
(JSC::PutByIdStatus::computeFor):
(JSC::PutByIdStatus::dump):
* bytecode/PutByIdStatus.h:
(JSC::PutByIdStatus::PutByIdStatus):
(JSC::PutByIdStatus::takesSlowPath):
(JSC::PutByIdStatus::makesCalls):
* bytecode/StructureStubInfo.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::emitPutById):
(JSC::DFG::ByteCodeParser::handlePutById):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGCommon.h:
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasIdentifier):
* dfg/DFGNodeType.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileIn):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):
(JSC::DFG::SpeculativeJIT::compile):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArgumentsWithExecState):
* jit/JITInlineCacheGenerator.cpp:
(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
* jit/JITInlineCacheGenerator.h:
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):
* jit/Repatch.cpp:
(JSC::tryCacheGetByID):
(JSC::tryBuildGetByIDList):
(JSC::emitCustomSetterStub):
(JSC::tryCachePutByID):
(JSC::tryBuildPutByIdList):
* jit/SpillRegistersMode.h: Added.
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* runtime/Lookup.h:
(JSC::putEntry):
* runtime/PutPropertySlot.h:
(JSC::PutPropertySlot::setCacheableCustomProperty):
(JSC::PutPropertySlot::customSetter):
(JSC::PutPropertySlot::isCacheablePut):
(JSC::PutPropertySlot::isCacheableCustomProperty):
(JSC::PutPropertySlot::cachedOffset):
Source/WebCore:
Add forwarding header
Tests: js/regress/assign-custom-setter-polymorphic.html
js/regress/assign-custom-setter.html
* ForwardingHeaders/jit/SpillRegistersMode.h: Added.
LayoutTests:
Add test cases.
* js/regress/assign-custom-setter-expected.txt: Added.
* js/regress/assign-custom-setter-polymorphic-expected.txt: Added.
* js/regress/assign-custom-setter-polymorphic.html: Added.
* js/regress/assign-custom-setter.html: Added.
* js/regress/script-tests/assign-custom-setter-polymorphic.js: Added.
(test):
* js/regress/script-tests/assign-custom-setter.js: Added.
(test):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodePolymorphicPutByIdListcpp">trunk/Source/JavaScriptCore/bytecode/PolymorphicPutByIdList.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodePolymorphicPutByIdListh">trunk/Source/JavaScriptCore/bytecode/PolymorphicPutByIdList.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodePutByIdStatuscpp">trunk/Source/JavaScriptCore/bytecode/PutByIdStatus.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodePutByIdStatush">trunk/Source/JavaScriptCore/bytecode/PutByIdStatus.h</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeStructureStubInfoh">trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh">trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp">trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGClobberizeh">trunk/Source/JavaScriptCore/dfg/DFGClobberize.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGCommonh">trunk/Source/JavaScriptCore/dfg/DFGCommon.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGConstantFoldingPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGFixupPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodeh">trunk/Source/JavaScriptCore/dfg/DFGNode.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGNodeTypeh">trunk/Source/JavaScriptCore/dfg/DFGNodeType.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGPredictionPropagationPhasecpp">trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSafeToExecuteh">trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITh">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLCompilecpp">trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitCCallHelpersh">trunk/Source/JavaScriptCore/jit/CCallHelpers.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITInlineCacheGeneratorcpp">trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITInlineCacheGeneratorh">trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationscpp">trunk/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationsh">trunk/Source/JavaScriptCore/jit/JITOperations.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITPropertyAccesscpp">trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITPropertyAccess32_64cpp">trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitRepatchcpp">trunk/Source/JavaScriptCore/jit/Repatch.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorellintLLIntSlowPathscpp">trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeLookuph">trunk/Source/JavaScriptCore/runtime/Lookup.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimePutPropertySloth">trunk/Source/JavaScriptCore/runtime/PutPropertySlot.h</a></li>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkLayoutTestsjsregressassigncustomsetterexpectedtxt">trunk/LayoutTests/js/regress/assign-custom-setter-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressassigncustomsetterpolymorphicexpectedtxt">trunk/LayoutTests/js/regress/assign-custom-setter-polymorphic-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsregressassigncustomsetterpolymorphichtml">trunk/LayoutTests/js/regress/assign-custom-setter-polymorphic.html</a></li>
<li><a href="#trunkLayoutTestsjsregressassigncustomsetterhtml">trunk/LayoutTests/js/regress/assign-custom-setter.html</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsassigncustomsetterpolymorphicjs">trunk/LayoutTests/js/regress/script-tests/assign-custom-setter-polymorphic.js</a></li>
<li><a href="#trunkLayoutTestsjsregressscripttestsassigncustomsetterjs">trunk/LayoutTests/js/regress/script-tests/assign-custom-setter.js</a></li>
<li><a href="#trunkSourceJavaScriptCorejitSpillRegistersModeh">trunk/Source/JavaScriptCore/jit/SpillRegistersMode.h</a></li>
<li><a href="#trunkSourceWebCoreForwardingHeadersjitSpillRegistersModeh">trunk/Source/WebCore/ForwardingHeaders/jit/SpillRegistersMode.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/LayoutTests/ChangeLog 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -1,3 +1,21 @@
</span><ins>+2014-03-05 Oliver Hunt <oliver@apple.com>
+
+ Support caching of custom setters
+ https://bugs.webkit.org/show_bug.cgi?id=129519
+
+ Reviewed by Filip Pizlo.
+
+ Add test cases.
+
+ * js/regress/assign-custom-setter-expected.txt: Added.
+ * js/regress/assign-custom-setter-polymorphic-expected.txt: Added.
+ * js/regress/assign-custom-setter-polymorphic.html: Added.
+ * js/regress/assign-custom-setter.html: Added.
+ * js/regress/script-tests/assign-custom-setter-polymorphic.js: Added.
+ (test):
+ * js/regress/script-tests/assign-custom-setter.js: Added.
+ (test):
+
</ins><span class="cx"> 2014-03-06 Michał Pakuła vel Rutka <m.pakula@samsung.com>
</span><span class="cx">
</span><span class="cx"> Unreviewed EFL gardening
</span></span></pre></div>
<a id="trunkLayoutTestsjsregressassigncustomsetterexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/assign-custom-setter-expected.txt (0 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/assign-custom-setter-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/assign-custom-setter-expected.txt 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/assign-custom-setter
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressassigncustomsetterpolymorphicexpectedtxt"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/assign-custom-setter-polymorphic-expected.txt (0 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/assign-custom-setter-polymorphic-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/assign-custom-setter-polymorphic-expected.txt 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -0,0 +1,10 @@
</span><ins>+JSRegress/assign-custom-setter-polymorphic
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressassigncustomsetterpolymorphichtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/assign-custom-setter-polymorphic.html (0 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/assign-custom-setter-polymorphic.html (rev 0)
+++ trunk/LayoutTests/js/regress/assign-custom-setter-polymorphic.html 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="resources/regress-pre.js"></script>
+<script src="script-tests/assign-custom-setter-polymorphic.js"></script>
+<script src="resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressassigncustomsetterhtml"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/assign-custom-setter.html (0 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/assign-custom-setter.html (rev 0)
+++ trunk/LayoutTests/js/regress/assign-custom-setter.html 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -0,0 +1,12 @@
</span><ins>+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src="../../resources/js-test-pre.js"></script>
+</head>
+<body>
+<script src="resources/regress-pre.js"></script>
+<script src="script-tests/assign-custom-setter.js"></script>
+<script src="resources/regress-post.js"></script>
+<script src="../../resources/js-test-post.js"></script>
+</body>
+</html>
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsassigncustomsetterpolymorphicjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/assign-custom-setter-polymorphic.js (0 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/assign-custom-setter-polymorphic.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/assign-custom-setter-polymorphic.js 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -0,0 +1,26 @@
</span><ins>+
+o = RegExp;
+j = 0;
+l = 2;
+z = 0;
+function test(o, z) {
+ var k = arguments[(((j << 1 | l) >> 1) ^ 1) & (z *= 1)];
+ k.input = 0;
+ for (var i = 0; i < 25000; i++) {
+ k.input = "foo";
+ }
+
+ return k.input;
+}
+var result = test({__proto__: {bar:"wibble", input:"foo"}});
+var result = test({input:"foo"});
+var result = test(o)
+for (var k = 0; k < 6; k++) {
+ var start = new Date;
+ var newResult = test(o)
+ var end = new Date;
+ if (newResult != result)
+ throw "Failed at " + k + "with " + newResult + " vs. " + result
+ result = newResult;
+ o = {__proto__ : o }
+}
</ins></span></pre></div>
<a id="trunkLayoutTestsjsregressscripttestsassigncustomsetterjs"></a>
<div class="addfile"><h4>Added: trunk/LayoutTests/js/regress/script-tests/assign-custom-setter.js (0 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/regress/script-tests/assign-custom-setter.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/assign-custom-setter.js 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -0,0 +1,24 @@
</span><ins>+// RegExp.input is a handy setter
+
+var o = RegExp;
+function test(o) {
+ var k = 0;
+ o.input = "bar";
+ for (var i = 0; i < 30000; i++)
+ o.input = "foo";
+
+ return o.input;
+}
+
+var result = test(o);
+
+for (var k = 0; k < 9; k++) {
+ var start = new Date;
+ var newResult = test(o)
+ var end = new Date;
+ if (newResult != result)
+ throw "Failed at " + k + "with " +newResult + " vs. " + result
+ result = newResult;
+ o = {__proto__ : o }
+}
+
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/ChangeLog 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -1,3 +1,101 @@
</span><ins>+2014-03-03 Oliver Hunt <oliver@apple.com>
+
+ Support caching of custom setters
+ https://bugs.webkit.org/show_bug.cgi?id=129519
+
+ Reviewed by Filip Pizlo.
