Modified: trunk/Source/_javascript_Core/ChangeLog (229853 => 229854)
--- trunk/Source/_javascript_Core/ChangeLog 2018-03-22 15:46:36 UTC (rev 229853)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-03-22 15:58:59 UTC (rev 229854)
@@ -1,5 +1,31 @@
2018-03-22 Yusuke Suzuki <[email protected]>
+ [JSC] List up all candidates in DFGCapabilities and FTLCapabilities
+ https://bugs.webkit.org/show_bug.cgi?id=183897
+
+ Reviewed by Mark Lam.
+
+ We should not use `default:` clause here since it accidentally catches
+ the opcode and DFG nodes which should be optimized. For example,
+ op_super_sampler_begin and op_super_sampler_end are not listed while
+ they have DFG and FTL backend.
+
+ This patch lists up all candiates in DFGCapabilities and FTLCapabilities.
+ And we also clean up unnecessary checks in FTLCapabilities. Since we
+ already handles all the possible array types for these nodes (which can
+ be checked in DFG's code), we do not need to check array types.
+
+ We also fix FTLLowerDFGToB3' PutByVal code to use modeForPut.
+
+ * dfg/DFGCapabilities.cpp:
+ (JSC::DFG::capabilityLevel):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
+
+2018-03-22 Yusuke Suzuki <[email protected]>
+
[JSC] Drop op_put_by_index
https://bugs.webkit.org/show_bug.cgi?id=183899
Modified: trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp (229853 => 229854)
--- trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp 2018-03-22 15:46:36 UTC (rev 229853)
+++ trunk/Source/_javascript_Core/dfg/DFGCapabilities.cpp 2018-03-22 15:58:59 UTC (rev 229854)
@@ -265,6 +265,8 @@
case op_resolve_scope_for_hoisting_func_decl_in_eval:
case op_new_regexp:
case op_unreachable:
+ case op_super_sampler_begin:
+ case op_super_sampler_end:
return CanCompileAndInline;
case op_switch_string: // Don't inline because we don't want to copy string tables in the concurrent JIT.
@@ -271,9 +273,25 @@
case op_call_eval:
return CanCompile;
- default:
+ case op_yield:
+ case llint_program_prologue:
+ case llint_eval_prologue:
+ case llint_module_program_prologue:
+ case llint_function_for_call_prologue:
+ case llint_function_for_construct_prologue:
+ case llint_function_for_call_arity_check:
+ case llint_function_for_construct_arity_check:
+ case llint_generic_return_point:
+ case llint_throw_from_slow_path_trampoline:
+ case llint_throw_during_call_trampoline:
+ case llint_native_call_trampoline:
+ case llint_native_construct_trampoline:
+ case llint_internal_function_call_trampoline:
+ case llint_internal_function_construct_trampoline:
+ case handleUncaughtException:
return CannotCompile;
}
+ return CannotCompile;
}
CapabilityLevel capabilityLevel(CodeBlock* codeBlock)
Modified: trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp (229853 => 229854)
--- trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2018-03-22 15:46:36 UTC (rev 229853)
+++ trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2018-03-22 15:58:59 UTC (rev 229854)
@@ -175,6 +175,7 @@
case ConstantStoragePointer:
case Check:
case CheckVarargs:
+ case CheckArray:
case CountExecution:
case SuperSamplerBegin:
case SuperSamplerEnd:
@@ -337,6 +338,14 @@
case InitializeEntrypointArguments:
case CPUIntrinsic:
case GetArrayMask:
+ case GetArrayLength:
+ case GetVectorLength:
+ case GetByVal:
+ case GetByValWithThis:
+ case PutByVal:
+ case PutByValAlias:
+ case PutByValDirect:
+ case PutByValWithThis:
// These are OK.
break;
@@ -346,94 +355,17 @@
// case because it would prevent us from catching bugs where the FTL backend
// pipeline failed to optimize out an Identity.
break;
- case CheckArray:
- switch (node->arrayMode().type()) {
- case Array::Int32:
- case Array::Double:
- case Array::Contiguous:
- case Array::Undecided:
- case Array::ArrayStorage:
- case Array::SlowPutArrayStorage:
- case Array::DirectArguments:
- case Array::ScopedArguments:
- break;
- default:
- if (isTypedView(node->arrayMode().typedArrayType()))
- break;
- return CannotCompile;
- }
- break;
- case GetArrayLength:
- switch (node->arrayMode().type()) {
- case Array::Undecided:
- case Array::Int32:
- case Array::Double:
- case Array::Contiguous:
- case Array::ArrayStorage:
- case Array::SlowPutArrayStorage:
- case Array::String:
- case Array::DirectArguments:
- case Array::ScopedArguments:
- break;
- default:
- if (node->arrayMode().isSomeTypedArrayView())
- break;
- return CannotCompile;
- }
- break;
- case GetVectorLength:
- switch (node->arrayMode().type()) {
- case Array::ArrayStorage:
- case Array::SlowPutArrayStorage:
- break;
- default:
- RELEASE_ASSERT_NOT_REACHED();
- }
- break;
- case GetByVal:
- switch (node->arrayMode().type()) {
- case Array::ForceExit:
- case Array::Generic:
- case Array::String:
- case Array::Int32:
- case Array::Double:
- case Array::Contiguous:
- case Array::Undecided:
- case Array::DirectArguments:
- case Array::ScopedArguments:
- case Array::ArrayStorage:
- case Array::SlowPutArrayStorage:
- break;
- default:
- if (isTypedView(node->arrayMode().typedArrayType()))
- return CanCompileAndOSREnter;
- return CannotCompile;
- }
- break;
- case GetByValWithThis:
- break;
- case PutByVal:
- case PutByValAlias:
- case PutByValDirect:
- switch (node->arrayMode().type()) {
- case Array::ForceExit:
- case Array::Generic:
- case Array::Int32:
- case Array::Double:
- case Array::Contiguous:
- case Array::ArrayStorage:
- case Array::SlowPutArrayStorage:
- break;
- default:
- if (isTypedView(node->arrayMode().typedArrayType()))
- return CanCompileAndOSREnter;
- return CannotCompile;
- }
- break;
- case PutByValWithThis:
- break;
- default:
- // Don't know how to handle anything else.
