<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />

<title>[197663] releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore</title>

</head>

<body>

<style type="text/css"><!--

#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }

#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }

#msg dt:after { content:':';}

#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }

#msg dl a { font-weight: bold}

#msg dl a:link    { color:#fc3; }

#msg dl a:active  { color:#ff0; }

#msg dl a:visited { color:#cc6; }

h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }

#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }

#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }

#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }

#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }

#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }

#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }

#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }

#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }

#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }

#logmsg pre { background: #eee; padding: 1em; }

#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}

#logmsg dl { margin: 0; }

#logmsg dt { font-weight: bold; }

#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }

#logmsg dd:before { content:'\00bb';}

#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }

#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }

#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }

#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }

#logmsg table th.Corner { text-align: left; }

#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }

#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }

#patch { width: 100%; }

#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}

#patch .propset h4, #patch .binary h4 {margin:0;}

#patch pre {padding:0;line-height:1.2em;margin:0;}

#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}

#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}

#patch span {display:block;padding:0 10px;}

#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}

#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}

#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}

#patch .lines, .info {color:#888;background:#fff;}

--></style>

<div id="msg">

<dl class="meta">

<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/197663">197663</a></dd>

<dt>Author</dt> <dd>carlosgc@webkit.org</dd>

<dt>Date</dt> <dd>2016-03-07 01:36:47 -0800 (Mon, 07 Mar 2016)</dd>

</dl>

<h3>Log Message</h3>

<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/197357">r197357</a> - FTL should be able to run everything in Octane/regexp

https://bugs.webkit.org/show_bug.cgi?id=154266

Reviewed by Saam Barati.

Adds FTL support for NewRegexp, RegExpTest, and RegExpExec. I couldn't figure out how to

make the RegExpExec peephole optimization work in FTL. This optimizations shouldn't be a

DFG backend optimization anyway - if we need this optimization then it should be a

strength reduction rule over IR. That way, it can be shared by all backends.

I measured whether removing that optimization had any effect on performance separately

from measuring the performance of this patch. Removing that optimization did not change

our score on any benchmarks.

This patch does have an overall negative effect on the Octane/regexp score. This is

presumably because tiering up to the FTL has no value to the code in the regexp test. Or

maybe it's something else. No matter - the overall effect on the Octane score is not

statistically significant and we don't want this kind of coverage blocked by the fact

that adding coverage hurts a benchmark.

* dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

* dfg/DFGNode.h:

(JSC::DFG::Node::setIndexingType):

(JSC::DFG::Node::hasRegexpIndex):

* dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileNotifyWrite):

(JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):

(JSC::DFG::SpeculativeJIT::compileRegExpExec): Deleted.

* dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

* dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

* ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

* ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):

(JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer):

(JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):

(JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):

(JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):

(JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):

* tests/stress/ftl-regexp-exec.js: Added.

* tests/stress/ftl-regexp-test.js: Added.</pre>

<h3>Modified Paths</h3>

<ul>

<li><a href="#releasesWebKitGTKwebkit212SourceJavaScriptCoreChangeLog">releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ChangeLog</a></li>

<li><a href="#releasesWebKitGTKwebkit212SourceJavaScriptCoredfgDFGByteCodeParsercpp">releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp</a></li>

<li><a href="#releasesWebKitGTKwebkit212SourceJavaScriptCoredfgDFGNodeh">releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGNode.h</a></li>

<li><a href="#releasesWebKitGTKwebkit212SourceJavaScriptCoredfgDFGSpeculativeJITcpp">releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>

<li><a href="#releasesWebKitGTKwebkit212SourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp">releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp</a></li>

<li><a href="#releasesWebKitGTKwebkit212SourceJavaScriptCoredfgDFGSpeculativeJIT64cpp">releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp</a></li>

<li><a href="#releasesWebKitGTKwebkit212SourceJavaScriptCoreftlFTLCapabilitiescpp">releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ftl/FTLCapabilities.cpp</a></li>

<li><a href="#releasesWebKitGTKwebkit212SourceJavaScriptCoreftlFTLLowerDFGToB3cpp">releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>