+
+ This patch adds caching of assignment to properties that
+ are backed by C functions. This provides most of the leg
+ work required to start supporting setters, and resolves
+ the remaining regressions from moving DOM properties up
+ the prototype chain.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * bytecode/PolymorphicPutByIdList.cpp:
+ (JSC::PutByIdAccess::visitWeak):
+ (JSC::PolymorphicPutByIdList::PolymorphicPutByIdList):
+ (JSC::PolymorphicPutByIdList::from):
+ * bytecode/PolymorphicPutByIdList.h:
+ (JSC::PutByIdAccess::transition):
+ (JSC::PutByIdAccess::replace):
+ (JSC::PutByIdAccess::customSetter):
+ (JSC::PutByIdAccess::isCustom):
+ (JSC::PutByIdAccess::oldStructure):
+ (JSC::PutByIdAccess::chain):
+ (JSC::PutByIdAccess::stubRoutine):
+ * bytecode/PutByIdStatus.cpp:
+ (JSC::PutByIdStatus::computeForStubInfo):
+ (JSC::PutByIdStatus::computeFor):
+ (JSC::PutByIdStatus::dump):
+ * bytecode/PutByIdStatus.h:
+ (JSC::PutByIdStatus::PutByIdStatus):
+ (JSC::PutByIdStatus::takesSlowPath):
+ (JSC::PutByIdStatus::makesCalls):
+ * bytecode/StructureStubInfo.h:
+ * dfg/DFGAbstractInterpreterInlines.h:
+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::emitPutById):
+ (JSC::DFG::ByteCodeParser::handlePutById):
+ * dfg/DFGClobberize.h:
+ (JSC::DFG::clobberize):
+ * dfg/DFGCommon.h:
+ * dfg/DFGConstantFoldingPhase.cpp:
+ (JSC::DFG::ConstantFoldingPhase::foldConstants):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasIdentifier):
+ * dfg/DFGNodeType.h:
+ * dfg/DFGPredictionPropagationPhase.cpp:
+ (JSC::DFG::PredictionPropagationPhase::propagate):
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::safeToExecute):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileIn):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::cachedGetById):
+ (JSC::DFG::SpeculativeJIT::cachedPutById):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/CCallHelpers.h:
+ (JSC::CCallHelpers::setupArgumentsWithExecState):
+ * jit/JITInlineCacheGenerator.cpp:
+ (JSC::JITByIdGenerator::JITByIdGenerator):
+ (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
+ * jit/JITInlineCacheGenerator.h:
+ (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emit_op_put_by_id):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emit_op_put_by_id):
+ * jit/Repatch.cpp:
+ (JSC::tryCacheGetByID):
+ (JSC::tryBuildGetByIDList):
+ (JSC::emitCustomSetterStub):
+ (JSC::tryCachePutByID):
+ (JSC::tryBuildPutByIdList):
+ * jit/SpillRegistersMode.h: Added.
+ * llint/LLIntSlowPaths.cpp:
+ (JSC::LLInt::LLINT_SLOW_PATH_DECL):
+ * runtime/Lookup.h:
+ (JSC::putEntry):
+ * runtime/PutPropertySlot.h:
+ (JSC::PutPropertySlot::setCacheableCustomProperty):
+ (JSC::PutPropertySlot::customSetter):
+ (JSC::PutPropertySlot::isCacheablePut):
+ (JSC::PutPropertySlot::isCacheableCustomProperty):
+ (JSC::PutPropertySlot::cachedOffset):
+
</ins><span class="cx"> 2014-03-06 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><span class="cx"> FTL arity fixup should work on ARM64
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -1170,6 +1170,7 @@
</span><span class="cx"> A784A26411D16622005776AC /* SyntaxChecker.h in Headers */ = {isa = PBXBuildFile; fileRef = A7A7EE7711B98B8D0065A14F /* SyntaxChecker.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> A78507D617CBC6FD0011F6E7 /* MapData.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A78507D417CBC6FD0011F6E7 /* MapData.cpp */; };
</span><span class="cx"> A78507D717CBC6FD0011F6E7 /* MapData.h in Headers */ = {isa = PBXBuildFile; fileRef = A78507D517CBC6FD0011F6E7 /* MapData.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><ins>+ A785F6BC18C553FE00F10626 /* SpillRegistersMode.h in Headers */ = {isa = PBXBuildFile; fileRef = A7FF647A18C52E8500B55307 /* SpillRegistersMode.h */; settings = {ATTRIBUTES = (Private, ); }; };
</ins><span class="cx"> A78853F917972629001440E4 /* IntendedStructureChain.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A78853F717972629001440E4 /* IntendedStructureChain.cpp */; };
</span><span class="cx"> A78853FA17972629001440E4 /* IntendedStructureChain.h in Headers */ = {isa = PBXBuildFile; fileRef = A78853F817972629001440E4 /* IntendedStructureChain.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> A78A9774179738B8009DF744 /* DFGFailedFinalizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A78A976C179738B8009DF744 /* DFGFailedFinalizer.cpp */; };
</span><span class="lines">@@ -2817,6 +2818,7 @@
</span><span class="cx"> A7FB604B103F5EAB0017A286 /* PropertyDescriptor.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = PropertyDescriptor.h; sourceTree = "<group>"; };
</span><span class="cx"> A7FB60A3103F7DC20017A286 /* PropertyDescriptor.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PropertyDescriptor.cpp; sourceTree = "<group>"; };
</span><span class="cx"> A7FCC26C17A0B6AA00786D1A /* FTLSwitchCase.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLSwitchCase.h; path = ftl/FTLSwitchCase.h; sourceTree = "<group>"; };
</span><ins>+ A7FF647A18C52E8500B55307 /* SpillRegistersMode.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SpillRegistersMode.h; sourceTree = "<group>"; };
</ins><span class="cx"> A8A4748D151A8306004123FF /* libWTF.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libWTF.a; sourceTree = BUILT_PRODUCTS_DIR; };
</span><span class="cx"> A8E894310CD0602400367179 /* JSCallbackObjectFunctions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSCallbackObjectFunctions.h; sourceTree = "<group>"; };
</span><span class="cx"> A8E894330CD0603F00367179 /* JSGlobalObject.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSGlobalObject.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -3485,6 +3487,7 @@
</span><span class="cx"> A7386552118697B400540279 /* ThunkGenerators.cpp */,
</span><span class="cx"> A7386553118697B400540279 /* ThunkGenerators.h */,
</span><span class="cx"> 65987F2F16828A7E003C2F8D /* UnusedPointer.h */,
</span><ins>+ A7FF647A18C52E8500B55307 /* SpillRegistersMode.h */,
</ins><span class="cx"> );
</span><span class="cx"> path = jit;
</span><span class="cx"> sourceTree = "<group>";
</span><span class="lines">@@ -5551,6 +5554,7 @@
</span><span class="cx"> 86158AB3155C8B4000B45C9C /* PropertyName.h in Headers */,
</span><span class="cx"> BC18C4540E16F5CD00B34460 /* PropertyNameArray.h in Headers */,
</span><span class="cx"> 0FF7168C15A3B235008F5DAA /* PropertyOffset.h in Headers */,
</span><ins>+ A785F6BC18C553FE00F10626 /* SpillRegistersMode.h in Headers */,
</ins><span class="cx"> BC18C4550E16F5CD00B34460 /* PropertySlot.h in Headers */,
</span><span class="cx"> 0FB7F39C15ED8E4600F167B2 /* PropertyStorage.h in Headers */,
</span><span class="cx"> BC18C4560E16F5CD00B34460 /* Protect.h in Headers */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodePolymorphicPutByIdListcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/PolymorphicPutByIdList.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/PolymorphicPutByIdList.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/bytecode/PolymorphicPutByIdList.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -77,6 +77,12 @@
</span><span class="cx"> if (!Heap::isMarked(m_chain.get()))
</span><span class="cx"> return false;
</span><span class="cx"> break;
</span><ins>+ case CustomSetter:
+ if (!Heap::isMarked(m_oldStructure.get()))
+ return false;
+ if (m_chain && !Heap::isMarked(m_chain.get()))
+ return false;
+ break;
</ins><span class="cx"> default:
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><span class="cx"> return false;
</span><span class="lines">@@ -88,7 +94,8 @@
</span><span class="cx"> PutKind putKind, StructureStubInfo& stubInfo)
