<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[171389] branches/ftlopt/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/171389">171389</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2014-07-22 21:04:33 -0700 (Tue, 22 Jul 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>[ftlopt] Get rid of structure checks as a way of checking if a function is in fact a function
https://bugs.webkit.org/show_bug.cgi?id=135146
Reviewed by Oliver Hunt.
This greatly simplifies our closure call optimizations by taking advantage of the type
bits available in the cell header.
* bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::visitWeak):
* bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::CallLinkStatus):
(JSC::CallLinkStatus::computeFor):
(JSC::CallLinkStatus::dump):
* bytecode/CallLinkStatus.h:
(JSC::CallLinkStatus::CallLinkStatus):
(JSC::CallLinkStatus::executable):
(JSC::CallLinkStatus::structure): Deleted.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::emitFunctionChecks):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::observeUseKindOnNode):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::SafeToExecuteEdge::operator()):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::checkArray):
(JSC::DFG::SpeculativeJIT::speculateCellTypeWithoutTypeFiltering):
(JSC::DFG::SpeculativeJIT::speculateCellType):
(JSC::DFG::SpeculativeJIT::speculateFunction):
(JSC::DFG::SpeculativeJIT::speculateFinalObject):
(JSC::DFG::SpeculativeJIT::speculate):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGUseKind.cpp:
(WTF::printInternal):
* dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileCheckExecutable):
(JSC::FTL::LowerDFGToLLVM::speculate):
(JSC::FTL::LowerDFGToLLVM::isFunction):
(JSC::FTL::LowerDFGToLLVM::isNotFunction):
(JSC::FTL::LowerDFGToLLVM::speculateFunction):
* jit/ClosureCallStubRoutine.cpp:
(JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
(JSC::ClosureCallStubRoutine::markRequiredObjectsInternal):
* jit/ClosureCallStubRoutine.h:
(JSC::ClosureCallStubRoutine::structure): Deleted.
* jit/JIT.h:
(JSC::JIT::compileClosureCall): Deleted.
* jit/JITCall.cpp:
(JSC::JIT::privateCompileClosureCall): Deleted.
* jit/JITCall32_64.cpp:
(JSC::JIT::privateCompileClosureCall): Deleted.
* jit/JITOperations.cpp:
* jit/Repatch.cpp:
(JSC::linkClosureCall):
* jit/Repatch.h:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#branchesftloptSourceJavaScriptCoreChangeLog">branches/ftlopt/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorebytecodeCallLinkInfocpp">branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorebytecodeCallLinkStatuscpp">branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorebytecodeCallLinkStatush">branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkStatus.h</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoredfgDFGByteCodeParsercpp">branches/ftlopt/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoredfgDFGFixupPhasecpp">branches/ftlopt/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoredfgDFGSafeToExecuteh">branches/ftlopt/Source/JavaScriptCore/dfg/DFGSafeToExecute.h</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoredfgDFGSpeculativeJITcpp">branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoredfgDFGSpeculativeJITh">branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoredfgDFGUseKindcpp">branches/ftlopt/Source/JavaScriptCore/dfg/DFGUseKind.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoredfgDFGUseKindh">branches/ftlopt/Source/JavaScriptCore/dfg/DFGUseKind.h</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoreftlFTLCapabilitiescpp">branches/ftlopt/Source/JavaScriptCore/ftl/FTLCapabilities.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp">branches/ftlopt/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorejitClosureCallStubRoutinecpp">branches/ftlopt/Source/JavaScriptCore/jit/ClosureCallStubRoutine.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorejitClosureCallStubRoutineh">branches/ftlopt/Source/JavaScriptCore/jit/ClosureCallStubRoutine.h</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorejitJITh">branches/ftlopt/Source/JavaScriptCore/jit/JIT.h</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorejitJITCallcpp">branches/ftlopt/Source/JavaScriptCore/jit/JITCall.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorejitJITCall32_64cpp">branches/ftlopt/Source/JavaScriptCore/jit/JITCall32_64.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorejitJITOperationscpp">branches/ftlopt/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorejitRepatchcpp">branches/ftlopt/Source/JavaScriptCore/jit/Repatch.cpp</a></li>
<li><a href="#branchesftloptSourceJavaScriptCorejitRepatchh">branches/ftlopt/Source/JavaScriptCore/jit/Repatch.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="branchesftloptSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/ChangeLog (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/ChangeLog 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/ChangeLog 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -1,3 +1,71 @@
</span><ins>+2014-07-22 Filip Pizlo <fpizlo@apple.com>
+
+ [ftlopt] Get rid of structure checks as a way of checking if a function is in fact a function
+ https://bugs.webkit.org/show_bug.cgi?id=135146
+
+ Reviewed by Oliver Hunt.
+
+ This greatly simplifies our closure call optimizations by taking advantage of the type
+ bits available in the cell header.
+
+ * bytecode/CallLinkInfo.cpp:
+ (JSC::CallLinkInfo::visitWeak):
+ * bytecode/CallLinkStatus.cpp:
+ (JSC::CallLinkStatus::CallLinkStatus):
+ (JSC::CallLinkStatus::computeFor):
+ (JSC::CallLinkStatus::dump):
+ * bytecode/CallLinkStatus.h:
+ (JSC::CallLinkStatus::CallLinkStatus):
+ (JSC::CallLinkStatus::executable):
+ (JSC::CallLinkStatus::structure): Deleted.