</ul>

<h3>Added Paths</h3>

<ul>

<li><a href="#releasesWebKitGTKwebkit212SourceJavaScriptCoretestsstressftlregexpexecjs">releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/tests/stress/ftl-regexp-exec.js</a></li>

<li><a href="#releasesWebKitGTKwebkit212SourceJavaScriptCoretestsstressftlregexptestjs">releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/tests/stress/ftl-regexp-test.js</a></li>

</ul>

</div>

<div id="patch">

<h3>Diff</h3>

<a id="releasesWebKitGTKwebkit212SourceJavaScriptCoreChangeLog"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ChangeLog (197662 => 197663)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ChangeLog        2016-03-07 09:25:46 UTC (rev 197662)

+++ releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ChangeLog        2016-03-07 09:36:47 UTC (rev 197663)

</span><span class="lines">@@ -1,3 +1,50 @@

</span><ins>+2016-02-28  Filip Pizlo  &lt;fpizlo@apple.com&gt;

+

+        FTL should be able to run everything in Octane/regexp

+        https://bugs.webkit.org/show_bug.cgi?id=154266

+

+        Reviewed by Saam Barati.

+

+        Adds FTL support for NewRegexp, RegExpTest, and RegExpExec. I couldn't figure out how to

+        make the RegExpExec peephole optimization work in FTL. This optimizations shouldn't be a

+        DFG backend optimization anyway - if we need this optimization then it should be a

+        strength reduction rule over IR. That way, it can be shared by all backends.

+

+        I measured whether removing that optimization had any effect on performance separately

+        from measuring the performance of this patch. Removing that optimization did not change

+        our score on any benchmarks.

+

+        This patch does have an overall negative effect on the Octane/regexp score. This is

+        presumably because tiering up to the FTL has no value to the code in the regexp test. Or

+        maybe it's something else. No matter - the overall effect on the Octane score is not

+        statistically significant and we don't want this kind of coverage blocked by the fact

+        that adding coverage hurts a benchmark.

+

+        * dfg/DFGByteCodeParser.cpp:

+        (JSC::DFG::ByteCodeParser::parseBlock):

+        * dfg/DFGNode.h:

+        (JSC::DFG::Node::setIndexingType):

+        (JSC::DFG::Node::hasRegexpIndex):

+        * dfg/DFGSpeculativeJIT.cpp:

+        (JSC::DFG::SpeculativeJIT::compileNotifyWrite):

+        (JSC::DFG::SpeculativeJIT::compileIsObjectOrNull):

+        (JSC::DFG::SpeculativeJIT::compileRegExpExec): Deleted.

+        * dfg/DFGSpeculativeJIT32_64.cpp:

+        (JSC::DFG::SpeculativeJIT::compile):

+        * dfg/DFGSpeculativeJIT64.cpp:

+        (JSC::DFG::SpeculativeJIT::compile):

+        * ftl/FTLCapabilities.cpp:

+        (JSC::FTL::canCompile):

+        * ftl/FTLLowerDFGToB3.cpp:

+        (JSC::FTL::DFG::LowerDFGToB3::compileNode):

+        (JSC::FTL::DFG::LowerDFGToB3::compileCheckWatchdogTimer):

+        (JSC::FTL::DFG::LowerDFGToB3::compileRegExpExec):

+        (JSC::FTL::DFG::LowerDFGToB3::compileRegExpTest):

+        (JSC::FTL::DFG::LowerDFGToB3::compileNewRegexp):

+        (JSC::FTL::DFG::LowerDFGToB3::didOverflowStack):

+        * tests/stress/ftl-regexp-exec.js: Added.

+        * tests/stress/ftl-regexp-test.js: Added.