+
+ case IdentityWithProfile:
+ case CreateThis:
+ case CheckTierUpInLoop:
+ case CheckTierUpAndOSREnter:
+ case CheckTierUpAtReturn:
+ case FiatInt52:
+ case ArithIMul:
+ case ProfileType:
+ case ProfileControlFlow:
+ case LastNodeType:
return CannotCompile;
}
return CanCompileAndOSREnter;
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (229853 => 229854)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2018-03-22 15:46:36 UTC (rev 229853)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2018-03-22 15:58:59 UTC (rev 229854)
@@ -4129,7 +4129,8 @@
Edge child4 = m_graph.varArgChild(m_node, 3);
Edge child5 = m_graph.varArgChild(m_node, 4);
- switch (m_node->arrayMode().type()) {
+ ArrayMode arrayMode = m_node->arrayMode().modeForPut();
+ switch (arrayMode.type()) {
case Array::Generic: {
if (child1.useKind() == CellUse) {
V_JITOperation_ECCJ operation = nullptr;
@@ -4193,7 +4194,7 @@
LValue index = lowInt32(child2);
LValue storage = lowStorage(child4);
- switch (m_node->arrayMode().type()) {
+ switch (arrayMode.type()) {
case Array::Int32:
case Array::Double:
case Array::Contiguous: {
@@ -4200,16 +4201,16 @@
LBasicBlock continuation = m_out.newBlock();
LBasicBlock outerLastNext = m_out.appendTo(m_out.m_block, continuation);
- switch (m_node->arrayMode().type()) {
+ switch (arrayMode.type()) {
case Array::Int32:
case Array::Contiguous: {
LValue value = lowJSValue(child3, ManualOperandSpeculation);
- if (m_node->arrayMode().type() == Array::Int32)
+ if (arrayMode.type() == Array::Int32)
FTL_TYPE_CHECK(jsValueValue(value), child3, SpecInt32Only, isNotInt32(value));
TypedPointer elementPointer = m_out.baseIndex(
- m_node->arrayMode().type() == Array::Int32 ?
+ arrayMode.type() == Array::Int32 ?
m_heaps.indexedInt32Properties : m_heaps.indexedContiguousProperties,
storage, m_out.zeroExtPtr(index), provenValue(child2));
@@ -4276,7 +4277,7 @@
return;
}
- if (m_node->arrayMode().isInBounds()) {
+ if (arrayMode.isInBounds()) {
speculate(StoreToHole, noValue(), 0, m_out.isZero64(m_out.load64(elementPointer)));
m_out.store64(value, elementPointer);
return;
@@ -4288,7 +4289,7 @@
auto slowPathFunction = codeBlock()->isStrictMode()
? (m_node->op() == PutByValDirect ? operationPutByValDirectBeyondArrayBoundsStrict : operationPutByValBeyondArrayBoundsStrict)
: (m_node->op() == PutByValDirect ? operationPutByValDirectBeyondArrayBoundsNonStrict : operationPutByValBeyondArrayBoundsNonStrict);
- if (!m_node->arrayMode().isOutOfBounds()) {
+ if (!arrayMode.isOutOfBounds()) {
speculate(OutOfBounds, noValue(), 0, isOutOfBounds);
isOutOfBounds = m_out.booleanFalse;
}
@@ -4309,7 +4310,7 @@
m_out.jump(continuation);
- if (m_node->arrayMode().isSlowPut()) {
+ if (arrayMode.isSlowPut()) {
m_out.appendTo(inBoundCase, doStoreCase);
m_out.branch(m_out.isZero64(m_out.load64(elementPointer)), rarely(slowCase), usually(doStoreCase));
} else {
@@ -4341,7 +4342,7 @@
}
default: {
- TypedArrayType type = m_node->arrayMode().typedArrayType();
+ TypedArrayType type = arrayMode.typedArrayType();
if (isTypedView(type)) {
TypedPointer pointer = TypedPointer(
@@ -4372,7 +4373,7 @@
}
}
- if (m_node->arrayMode().isInBounds() || m_node->op() == PutByValAlias)
+ if (arrayMode.isInBounds() || m_node->op() == PutByValAlias)
m_out.store(valueToStore, pointer, storeType(type));
else {
LBasicBlock isInBounds = m_out.newBlock();
