- Revision
- 153287
- Author
- [email protected]
- Date
- 2013-07-24 21:05:13 -0700 (Wed, 24 Jul 2013)
Log Message
fourthTier: StringObjectUse uses structures, and CSE should know that
https://bugs.webkit.org/show_bug.cgi?id=118940
Reviewed by Geoffrey Garen.
This is asymptomatic right now, but we should fix it.
* _javascript_Core.xcodeproj/project.pbxproj:
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::putStructureStoreElimination):
* dfg/DFGEdgeUsesStructure.h: Added.
(DFG):
(EdgeUsesStructure):
(JSC::DFG::EdgeUsesStructure::EdgeUsesStructure):
(JSC::DFG::EdgeUsesStructure::operator()):
(JSC::DFG::EdgeUsesStructure::result):
(JSC::DFG::edgesUseStructure):
* dfg/DFGUseKind.h:
(DFG):
(JSC::DFG::usesStructure):
Conflicts:
Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj
Modified Paths
Added Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (153286 => 153287)
--- trunk/Source/_javascript_Core/ChangeLog 2013-07-25 04:05:12 UTC (rev 153286)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-07-25 04:05:13 UTC (rev 153287)
@@ -1,5 +1,28 @@
2013-07-19 Filip Pizlo <[email protected]>
+ fourthTier: StringObjectUse uses structures, and CSE should know that
+ https://bugs.webkit.org/show_bug.cgi?id=118940
+
+ Reviewed by Geoffrey Garen.
+
+ This is asymptomatic right now, but we should fix it.
+
+ * _javascript_Core.xcodeproj/project.pbxproj:
+ * dfg/DFGCSEPhase.cpp:
+ (JSC::DFG::CSEPhase::putStructureStoreElimination):
+ * dfg/DFGEdgeUsesStructure.h: Added.
+ (DFG):
+ (EdgeUsesStructure):
+ (JSC::DFG::EdgeUsesStructure::EdgeUsesStructure):
+ (JSC::DFG::EdgeUsesStructure::operator()):
+ (JSC::DFG::EdgeUsesStructure::result):
+ (JSC::DFG::edgesUseStructure):
+ * dfg/DFGUseKind.h:
+ (DFG):
+ (JSC::DFG::usesStructure):
+
+2013-07-19 Filip Pizlo <[email protected]>
+
fourthTier: String GetByVal out-of-bounds handling is so wrong
https://bugs.webkit.org/show_bug.cgi?id=118935
Modified: trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (153286 => 153287)
--- trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2013-07-25 04:05:12 UTC (rev 153286)
+++ trunk/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2013-07-25 04:05:13 UTC (rev 153287)
@@ -797,6 +797,7 @@
A78A977F179738D5009DF744 /* FTLGeneratedFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = A78A977C179738D5009DF744 /* FTLGeneratedFunction.h */; };
A78A9780179738D5009DF744 /* FTLJITFinalizer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A78A977D179738D5009DF744 /* FTLJITFinalizer.cpp */; };
A78A9781179738D5009DF744 /* FTLJITFinalizer.h in Headers */ = {isa = PBXBuildFile; fileRef = A78A977E179738D5009DF744 /* FTLJITFinalizer.h */; };
+ A7986D5717A0BB1E00A95DD0 /* DFGEdgeUsesStructure.h in Headers */ = {isa = PBXBuildFile; fileRef = A7986D5617A0BB1E00A95DD0 /* DFGEdgeUsesStructure.h */; settings = {ATTRIBUTES = (Private, ); }; };
A7A4AE0817973B26005612B1 /* MacroAssemblerX86Common.cpp in Sources */ = {isa = PBXBuildFile; fileRef = A7A4AE0717973B26005612B1 /* MacroAssemblerX86Common.cpp */; };
A7A4AE0D17973B4D005612B1 /* JITStubsMIPS.h in Headers */ = {isa = PBXBuildFile; fileRef = A7A4AE0917973B4D005612B1 /* JITStubsMIPS.h */; };
A7A4AE0F17973B4D005612B1 /* JITStubsSH4.h in Headers */ = {isa = PBXBuildFile; fileRef = A7A4AE0B17973B4D005612B1 /* JITStubsSH4.h */; };
@@ -1859,6 +1860,7 @@
A78A977C179738D5009DF744 /* FTLGeneratedFunction.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLGeneratedFunction.h; path = ftl/FTLGeneratedFunction.h; sourceTree = "<group>"; };
A78A977D179738D5009DF744 /* FTLJITFinalizer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = FTLJITFinalizer.cpp; path = ftl/FTLJITFinalizer.cpp; sourceTree = "<group>"; };
A78A977E179738D5009DF744 /* FTLJITFinalizer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = FTLJITFinalizer.h; path = ftl/FTLJITFinalizer.h; sourceTree = "<group>"; };