+

</ins><span class="cx"> 2016-02-27  Filip Pizlo  &lt;fpizlo@apple.com&gt;

</span><span class="cx"> 

</span><span class="cx">         FTL should lower its abstract heaps to B3 heap ranges

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit212SourceJavaScriptCoredfgDFGByteCodeParsercpp"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (197662 => 197663)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp        2016-03-07 09:25:46 UTC (rev 197662)

+++ releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp        2016-03-07 09:36:47 UTC (rev 197663)

</span><span class="lines">@@ -3340,6 +3340,9 @@

</span><span class="cx">         }

</span><span class="cx">             

</span><span class="cx">         case op_new_regexp: {

</span><ins>+            // FIXME: We really should be able to inline code that uses NewRegexp. That means

+            // using something other than the index into the CodeBlock here.

+            // https://bugs.webkit.org/show_bug.cgi?id=154808

</ins><span class="cx">             set(VirtualRegister(currentInstruction[1].u.operand), addToGraph(NewRegexp, OpInfo(currentInstruction[2].u.operand)));

</span><span class="cx">             NEXT_OPCODE(op_new_regexp);

</span><span class="cx">         }

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit212SourceJavaScriptCoredfgDFGNodeh"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGNode.h (197662 => 197663)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGNode.h        2016-03-07 09:25:46 UTC (rev 197662)

+++ releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGNode.h        2016-03-07 09:36:47 UTC (rev 197663)

</span><span class="lines">@@ -1022,6 +1022,9 @@

</span><span class="cx">         m_opInfo = indexingType;

</span><span class="cx">     }

</span><span class="cx">     

</span><ins>+    // FIXME: We really should be able to inline code that uses NewRegexp. That means

+    // using something other than the index into the CodeBlock here.

+    // https://bugs.webkit.org/show_bug.cgi?id=154808

</ins><span class="cx">     bool hasRegexpIndex()

</span><span class="cx">     {

</span><span class="cx">         return op() == NewRegexp;

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit212SourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (197662 => 197663)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp        2016-03-07 09:25:46 UTC (rev 197662)

+++ releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp        2016-03-07 09:36:47 UTC (rev 197663)

</span><span class="lines">@@ -5910,46 +5910,6 @@

</span><span class="cx">     noResult(node);

</span><span class="cx"> }

</span><span class="cx"> 

</span><del>-bool SpeculativeJIT::compileRegExpExec(Node* node)

-{

-    unsigned branchIndexInBlock = detectPeepHoleBranch();

-    if (branchIndexInBlock == UINT_MAX)

-        return false;

-    Node* branchNode = m_block-&gt;at(branchIndexInBlock);

-    ASSERT(node-&gt;adjustedRefCount() == 1);

-

-    BasicBlock* taken = branchNode-&gt;branchData()-&gt;taken.block;

-    BasicBlock* notTaken = branchNode-&gt;branchData()-&gt;notTaken.block;

-    

-    bool invert = false;

-    if (taken == nextBlock()) {

-        invert = true;

-        BasicBlock* tmp = taken;

-        taken = notTaken;

-        notTaken = tmp;

-    }

-

-    SpeculateCellOperand base(this, node-&gt;child1());

-    SpeculateCellOperand argument(this, node-&gt;child2());

-    GPRReg baseGPR = base.gpr();

-    GPRReg argumentGPR = argument.gpr();

-    

-    flushRegisters();

-    GPRFlushedCallResult result(this);

-    callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);

-    m_jit.exceptionCheck();

-

-    branchTest32(invert ? JITCompiler::Zero : JITCompiler::NonZero, result.gpr(), taken);

-    jump(notTaken);

-

-    use(node-&gt;child1());

-    use(node-&gt;child2());

-    m_indexInBlock = branchIndexInBlock;

-    m_currentNode = branchNode;

-

-    return true;

-}

-

</del><span class="cx"> void SpeculativeJIT::compileIsObjectOrNull(Node* node)

</span><span class="cx"> {

</span><span class="cx">     JSGlobalObject* globalObject = m_jit.graph().globalObjectFor(node-&gt;origin.semantic);

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit212SourceJavaScriptCoredfgDFGSpeculativeJIT32_64cpp"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp (197662 => 197663)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp        2016-03-07 09:25:46 UTC (rev 197662)

+++ releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp        2016-03-07 09:36:47 UTC (rev 197663)

</span><span class="lines">@@ -2834,26 +2834,6 @@

</span><span class="cx">     }

</span><span class="cx"> 

</span><span class="cx">     case RegExpExec: {

</span><del>-        if (compileRegExpExec(node))

