Skip to site navigation (Press enter)

[webkit-changes] [163841] trunk/Source/JavaScriptCore

commit-queue Mon, 10 Feb 2014 17:27:23 -0800

Title: [163841] trunk/Source/_javascript_Core

Revision: 163841
Author: commit-qu...@webkit.org
Date: 2014-02-10 17:31:41 -0800 (Mon, 10 Feb 2014)

Log Message

ReallocatePropertyStorage in FTL
https://bugs.webkit.org/show_bug.cgi?id=128352


Patch by Matthew Mirman <mmir...@apple.com> on 2014-02-10
Reviewed by Filip Pizlo.

* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLIntrinsicRepository.h:
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileReallocatePropertyStorage):
* tests/stress/ftl-reallocatepropertystorage.js: Added.
(foo):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp
trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h
trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp

Added Paths

trunk/Source/_javascript_Core/tests/stress/ftl-reallocatepropertystorage.js

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (163840 => 163841)


--- trunk/Source/_javascript_Core/ChangeLog	2014-02-11 01:20:28 UTC (rev 163840)
+++ trunk/Source/_javascript_Core/ChangeLog	2014-02-11 01:31:41 UTC (rev 163841)
@@ -1,3 +1,19 @@
+2014-02-10  Matthew Mirman  <mmir...@apple.com>
+
+        ReallocatePropertyStorage in FTL
+        https://bugs.webkit.org/show_bug.cgi?id=128352
+
+        Reviewed by Filip Pizlo.
+
+        * ftl/FTLCapabilities.cpp:
+        (JSC::FTL::canCompile):
+        * ftl/FTLIntrinsicRepository.h:
+        * ftl/FTLLowerDFGToLLVM.cpp:
+        (JSC::FTL::LowerDFGToLLVM::compileNode):
+        (JSC::FTL::LowerDFGToLLVM::compileReallocatePropertyStorage):
+        * tests/stress/ftl-reallocatepropertystorage.js: Added.
+        (foo):
+
 2014-02-10  Michael Saboff  <msab...@apple.com>
 
         Fail FTL compilation if the required stack is too big

Modified: trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp (163840 => 163841)


--- trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp	2014-02-11 01:20:28 UTC (rev 163840)
+++ trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp	2014-02-11 01:31:41 UTC (rev 163841)
@@ -107,6 +107,7 @@
     case CheckFunction:
     case StringCharCodeAt:
     case AllocatePropertyStorage:
+    case ReallocatePropertyStorage:
     case FunctionReentryWatchpoint:
     case TypedArrayWatchpoint:
     case GetTypedArrayByteOffset:

Modified: trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h (163840 => 163841)


--- trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h	2014-02-11 01:20:28 UTC (rev 163840)
+++ trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h	2014-02-11 01:31:41 UTC (rev 163841)
@@ -73,6 +73,8 @@
     macro(P_JITOperation_E, functionType(intPtr, intPtr)) \
     macro(P_JITOperation_EC, functionType(intPtr, intPtr, intPtr)) \
     macro(P_JITOperation_EO, functionType(intPtr, intPtr, intPtr)) \
+    macro(P_JITOperation_ES, functionType(intPtr, intPtr, int64)) \
+    macro(P_JITOperation_EOS, functionType(intPtr, intPtr, intPtr, int64)) \
     macro(P_JITOperation_ESt, functionType(intPtr, intPtr, intPtr)) \
     macro(P_JITOperation_EStPS, functionType(intPtr, intPtr, intPtr, intPtr, intPtr)) \
     macro(P_JITOperation_EStSS, functionType(intPtr, intPtr, intPtr, intPtr, intPtr)) \

Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (163840 => 163841)


