webkitgtk-2.4.11webkitgtk-2.4.11

author: Lorry Tar Creator <lorry-tar-importer@lorry> 2016-04-10 09:28:39 +0000
committer: Lorry Tar Creator <lorry-tar-importer@lorry> 2016-04-10 09:28:39 +0000
commit: 32761a6cee1d0dee366b885b7b9c777e67885688 (patch)
tree: d6bec92bebfb216f4126356e55518842c2f476a1 /Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp
parent: a4e969f4965059196ca948db781e52f7cfebf19e (diff)
download: WebKitGtk-tarball-32761a6cee1d0dee366b885b7b9c777e67885688.tar.gz
1 files changed, 95 insertions, 20 deletions
diff --git a/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp b/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp
index c967f622e..78df55009 100644
--- a/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013-2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -32,15 +32,7 @@
 #include "DFGClobberize.h"
 #include "DFGGraph.h"
 #include "DFGPhase.h"
-#include "JSCInlines.h"
-
-// FIXME: Remove this phase entirely by moving the addLazily() calls into either the backend or
-// into the phase that performs the optimization. Moving the calls into the backend makes the most
-// sense when the intermediate phases don't need to know that the watchpoint was set. Moving the
-// calls earlier usually only makes sense if the node's only purpose was to convey the need for
-// the watchpoint (like VarInjectionWatchpoint). But, it can also make sense if the fact that the
-// watchpoint was set enables other optimizations.
-// https://bugs.webkit.org/show_bug.cgi?id=144669
+#include "Operations.h"
 
 namespace JSC { namespace DFG {
 
@@ -72,7 +64,10 @@ public:
 private:
     void handle()
     {
+        DFG_NODE_DO_TO_CHILDREN(m_graph, m_node, handleEdge);
+        
         switch (m_node->op()) {
+        case CompareEqConstant:
         case IsUndefined:
             handleMasqueradesAsUndefined();
             break;
@@ -80,27 +75,93 @@ private:
         case CompareEq:
             if (m_node->isBinaryUseKind(ObjectUse)
                 || (m_node->child1().useKind() == ObjectUse && m_node->child2().useKind() == ObjectOrOtherUse)
-                || (m_node->child1().useKind() == ObjectOrOtherUse && m_node->child2().useKind() == ObjectUse)
-                || (m_node->child1().useKind() == OtherUse || m_node->child2().useKind() == OtherUse))
+                || (m_node->child1().useKind() == ObjectOrOtherUse && m_node->child2().useKind() == ObjectUse))
                 handleMasqueradesAsUndefined();
             break;
             
         case LogicalNot:
         case Branch:
-            switch (m_node->child1().useKind()) {
-            case ObjectOrOtherUse:
-            case UntypedUse:
+            if (m_node->child1().useKind() == ObjectOrOtherUse)
                 handleMasqueradesAsUndefined();
-                break;
-            default:
-                break;
+            break;
+            
+        case GetByVal:
+            if (m_node->arrayMode().type() == Array::Double
+                && m_node->arrayMode().isSaneChain()) {
+                addLazily(globalObject()->arrayPrototype()->structure()->transitionWatchpointSet());
+                addLazily(globalObject()->objectPrototype()->structure()->transitionWatchpointSet());
             }
+            
+            if (m_node->arrayMode().type() == Array::String)
+                handleStringGetByVal();
+
+            if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node))
+                addLazily(view);
+            break;
+            
+        case PutByVal:
+            if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node))
+                addLazily(view);
+            break;
+            
+        case StringCharAt:
+            handleStringGetByVal();
+            break;
+            
+        case NewArray:
+        case NewArrayWithSize:
+        case NewArrayBuffer:
+            if (!globalObject()->isHavingABadTime() && !hasArrayStorage(m_node->indexingType()))
+                addLazily(globalObject()->havingABadTimeWatchpoint());
+            break;
+            
+        case AllocationProfileWatchpoint:
+            addLazily(jsCast<JSFunction*>(m_node->function())->allocationProfileWatchpointSet());
+            break;
+            
+        case StructureTransitionWatchpoint:
+            m_graph.watchpoints().addLazily(
+                m_node->codeOrigin,
+                m_node->child1()->op() == WeakJSConstant ? BadWeakConstantCacheWatchpoint : BadCacheWatchpoint,
+                m_node->structure()->transitionWatchpointSet());
+            break;
+            
+        case VariableWatchpoint:
+            addLazily(m_node->variableWatchpointSet());
             break;
             
         case VarInjectionWatchpoint:
             addLazily(globalObject()->varInjectionWatchpoint());
             break;
             
+        case FunctionReentryWatchpoint:
+            addLazily(m_node->symbolTable()->m_functionEnteredOnce);
+            break;
+            
+        case TypedArrayWatchpoint:
+            addLazily(m_node->typedArray());
+            break;
+            
+        default:
+            break;
+        }
+    }
+    
+    void handleEdge(Node*, Edge edge)
+    {
+        switch (edge.useKind()) {
+        case StringObjectUse:
+        case StringOrStringObjectUse: {
+            Structure* stringObjectStructure = globalObject()->stringObjectStructure();
+            Structure* stringPrototypeStructure = stringObjectStructure->storedPrototype().asCell()->structure();
+            ASSERT(m_graph.watchpoints().isValidOrMixed(stringPrototypeStructure->transitionWatchpointSet()));
+            
+            m_graph.watchpoints().addLazily(
+                m_node->codeOrigin, NotStringObject,
+                stringPrototypeStructure->transitionWatchpointSet());
+            break;
+        }
+            
         default:
             break;
         }
@@ -108,10 +169,20 @@ private:
     
     void handleMasqueradesAsUndefined()
     {
-        if (m_graph.masqueradesAsUndefinedWatchpointIsStillValid(m_node->origin.semantic))
+        if (m_graph.masqueradesAsUndefinedWatchpointIsStillValid(m_node->codeOrigin))
             addLazily(globalObject()->masqueradesAsUndefinedWatchpoint());
     }
     
+    void handleStringGetByVal()
+    {
+        if (!m_node->arrayMode().isOutOfBounds())
+            return;
+        if (!globalObject()->stringPrototypeChainIsSane())
+            return;
+        addLazily(globalObject()->stringPrototype()->structure()->transitionWatchpointSet());
+        addLazily(globalObject()->objectPrototype()->structure()->transitionWatchpointSet());
+    }
+
     void addLazily(WatchpointSet* set)
     {
         m_graph.watchpoints().addLazily(set);
@@ -120,10 +191,14 @@ private:
     {
         m_graph.watchpoints().addLazily(set);
     }
+    void addLazily(JSArrayBufferView* view)
+    {
+        m_graph.watchpoints().addLazily(view);
+    }
     
     JSGlobalObject* globalObject()
     {
-        return m_graph.globalObjectFor(m_node->origin.semantic);
+        return m_graph.globalObjectFor(m_node->codeOrigin);
     }
     
     Node* m_node;
author	Lorry Tar Creator <lorry-tar-importer@lorry>	2016-04-10 09:28:39 +0000
committer	Lorry Tar Creator <lorry-tar-importer@lorry>	2016-04-10 09:28:39 +0000
commit	32761a6cee1d0dee366b885b7b9c777e67885688 (patch)
tree	d6bec92bebfb216f4126356e55518842c2f476a1 /Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp
parent	a4e969f4965059196ca948db781e52f7cfebf19e (diff)
download	WebKitGtk-tarball-32761a6cee1d0dee366b885b7b9c777e67885688.tar.gz