-            return;

-

-        if (!node-&gt;adjustedRefCount()) {

-            SpeculateCellOperand base(this, node-&gt;child1());

-            SpeculateCellOperand argument(this, node-&gt;child2());

-            GPRReg baseGPR = base.gpr();

-            GPRReg argumentGPR = argument.gpr();

-            

-            flushRegisters();

-            GPRFlushedCallResult result(this);

-            callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);

-            m_jit.exceptionCheck();

-            

-            // Must use jsValueResult because otherwise we screw up register

-            // allocation, which thinks that this node has a result.

-            booleanResult(result.gpr(), node);

-            break;

-        }

-

</del><span class="cx">         SpeculateCellOperand base(this, node-&gt;child1());

</span><span class="cx">         SpeculateCellOperand argument(this, node-&gt;child2());

</span><span class="cx">         GPRReg baseGPR = base.gpr();

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit212SourceJavaScriptCoredfgDFGSpeculativeJIT64cpp"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (197662 => 197663)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp        2016-03-07 09:25:46 UTC (rev 197662)

+++ releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp        2016-03-07 09:36:47 UTC (rev 197663)

</span><span class="lines">@@ -2959,25 +2959,6 @@

</span><span class="cx">     }

</span><span class="cx"> 

</span><span class="cx">     case RegExpExec: {

</span><del>-        if (compileRegExpExec(node))

-            return;

-        if (!node-&gt;adjustedRefCount()) {

-            SpeculateCellOperand base(this, node-&gt;child1());

-            SpeculateCellOperand argument(this, node-&gt;child2());

-            GPRReg baseGPR = base.gpr();

-            GPRReg argumentGPR = argument.gpr();

-            

-            flushRegisters();

-            GPRFlushedCallResult result(this);

-            callOperation(operationRegExpTest, result.gpr(), baseGPR, argumentGPR);

-            m_jit.exceptionCheck();

-            

-            // Must use jsValueResult because otherwise we screw up register

-            // allocation, which thinks that this node has a result.

-            jsValueResult(result.gpr(), node);

-            break;

-        }

-

</del><span class="cx">         SpeculateCellOperand base(this, node-&gt;child1());

</span><span class="cx">         SpeculateCellOperand argument(this, node-&gt;child2());

</span><span class="cx">         GPRReg baseGPR = base.gpr();

</span><span class="lines">@@ -3683,6 +3664,9 @@

</span><span class="cx">         flushRegisters();

</span><span class="cx">         GPRFlushedCallResult result(this);

</span><span class="cx">         

</span><ins>+        // FIXME: We really should be able to inline code that uses NewRegexp. That means not

+        // reaching into the CodeBlock here.

+        // https://bugs.webkit.org/show_bug.cgi?id=154808

</ins><span class="cx">         callOperation(operationNewRegexp, result.gpr(), m_jit.codeBlock()-&gt;regexp(node-&gt;regexpIndex()));

</span><span class="cx">         m_jit.exceptionCheck();

</span><span class="cx">         

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit212SourceJavaScriptCoreftlFTLCapabilitiescpp"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ftl/FTLCapabilities.cpp (197662 => 197663)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ftl/FTLCapabilities.cpp        2016-03-07 09:25:46 UTC (rev 197662)

+++ releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ftl/FTLCapabilities.cpp        2016-03-07 09:36:47 UTC (rev 197663)

</span><span class="lines">@@ -218,6 +218,9 @@

</span><span class="cx">     case PutSetterByVal:

</span><span class="cx">     case CopyRest:

</span><span class="cx">     case GetRestLength:

</span><ins>+    case RegExpExec:

+    case RegExpTest:

+    case NewRegexp:

</ins><span class="cx">         // These are OK.

