Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (158982 => 158983)
--- trunk/Source/_javascript_Core/ChangeLog 2013-11-09 01:43:45 UTC (rev 158982)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-11-09 01:44:56 UTC (rev 158983)
@@ -1,5 +1,24 @@
2013-11-08 Filip Pizlo <[email protected]>
+ FTL should support AllocatePropertyStorage
+ https://bugs.webkit.org/show_bug.cgi?id=124086
+
+ Reviewed by Oliver Hunt.
+
+ Also rationalized some offsets in the DFG.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
+ (JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLIntrinsicRepository.h:
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::compileNode):
+ (JSC::FTL::LowerDFGToLLVM::compileAllocatePropertyStorage):
+
+2013-11-08 Filip Pizlo <[email protected]>
+
Get rid of the bizarre Darwin/x86-only MacroAssembler::shouldBlindForSpecificArch(uintptr_t) overload
https://bugs.webkit.org/show_bug.cgi?id=124087
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (158982 => 158983)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2013-11-09 01:43:45 UTC (rev 158982)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2013-11-09 01:44:56 UTC (rev 158983)
@@ -4510,7 +4510,7 @@
emitAllocateBasicStorage(
TrustedImm32(initialOutOfLineCapacity * sizeof(JSValue)), scratchGPR);
- m_jit.addPtr(JITCompiler::TrustedImm32(sizeof(JSValue)), scratchGPR);
+ m_jit.addPtr(JITCompiler::TrustedImm32(sizeof(IndexingHeader)), scratchGPR);
addSlowPathGenerator(
slowPathCall(slowPath, this, operationAllocatePropertyStorageWithInitialCapacity, scratchGPR));
@@ -4553,7 +4553,7 @@
JITCompiler::Jump slowPath =
emitAllocateBasicStorage(TrustedImm32(newSize), scratchGPR2);
- m_jit.addPtr(JITCompiler::TrustedImm32(sizeof(JSValue)), scratchGPR2);
+ m_jit.addPtr(JITCompiler::TrustedImm32(sizeof(IndexingHeader)), scratchGPR2);
addSlowPathGenerator(
slowPathCall(slowPath, this, operationAllocatePropertyStorage, scratchGPR2, newSize / sizeof(JSValue)));
Modified: trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp (158982 => 158983)
--- trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2013-11-09 01:43:45 UTC (rev 158982)
+++ trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2013-11-09 01:44:56 UTC (rev 158983)
@@ -102,6 +102,7 @@
case StringCharAt:
case CheckFunction:
case StringCharCodeAt:
+ case AllocatePropertyStorage:
// These are OK.
break;
case GetById:
Modified: trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h (158982 => 158983)
--- trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h 2013-11-09 01:43:45 UTC (rev 158982)
+++ trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h 2013-11-09 01:44:56 UTC (rev 158983)
@@ -56,7 +56,9 @@
macro(J_JITOperation_EJssZ, functionType(int64, intPtr, intPtr, int32)) \
macro(J_JITOperation_ESsiJI, functionType(int64, intPtr, intPtr, int64, intPtr)) \
macro(Jss_JITOperation_EZ, functionType(intPtr, intPtr, int32)) \
+ macro(P_JITOperation_E, functionType(intPtr, intPtr)) \
macro(P_JITOperation_EC, functionType(intPtr, intPtr, intPtr)) \
+ macro(P_JITOperation_EO, functionType(intPtr, intPtr, intPtr)) \
macro(P_JITOperation_ESt, functionType(intPtr, intPtr, intPtr)) \
macro(P_JITOperation_EStPS, functionType(intPtr, intPtr, intPtr, intPtr, intPtr)) \
macro(P_JITOperation_EStSS, functionType(intPtr, intPtr, intPtr, intPtr, intPtr)) \
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (158982 => 158983)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2013-11-09 01:43:45 UTC (rev 158982)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2013-11-09 01:44:56 UTC (rev 158983)
@@ -377,6 +377,9 @@
case NewArrayBuffer:
compileNewArrayBuffer();
break;
+ case AllocatePropertyStorage:
+ compileAllocatePropertyStorage();
+ break;
case StringCharAt:
compileStringCharAt();
break;
@@ -1894,6 +1897,48 @@
m_out.constIntPtr(m_node->numConstants())));
}
+ void compileAllocatePropertyStorage()
+ {
+ StructureTransitionData& data = ""
+
+ LValue object = lowCell(m_node->child1());
+
+ if (data.previousStructure->couldHaveIndexingHeader()) {
+ setStorage(vmCall(
+ m_out.operation(
+ operationReallocateButterflyToHavePropertyStorageWithInitialCapacity),
+ m_callFrame, object));
+ return;
+ }
+
+ LBasicBlock slowPath = FTL_NEW_BLOCK(m_out, ("AllocatePropertyStorage slow path"));
+ LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("AllocatePropertyStorage continuation"));
+
+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath);
+
+ LValue endOfStorage = allocateBasicStorageAndGetEnd(
+ m_out.constIntPtr(initialOutOfLineCapacity * sizeof(JSValue)), slowPath);
+
+ ValueFromBlock fastButterfly = m_out.anchor(
+ m_out.add(m_out.constIntPtr(sizeof(IndexingHeader)), endOfStorage));
+
+ m_out.jump(continuation);
+
+ m_out.appendTo(slowPath, continuation);
+
+ ValueFromBlock slowButterfly = m_out.anchor(vmCall(
+ m_out.operation(operationAllocatePropertyStorageWithInitialCapacity), m_callFrame));
+
+ m_out.jump(continuation);
+
+ m_out.appendTo(continuation, lastNext);
+
+ LValue result = m_out.phi(m_out.intPtr, fastButterfly, slowButterfly);
+ m_out.storePtr(result, object, m_heaps.JSObject_butterfly);
+
+ setStorage(result);
+ }
+
void compileStringCharAt()
{
LValue base = lowCell(m_node->child1());