</span><span class="cx"> : m_kind(putKind)
</span><span class="cx"> {
</span><del>- m_list.append(PutByIdAccess::fromStructureStubInfo(stubInfo));
</del><ins>+ if (stubInfo.accessType != access_unset)
+ m_list.append(PutByIdAccess::fromStructureStubInfo(stubInfo));
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> PolymorphicPutByIdList* PolymorphicPutByIdList::from(
</span><span class="lines">@@ -98,8 +105,9 @@
</span><span class="cx"> return stubInfo.u.putByIdList.list;
</span><span class="cx">
</span><span class="cx"> ASSERT(stubInfo.accessType == access_put_by_id_replace
</span><del>- || stubInfo.accessType == access_put_by_id_transition_normal
- || stubInfo.accessType == access_put_by_id_transition_direct);
</del><ins>+ || stubInfo.accessType == access_put_by_id_transition_normal
+ || stubInfo.accessType == access_put_by_id_transition_direct
+ || stubInfo.accessType == access_unset);
</ins><span class="cx">
</span><span class="cx"> PolymorphicPutByIdList* result =
</span><span class="cx"> new PolymorphicPutByIdList(putKind, stubInfo);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodePolymorphicPutByIdListh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/PolymorphicPutByIdList.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/PolymorphicPutByIdList.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/bytecode/PolymorphicPutByIdList.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -32,6 +32,7 @@
</span><span class="cx"> #include "MacroAssembler.h"
</span><span class="cx"> #include "Opcode.h"
</span><span class="cx"> #include "PutKind.h"
</span><ins>+#include "PutPropertySlot.h"
</ins><span class="cx"> #include "Structure.h"
</span><span class="cx"> #include <wtf/Vector.h>
</span><span class="cx">
</span><span class="lines">@@ -45,7 +46,8 @@
</span><span class="cx"> enum AccessType {
</span><span class="cx"> Invalid,
</span><span class="cx"> Transition,
</span><del>- Replace
</del><ins>+ Replace,
+ CustomSetter
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> PutByIdAccess()
</span><span class="lines">@@ -66,10 +68,11 @@
</span><span class="cx"> result.m_oldStructure.set(vm, owner, oldStructure);
</span><span class="cx"> result.m_newStructure.set(vm, owner, newStructure);
</span><span class="cx"> result.m_chain.set(vm, owner, chain);
</span><ins>+ result.m_customSetter = 0;
</ins><span class="cx"> result.m_stubRoutine = stubRoutine;
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> static PutByIdAccess replace(
</span><span class="cx"> VM& vm,
</span><span class="cx"> JSCell* owner,
</span><span class="lines">@@ -79,9 +82,29 @@
</span><span class="cx"> PutByIdAccess result;
</span><span class="cx"> result.m_type = Replace;
</span><span class="cx"> result.m_oldStructure.set(vm, owner, structure);
</span><ins>+ result.m_customSetter = 0;
</ins><span class="cx"> result.m_stubRoutine = stubRoutine;
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><ins>+
+
+ static PutByIdAccess customSetter(
+ VM& vm,
+ JSCell* owner,
+ Structure* structure,
+ StructureChain* chain,
+ PutPropertySlot::PutValueFunc customSetter,
+ PassRefPtr<JITStubRoutine> stubRoutine)
+ {
+ PutByIdAccess result;
+ result.m_oldStructure.set(vm, owner, structure);
+ result.m_type = CustomSetter;
+ if (chain)
+ result.m_chain.set(vm, owner, chain);
+ result.m_customSetter = customSetter;
+ result.m_stubRoutine = stubRoutine;
+ return result;
+ }
</ins><span class="cx">
</span><span class="cx"> static PutByIdAccess fromStructureStubInfo(StructureStubInfo&);
</span><span class="cx">
</span><span class="lines">@@ -92,12 +115,13 @@
</span><span class="cx">
</span><span class="cx"> bool isTransition() const { return m_type == Transition; }
</span><span class="cx"> bool isReplace() const { return m_type == Replace; }
</span><ins>+ bool isCustom() const { return m_type == CustomSetter; }
</ins><span class="cx">
</span><span class="cx"> Structure* oldStructure() const
</span><span class="cx"> {
</span><span class="cx"> // Using this instead of isSet() to make this assertion robust against the possibility
</span><span class="cx"> // of additional access types being added.
</span><del>- ASSERT(isTransition() || isReplace());
</del><ins>+ ASSERT(isTransition() || isReplace() || isCustom());
</ins><span class="cx">
</span><span class="cx"> return m_oldStructure.get();
</span><span class="cx"> }
</span><span class="lines">@@ -116,16 +140,18 @@
</span><span class="cx">
</span><span class="cx"> StructureChain* chain() const
</span><span class="cx"> {
</span><del>- ASSERT(isTransition());
</del><ins>+ ASSERT(isTransition() || isCustom());
</ins><span class="cx"> return m_chain.get();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> JITStubRoutine* stubRoutine() const
</span><span class="cx"> {
</span><del>- ASSERT(isTransition() || isReplace());
</del><ins>+ ASSERT(isTransition() || isReplace() || isCustom());
</ins><span class="cx"> return m_stubRoutine.get();
</span><span class="cx"> }
</span><del>-
</del><ins>+
+ PutPropertySlot::PutValueFunc customSetter() const { ASSERT(isCustom()); return m_customSetter; }
+
</ins><span class="cx"> bool visitWeak() const;
</span><span class="cx">
</span><span class="cx"> private:
</span><span class="lines">@@ -135,6 +161,7 @@
</span><span class="cx"> WriteBarrier<Structure> m_oldStructure;
</span><span class="cx"> WriteBarrier<Structure> m_newStructure;
</span><span class="cx"> WriteBarrier<StructureChain> m_chain;
</span><ins>+ PutPropertySlot::PutValueFunc m_customSetter;
</ins><span class="cx"> RefPtr<JITStubRoutine> m_stubRoutine;
</span><span class="cx"> };
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodePutByIdStatuscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/PutByIdStatus.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/PutByIdStatus.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/bytecode/PutByIdStatus.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -205,6 +205,8 @@
</span><span class="cx"> return PutByIdStatus(TakesSlowPath);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><ins>+ case PutByIdAccess::CustomSetter:
+ return PutByIdStatus(MakesCalls);
</ins><span class="cx">
</span><span class="cx"> default:
</span><span class="cx"> return PutByIdStatus(TakesSlowPath);
</span><span class="lines">@@ -265,6 +267,9 @@
</span><span class="cx"> JSCell* specificValue;
</span><span class="cx"> PropertyOffset offset = structure->getConcurrently(vm, uid, attributes, specificValue);
</span><span class="cx"> if (isValidOffset(offset)) {
</span><ins>+ if (attributes & CustomAccessor)
+ return PutByIdStatus(MakesCalls);
+
</ins><span class="cx"> if (attributes & (Accessor | ReadOnly))
</span><span class="cx"> return PutByIdStatus(TakesSlowPath);
</span><span class="cx"> if (specificValue) {
</span><span class="lines">@@ -342,6 +347,9 @@
</span><span class="cx"> case TakesSlowPath:
</span><span class="cx"> out.print("(TakesSlowPath)");
</span><span class="cx"> return;
</span><ins>+ case MakesCalls:
+ out.print("(MakesCalls)");
+ return;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodePutByIdStatush"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/PutByIdStatus.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/PutByIdStatus.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/bytecode/PutByIdStatus.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -47,7 +47,9 @@
</span><span class="cx"> // It's cached as a simple store of some kind.
</span><span class="cx"> Simple,
</span><span class="cx"> // It's known to often take slow path.
</span><del>- TakesSlowPath
</del><ins>+ TakesSlowPath,
+ // It's known to take paths that make calls.