--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp	2014-02-11 01:20:28 UTC (rev 163840)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp	2014-02-11 01:31:41 UTC (rev 163841)
@@ -440,6 +440,9 @@
         case AllocatePropertyStorage:
             compileAllocatePropertyStorage();
             break;
+        case ReallocatePropertyStorage:
+            compileReallocatePropertyStorage();
+            break;
         case ToString:
             compileToString();
             break;
@@ -2660,7 +2663,67 @@
         
         setStorage(result);
     }
+
+    void compileReallocatePropertyStorage()
+    {
+        StructureTransitionData& data = ""
+        
+        Structure* previous = data.previousStructure;
+        LValue object = lowCell(m_node->child1());
+
+        size_t oldSize = previous->outOfLineCapacity() * sizeof(JSValue);
+        size_t newSize = oldSize * outOfLineGrowthFactor; 
+
+        ASSERT(newSize == data.newStructure->outOfLineCapacity() * sizeof(JSValue));
+        
+        if (previous->couldHaveIndexingHeader()) {
+            LValue newAllocSize = m_out.constInt64(newSize / sizeof(JSValue));                    
+            LValue result = vmCall(m_out.operation(operationReallocateButterflyToGrowPropertyStorage), m_callFrame, object, newAllocSize);
+            setStorage(result);
+            return;
+        }
+        
+        LBasicBlock slowPath = FTL_NEW_BLOCK(m_out, ("ReallocatePropertyStorage slow path"));
+        LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("ReallocatePropertyStorage continuation"));
+        LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath);
+        
+        LValue endOfStorage = 
+            allocateBasicStorageAndGetEnd(m_out.constIntPtr(newSize), slowPath);
+        
+        ValueFromBlock fastButterfly = m_out.anchor(m_out.add(m_out.constIntPtr(sizeof(IndexingHeader)), endOfStorage));
+        
+        m_out.jump(continuation);
+        
+        m_out.appendTo(slowPath, continuation);
+        
+        LValue newAllocSize = m_out.constInt64(newSize / sizeof(JSValue));       
+        
+        LValue storageLocation = vmCall(m_out.operation(operationAllocatePropertyStorage), m_callFrame, newAllocSize);
+        
+        ValueFromBlock slowButterfly = m_out.anchor(storageLocation);
+        
+        m_out.jump(continuation);
+        
+        m_out.appendTo(continuation, lastNext);
+        
+        LValue result = m_out.phi(m_out.intPtr, fastButterfly, slowButterfly);
+        LValue oldStorage = m_out.loadPtr(object, m_heaps.JSObject_butterfly);
+
+        ptrdiff_t headerSize = -sizeof(JSValue) - sizeof(void *);
+        ptrdiff_t endStorage = headerSize - static_cast<ptrdiff_t>(oldSize);
+
+        for (ptrdiff_t offset = headerSize; offset > endStorage; offset -= sizeof(void*)) {
+            LValue loaded = 
+                m_out.loadPtr(m_out.address(m_heaps.properties.atAnyNumber(), oldStorage, offset));
+            m_out.storePtr(loaded, m_out.address(m_heaps.properties.atAnyNumber(), result, offset));
+        } 
+        
+        m_out.storePtr(result, m_out.address(object, m_heaps.JSObject_butterfly));
+        
+        setStorage(result); 
+    }
     
+    
     void compileToString()
     {
         switch (m_node->child1().useKind()) {

Added: trunk/Source/_javascript_Core/tests/stress/ftl-reallocatepropertystorage.js (0 => 163841)


--- trunk/Source/_javascript_Core/tests/stress/ftl-reallocatepropertystorage.js	                        (rev 0)
+++ trunk/Source/_javascript_Core/tests/stress/ftl-reallocatepropertystorage.js	2014-02-11 01:31:41 UTC (rev 163841)
@@ -0,0 +1,28 @@
+function foo(x){
+    x.a0 = 0;
+    x.a1 = 1;
+    x.a2 = 2;
+    x.a3 = 3;
+    x.a4 = 4;
+    x.a5 = 5;
+    x.a6 = 6;
+    x.a7 = 7;
+    x.a8 = 8;
+    x.a9 = 9;
+    x.a10 = 10;
+}
+
+noInline(foo);
+
+var c = {};
+for (var i = 0; i < 100000; ++i) {
+    var b = {};
+    foo(b);
+    c = b;
+}
+
+for (var j = 0; j <= 10 ; ++j)
+    if (c['a'+j] != j) 
+        throw "Error "+c['a'+j];
+
+

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes