Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (157408 => 157409)
--- trunk/Source/_javascript_Core/ChangeLog 2013-10-14 17:55:52 UTC (rev 157408)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-10-14 18:08:11 UTC (rev 157409)
@@ -1,3 +1,29 @@
+2013-10-13 Filip Pizlo <[email protected]>
+
+ FTL should have an inefficient but correct implementation of GetById
+ https://bugs.webkit.org/show_bug.cgi?id=122740
+
+ Reviewed by Mark Hahnenberg.
+
+ It took some effort to realize that the node->prediction() check in the DFG backends
+ are completely unnecessary since the ByteCodeParser will always insert a ForceOSRExit
+ if !prediction.
+
+ But other than that this was an easy patch.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::handleGetById):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLIntrinsicRepository.h:
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::compileNode):
+ (JSC::FTL::LowerDFGToLLVM::compileGetById):
+
2013-10-13 Mark Lam <[email protected]>
Transition misc cti_op_* JITStubs to JIT operations.
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (157408 => 157409)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2013-10-14 17:55:52 UTC (rev 157408)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2013-10-14 18:08:11 UTC (rev 157409)
@@ -1768,11 +1768,7 @@
ASSERT(getByIdStatus.structureSet().size());
- // The implementation of GetByOffset does not know to terminate speculative
- // execution if it doesn't have a prediction, so we do it manually.
- if (prediction == SpecNone)
- addToGraph(ForceOSRExit);
- else if (m_graph.compilation())
+ if (m_graph.compilation())
m_graph.compilation()->noticeInlinedGetById();
Node* originalBaseForBaselineJIT = base;
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (157408 => 157409)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2013-10-14 17:55:52 UTC (rev 157408)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2013-10-14 18:08:11 UTC (rev 157409)
@@ -3778,10 +3778,7 @@
}
case GetById: {
- if (!node->prediction()) {
- terminateSpeculativeExecution(InadequateCoverage, JSValueRegs(), 0);
- break;
- }
+ ASSERT(node->prediction());
switch (node->child1().useKind()) {
case CellUse: {
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (157408 => 157409)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2013-10-14 17:55:52 UTC (rev 157408)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2013-10-14 18:08:11 UTC (rev 157409)
@@ -4068,10 +4068,7 @@
break;
}
case GetById: {
- if (!node->prediction()) {
- terminateSpeculativeExecution(InadequateCoverage, JSValueRegs(), 0);
- break;
- }
+ ASSERT(node->prediction());
switch (node->child1().useKind()) {
case CellUse: {
Modified: trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp (157408 => 157409)
--- trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2013-10-14 17:55:52 UTC (rev 157408)
+++ trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2013-10-14 18:08:11 UTC (rev 157409)
@@ -94,6 +94,7 @@
case GetClosureRegisters:
case GetClosureVar:
case PutClosureVar:
+ case GetById:
// These are OK.
break;
case GetIndexedPropertyStorage:
Modified: trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h (157408 => 157409)
--- trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h 2013-10-14 17:55:52 UTC (rev 157408)
+++ trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h 2013-10-14 18:08:11 UTC (rev 157409)
@@ -51,6 +51,7 @@
#define FOR_EACH_FUNCTION_TYPE(macro) \
macro(I_JITOperation_EJss, functionType(intPtr, intPtr, intPtr)) \
macro(J_JITOperation_E, functionType(int64, intPtr)) \
+ macro(J_JITOperation_EJI, functionType(int64, intPtr, int64, intPtr)) \
macro(P_JITOperation_EC, functionType(intPtr, intPtr, intPtr)) \
macro(V_JITOperation_EOZD, functionType(voidType, intPtr, intPtr, int32, doubleType)) \
macro(V_JITOperation_EOZJ, functionType(voidType, intPtr, intPtr, int32, int64)) \
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (157408 => 157409)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2013-10-14 17:55:52 UTC (rev 157408)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2013-10-14 18:08:11 UTC (rev 157409)
@@ -348,6 +348,9 @@
case PhantomPutStructure:
compilePhantomPutStructure();
break;
+ case GetById:
+ compileGetById();
+ break;
case GetButterfly:
compileGetButterfly();
break;
@@ -1209,6 +1212,26 @@
m_ftlState.jitCode->common.notifyCompilingStructureTransition(m_graph.m_plan, codeBlock(), m_node);
}
+ void compileGetById()
+ {
+ LValue base = 0;
+
+ switch (m_node->child1().useKind()) {
+ case CellUse:
+ base = lowCell(m_node->child1());
+ break;
+ case UntypedUse:
+ base = lowJSValue(m_node->child1());
+ break;
+ default:
+ RELEASE_ASSERT_NOT_REACHED();
+ break;
+ }
+
+ StringImpl* uid = m_graph.identifiers()[m_node->identifierNumber()];
+ setJSValue(vmCall(m_out.operation(operationGetById), m_callFrame, base, m_out.constIntPtr(uid)));
+ }
+
void compileGetButterfly()
{
setStorage(m_out.loadPtr(lowCell(m_node->child1()), m_heaps.JSObject_butterfly));