+ MakesCalls
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> PutByIdStatus()
</span><span class="lines">@@ -58,7 +60,7 @@
</span><span class="cx"> explicit PutByIdStatus(State state)
</span><span class="cx"> : m_state(state)
</span><span class="cx"> {
</span><del>- ASSERT(m_state == NoInformation || m_state == TakesSlowPath);
</del><ins>+ ASSERT(m_state == NoInformation || m_state == TakesSlowPath || m_state == MakesCalls);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> PutByIdStatus(const PutByIdVariant& variant)
</span><span class="lines">@@ -77,7 +79,8 @@
</span><span class="cx"> bool isSet() const { return m_state != NoInformation; }
</span><span class="cx"> bool operator!() const { return m_state == NoInformation; }
</span><span class="cx"> bool isSimple() const { return m_state == Simple; }
</span><del>- bool takesSlowPath() const { return m_state == TakesSlowPath; }
</del><ins>+ bool takesSlowPath() const { return m_state == TakesSlowPath || m_state == MakesCalls; }
+ bool makesCalls() const { return m_state == MakesCalls; }
</ins><span class="cx">
</span><span class="cx"> size_t numVariants() const { return m_variants.size(); }
</span><span class="cx"> const Vector<PutByIdVariant, 1>& variants() const { return m_variants; }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeStructureStubInfoh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -33,6 +33,7 @@
</span><span class="cx"> #include "Opcode.h"
</span><span class="cx"> #include "PolymorphicAccessStructureList.h"
</span><span class="cx"> #include "RegisterSet.h"
</span><ins>+#include "SpillRegistersMode.h"
</ins><span class="cx"> #include "Structure.h"
</span><span class="cx"> #include "StructureStubClearingWatchpoint.h"
</span><span class="cx"> #include <wtf/OwnPtr.h>
</span><span class="lines">@@ -193,7 +194,7 @@
</span><span class="cx"> CodeOrigin codeOrigin;
</span><span class="cx">
</span><span class="cx"> struct {
</span><del>- int8_t registersFlushed;
</del><ins>+ SpillRegistersMode spillMode : 8;
</ins><span class="cx"> int8_t baseGPR;
</span><span class="cx"> #if USE(JSVALUE32_64)
</span><span class="cx"> int8_t valueTagGPR;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGAbstractInterpreterInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -1737,6 +1737,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case PutById:
</span><ins>+ case PutByIdFlush:
</ins><span class="cx"> case PutByIdDirect:
</span><span class="cx"> node->setCanExit(true);
</span><span class="cx"> if (Structure* structure = forNode(node->child1()).bestProvenStructure()) {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -180,7 +180,7 @@
</span><span class="cx"> int destinationOperand, SpeculatedType, Node* base, unsigned identifierNumber,
</span><span class="cx"> const GetByIdStatus&);
</span><span class="cx"> void emitPutById(
</span><del>- Node* base, unsigned identifierNumber, Node* value, bool isDirect);
</del><ins>+ Node* base, unsigned identifierNumber, Node* value, const PutByIdStatus&, bool isDirect);
</ins><span class="cx"> void handlePutById(
</span><span class="cx"> Node* base, unsigned identifierNumber, Node* value, const PutByIdStatus&,
</span><span class="cx"> bool isDirect);
</span><span class="lines">@@ -1943,12 +1943,12 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void ByteCodeParser::emitPutById(
</span><del>- Node* base, unsigned identifierNumber, Node* value, bool isDirect)
</del><ins>+ Node* base, unsigned identifierNumber, Node* value, const PutByIdStatus& putByIdStatus, bool isDirect)
</ins><span class="cx"> {
</span><span class="cx"> if (isDirect)
</span><span class="cx"> addToGraph(PutByIdDirect, OpInfo(identifierNumber), base, value);
</span><span class="cx"> else
</span><del>- addToGraph(PutById, OpInfo(identifierNumber), base, value);
</del><ins>+ addToGraph(putByIdStatus.makesCalls() ? PutByIdFlush : PutById, OpInfo(identifierNumber), base, value);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void ByteCodeParser::handlePutById(
</span><span class="lines">@@ -1958,13 +1958,13 @@
</span><span class="cx"> if (!putByIdStatus.isSimple()) {
</span><span class="cx"> if (!putByIdStatus.isSet())
</span><span class="cx"> addToGraph(ForceOSRExit);
</span><del>- emitPutById(base, identifierNumber, value, isDirect);
</del><ins>+ emitPutById(base, identifierNumber, value, putByIdStatus, isDirect);
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (putByIdStatus.numVariants() > 1) {
</span><del>- if (!isFTL(m_graph.m_plan.mode)) {
- emitPutById(base, identifierNumber, value, isDirect);
</del><ins>+ if (!isFTL(m_graph.m_plan.mode) || putByIdStatus.makesCalls()) {
+ emitPutById(base, identifierNumber, value, putByIdStatus, isDirect);
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -2001,9 +2001,13 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- ASSERT(variant.kind() == PutByIdVariant::Transition);
</del><ins>+ if (variant.kind() != PutByIdVariant::Transition) {
+ emitPutById(base, identifierNumber, value, putByIdStatus, isDirect);
+ return;
+ }
+
</ins><span class="cx"> if (variant.structureChain() && !variant.structureChain()->isStillValid()) {
</span><del>- emitPutById(base, identifierNumber, value, isDirect);
</del><ins>+ emitPutById(base, identifierNumber, value, putByIdStatus, isDirect);
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGClobberizeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGClobberize.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGClobberize.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGClobberize.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -196,6 +196,7 @@
</span><span class="cx"> case GetById:
</span><span class="cx"> case GetByIdFlush:
</span><span class="cx"> case PutById:
</span><ins>+ case PutByIdFlush:
</ins><span class="cx"> case PutByIdDirect:
</span><span class="cx"> case ArrayPush:
</span><span class="cx"> case ArrayPop:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGCommonh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGCommon.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGCommon.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGCommon.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -96,8 +96,6 @@
</span><span class="cx"> #endif
</span><span class="cx"> }
</span><span class="cx">
</span><del>-enum SpillRegistersMode { NeedToSpill, DontSpill };
-
</del><span class="cx"> enum NoResultTag { NoResult };
</span><span class="cx">
</span><span class="cx"> enum OptimizationFixpointState { BeforeFixpoint, FixpointNotConverged, FixpointConverged };
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGConstantFoldingPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -224,6 +224,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case PutById:
</span><ins>+ case PutByIdFlush:
</ins><span class="cx"> case PutByIdDirect: {
</span><span class="cx"> NodeOrigin origin = node->origin;
</span><span class="cx"> Edge childEdge = node->child1();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGFixupPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -851,6 +851,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> case PutById:
</span><ins>+ case PutByIdFlush:
</ins><span class="cx"> case PutByIdDirect: {
</span><span class="cx"> fixEdge<CellUse>(node->child1());
</span><span class="cx"> insertStoreBarrier(m_indexInBlock, node->child1(), node->child2());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNode.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNode.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGNode.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -654,6 +654,7 @@
</span><span class="cx"> case GetById:
</span><span class="cx"> case GetByIdFlush:
</span><span class="cx"> case PutById:
</span><ins>+ case PutByIdFlush:
</ins><span class="cx"> case PutByIdDirect:
</span><span class="cx"> return true;
</span><span class="cx"> default:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGNodeTypeh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGNodeType.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGNodeType.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGNodeType.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -146,6 +146,7 @@
</span><span class="cx"> macro(GetById, NodeResultJS | NodeMustGenerate | NodeClobbersWorld) \
</span><span class="cx"> macro(GetByIdFlush, NodeResultJS | NodeMustGenerate | NodeClobbersWorld) \
</span><span class="cx"> macro(PutById, NodeMustGenerate | NodeClobbersWorld) \
</span><ins>+ macro(PutByIdFlush, NodeMustGenerate | NodeMustGenerate | NodeClobbersWorld) \
</ins><span class="cx"> macro(PutByIdDirect, NodeMustGenerate | NodeClobbersWorld) \
</span><span class="cx"> macro(CheckStructure, NodeMustGenerate) \
</span><span class="cx"> macro(CheckExecutable, NodeMustGenerate) \
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGPredictionPropagationPhasecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -550,6 +550,7 @@
