Title: [113919] trunk/Source/_javascript_Core
- Revision
- 113919
- Author
- [email protected]
- Date
- 2012-04-11 15:52:00 -0700 (Wed, 11 Apr 2012)
Log Message
SpeculativeJIT::fillStorage() should work with all the states that a cell may be in
https://bugs.webkit.org/show_bug.cgi?id=83722
Reviewed by Gavin Barraclough.
It's now possible to do StorageOperand on a cell, in the case that the storage is
inline. But this means that fillStorage() must be able to handle all of the states
that a cell might be in. Previously it didn't.
With this change, it now does handle all of the states, and moreover, it does so
by preserving the DataFormat of cells and performing all of the cell speculations
that should be performed if you're using a cell as storage. But if you use this on
something that is known to be storage already then it behaves as it did before.
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillStorage):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (113918 => 113919)
--- trunk/Source/_javascript_Core/ChangeLog 2012-04-11 22:48:44 UTC (rev 113918)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-04-11 22:52:00 UTC (rev 113919)
@@ -1,5 +1,24 @@
2012-04-11 Filip Pizlo <[email protected]>
+ SpeculativeJIT::fillStorage() should work with all the states that a cell may be in
+ https://bugs.webkit.org/show_bug.cgi?id=83722
+
+ Reviewed by Gavin Barraclough.
+
+ It's now possible to do StorageOperand on a cell, in the case that the storage is
+ inline. But this means that fillStorage() must be able to handle all of the states
+ that a cell might be in. Previously it didn't.
+
+ With this change, it now does handle all of the states, and moreover, it does so
+ by preserving the DataFormat of cells and performing all of the cell speculations
+ that should be performed if you're using a cell as storage. But if you use this on
+ something that is known to be storage already then it behaves as it did before.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::fillStorage):
+
+2012-04-11 Filip Pizlo <[email protected]>
+
Global variable predictions should not be coalesced unnecessarily
https://bugs.webkit.org/show_bug.cgi?id=83678
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (113918 => 113919)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2012-04-11 22:48:44 UTC (rev 113918)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2012-04-11 22:52:00 UTC (rev 113919)
@@ -60,39 +60,27 @@
switch (info.registerFormat()) {
case DataFormatNone: {
- GPRReg gpr = allocate();
- ASSERT(info.spillFormat() == DataFormatStorage);
- m_gprs.retain(gpr, virtualRegister, SpillOrderSpilled);
- m_jit.loadPtr(JITCompiler::addressFor(virtualRegister), gpr);
- info.fillStorage(gpr);
- return gpr;
- }
+ if (info.spillFormat() == DataFormatStorage) {
+ GPRReg gpr = allocate();
+ m_gprs.retain(gpr, virtualRegister, SpillOrderSpilled);
+ m_jit.loadPtr(JITCompiler::addressFor(virtualRegister), gpr);
+ info.fillStorage(gpr);
+ return gpr;
+ }
- case DataFormatStorage:
- case DataFormatCell: {
- GPRReg gpr = info.gpr();
- m_gprs.lock(gpr);
- return gpr;
+ // Must be a cell; fill it as a cell and then return the pointer.
+ return fillSpeculateCell(nodeIndex);
}
- case DataFormatJS:
- case DataFormatJSCell: {
-#if USE(JSVALUE64)
+ case DataFormatStorage: {
GPRReg gpr = info.gpr();
m_gprs.lock(gpr);
return gpr;
-#else
- GPRReg gpr = info.payloadGPR();
- m_gprs.lock(gpr);
- return gpr;
-#endif
}
-
+
default:
- ASSERT_NOT_REACHED();
+ return fillSpeculateCell(nodeIndex);
}
-
- return InvalidGPRReg;
}
void SpeculativeJIT::useChildren(Node& node)
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