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::emitFunctionChecks):
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ (JSC::DFG::FixupPhase::observeUseKindOnNode):
+ * dfg/DFGSafeToExecute.h:
+ (JSC::DFG::SafeToExecuteEdge::operator()):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::checkArray):
+ (JSC::DFG::SpeculativeJIT::speculateCellTypeWithoutTypeFiltering):
+ (JSC::DFG::SpeculativeJIT::speculateCellType):
+ (JSC::DFG::SpeculativeJIT::speculateFunction):
+ (JSC::DFG::SpeculativeJIT::speculateFinalObject):
+ (JSC::DFG::SpeculativeJIT::speculate):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGUseKind.cpp:
+ (WTF::printInternal):
+ * dfg/DFGUseKind.h:
+ (JSC::DFG::typeFilterFor):
+ (JSC::DFG::isCell):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::compileCheckExecutable):
+ (JSC::FTL::LowerDFGToLLVM::speculate):
+ (JSC::FTL::LowerDFGToLLVM::isFunction):
+ (JSC::FTL::LowerDFGToLLVM::isNotFunction):
+ (JSC::FTL::LowerDFGToLLVM::speculateFunction):
+ * jit/ClosureCallStubRoutine.cpp:
+ (JSC::ClosureCallStubRoutine::ClosureCallStubRoutine):
+ (JSC::ClosureCallStubRoutine::markRequiredObjectsInternal):
+ * jit/ClosureCallStubRoutine.h:
+ (JSC::ClosureCallStubRoutine::structure): Deleted.
+ * jit/JIT.h:
+ (JSC::JIT::compileClosureCall): Deleted.
+ * jit/JITCall.cpp:
+ (JSC::JIT::privateCompileClosureCall): Deleted.
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::privateCompileClosureCall): Deleted.
+ * jit/JITOperations.cpp:
+ * jit/Repatch.cpp:
+ (JSC::linkClosureCall):
+ * jit/Repatch.h:
+
</ins><span class="cx"> 2014-07-17 Filip Pizlo <fpizlo@apple.com>
</span><span class="cx">
</span><span class="cx"> [ftlopt] DFG Flush(SetLocal) store elimination is overzealous for captured variables in the presence of nodes that have no effects but may throw (merge trunk r171190)
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorebytecodeCallLinkInfocpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkInfo.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012, 2013 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2013, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -61,8 +61,7 @@
</span><span class="cx"> {
</span><span class="cx"> if (isLinked()) {
</span><span class="cx"> if (stub) {
</span><del>- if (!Heap::isMarked(stub->structure())
- || !Heap::isMarked(stub->executable())) {
</del><ins>+ if (!Heap::isMarked(stub->executable())) {
</ins><span class="cx"> if (Options::verboseOSR()) {
</span><span class="cx"> dataLog(
</span><span class="cx"> "Clearing closure call from ", *repatchBuffer.codeBlock(), " to ",
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorebytecodeCallLinkStatuscpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -40,15 +40,12 @@
</span><span class="cx"> CallLinkStatus::CallLinkStatus(JSValue value)
</span><span class="cx"> : m_callTarget(value)
</span><span class="cx"> , m_executable(0)
</span><del>- , m_structure(0)
</del><span class="cx"> , m_couldTakeSlowPath(false)
</span><span class="cx"> , m_isProved(false)
</span><span class="cx"> {
</span><span class="cx"> if (!value || !value.isCell())
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- m_structure = value.asCell()->structure();
-
</del><span class="cx"> if (!value.asCell()->inherits(JSFunction::info()))
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="lines">@@ -175,14 +172,14 @@
</span><span class="cx"> return takesSlowPath();
</span><span class="cx">
</span><span class="cx"> if (ClosureCallStubRoutine* stub = callLinkInfo.stub.get())
</span><del>- return CallLinkStatus(stub->executable(), stub->structure());
</del><ins>+ return CallLinkStatus(stub->executable());
</ins><span class="cx">
</span><span class="cx"> JSFunction* target = callLinkInfo.lastSeenCallee.get();
</span><span class="cx"> if (!target)
</span><span class="cx"> return CallLinkStatus();
</span><span class="cx">
</span><span class="cx"> if (callLinkInfo.hasSeenClosure)
</span><del>- return CallLinkStatus(target->executable(), target->structure());
</del><ins>+ return CallLinkStatus(target->executable());
</ins><span class="cx">
</span><span class="cx"> return CallLinkStatus(target);
</span><span class="cx"> }
</span><span class="lines">@@ -281,9 +278,6 @@
</span><span class="cx"> if (!isCompilationThread())
</span><span class="cx"> out.print("/", m_executable->hashFor(CodeForCall));
</span><span class="cx"> }
</span><del>-
- if (m_structure)
- out.print(comma, "Structure: ", RawPointer(m_structure));
</del><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace JSC
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorebytecodeCallLinkStatush"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkStatus.h (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkStatus.h 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/bytecode/CallLinkStatus.h 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -47,7 +47,6 @@
</span><span class="cx"> public:
</span><span class="cx"> CallLinkStatus()
</span><span class="cx"> : m_executable(0)
</span><del>- , m_structure(0)
</del><span class="cx"> , m_couldTakeSlowPath(false)
</span><span class="cx"> , m_isProved(false)
</span><span class="cx"> {
</span><span class="lines">@@ -62,9 +61,8 @@
</span><span class="cx">
</span><span class="cx"> explicit CallLinkStatus(JSValue);
</span><span class="cx">
</span><del>- CallLinkStatus(ExecutableBase* executable, Structure* structure)
</del><ins>+ CallLinkStatus(ExecutableBase* executable)
</ins><span class="cx"> : m_executable(executable)
</span><del>- , m_structure(structure)
</del><span class="cx"> , m_couldTakeSlowPath(false)
</span><span class="cx"> , m_isProved(false)
</span><span class="cx"> {
</span><span class="lines">@@ -122,7 +120,6 @@
</span><span class="cx"> InternalFunction* internalFunction() const;
</span><span class="cx"> Intrinsic intrinsicFor(CodeSpecializationKind) const;
</span><span class="cx"> ExecutableBase* executable() const { return m_executable; }
</span><del>- Structure* structure() const { return m_structure; }
</del><span class="cx"> bool isProved() const { return m_isProved; }
</span><span class="cx"> bool canOptimize() const { return (m_callTarget || m_executable) && !m_couldTakeSlowPath; }
</span><span class="cx">
</span><span class="lines">@@ -140,7 +137,6 @@
</span><span class="cx">
</span><span class="cx"> JSValue m_callTarget;
</span><span class="cx"> ExecutableBase* m_executable;
</span><del>- Structure* m_structure;
</del><span class="cx"> bool m_couldTakeSlowPath;
</span><span class="cx"> bool m_isProved;
</span><span class="cx"> };
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -1103,10 +1103,8 @@
</span><span class="cx"> if (JSFunction* function = callLinkStatus.function())
</span><span class="cx"> addToGraph(CheckFunction, OpInfo(m_graph.freeze(function)), callTarget, thisArgument);
</span><span class="cx"> else {
</span><del>- ASSERT(callLinkStatus.structure());
</del><span class="cx"> ASSERT(callLinkStatus.executable());
</span><span class="cx">
</span><del>- addToGraph(CheckStructure, OpInfo(m_graph.addStructureSet(callLinkStatus.structure())), callTarget);
</del><span class="cx"> addToGraph(CheckExecutable, OpInfo(callLinkStatus.executable()), callTarget, thisArgument);
</span><span class="cx"> }
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoredfgDFGFixupPhasecpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -897,7 +897,11 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- case CheckExecutable:
</del><ins>+ case CheckExecutable: {
+ fixEdge<FunctionUse>(node->child1());
+ break;
+ }
+
</ins><span class="cx"> case CheckStructure:
</span><span class="cx"> case CheckFunction:
</span><span class="cx"> case CheckHasInstance:
</span><span class="lines">@@ -1533,6 +1537,7 @@
</span><span class="cx"> case CellUse:
</span><span class="cx"> case KnownCellUse:
</span><span class="cx"> case ObjectUse:
</span><ins>+ case FunctionUse:
</ins><span class="cx"> case StringUse:
</span><span class="cx"> case KnownStringUse:
</span><span class="cx"> case StringObjectUse:
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoredfgDFGSafeToExecuteh"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/dfg/DFGSafeToExecute.h (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/dfg/DFGSafeToExecute.h 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -53,6 +53,7 @@
</span><span class="cx"> case BooleanUse:
</span><span class="cx"> case CellUse:
</span><span class="cx"> case ObjectUse:
</span><ins>+ case FunctionUse:
</ins><span class="cx"> case FinalObjectUse:
</span><span class="cx"> case ObjectOrOtherUse:
</span><span class="cx"> case StringIdentUse:
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -710,20 +710,14 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx"> case Array::Arguments:
</span><del>- speculationCheck(BadType, JSValueSource::unboxedCell(baseReg), node,
- m_jit.branch8(
- MacroAssembler::NotEqual,
- MacroAssembler::Address(baseReg, JSCell::typeInfoTypeOffset()),
- MacroAssembler::TrustedImm32(ArgumentsType)));
</del><ins>+ speculateCellTypeWithoutTypeFiltering(node->child1(), baseReg, ArgumentsType);
</ins><span class="cx">
</span><span class="cx"> noResult(m_currentNode);
</span><span class="cx"> return;
</span><span class="cx"> default:
</span><del>- speculationCheck(BadType, JSValueSource::unboxedCell(baseReg), node,
- m_jit.branch8(
- MacroAssembler::NotEqual,
- MacroAssembler::Address(baseReg, JSCell::typeInfoTypeOffset()),
- MacroAssembler::TrustedImm32(typeForTypedArrayType(node->arrayMode().typedArrayType()))));
</del><ins>+ speculateCellTypeWithoutTypeFiltering(
+ node->child1(), baseReg,
+ typeForTypedArrayType(node->arrayMode().typedArrayType()));
</ins><span class="cx"> noResult(m_currentNode);
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="lines">@@ -4585,6 +4579,28 @@
</span><span class="cx"> cellResult(resultGPR, node);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void SpeculativeJIT::speculateCellTypeWithoutTypeFiltering(
+ Edge edge, GPRReg cellGPR, JSType jsType)
+{
+ speculationCheck(
+ BadType, JSValueSource::unboxedCell(cellGPR), edge,
+ m_jit.branch8(
+ MacroAssembler::NotEqual,
+ MacroAssembler::Address(cellGPR, JSCell::typeInfoTypeOffset()),
+ MacroAssembler::TrustedImm32(jsType)));
+}
+
+void SpeculativeJIT::speculateCellType(
+ Edge edge, GPRReg cellGPR, SpeculatedType specType, JSType jsType)
+{
+ DFG_TYPE_CHECK(
+ JSValueSource::unboxedCell(cellGPR), edge, specType,