</span><span class="cx"> case Return:
</span><span class="cx"> case Throw:
</span><span class="cx"> case PutById:
</span><ins>+ case PutByIdFlush:
</ins><span class="cx"> case PutByIdDirect:
</span><span class="cx"> case PutByOffset:
</span><span class="cx"> case MultiPutByOffset:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSafeToExecuteh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -155,6 +155,7 @@
</span><span class="cx"> case GetById:
</span><span class="cx"> case GetByIdFlush:
</span><span class="cx"> case PutById:
</span><ins>+ case PutByIdFlush:
</ins><span class="cx"> case PutByIdDirect:
</span><span class="cx"> case CheckStructure:
</span><span class="cx"> case CheckExecutable:
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -880,7 +880,7 @@
</span><span class="cx"> stubInfo->patch.baseGPR = static_cast<int8_t>(baseGPR);
</span><span class="cx"> stubInfo->patch.valueGPR = static_cast<int8_t>(resultGPR);
</span><span class="cx"> stubInfo->patch.usedRegisters = usedRegisters();
</span><del>- stubInfo->patch.registersFlushed = false;
</del><ins>+ stubInfo->patch.spillMode = NeedToSpill;
</ins><span class="cx">
</span><span class="cx"> m_jit.addIn(InRecord(jump, done, slowPath.get(), stubInfo));
</span><span class="cx"> addSlowPathGenerator(slowPath.release());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -715,10 +715,10 @@
</span><span class="cx">
</span><span class="cx"> #if USE(JSVALUE64)
</span><span class="cx"> void cachedGetById(CodeOrigin, GPRReg baseGPR, GPRReg resultGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill);
</span><del>- void cachedPutById(CodeOrigin, GPRReg base, GPRReg value, GPRReg scratchGPR, unsigned identifierNumber, PutKind, JITCompiler::Jump slowPathTarget = JITCompiler::Jump());
</del><ins>+ void cachedPutById(CodeOrigin, GPRReg base, GPRReg value, GPRReg scratchGPR, unsigned identifierNumber, PutKind, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill);
</ins><span class="cx"> #elif USE(JSVALUE32_64)
</span><span class="cx"> void cachedGetById(CodeOrigin, GPRReg baseTagGPROrNone, GPRReg basePayloadGPR, GPRReg resultTagGPR, GPRReg resultPayloadGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill);
</span><del>- void cachedPutById(CodeOrigin, GPRReg basePayloadGPR, GPRReg valueTagGPR, GPRReg valuePayloadGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind, JITCompiler::Jump slowPathTarget = JITCompiler::Jump());
</del><ins>+ void cachedPutById(CodeOrigin, GPRReg basePayloadGPR, GPRReg valueTagGPR, GPRReg valuePayloadGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind, JITCompiler::Jump slowPathTarget = JITCompiler::Jump(), SpillRegistersMode = NeedToSpill);
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> void compileIn(Node*);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -174,7 +174,7 @@
</span><span class="cx"> JITGetByIdGenerator gen(
</span><span class="cx"> m_jit.codeBlock(), codeOrigin, usedRegisters(),
</span><span class="cx"> JSValueRegs(baseTagGPROrNone, basePayloadGPR),
</span><del>- JSValueRegs(resultTagGPR, resultPayloadGPR), spillMode != NeedToSpill);
</del><ins>+ JSValueRegs(resultTagGPR, resultPayloadGPR), spillMode);
</ins><span class="cx">
</span><span class="cx"> gen.generateFastPath(m_jit);
</span><span class="cx">
</span><span class="lines">@@ -201,12 +201,12 @@
</span><span class="cx"> addSlowPathGenerator(slowPath.release());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg basePayloadGPR, GPRReg valueTagGPR, GPRReg valuePayloadGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind putKind, JITCompiler::Jump slowPathTarget)
</del><ins>+void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg basePayloadGPR, GPRReg valueTagGPR, GPRReg valuePayloadGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind putKind, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
</ins><span class="cx"> {
</span><span class="cx"> JITPutByIdGenerator gen(
</span><span class="cx"> m_jit.codeBlock(), codeOrigin, usedRegisters(),
</span><span class="cx"> JSValueRegs::payloadOnly(basePayloadGPR), JSValueRegs(valueTagGPR, valuePayloadGPR),
</span><del>- scratchGPR, false, m_jit.ecmaModeFor(codeOrigin), putKind);
</del><ins>+ scratchGPR, spillMode, m_jit.ecmaModeFor(codeOrigin), putKind);
</ins><span class="cx">
</span><span class="cx"> gen.generateFastPath(m_jit);
</span><span class="cx">
</span><span class="lines">@@ -3918,6 +3918,23 @@
</span><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><ins>+
+ case PutByIdFlush: {
+ SpeculateCellOperand base(this, node->child1());
+ JSValueOperand value(this, node->child2());
+ GPRTemporary scratch(this);
+
+ GPRReg baseGPR = base.gpr();
+ GPRReg valueTagGPR = value.tagGPR();
+ GPRReg valuePayloadGPR = value.payloadGPR();
+ GPRReg scratchGPR = scratch.gpr();
+ flushRegisters();
+
+ cachedPutById(node->origin.semantic, baseGPR, valueTagGPR, valuePayloadGPR, scratchGPR, node->identifierNumber(), NotDirect, MacroAssembler::Jump(), DontSpill);
+
+ noResult(node);
+ break;
+ }
</ins><span class="cx">
</span><span class="cx"> case PutById: {
</span><span class="cx"> SpeculateCellOperand base(this, node->child1());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -37,6 +37,7 @@
</span><span class="cx"> #include "Debugger.h"
</span><span class="cx"> #include "JSCInlines.h"
</span><span class="cx"> #include "ObjectPrototype.h"
</span><ins>+#include "SpillRegistersMode.h"
</ins><span class="cx">
</span><span class="cx"> namespace JSC { namespace DFG {
</span><span class="cx">
</span><span class="lines">@@ -191,7 +192,7 @@
</span><span class="cx"> {
</span><span class="cx"> JITGetByIdGenerator gen(
</span><span class="cx"> m_jit.codeBlock(), codeOrigin, usedRegisters(), JSValueRegs(baseGPR),
</span><del>- JSValueRegs(resultGPR), spillMode != NeedToSpill);
</del><ins>+ JSValueRegs(resultGPR), spillMode);
</ins><span class="cx"> gen.generateFastPath(m_jit);
</span><span class="cx">
</span><span class="cx"> JITCompiler::JumpList slowCases;
</span><span class="lines">@@ -207,11 +208,12 @@
</span><span class="cx"> addSlowPathGenerator(slowPath.release());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg valueGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind putKind, JITCompiler::Jump slowPathTarget)
</del><ins>+void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg baseGPR, GPRReg valueGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind putKind, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
</ins><span class="cx"> {
</span><span class="cx"> JITPutByIdGenerator gen(
</span><span class="cx"> m_jit.codeBlock(), codeOrigin, usedRegisters(), JSValueRegs(baseGPR),
</span><del>- JSValueRegs(valueGPR), scratchGPR, false, m_jit.ecmaModeFor(codeOrigin), putKind);
</del><ins>+ JSValueRegs(valueGPR), scratchGPR, spillMode, m_jit.ecmaModeFor(codeOrigin), putKind);
+
</ins><span class="cx"> gen.generateFastPath(m_jit);
</span><span class="cx">
</span><span class="cx"> JITCompiler::JumpList slowCases;
</span><span class="lines">@@ -4248,6 +4250,22 @@
</span><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><ins>+
+ case PutByIdFlush: {
+ SpeculateCellOperand base(this, node->child1());
+ JSValueOperand value(this, node->child2());
+ GPRTemporary scratch(this);
+
+ GPRReg baseGPR = base.gpr();
+ GPRReg valueGPR = value.gpr();
+ GPRReg scratchGPR = scratch.gpr();
+ flushRegisters();
+
+ cachedPutById(node->origin.semantic, baseGPR, valueGPR, scratchGPR, node->identifierNumber(), NotDirect, MacroAssembler::Jump(), DontSpill);
+
+ noResult(node);
+ break;
+ }
</ins><span class="cx">
</span><span class="cx"> case PutById: {
</span><span class="cx"> SpeculateCellOperand base(this, node->child1());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLCompilecpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -308,7 +308,7 @@
</span><span class="cx">
</span><span class="cx"> JITGetByIdGenerator gen(
</span><span class="cx"> codeBlock, getById.codeOrigin(), usedRegisters, JSValueRegs(base),
</span><del>- JSValueRegs(result), false);
</del><ins>+ JSValueRegs(result), NeedToSpill);
</ins><span class="cx">
</span><span class="cx"> MacroAssembler::Label begin = slowPathJIT.label();
</span><span class="cx">
</span><span class="lines">@@ -346,7 +346,7 @@
</span><span class="cx">
</span><span class="cx"> JITPutByIdGenerator gen(
</span><span class="cx"> codeBlock, putById.codeOrigin(), usedRegisters, JSValueRegs(base),
</span><del>- JSValueRegs(value), GPRInfo::patchpointScratchRegister, false,
</del><ins>+ JSValueRegs(value), GPRInfo::patchpointScratchRegister, NeedToSpill,
</ins><span class="cx"> putById.ecmaMode(), putById.putKind());
</span><span class="cx">
</span><span class="cx"> MacroAssembler::Label begin = slowPathJIT.label();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitCCallHelpersh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/CCallHelpers.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/CCallHelpers.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/jit/CCallHelpers.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -372,6 +372,17 @@
</span><span class="cx"> addCallArgument(arg3);
</span><span class="cx"> addCallArgument(arg4);
</span><span class="cx"> }
</span><ins>+
+ ALWAYS_INLINE void setupArgumentsWithExecState(TrustedImmPtr arg1, GPRReg arg2, TrustedImm32 arg3, GPRReg arg4, GPRReg arg5)
+ {
+ resetCallArguments();
+ addCallArgument(GPRInfo::callFrameRegister);
+ addCallArgument(arg1);
+ addCallArgument(arg2);
+ addCallArgument(arg3);
+ addCallArgument(arg4);
+ addCallArgument(arg5);
+ }
</ins><span class="cx">
</span><span class="cx"> ALWAYS_INLINE void setupArgumentsWithExecState(GPRReg arg1, TrustedImmPtr arg2, TrustedImm32 arg3, GPRReg arg4, GPRReg arg5)
</span><span class="cx"> {
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITInlineCacheGeneratorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -49,12 +49,12 @@
</span><span class="cx">
</span><span class="cx"> JITByIdGenerator::JITByIdGenerator(
</span><span class="cx"> CodeBlock* codeBlock, CodeOrigin codeOrigin, const RegisterSet& usedRegisters,
</span><del>- JSValueRegs base, JSValueRegs value, bool registersFlushed)
</del><ins>+ JSValueRegs base, JSValueRegs value, SpillRegistersMode spillMode)
</ins><span class="cx"> : JITInlineCacheGenerator(codeBlock, codeOrigin)
</span><span class="cx"> , m_base(base)
</span><span class="cx"> , m_value(value)
</span><span class="cx"> {
</span><del>- m_stubInfo->patch.registersFlushed = registersFlushed;
</del><ins>+ m_stubInfo->patch.spillMode = spillMode;
</ins><span class="cx"> m_stubInfo->patch.usedRegisters = usedRegisters;
</span><span class="cx">
</span><span class="cx"> // This is a convenience - in cases where the only registers you're using are base/value,
</span><span class="lines">@@ -129,9 +129,9 @@
</span><span class="cx">
</span><span class="cx"> JITPutByIdGenerator::JITPutByIdGenerator(
</span><span class="cx"> CodeBlock* codeBlock, CodeOrigin codeOrigin, const RegisterSet& usedRegisters,
</span><del>- JSValueRegs base, JSValueRegs value, GPRReg scratch, bool registersFlushed,
</del><ins>+ JSValueRegs base, JSValueRegs value, GPRReg scratch, SpillRegistersMode spillMode,
</ins><span class="cx"> ECMAMode ecmaMode, PutKind putKind)
</span><del>- : JITByIdGenerator(codeBlock, codeOrigin, usedRegisters, base, value, registersFlushed)
</del><ins>+ : JITByIdGenerator(codeBlock, codeOrigin, usedRegisters, base, value, spillMode)
</ins><span class="cx"> , m_scratch(scratch)
</span><span class="cx"> , m_ecmaMode(ecmaMode)
</span><span class="cx"> , m_putKind(putKind)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITInlineCacheGeneratorh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -57,7 +57,7 @@
</span><span class="cx">
</span><span class="cx"> JITByIdGenerator(
</span><span class="cx"> CodeBlock*, CodeOrigin, const RegisterSet&, JSValueRegs base, JSValueRegs value,
</span><del>- bool registersFlushed);
</del><ins>+ SpillRegistersMode spillMode);
</ins><span class="cx">
</span><span class="cx"> public:
</span><span class="cx"> void reportSlowPathCall(MacroAssembler::Label slowPathBegin, MacroAssembler::Call call)
</span><span class="lines">@@ -95,9 +95,9 @@
</span><span class="cx"> JITGetByIdGenerator() { }
</span><span class="cx">
</span><span class="cx"> JITGetByIdGenerator(
</span><del>- CodeBlock* codeBlock, CodeOrigin codeOrigin, const RegisterSet& usedRegisters,
- JSValueRegs base, JSValueRegs value, bool registersFlushed)
- : JITByIdGenerator(codeBlock, codeOrigin, usedRegisters, base, value, registersFlushed)
</del><ins>+ CodeBlock* codeBlock, CodeOrigin codeOrigin, const RegisterSet& usedRegisters,
+ JSValueRegs base, JSValueRegs value, SpillRegistersMode spillMode)
+ : JITByIdGenerator(codeBlock, codeOrigin, usedRegisters, base, value, spillMode)
</ins><span class="cx"> {
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -110,7 +110,7 @@
</span><span class="cx">
</span><span class="cx"> JITPutByIdGenerator(
</span><span class="cx"> CodeBlock*, CodeOrigin, const RegisterSet& usedRegisters, JSValueRegs base,
</span><del>- JSValueRegs value, GPRReg scratch, bool registersFlushed, ECMAMode, PutKind);
</del><ins>+ JSValueRegs, GPRReg scratch, SpillRegistersMode spillMode, ECMAMode, PutKind);
</ins><span class="cx">
</span><span class="cx"> void generateFastPath(MacroAssembler&);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -1730,7 +1730,7 @@
</span><span class="cx">
</span><span class="cx"> // Covers implicit globals. Since they don't exist until they first execute, we didn't know how to cache them at compile time.
</span><span class="cx"> if (modeAndType.type() == GlobalProperty || modeAndType.type() == GlobalPropertyWithVarInjectionChecks) {
</span><del>- if (slot.isCacheable() && slot.base() == scope && scope->structure()->propertyAccessesAreCacheable()) {
</del><ins>+ if (slot.isCacheablePut() && slot.base() == scope && scope->structure()->propertyAccessesAreCacheable()) {
</ins><span class="cx"> ConcurrentJITLocker locker(codeBlock->m_lock);
</span><span class="cx"> pc[5].u.structure.set(exec->vm(), codeBlock->ownerExecutable(), scope->structure());
</span><span class="cx"> pc[6].u.operand = slot.cachedOffset();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -35,9 +35,11 @@
</span><span class="cx"> #include "JSCJSValue.h"
</span><span class="cx"> #include "MacroAssembler.h"
</span><span class="cx"> #include "PutKind.h"
</span><ins>+#include "SpillRegistersMode.h"
</ins><span class="cx"> #include "StructureStubInfo.h"
</span><span class="cx"> #include "VariableWatchpointSet.h"
</span><span class="cx">
</span><ins>+
</ins><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> class ArrayAllocationProfile;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITPropertyAccesscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -521,7 +521,7 @@
</span><span class="cx">
</span><span class="cx"> JITGetByIdGenerator gen(
</span><span class="cx"> m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
</span><del>- JSValueRegs(regT0), JSValueRegs(regT0), true);
</del><ins>+ JSValueRegs(regT0), JSValueRegs(regT0), DontSpill);
</ins><span class="cx"> gen.generateFastPath(*this);
</span><span class="cx"> addSlowCase(gen.slowPathJump());
</span><span class="cx"> m_getByIds.append(gen);
</span><span class="lines">@@ -567,7 +567,7 @@
</span><span class="cx">
</span><span class="cx"> JITPutByIdGenerator gen(
</span><span class="cx"> m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
</span><del>- JSValueRegs(regT0), JSValueRegs(regT1), regT2, true, m_codeBlock->ecmaMode(),
</del><ins>+ JSValueRegs(regT0), JSValueRegs(regT1), regT2, DontSpill, m_codeBlock->ecmaMode(),
</ins><span class="cx"> direct ? Direct : NotDirect);
</span><span class="cx">
</span><span class="cx"> gen.generateFastPath(*this);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITPropertyAccess32_64cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -478,7 +478,7 @@
</span><span class="cx">
</span><span class="cx"> JITGetByIdGenerator gen(
</span><span class="cx"> m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
</span><del>- JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0), true);
</del><ins>+ JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0), DontSpill);
</ins><span class="cx"> gen.generateFastPath(*this);
</span><span class="cx"> addSlowCase(gen.slowPathJump());
</span><span class="cx"> m_getByIds.append(gen);
</span><span class="lines">@@ -527,7 +527,7 @@
</span><span class="cx"> JITPutByIdGenerator gen(
</span><span class="cx"> m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
</span><span class="cx"> JSValueRegs::payloadOnly(regT0), JSValueRegs(regT3, regT2),
</span><del>- regT1, true, m_codeBlock->ecmaMode(), direct ? Direct : NotDirect);
</del><ins>+ regT1, DontSpill, m_codeBlock->ecmaMode(), direct ? Direct : NotDirect);
</ins><span class="cx">
</span><span class="cx"> gen.generateFastPath(*this);
</span><span class="cx"> addSlowCase(gen.slowPathJump());
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitRepatchcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/Repatch.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/Repatch.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/jit/Repatch.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -449,7 +449,7 @@
</span><span class="cx"> if (structure->isDictionary())
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- if (!stubInfo.patch.registersFlushed) {
</del><ins>+ if (stubInfo.patch.spillMode == NeedToSpill) {
</ins><span class="cx"> // We cannot do as much inline caching if the registers were not flushed prior to this GetById. In particular,
</span><span class="cx"> // non-Value cached properties require planting calls, which requires registers to have been flushed. Thus,
</span><span class="cx"> // if registers were not flushed, don't do non-Value caching.
