[webkit-changes] [228810] releases/WebKitGTK/webkit-2.20/Source/JavaScriptCore

Tue, 20 Feb 2018 05:48:32 -0800

Title: [228810] releases/WebKitGTK/webkit-2.20/Source/_javascript_Core
Revision
228810
Author
carlo...@webkit.org
Date
2018-02-20 05:48:17 -0800 (Tue, 20 Feb 2018)

Log Message

Merge r228693 - GetArrayMask should support constant folding
https://bugs.webkit.org/show_bug.cgi?id=182907

Reviewed by Saam Barati.

Implement constant folding for GetArrayMask. This revealed a bug in tryGetFoldableView, where it was
ignoring the result of a jsDynamicCast<>(). This wasn't a bug before because it would have been
impossible for that function to get called with a non-null value if the value was not an array view,
due to type filtering in CheckArray, the fact that CheckArray had to dominate GetArrayLength, and
the fact that the other tryGetFoldableView overload made sure that the array mode was some typed
array.

This isn't a measurable progression, but it does save a register in the codegen for typed array
accesses. Hopefully these improvements add up.

* assembler/AssemblerBuffer.h:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetFoldableView):

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog (228809 => 228810)


--- releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog	2018-02-20 13:48:13 UTC (rev 228809)
+++ releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog	2018-02-20 13:48:17 UTC (rev 228810)
@@ -1,3 +1,26 @@
+2018-02-17  Filip Pizlo  <fpi...@apple.com>
+
+        GetArrayMask should support constant folding
+        https://bugs.webkit.org/show_bug.cgi?id=182907
+
+        Reviewed by Saam Barati.
+        
+        Implement constant folding for GetArrayMask. This revealed a bug in tryGetFoldableView, where it was
+        ignoring the result of a jsDynamicCast<>(). This wasn't a bug before because it would have been
+        impossible for that function to get called with a non-null value if the value was not an array view,
+        due to type filtering in CheckArray, the fact that CheckArray had to dominate GetArrayLength, and
+        the fact that the other tryGetFoldableView overload made sure that the array mode was some typed
+        array.
+        
+        This isn't a measurable progression, but it does save a register in the codegen for typed array
+        accesses. Hopefully these improvements add up.
+
+        * assembler/AssemblerBuffer.h:
+        * dfg/DFGAbstractInterpreterInlines.h:
+        (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
+        * dfg/DFGGraph.cpp:
+        (JSC::DFG::Graph::tryGetFoldableView):
+
 2018-02-16  Fujii Hironori  <hironori.fu...@sony.com>
 
         fast/frames/sandboxed-iframe-navigation-top-denied.html is crashing in Inspector::createScriptCallStackForConsole::Exec for GTK

Modified: releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h (228809 => 228810)


--- releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h	2018-02-20 13:48:13 UTC (rev 228809)
+++ releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/dfg/DFGAbstractInterpreterInlines.h	2018-02-20 13:48:17 UTC (rev 228810)
@@ -2526,9 +2526,15 @@
         break;
     }
 
-    case GetArrayMask:
+    case GetArrayMask: {
+        JSArrayBufferView* view = m_graph.tryGetFoldableView(forNode(node->child1()).m_value);
+        if (view) {
+            setConstant(node, jsNumber(view->butterflyIndexingMask()));
+            break;
+        }
         forNode(node).setType(SpecInt32Only);
         break;
+    }
 
     case GetVectorLength: {
         forNode(node).setType(SpecInt32Only);

Modified: releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/dfg/DFGGraph.cpp (228809 => 228810)


--- releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/dfg/DFGGraph.cpp	2018-02-20 13:48:13 UTC (rev 228809)
+++ releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/dfg/DFGGraph.cpp	2018-02-20 13:48:17 UTC (rev 228810)
@@ -1386,7 +1386,7 @@
     if (!value)
         return nullptr;
     JSArrayBufferView* view = jsDynamicCast<JSArrayBufferView*>(m_vm, value);
-    if (!value)
+    if (!view)
         return nullptr;
     if (!view->length())
         return nullptr;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to