+ m_jit.branch8(
+ MacroAssembler::NotEqual,
+ MacroAssembler::Address(cellGPR, JSCell::typeInfoTypeOffset()),
+ TrustedImm32(jsType)));
+}
+
</ins><span class="cx"> void SpeculativeJIT::speculateInt32(Edge edge)
</span><span class="cx"> {
</span><span class="cx"> if (!needsTypeCheck(edge, SpecInt32))
</span><span class="lines">@@ -4658,18 +4674,22 @@
</span><span class="cx"> m_jit.vm()->stringStructure.get()));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void SpeculativeJIT::speculateFunction(Edge edge)
+{
+ if (!needsTypeCheck(edge, SpecFunction))
+ return;
+
+ SpeculateCellOperand operand(this, edge);
+ speculateCellType(edge, operand.gpr(), SpecFunction, JSFunctionType);
+}
+
</ins><span class="cx"> void SpeculativeJIT::speculateFinalObject(Edge edge)
</span><span class="cx"> {
</span><span class="cx"> if (!needsTypeCheck(edge, SpecFinalObject))
</span><span class="cx"> return;
</span><span class="cx">
</span><span class="cx"> SpeculateCellOperand operand(this, edge);
</span><del>- GPRReg gpr = operand.gpr();
- DFG_TYPE_CHECK(
- JSValueSource::unboxedCell(gpr), edge, SpecFinalObject, m_jit.branch8(
- MacroAssembler::NotEqual,
- MacroAssembler::Address(gpr, JSCell::typeInfoTypeOffset()),
- TrustedImm32(FinalObjectType)));
</del><ins>+ speculateCellType(edge, operand.gpr(), SpecFinalObject, FinalObjectType);
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void SpeculativeJIT::speculateObjectOrOther(Edge edge)
</span><span class="lines">@@ -4905,6 +4925,9 @@
</span><span class="cx"> case ObjectUse:
</span><span class="cx"> speculateObject(edge);
</span><span class="cx"> break;
</span><ins>+ case FunctionUse:
+ speculateFunction(edge);
+ break;
</ins><span class="cx"> case FinalObjectUse:
</span><span class="cx"> speculateFinalObject(edge);
</span><span class="cx"> break;
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoredfgDFGSpeculativeJITh"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -2201,6 +2201,9 @@
</span><span class="cx"> bool needsTypeCheck(Edge edge, SpeculatedType typesPassedThrough) { return m_interpreter.needsTypeCheck(edge, typesPassedThrough); }
</span><span class="cx"> void typeCheck(JSValueSource, Edge, SpeculatedType typesPassedThrough, MacroAssembler::Jump jumpToFail);
</span><span class="cx">
</span><ins>+ void speculateCellTypeWithoutTypeFiltering(Edge, GPRReg cellGPR, JSType);
+ void speculateCellType(Edge, GPRReg cellGPR, SpeculatedType, JSType);
+
</ins><span class="cx"> void speculateInt32(Edge);
</span><span class="cx"> void speculateMachineInt(Edge);
</span><span class="cx"> void speculateNumber(Edge);
</span><span class="lines">@@ -2208,6 +2211,7 @@
</span><span class="cx"> void speculateBoolean(Edge);
</span><span class="cx"> void speculateCell(Edge);
</span><span class="cx"> void speculateObject(Edge);
</span><ins>+ void speculateFunction(Edge);
</ins><span class="cx"> void speculateFinalObject(Edge);
</span><span class="cx"> void speculateObjectOrOther(Edge);
</span><span class="cx"> void speculateString(Edge edge, GPRReg cell);
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -3653,6 +3653,7 @@
</span><span class="cx">
</span><span class="cx"> case CheckExecutable: {
</span><span class="cx"> SpeculateCellOperand function(this, node->child1());
</span><ins>+ speculateCellType(node->child1(), function.gpr(), SpecFunction, JSFunctionType);
</ins><span class="cx"> speculationCheck(BadExecutable, JSValueSource::unboxedCell(function.gpr()), node->child1(), m_jit.branchWeakPtr(JITCompiler::NotEqual, JITCompiler::Address(function.gpr(), JSFunction::offsetOfExecutable()), node->executable()));
</span><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -3706,6 +3706,7 @@
</span><span class="cx">
</span><span class="cx"> case CheckExecutable: {
</span><span class="cx"> SpeculateCellOperand function(this, node->child1());
</span><ins>+ speculateCellType(node->child1(), function.gpr(), SpecFunction, JSFunctionType);
</ins><span class="cx"> speculationCheck(BadExecutable, JSValueSource::unboxedCell(function.gpr()), node->child1(), m_jit.branchWeakPtr(JITCompiler::NotEqual, JITCompiler::Address(function.gpr(), JSFunction::offsetOfExecutable()), node->executable()));
</span><span class="cx"> noResult(node);
</span><span class="cx"> break;
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoredfgDFGUseKindcpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/dfg/DFGUseKind.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/dfg/DFGUseKind.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/dfg/DFGUseKind.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -39,74 +39,78 @@
</span><span class="cx"> switch (useKind) {
</span><span class="cx"> case UntypedUse:
</span><span class="cx"> out.print("Untyped");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case Int32Use:
</span><span class="cx"> out.print("Int32");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case KnownInt32Use:
</span><span class="cx"> out.print("KnownInt32");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case Int52RepUse:
</span><span class="cx"> out.print("Int52Rep");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case NumberUse:
</span><span class="cx"> out.print("Number");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case DoubleRepUse:
</span><span class="cx"> out.print("DoubleRep");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case DoubleRepRealUse:
</span><span class="cx"> out.print("DoubleRepReal");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case BooleanUse:
</span><span class="cx"> out.print("Boolean");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case CellUse:
</span><span class="cx"> out.print("Cell");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case KnownCellUse:
</span><span class="cx"> out.print("KnownCell");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case ObjectUse:
</span><span class="cx"> out.print("Object");
</span><del>- break;
</del><ins>+ return;
+ case FunctionUse:
+ out.print("Function");
+ return;
</ins><span class="cx"> case FinalObjectUse:
</span><span class="cx"> out.print("FinalObject");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case ObjectOrOtherUse:
</span><span class="cx"> out.print("ObjectOrOther");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case StringIdentUse:
</span><span class="cx"> out.print("StringIdent");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case StringUse:
</span><span class="cx"> out.print("String");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case KnownStringUse:
</span><span class="cx"> out.print("KnownString");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case StringObjectUse:
</span><span class="cx"> out.print("StringObject");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case StringOrStringObjectUse:
</span><span class="cx"> out.print("StringOrStringObject");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case NotStringVarUse:
</span><span class="cx"> out.print("NotStringVar");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case NotCellUse:
</span><span class="cx"> out.print("NotCell");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case OtherUse:
</span><span class="cx"> out.print("Other");
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> case MiscUse:
</span><span class="cx"> out.print("Misc");
</span><del>- break;
- default:
</del><ins>+ return;
+ case LastUseKind:
</ins><span class="cx"> RELEASE_ASSERT_NOT_REACHED();
</span><del>- break;
</del><ins>+ return;
</ins><span class="cx"> }
</span><ins>+ RELEASE_ASSERT_NOT_REACHED();
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> } // namespace WTF
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoredfgDFGUseKindh"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/dfg/DFGUseKind.h (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/dfg/DFGUseKind.h 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/dfg/DFGUseKind.h 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -46,6 +46,7 @@
</span><span class="cx"> CellUse,
</span><span class="cx"> KnownCellUse,
</span><span class="cx"> ObjectUse,
</span><ins>+ FunctionUse,
</ins><span class="cx"> FinalObjectUse,
</span><span class="cx"> ObjectOrOtherUse,
</span><span class="cx"> StringIdentUse,
</span><span class="lines">@@ -83,6 +84,8 @@
</span><span class="cx"> return SpecCell;
</span><span class="cx"> case ObjectUse:
</span><span class="cx"> return SpecObject;
</span><ins>+ case FunctionUse:
+ return SpecFunction;
</ins><span class="cx"> case FinalObjectUse:
</span><span class="cx"> return SpecFinalObject;
</span><span class="cx"> case ObjectOrOtherUse:
</span><span class="lines">@@ -162,6 +165,7 @@
</span><span class="cx"> case CellUse:
</span><span class="cx"> case KnownCellUse:
</span><span class="cx"> case ObjectUse:
</span><ins>+ case FunctionUse:
</ins><span class="cx"> case FinalObjectUse:
</span><span class="cx"> case StringIdentUse:
</span><span class="cx"> case StringUse:
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoreftlFTLCapabilitiescpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/ftl/FTLCapabilities.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/ftl/FTLCapabilities.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -373,6 +373,7 @@
</span><span class="cx"> case CellUse:
</span><span class="cx"> case KnownCellUse:
</span><span class="cx"> case ObjectUse:
</span><ins>+ case FunctionUse:
</ins><span class="cx"> case ObjectOrOtherUse:
</span><span class="cx"> case StringUse:
</span><span class="cx"> case KnownStringUse:
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -1676,6 +1676,8 @@
</span><span class="cx"> {
</span><span class="cx"> LValue cell = lowCell(m_node->child1());
</span><span class="cx">
</span><ins>+ speculateFunction(m_node->child1(), cell);
+
</ins><span class="cx"> speculate(
</span><span class="cx"> BadExecutable, jsValueValue(cell), m_node->child1().node(),
</span><span class="cx"> m_out.notEqual(
</span><span class="lines">@@ -5458,6 +5460,9 @@
</span><span class="cx"> case ObjectUse:
</span><span class="cx"> speculateObject(edge);
</span><span class="cx"> break;
</span><ins>+ case FunctionUse:
+ speculateFunction(edge);
+ break;
</ins><span class="cx"> case ObjectOrOtherUse:
</span><span class="cx"> speculateObjectOrOther(edge);
</span><span class="cx"> break;
</span><span class="lines">@@ -5581,6 +5586,9 @@
</span><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ LValue isFunction(LValue cell) { return isType(cell, JSFunctionType); }
+ LValue isNotFunction(LValue cell) { return isNotType(cell, JSFunctionType); }
+
</ins><span class="cx"> LValue isType(LValue cell, JSType type)
</span><span class="cx"> {
</span><span class="cx"> return m_out.equal(
</span><span class="lines">@@ -5603,6 +5611,16 @@
</span><span class="cx"> speculateObject(edge, lowCell(edge));
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ void speculateFunction(Edge edge, LValue cell)
+ {
+ FTL_TYPE_CHECK(jsValueValue(cell), edge, SpecFunction, isNotFunction(cell));
+ }
+
+ void speculateFunction(Edge edge)
+ {
+ speculateFunction(edge, lowCell(edge));
+ }
+
</ins><span class="cx"> void speculateObjectOrOther(Edge edge)
</span><span class="cx"> {
</span><span class="cx"> if (!m_interpreter.needsTypeCheck(edge))
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorejitClosureCallStubRoutinecpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/jit/ClosureCallStubRoutine.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/jit/ClosureCallStubRoutine.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/jit/ClosureCallStubRoutine.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -39,9 +39,8 @@
</span><span class="cx">
</span><span class="cx"> ClosureCallStubRoutine::ClosureCallStubRoutine(
</span><span class="cx"> const MacroAssemblerCodeRef& code, VM& vm, const JSCell* owner,
</span><del>- Structure* structure, ExecutableBase* executable, const CodeOrigin& codeOrigin)
</del><ins>+ ExecutableBase* executable, const CodeOrigin& codeOrigin)
</ins><span class="cx"> : GCAwareJITStubRoutine(code, vm)
</span><del>- , m_structure(vm, owner, structure)
</del><span class="cx"> , m_executable(vm, owner, executable)
</span><span class="cx"> , m_codeOrigin(codeOrigin)
</span><span class="cx"> {
</span><span class="lines">@@ -53,7 +52,6 @@
</span><span class="cx">
</span><span class="cx"> void ClosureCallStubRoutine::markRequiredObjectsInternal(SlotVisitor& visitor)
</span><span class="cx"> {
</span><del>- visitor.append(&m_structure);
</del><span class="cx"> visitor.append(&m_executable);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorejitClosureCallStubRoutineh"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/jit/ClosureCallStubRoutine.h (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/jit/ClosureCallStubRoutine.h 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/jit/ClosureCallStubRoutine.h 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012, 2014 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -37,11 +37,10 @@
</span><span class="cx"> public:
</span><span class="cx"> ClosureCallStubRoutine(
</span><span class="cx"> const MacroAssemblerCodeRef&, VM&, const JSCell* owner,
</span><del>- Structure*, ExecutableBase*, const CodeOrigin&);
</del><ins>+ ExecutableBase*, const CodeOrigin&);
</ins><span class="cx">
</span><span class="cx"> virtual ~ClosureCallStubRoutine();
</span><span class="cx">
</span><del>- Structure* structure() const { return m_structure.get(); }
</del><span class="cx"> ExecutableBase* executable() const { return m_executable.get(); }
</span><span class="cx"> const CodeOrigin& codeOrigin() const { return m_codeOrigin; }
</span><span class="cx">
</span><span class="lines">@@ -49,7 +48,6 @@
</span><span class="cx"> virtual void markRequiredObjectsInternal(SlotVisitor&) override;
</span><span class="cx">
</span><span class="cx"> private:
</span><del>- WriteBarrier<Structure> m_structure;
</del><span class="cx"> WriteBarrier<ExecutableBase> m_executable;
</span><span class="cx"> // This allows us to figure out who a call is linked to by searching through
</span><span class="cx"> // stub routines.
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorejitJITh"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/jit/JIT.h (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/jit/JIT.h 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/jit/JIT.h 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -199,13 +199,6 @@
</span><span class="cx"> return JIT(vm, codeBlock).privateCompile(effort);
</span><span class="cx"> }
</span><span class="cx">
</span><del>- static void compileClosureCall(VM* vm, CallLinkInfo* callLinkInfo, CodeBlock* callerCodeBlock, CodeBlock* calleeCodeBlock, Structure* expectedStructure, ExecutableBase* expectedExecutable, MacroAssemblerCodePtr codePtr)
- {
- JIT jit(vm, callerCodeBlock);
- jit.m_bytecodeOffset = callLinkInfo->codeOrigin.bytecodeIndex;
- jit.privateCompileClosureCall(callLinkInfo, calleeCodeBlock, expectedStructure, expectedExecutable, codePtr);
- }
-
</del><span class="cx"> static void compileGetByVal(VM* vm, CodeBlock* codeBlock, ByValInfo* byValInfo, ReturnAddressPtr returnAddress, JITArrayMode arrayMode)
</span><span class="cx"> {
</span><span class="cx"> JIT jit(vm, codeBlock);
</span><span class="lines">@@ -251,8 +244,6 @@
</span><span class="cx"> void privateCompileSlowCases();
</span><span class="cx"> CompilationResult privateCompile(JITCompilationEffort);
</span><span class="cx">
</span><del>- void privateCompileClosureCall(CallLinkInfo*, CodeBlock* calleeCodeBlock, Structure*, ExecutableBase*, MacroAssemblerCodePtr);
-
</del><span class="cx"> void privateCompileGetByVal(ByValInfo*, ReturnAddressPtr, JITArrayMode);
</span><span class="cx"> void privateCompilePutByVal(ByValInfo*, ReturnAddressPtr, JITArrayMode);
</span><span class="cx">
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorejitJITCallcpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/jit/JITCall.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/jit/JITCall.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/jit/JITCall.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -267,52 +267,6 @@
</span><span class="cx"> emitPutCallResult(instruction);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT::privateCompileClosureCall(CallLinkInfo* callLinkInfo, CodeBlock* calleeCodeBlock, Structure* expectedStructure, ExecutableBase* expectedExecutable, MacroAssemblerCodePtr codePtr)
-{
- JumpList slowCases;
-
- slowCases.append(branchTestPtr(NonZero, regT0, tagMaskRegister));
- slowCases.append(branchStructure(NotEqual, Address(regT0, JSCell::structureIDOffset()), expectedStructure));
- slowCases.append(branchPtr(NotEqual, Address(regT0, JSFunction::offsetOfExecutable()), TrustedImmPtr(expectedExecutable)));
-
- loadPtr(Address(regT0, JSFunction::offsetOfScopeChain()), regT1);
- emitPutToCallFrameHeader(regT1, JSStack::ScopeChain);
-
- Call call = nearCall();
- Jump done = jump();
-
- slowCases.link(this);
- move(TrustedImmPtr(callLinkInfo->callReturnLocation.executableAddress()), regT2);
- restoreReturnAddressBeforeReturn(regT2);
- Jump slow = jump();
-
- LinkBuffer patchBuffer(*m_vm, this, m_codeBlock);
-
- patchBuffer.link(call, FunctionPtr(codePtr.executableAddress()));
- patchBuffer.link(done, callLinkInfo->hotPathOther.labelAtOffset(0));
- patchBuffer.link(slow, CodeLocationLabel(m_vm->getCTIStub(virtualCallThunkGenerator).code()));
-
- RefPtr<ClosureCallStubRoutine> stubRoutine = adoptRef(new ClosureCallStubRoutine(
- FINALIZE_CODE(
- patchBuffer,
- ("Baseline closure call stub for %s, return point %p, target %p (%s)",
- toCString(*m_codeBlock).data(),
- callLinkInfo->hotPathOther.labelAtOffset(0).executableAddress(),
- codePtr.executableAddress(),
- toCString(pointerDump(calleeCodeBlock)).data())),
- *m_vm, m_codeBlock->ownerExecutable(), expectedStructure, expectedExecutable,
- callLinkInfo->codeOrigin));
-
- RepatchBuffer repatchBuffer(m_codeBlock);
-
- repatchBuffer.replaceWithJump(
- RepatchBuffer::startOfBranchPtrWithPatchOnRegister(callLinkInfo->hotPathBegin),
- CodeLocationLabel(stubRoutine->code().code()));
- repatchBuffer.relink(callLinkInfo->callReturnLocation, m_vm->getCTIStub(virtualCallThunkGenerator).code());
-
- callLinkInfo->stub = stubRoutine.release();
-}
-
</del><span class="cx"> void JIT::emit_op_call(Instruction* currentInstruction)
</span><span class="cx"> {
</span><span class="cx"> compileOpCall(op_call, currentInstruction, m_callLinkInfoIndex++);
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorejitJITCall32_64cpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/jit/JITCall32_64.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/jit/JITCall32_64.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/jit/JITCall32_64.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -358,52 +358,6 @@
</span><span class="cx"> emitPutCallResult(instruction);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT::privateCompileClosureCall(CallLinkInfo* callLinkInfo, CodeBlock* calleeCodeBlock, Structure* expectedStructure, ExecutableBase* expectedExecutable, MacroAssemblerCodePtr codePtr)
-{
- JumpList slowCases;
-
- slowCases.append(branch32(NotEqual, regT1, TrustedImm32(JSValue::CellTag)));
- slowCases.append(branchPtr(NotEqual, Address(regT0, JSCell::structureIDOffset()), TrustedImmPtr(expectedStructure)));
- slowCases.append(branchPtr(NotEqual, Address(regT0, JSFunction::offsetOfExecutable()), TrustedImmPtr(expectedExecutable)));
-
- loadPtr(Address(regT0, JSFunction::offsetOfScopeChain()), regT1);
- emitPutCellToCallFrameHeader(regT1, JSStack::ScopeChain);
-
- Call call = nearCall();
- Jump done = jump();
-
- slowCases.link(this);
- move(TrustedImmPtr(callLinkInfo->callReturnLocation.executableAddress()), regT2);
- restoreReturnAddressBeforeReturn(regT2);
- Jump slow = jump();
-
- LinkBuffer patchBuffer(*m_vm, this, m_codeBlock);
-
- patchBuffer.link(call, FunctionPtr(codePtr.executableAddress()));
- patchBuffer.link(done, callLinkInfo->hotPathOther.labelAtOffset(0));
- patchBuffer.link(slow, CodeLocationLabel(m_vm->getCTIStub(virtualCallThunkGenerator).code()));
-
- RefPtr<ClosureCallStubRoutine> stubRoutine = adoptRef(new ClosureCallStubRoutine(
- FINALIZE_CODE(
- patchBuffer,
- ("Baseline closure call stub for %s, return point %p, target %p (%s)",
- toCString(*m_codeBlock).data(),
- callLinkInfo->hotPathOther.labelAtOffset(0).executableAddress(),
- codePtr.executableAddress(),
- toCString(pointerDump(calleeCodeBlock)).data())),
- *m_vm, m_codeBlock->ownerExecutable(), expectedStructure, expectedExecutable,
- callLinkInfo->codeOrigin));
-
- RepatchBuffer repatchBuffer(m_codeBlock);
-
- repatchBuffer.replaceWithJump(
- RepatchBuffer::startOfBranchPtrWithPatchOnRegister(callLinkInfo->hotPathBegin),
- CodeLocationLabel(stubRoutine->code().code()));
- repatchBuffer.relink(callLinkInfo->callReturnLocation, m_vm->getCTIStub(virtualCallThunkGenerator).code());
-
- callLinkInfo->stub = stubRoutine.release();
-}
-
</del><span class="cx"> } // namespace JSC
</span><span class="cx">
</span><span class="cx"> #endif // USE(JSVALUE32_64)
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/jit/JITOperations.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/jit/JITOperations.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/jit/JITOperations.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -782,13 +782,10 @@
</span><span class="cx"> if (!calleeAsFunctionCell)
</span><span class="cx"> return false;
</span><span class="cx">
</span><del>- VM& vm = execCallee->vm();
</del><span class="cx"> JSFunction* callee = jsCast<JSFunction*>(calleeAsFunctionCell);
</span><span class="cx"> JSFunction* oldCallee = callLinkInfo.callee.get();
</span><span class="cx">
</span><del>- if (!oldCallee
- || oldCallee->structure(vm) != callee->structure(vm)
- || oldCallee->executable() != callee->executable())
</del><ins>+ if (!oldCallee || oldCallee->executable() != callee->executable())
</ins><span class="cx"> return false;
</span><span class="cx">
</span><span class="cx"> ASSERT(callee->executable()->hasJITCodeForCall());
</span><span class="lines">@@ -807,8 +804,7 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> linkClosureCall(
</span><del>- execCallee, callLinkInfo, codeBlock,
- callee->structure(), callee->executable(), codePtr, registers);
</del><ins>+ execCallee, callLinkInfo, codeBlock, callee->executable(), codePtr, registers);
</ins><span class="cx">
</span><span class="cx"> return true;
</span><span class="cx"> }
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorejitRepatchcpp"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/jit/Repatch.cpp (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/jit/Repatch.cpp 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/jit/Repatch.cpp 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -1555,8 +1555,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void linkClosureCall(
</span><del>- ExecState* exec, CallLinkInfo& callLinkInfo, CodeBlock* calleeCodeBlock,
- Structure* structure, ExecutableBase* executable, MacroAssemblerCodePtr codePtr,
</del><ins>+ ExecState* exec, CallLinkInfo& callLinkInfo, CodeBlock* calleeCodeBlock,
+ ExecutableBase* executable, MacroAssemblerCodePtr codePtr,
</ins><span class="cx"> RegisterPreservationMode registers)
</span><span class="cx"> {
</span><span class="cx"> ASSERT(!callLinkInfo.stub);
</span><span class="lines">@@ -1590,10 +1590,10 @@
</span><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> slowPath.append(
</span><del>- branchStructure(stubJit,
</del><ins>+ stubJit.branch8(
</ins><span class="cx"> CCallHelpers::NotEqual,
</span><del>- CCallHelpers::Address(calleeGPR, JSCell::structureIDOffset()),
- structure));
</del><ins>+ CCallHelpers::Address(calleeGPR, JSCell::typeInfoTypeOffset()),
+ CCallHelpers::TrustedImm32(JSFunctionType)));
</ins><span class="cx">
</span><span class="cx"> slowPath.append(
</span><span class="cx"> stubJit.branchPtr(
</span><span class="lines">@@ -1647,7 +1647,7 @@
</span><span class="cx"> ("Closure call stub for %s, return point %p, target %p (%s)",
</span><span class="cx"> toCString(*callerCodeBlock).data(), callLinkInfo.callReturnLocation.labelAtOffset(0).executableAddress(),
</span><span class="cx"> codePtr.executableAddress(), toCString(pointerDump(calleeCodeBlock)).data())),
</span><del>- *vm, callerCodeBlock->ownerExecutable(), structure, executable, callLinkInfo.codeOrigin));
</del><ins>+ *vm, callerCodeBlock->ownerExecutable(), executable, callLinkInfo.codeOrigin));
</ins><span class="cx">
</span><span class="cx"> RepatchBuffer repatchBuffer(callerCodeBlock);
</span><span class="cx">
</span></span></pre></div>
<a id="branchesftloptSourceJavaScriptCorejitRepatchh"></a>
<div class="modfile"><h4>Modified: branches/ftlopt/Source/JavaScriptCore/jit/Repatch.h (171388 => 171389)</h4>
<pre class="diff"><span>
<span class="info">--- branches/ftlopt/Source/JavaScriptCore/jit/Repatch.h 2014-07-23 03:52:51 UTC (rev 171388)
+++ branches/ftlopt/Source/JavaScriptCore/jit/Repatch.h 2014-07-23 04:04:33 UTC (rev 171389)
</span><span class="lines">@@ -41,7 +41,7 @@
</span><span class="cx"> void repatchIn(ExecState*, JSCell*, const Identifier&, bool wasFound, const PropertySlot&, StructureStubInfo&);
</span><span class="cx"> void linkFor(ExecState*, CallLinkInfo&, CodeBlock*, JSFunction* callee, MacroAssemblerCodePtr, CodeSpecializationKind, RegisterPreservationMode);
</span><span class="cx"> void linkSlowFor(ExecState*, CallLinkInfo&, CodeSpecializationKind, RegisterPreservationMode);
</span><del>-void linkClosureCall(ExecState*, CallLinkInfo&, CodeBlock*, Structure*, ExecutableBase*, MacroAssemblerCodePtr, RegisterPreservationMode);
</del><ins>+void linkClosureCall(ExecState*, CallLinkInfo&, CodeBlock*, ExecutableBase*, MacroAssemblerCodePtr, RegisterPreservationMode);
</ins><span class="cx"> void resetGetByID(RepatchBuffer&, StructureStubInfo&);
</span><span class="cx"> void resetPutByID(RepatchBuffer&, StructureStubInfo&);
</span><span class="cx"> void resetIn(RepatchBuffer&, StructureStubInfo&);
</span></span></pre>
</div>
</div>
</body>
</html>