</span><span class="lines">@@ -551,7 +551,7 @@
</span><span class="cx"> Structure* structure = baseCell->structure();
</span><span class="cx">
</span><span class="cx"> if (slot.slotBase() == baseValue) {
</span><del>- if (!stubInfo.patch.registersFlushed) {
</del><ins>+ if (stubInfo.patch.spillMode == NeedToSpill) {
</ins><span class="cx"> // We cannot do as much inline caching if the registers were not flushed prior to this GetById. In particular,
</span><span class="cx"> // non-Value cached properties require planting calls, which requires registers to have been flushed. Thus,
</span><span class="cx"> // if registers were not flushed, don't do non-Value caching.
</span><span class="lines">@@ -702,7 +702,7 @@
</span><span class="cx"> || baseValue.asCell()->structure()->isDictionary())
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- if (!stubInfo.patch.registersFlushed) {
</del><ins>+ if (stubInfo.patch.spillMode == NeedToSpill) {
</ins><span class="cx"> // We cannot do as much inline caching if the registers were not flushed prior to this GetById. In particular,
</span><span class="cx"> // non-Value cached properties require planting calls, which requires registers to have been flushed. Thus,
</span><span class="cx"> // if registers were not flushed, don't do non-Value caching.
</span><span class="lines">@@ -1126,6 +1126,71 @@
</span><span class="cx"> structure);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+static void emitCustomSetterStub(ExecState* exec, const PutPropertySlot& slot,
+ StructureStubInfo& stubInfo, Structure* structure, StructureChain* prototypeChain,
+ CodeLocationLabel failureLabel, RefPtr<JITStubRoutine>& stubRoutine)
+{
+ VM* vm = &exec->vm();
+ ASSERT(stubInfo.patch.spillMode == DontSpill);
+ GPRReg baseGPR = static_cast<GPRReg>(stubInfo.patch.baseGPR);
+#if USE(JSVALUE32_64)
+ GPRReg valueTagGPR = static_cast<GPRReg>(stubInfo.patch.valueTagGPR);
+#endif
+ GPRReg valueGPR = static_cast<GPRReg>(stubInfo.patch.valueGPR);
+ TempRegisterSet tempRegisters(stubInfo.patch.usedRegisters);
+
+ CCallHelpers stubJit(vm);
+ GPRReg scratchGPR = tempRegisters.getFreeGPR();
+ RELEASE_ASSERT(scratchGPR != InvalidGPRReg);
+ RELEASE_ASSERT(scratchGPR != baseGPR);
+ RELEASE_ASSERT(scratchGPR != valueGPR);
+ MacroAssembler::JumpList failureCases;
+ failureCases.append(branchStructure(stubJit,
+ MacroAssembler::NotEqual,
+ MacroAssembler::Address(baseGPR, JSCell::structureIDOffset()),
+ structure));
+
+ if (prototypeChain) {
+ for (WriteBarrier<Structure>* it = prototypeChain->head(); *it; ++it)
+ addStructureTransitionCheck((*it)->storedPrototype(), exec->codeBlock(), stubInfo, stubJit, failureCases, scratchGPR);
+ }
+
+ // typedef void (*PutValueFunc)(ExecState*, JSObject* base, EncodedJSValue thisObject, EncodedJSValue value);
+#if USE(JSVALUE64)
+ stubJit.setupArgumentsWithExecState(MacroAssembler::TrustedImmPtr(slot.base()), baseGPR, valueGPR);
+#else
+ stubJit.setupArgumentsWithExecState(MacroAssembler::TrustedImmPtr(slot.base()), baseGPR, MacroAssembler::TrustedImm32(JSValue::CellTag), valueGPR, valueTagGPR);
+#endif
+
+ // Need to make sure that whenever this call is made in the future, we remember the
+ // place that we made it from. It just so happens to be the place that we are at
+ // right now!
+ stubJit.store32(MacroAssembler::TrustedImm32(exec->locationAsRawBits()),
+ CCallHelpers::tagFor(static_cast<VirtualRegister>(JSStack::ArgumentCount)));
+ stubJit.storePtr(GPRInfo::callFrameRegister, &vm->topCallFrame);
+
+ MacroAssembler::Call setterCall = stubJit.call();
+
+ MacroAssembler::Jump success = stubJit.emitExceptionCheck(CCallHelpers::InvertedExceptionCheck);
+
+ stubJit.setupArguments(CCallHelpers::TrustedImmPtr(vm), GPRInfo::callFrameRegister);
+
+ MacroAssembler::Call handlerCall = stubJit.call();
+
+ stubJit.jumpToExceptionHandler();
+ LinkBuffer patchBuffer(*vm, &stubJit, exec->codeBlock());
+
+ patchBuffer.link(success, stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToDone));
+ patchBuffer.link(failureCases, failureLabel);
+ patchBuffer.link(setterCall, FunctionPtr(slot.customSetter()));
+ patchBuffer.link(handlerCall, lookupExceptionHandler);
+
+ stubRoutine = createJITStubRoutine(
+ FINALIZE_CODE_FOR(exec->codeBlock(), patchBuffer, ("PutById custom setter stub for %s, return point %p",
+ toCString(*exec->codeBlock()).data(), stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToDone).executableAddress())), *vm, exec->codeBlock()->ownerExecutable(), structure);
+}
+
+
</ins><span class="cx"> static bool tryCachePutByID(ExecState* exec, JSValue baseValue, const Identifier& ident, const PutPropertySlot& slot, StructureStubInfo& stubInfo, PutKind putKind)
</span><span class="cx"> {
</span><span class="cx"> CodeBlock* codeBlock = exec->codeBlock();
</span><span class="lines">@@ -1137,13 +1202,13 @@
</span><span class="cx"> Structure* structure = baseCell->structure();
</span><span class="cx"> Structure* oldStructure = structure->previousID();
</span><span class="cx">
</span><del>- if (!slot.isCacheable())
</del><ins>+ if (!slot.isCacheablePut() && !slot.isCacheableCustomProperty())
</ins><span class="cx"> return false;
</span><span class="cx"> if (!structure->propertyAccessesAreCacheable())
</span><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> // Optimize self access.
</span><del>- if (slot.base() == baseValue) {
</del><ins>+ if (slot.base() == baseValue && slot.isCacheablePut()) {
</ins><span class="cx"> if (slot.type() == PutPropertySlot::NewProperty) {
</span><span class="cx"> if (structure->isDictionary())
</span><span class="cx"> return false;
</span><span class="lines">@@ -1190,7 +1255,34 @@
</span><span class="cx"> stubInfo.initPutByIdReplace(*vm, codeBlock->ownerExecutable(), structure);
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><ins>+ if (slot.isCacheableCustomProperty() && stubInfo.patch.spillMode == DontSpill) {
+ RefPtr<JITStubRoutine> stubRoutine;
</ins><span class="cx">
</span><ins>+ StructureChain* prototypeChain = 0;
+ if (baseValue != slot.base()) {
+ PropertyOffset offsetIgnored;
+ if (normalizePrototypeChainForChainAccess(exec, baseCell, slot.base(), ident, offsetIgnored) == InvalidPrototypeChain)
+ return false;
+
+ prototypeChain = structure->prototypeChain(exec);
+ }
+ PolymorphicPutByIdList* list;
+ list = PolymorphicPutByIdList::from(putKind, stubInfo);
+
+ emitCustomSetterStub(exec, slot, stubInfo,
+ structure, prototypeChain,
+ stubInfo.callReturnLocation.labelAtOffset(stubInfo.patch.deltaCallToSlowCase),
+ stubRoutine);
+
+ list->addAccess(PutByIdAccess::customSetter(*vm, codeBlock->ownerExecutable(), structure, prototypeChain, slot.customSetter(), stubRoutine));
+
+ RepatchBuffer repatchBuffer(codeBlock);
+ repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.patch.deltaCallToJump), CodeLocationLabel(stubRoutine->code().code()));
+ repatchCall(repatchBuffer, stubInfo.callReturnLocation, appropriateListBuildingPutByIdFunction(slot, putKind));
+ RELEASE_ASSERT(!list->isFull());
+ return true;
+ }
+
</ins><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1214,13 +1306,15 @@
</span><span class="cx"> Structure* structure = baseCell->structure();
</span><span class="cx"> Structure* oldStructure = structure->previousID();
</span><span class="cx">
</span><del>- if (!slot.isCacheable())
</del><ins>+
+ if (!slot.isCacheablePut() && !slot.isCacheableCustomProperty())
</ins><span class="cx"> return false;
</span><ins>+
</ins><span class="cx"> if (!structure->propertyAccessesAreCacheable())
</span><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> // Optimize self access.
</span><del>- if (slot.base() == baseValue) {
</del><ins>+ if (slot.base() == baseValue && slot.isCacheablePut()) {
</ins><span class="cx"> PolymorphicPutByIdList* list;
</span><span class="cx"> RefPtr<JITStubRoutine> stubRoutine;
</span><span class="cx">
</span><span class="lines">@@ -1282,6 +1376,33 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ if (slot.isCacheableCustomProperty() && stubInfo.patch.spillMode == DontSpill) {
+ RefPtr<JITStubRoutine> stubRoutine;
+ StructureChain* prototypeChain = 0;
+ if (baseValue != slot.base()) {
+ PropertyOffset offsetIgnored;
+ if (normalizePrototypeChainForChainAccess(exec, baseCell, slot.base(), propertyName, offsetIgnored) == InvalidPrototypeChain)
+ return false;
+
+ prototypeChain = structure->prototypeChain(exec);
+ }
+ PolymorphicPutByIdList* list;
+ list = PolymorphicPutByIdList::from(putKind, stubInfo);
+
+ emitCustomSetterStub(exec, slot, stubInfo,
+ structure, prototypeChain,
+ CodeLocationLabel(list->currentSlowPathTarget()),
+ stubRoutine);
+
+ list->addAccess(PutByIdAccess::customSetter(*vm, codeBlock->ownerExecutable(), structure, prototypeChain, slot.customSetter(), stubRoutine));
+
+ RepatchBuffer repatchBuffer(codeBlock);
+ repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.patch.deltaCallToJump), CodeLocationLabel(stubRoutine->code().code()));
+ if (list->isFull())
+ repatchCall(repatchBuffer, stubInfo.callReturnLocation, appropriateGenericPutByIdFunction(slot, putKind));
+
+ return true;
+ }
</ins><span class="cx"> return false;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitSpillRegistersModeh"></a>
<div class="addfile"><h4>Added: trunk/Source/JavaScriptCore/jit/SpillRegistersMode.h (0 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/SpillRegistersMode.h (rev 0)
+++ trunk/Source/JavaScriptCore/jit/SpillRegistersMode.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -0,0 +1,35 @@
</span><ins>+/*
+ * Copyright (C) 2014 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef SpillRegistersMode_h
+#define SpillRegistersMode_h
+
+namespace JSC {
+
+enum SpillRegistersMode { NeedToSpill, DontSpill };
+
+}
+
+#endif
</ins></span></pre></div>
<a id="trunkSourceJavaScriptCorellintLLIntSlowPathscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -636,7 +636,7 @@
</span><span class="cx">
</span><span class="cx"> if (!LLINT_ALWAYS_ACCESS_SLOW
</span><span class="cx"> && baseValue.isCell()
</span><del>- && slot.isCacheable()) {
</del><ins>+ && slot.isCacheablePut()) {
</ins><span class="cx">
</span><span class="cx"> JSCell* baseCell = baseValue.asCell();
</span><span class="cx"> Structure* structure = baseCell->structure();
</span><span class="lines">@@ -1418,7 +1418,7 @@
</span><span class="cx">
</span><span class="cx"> // Covers implicit globals. Since they don't exist until they first execute, we didn't know how to cache them at compile time.
</span><span class="cx"> if (modeAndType.type() == GlobalProperty || modeAndType.type() == GlobalPropertyWithVarInjectionChecks) {
</span><del>- if (slot.isCacheable() && slot.base() == scope && scope->structure()->propertyAccessesAreCacheable()) {
</del><ins>+ if (slot.isCacheablePut() && slot.base() == scope && scope->structure()->propertyAccessesAreCacheable()) {
</ins><span class="cx"> ConcurrentJITLocker locker(codeBlock->m_lock);
</span><span class="cx"> pc[5].u.structure.set(exec->vm(), codeBlock->ownerExecutable(), scope->structure());
</span><span class="cx"> pc[6].u.operand = slot.cachedOffset();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeLookuph"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/Lookup.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/Lookup.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/runtime/Lookup.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -306,7 +306,7 @@
</span><span class="cx"> thisObject->putDirect(exec->vm(), propertyName, value);
</span><span class="cx"> } else if (!(entry->attributes() & ReadOnly)) {
</span><span class="cx"> entry->propertyPutter()(exec, base, JSValue::encode(slot.thisValue()), JSValue::encode(value));
</span><del>- slot.setCustomProperty(base, entry->propertyPutter());
</del><ins>+ slot.setCacheableCustomProperty(base, entry->propertyPutter());
</ins><span class="cx"> } else if (slot.isStrictMode())
</span><span class="cx"> throwTypeError(exec, StrictModeReadonlyPropertyWriteError);
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimePutPropertySloth"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/PutPropertySlot.h (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/PutPropertySlot.h 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/JavaScriptCore/runtime/PutPropertySlot.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -38,7 +38,7 @@
</span><span class="cx">
</span><span class="cx"> class PutPropertySlot {
</span><span class="cx"> public:
</span><del>- enum Type { Uncachable, ExistingProperty, NewProperty, CustomProperty };
</del><ins>+ enum Type { Uncachable, ExistingProperty, NewProperty, CustomProperty, CacheableCustomProperty };
</ins><span class="cx"> enum Context { UnknownContext, PutById, PutByIdEval };
</span><span class="cx"> typedef void (*PutValueFunc)(ExecState*, JSObject* base, EncodedJSValue thisObject, EncodedJSValue value);
</span><span class="cx">
</span><span class="lines">@@ -72,7 +72,15 @@
</span><span class="cx"> m_base = base;
</span><span class="cx"> m_putFunction = function;
</span><span class="cx"> }
</span><del>-
</del><ins>+
+ void setCacheableCustomProperty(JSObject* base, PutValueFunc function)
+ {
+ m_type = CacheableCustomProperty;
+ m_base = base;
+ m_putFunction = function;
+ }
+ PutValueFunc customSetter() const { return m_putFunction; }
+
</ins><span class="cx"> Context context() const { return static_cast<Context>(m_context); }
</span><span class="cx">
</span><span class="cx"> Type type() const { return m_type; }
</span><span class="lines">@@ -80,10 +88,12 @@
</span><span class="cx"> JSValue thisValue() const { return m_thisValue; }
</span><span class="cx">
</span><span class="cx"> bool isStrictMode() const { return m_isStrictMode; }
</span><del>- bool isCacheable() const { return m_type != Uncachable && m_type != CustomProperty; }
</del><ins>+ bool isCacheablePut() const { return m_type == NewProperty || m_type == ExistingProperty; }
+ bool isCacheableCustomProperty() const { return m_type == CacheableCustomProperty; }
+
</ins><span class="cx"> PropertyOffset cachedOffset() const
</span><span class="cx"> {
</span><del>- ASSERT(isCacheable());
</del><ins>+ ASSERT(isCacheablePut());
</ins><span class="cx"> return m_offset;
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (165207 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2014-03-06 21:24:21 UTC (rev 165207)
+++ trunk/Source/WebCore/ChangeLog 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2014-03-05 Oliver Hunt <oliver@apple.com>
+
+ Support caching of custom setters
+ https://bugs.webkit.org/show_bug.cgi?id=129519
+
+ Reviewed by Filip Pizlo.
+
+ Add forwarding header
+
+ Tests: js/regress/assign-custom-setter-polymorphic.html
+ js/regress/assign-custom-setter.html
+
+ * ForwardingHeaders/jit/SpillRegistersMode.h: Added.
+
</ins><span class="cx"> 2014-03-05 Jon Honeycutt <jhoneycutt@apple.com>
</span><span class="cx">
</span><span class="cx"> Invalid cast in WebCore::RenderLayer::FilterInfo::updateReferenceFilterClients()
</span></span></pre></div>
<a id="trunkSourceWebCoreForwardingHeadersjitSpillRegistersModeh"></a>
<div class="addfile"><h4>Added: trunk/Source/WebCore/ForwardingHeaders/jit/SpillRegistersMode.h (0 => 165208)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ForwardingHeaders/jit/SpillRegistersMode.h (rev 0)
+++ trunk/Source/WebCore/ForwardingHeaders/jit/SpillRegistersMode.h 2014-03-06 21:27:13 UTC (rev 165208)
</span><span class="lines">@@ -0,0 +1,4 @@
</span><ins>+#ifndef WebCore_FWD_JITCode_h
+#define WebCore_FWD_JITCode_h
+#include <JavaScriptCore/SpillRegistersMode.h>
+#endif
</ins></span></pre>
</div>
</div>
</body>
</html>