+ A7986D5617A0BB1E00A95DD0 /* DFGEdgeUsesStructure.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = DFGEdgeUsesStructure.h; path = dfg/DFGEdgeUsesStructure.h; sourceTree = "<group>"; };
A79E781E15EECBA80047C855 /* UnlinkedCodeBlock.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = UnlinkedCodeBlock.cpp; sourceTree = "<group>"; };
A79E781F15EECBA80047C855 /* UnlinkedCodeBlock.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = UnlinkedCodeBlock.h; sourceTree = "<group>"; };
A79EDB0811531CD60019E912 /* JSObjectRefPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSObjectRefPrivate.h; sourceTree = "<group>"; };
@@ -2167,9 +2169,9 @@
034768DFFF38A50411DB9C8B /* Products */ = {
isa = PBXGroup;
children = (
+ 932F5BE10822A1C700736975 /* jsc */,
0FF922CF14F46B130041A24E /* JSCLLIntOffsetsExtractor */,
932F5BD90822A1C700736975 /* _javascript_Core.framework */,
- 932F5BE10822A1C700736975 /* jsc */,
141211200A48793C00480255 /* minidom */,
14BD59BF0A3E8F9000BAF59C /* testapi */,
6511230514046A4C002B101D /* testRegExp */,
@@ -3104,6 +3106,7 @@
0FD3C82214115D0E00FD81CB /* DFGDriver.h */,
0FB4B51B16B62772003F696B /* DFGEdge.cpp */,
0F66E16914DF3F1300B7B2E4 /* DFGEdge.h */,
+ A7986D5617A0BB1E00A95DD0 /* DFGEdgeUsesStructure.h */,
A78A976C179738B8009DF744 /* DFGFailedFinalizer.cpp */,
A78A976D179738B8009DF744 /* DFGFailedFinalizer.h */,
A7BFF3BF179868940002F462 /* DFGFiltrationResult.h */,
@@ -3525,6 +3528,7 @@
0F1E3A471534CBB9000F9456 /* DFGDoubleFormatState.h in Headers */,
0FD3C82814115D4F00FD81CB /* DFGDriver.h in Headers */,
0F66E16C14DF3F1600B7B2E4 /* DFGEdge.h in Headers */,
+ A7986D5717A0BB1E00A95DD0 /* DFGEdgeUsesStructure.h in Headers */,
0FBC0AE81496C7C700D4FBDD /* DFGExitProfile.h in Headers */,
A78A9775179738B8009DF744 /* DFGFailedFinalizer.h in Headers */,
A7BFF3C0179868940002F462 /* DFGFiltrationResult.h in Headers */,
Modified: trunk/Source/_javascript_Core/dfg/DFGCSEPhase.cpp (153286 => 153287)
--- trunk/Source/_javascript_Core/dfg/DFGCSEPhase.cpp 2013-07-25 04:05:12 UTC (rev 153286)
+++ trunk/Source/_javascript_Core/dfg/DFGCSEPhase.cpp 2013-07-25 04:05:13 UTC (rev 153287)
@@ -28,6 +28,7 @@
#if ENABLE(DFG_JIT)
+#include "DFGEdgeUsesStructure.h"
#include "DFGGraph.h"
#include "DFGPhase.h"
#include "JSCellInlines.h"
@@ -611,6 +612,8 @@
}
if (m_graph.clobbersWorld(node) || node->canExit())
return 0;
+ if (edgesUseStructure(m_graph, node))
+ return 0;
}
return 0;
}
Added: trunk/Source/_javascript_Core/dfg/DFGEdgeUsesStructure.h (0 => 153287)
--- trunk/Source/_javascript_Core/dfg/DFGEdgeUsesStructure.h (rev 0)
+++ trunk/Source/_javascript_Core/dfg/DFGEdgeUsesStructure.h 2013-07-25 04:05:13 UTC (rev 153287)
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef DFGEdgeUsesStructure_h
+#define DFGEdgeUsesStructure_h
+
+#include <wtf/Platform.h>
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGGraph.h"
+
+namespace JSC { namespace DFG {
+
+class EdgeUsesStructure {
+public:
+ EdgeUsesStructure()
+ : m_result(false)
+ {
+ }
+
+ void operator()(Node*, Edge edge)
+ {
+ m_result |= usesStructure(edge.useKind());
+ }
+
+ bool result() const { return m_result; }
+
+private:
+ bool m_result;
+};
+
+inline bool edgesUseStructure(Graph& graph, Node* node)
+{
+ EdgeUsesStructure edgeUsesStructure;
+ DFG_NODE_DO_TO_CHILDREN(graph, node, edgeUsesStructure);
+ return edgeUsesStructure.result();
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
+#endif // DFGEdgeUsesStructure_h
+
Modified: trunk/Source/_javascript_Core/dfg/DFGUseKind.h (153286 => 153287)
--- trunk/Source/_javascript_Core/dfg/DFGUseKind.h 2013-07-25 04:05:12 UTC (rev 153286)
+++ trunk/Source/_javascript_Core/dfg/DFGUseKind.h 2013-07-25 04:05:13 UTC (rev 153287)
@@ -159,6 +159,19 @@
}
}
+// Returns true if it uses structure in a way that could be clobbered by
+// things that change the structure.
+ALWAYS_INLINE bool usesStructure(UseKind kind)
+{
+ switch (kind) {
+ case StringObjectUse:
+ case StringOrStringObjectUse:
+ return true;
+ default:
+ return false;
+ }
+}
+
} } // namespace JSC::DFG
namespace WTF {