</span><span class="cx">         break;

</span><span class="cx"> 

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit212SourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (197662 => 197663)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp        2016-03-07 09:25:46 UTC (rev 197662)

+++ releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp        2016-03-07 09:36:47 UTC (rev 197663)

</span><span class="lines">@@ -908,6 +908,15 @@

</span><span class="cx">         case GetRestLength:

</span><span class="cx">             compileGetRestLength();

</span><span class="cx">             break;

</span><ins>+        case RegExpExec:

+            compileRegExpExec();

+            break;

+        case RegExpTest:

+            compileRegExpTest();

+            break;

+        case NewRegexp:

+            compileNewRegexp();

+            break;

</ins><span class="cx"> 

</span><span class="cx">         case PhantomLocal:

</span><span class="cx">         case LoopHint:

</span><span class="lines">@@ -6387,6 +6396,36 @@

</span><span class="cx">         m_out.appendTo(continuation, lastNext);

</span><span class="cx">     }

</span><span class="cx"> 

</span><ins>+    void compileRegExpExec()

+    {

+        LValue base = lowCell(m_node-&gt;child1());

+        LValue argument = lowCell(m_node-&gt;child2());

+        setJSValue(

+            vmCall(Int64, m_out.operation(operationRegExpExec), m_callFrame, base, argument));

+    }

+

+    void compileRegExpTest()

+    {

+        LValue base = lowCell(m_node-&gt;child1());

+        LValue argument = lowCell(m_node-&gt;child2());

+        setBoolean(

+            vmCall(Int32, m_out.operation(operationRegExpTest), m_callFrame, base, argument));

+    }

+

+    void compileNewRegexp()

+    {

+        // FIXME: We really should be able to inline code that uses NewRegexp. That means not

+        // reaching into the CodeBlock here.

+        // https://bugs.webkit.org/show_bug.cgi?id=154808

+

+        LValue result = vmCall(

+            pointerType(),

+            m_out.operation(operationNewRegexp), m_callFrame,

+            m_out.constIntPtr(codeBlock()-&gt;regexp(m_node-&gt;regexpIndex())));

+        

+        setJSValue(result);

+    }

+

</ins><span class="cx">     LValue didOverflowStack()

</span><span class="cx">     {

</span><span class="cx">         // This does a very simple leaf function analysis. The invariant of FTL call

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit212SourceJavaScriptCoretestsstressftlregexpexecjs"></a>

<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/tests/stress/ftl-regexp-exec.js (0 => 197663)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/tests/stress/ftl-regexp-exec.js                                (rev 0)

+++ releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/tests/stress/ftl-regexp-exec.js        2016-03-07 09:36:47 UTC (rev 197663)

</span><span class="lines">@@ -0,0 +1,17 @@

</span><ins>+function foo(s) {

+    return /foo/.exec(s);

+}

+

+noInline(foo);

+

+for (var i = 0; i &lt; 100000; ++i) {

+    var result = foo(&quot;foo&quot;);

+    if (!result)

+        throw &quot;Error: bad result for foo&quot;;

+    if (result.length != 1)

+        throw &quot;Error: bad result for foo: &quot; + result;

+    if (result[0] != &quot;foo&quot;)

+        throw &quot;Error: bad result for foo: &quot; + result;

+    if (foo(&quot;bar&quot;))

+        throw &quot;Error: bad result for bar&quot;;

+}

</ins></span></pre></div>

<a id="releasesWebKitGTKwebkit212SourceJavaScriptCoretestsstressftlregexptestjs"></a>

<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/tests/stress/ftl-regexp-test.js (0 => 197663)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/tests/stress/ftl-regexp-test.js                                (rev 0)

+++ releases/WebKitGTK/webkit-2.12/Source/JavaScriptCore/tests/stress/ftl-regexp-test.js        2016-03-07 09:36:47 UTC (rev 197663)

</span><span class="lines">@@ -0,0 +1,12 @@

</span><ins>+function foo(s) {

+    return /foo/.test(s);

+}

+

+noInline(foo);

+

+for (var i = 0; i &lt; 100000; ++i) {

+    if (!foo(&quot;foo&quot;))

+        throw &quot;Error: bad result for foo&quot;;

+    if (foo(&quot;bar&quot;))

+        throw &quot;Error: bad result for bar&quot;;

+}

</ins></span></pre>

</div>

</div>

</body>

</html>