Imported WebKit commit c7503cef7ecb236730d1309676ab9fc723fd061d (http://svn.webkit.org/repository/webkit/trunk@128886)

New snapshot with various build fixes
author: Simon Hausmann <simon.hausmann@digia.com> 2012-09-18 15:53:33 +0200
committer: Simon Hausmann <simon.hausmann@digia.com> 2012-09-18 15:53:33 +0200
commit: 6bbb7fbbac94d0f511a7bd0cbd50854ab643bfb2 (patch)
tree: d9c68d1cca0b3e352f1e438561f3e504e641a08f /Source/JavaScriptCore/jit
parent: d0424a769059c84ae20beb3c217812792ea6726b (diff)
download: qtwebkit-6bbb7fbbac94d0f511a7bd0cbd50854ab643bfb2.tar.gz
6 files changed, 45 insertions, 32 deletions
diff --git a/Source/JavaScriptCore/jit/JIT.h b/Source/JavaScriptCore/jit/JIT.h
index ce70b40a7..ac7c8765b 100644
--- a/Source/JavaScriptCore/jit/JIT.h
+++ b/Source/JavaScriptCore/jit/JIT.h
@@ -437,7 +437,7 @@ namespace JSC {
         template<typename ClassType, bool destructor, typename StructureType> void emitAllocateBasicJSObject(StructureType, RegisterID result, RegisterID storagePtr);
         void emitAllocateBasicStorage(size_t, ptrdiff_t offsetFromBase, RegisterID result);
         template<typename T> void emitAllocateJSFinalObject(T structure, RegisterID result, RegisterID storagePtr);
-        void emitAllocateJSArray(unsigned valuesRegister, unsigned length, RegisterID cellResult, RegisterID storageResult, RegisterID storagePtr);
+        void emitAllocateJSArray(unsigned valuesRegister, unsigned length, RegisterID cellResult, RegisterID storageResult, RegisterID storagePtr, RegisterID scratch);
         
 #if ENABLE(VALUE_PROFILER)
         // This assumes that the value to profile is in regT0 and that regT3 is available for
@@ -449,6 +449,8 @@ namespace JSC {
         void emitValueProfilingSite(unsigned) { }
         void emitValueProfilingSite() { }
 #endif
+        void emitArrayProfilingSite(RegisterID structureAndIndexingType, RegisterID scratch, ArrayProfile*);
+        void emitArrayProfilingSiteForBytecodeIndex(RegisterID structureAndIndexingType, RegisterID scratch, unsigned bytecodeIndex);
 
         enum FinalObjectMode { MayBeFinal, KnownNotFinal };
 
diff --git a/Source/JavaScriptCore/jit/JITInlineMethods.h b/Source/JavaScriptCore/jit/JITInlineMethods.h
index 35ac44b23..302e109ca 100644
--- a/Source/JavaScriptCore/jit/JITInlineMethods.h
+++ b/Source/JavaScriptCore/jit/JITInlineMethods.h
@@ -443,7 +443,7 @@ inline void JIT::emitAllocateBasicStorage(size_t size, ptrdiff_t offsetFromBase,
     subPtr(TrustedImm32(size - offsetFromBase), result);
 }
 
-inline void JIT::emitAllocateJSArray(unsigned valuesRegister, unsigned length, RegisterID cellResult, RegisterID storageResult, RegisterID storagePtr)
+inline void JIT::emitAllocateJSArray(unsigned valuesRegister, unsigned length, RegisterID cellResult, RegisterID storageResult, RegisterID storagePtr, RegisterID scratch)
 {
     unsigned initialLength = std::max(length, 4U);
     size_t initialStorage = Butterfly::totalSize(0, 0, true, ArrayStorage::sizeFor(initialLength));
@@ -453,7 +453,8 @@ inline void JIT::emitAllocateJSArray(unsigned valuesRegister, unsigned length, R
     emitAllocateBasicStorage(initialStorage, sizeof(IndexingHeader), storageResult);
 
     // Allocate the cell for the array.
-    emitAllocateBasicJSObject<JSArray, false>(TrustedImmPtr(m_codeBlock->globalObject()->arrayStructure()), cellResult, storagePtr);
+    loadPtr(m_codeBlock->globalObject()->addressOfArrayStructure(), scratch);
+    emitAllocateBasicJSObject<JSArray, false>(scratch, cellResult, storagePtr);
 
     // Store all the necessary info in the ArrayStorage.
     store32(Imm32(length), Address(storageResult, ArrayStorage::lengthOffset()));
@@ -529,7 +530,31 @@ inline void JIT::emitValueProfilingSite()
 {
     emitValueProfilingSite(m_bytecodeOffset);
 }
+#endif // ENABLE(VALUE_PROFILER)
+
+inline void JIT::emitArrayProfilingSite(RegisterID structureAndIndexingType, RegisterID scratch, ArrayProfile* arrayProfile)
+{
+    RegisterID structure = structureAndIndexingType;
+    RegisterID indexingType = structureAndIndexingType;
+    
+    if (canBeOptimized()) {
+        storePtr(structure, arrayProfile->addressOfLastSeenStructure());
+        load8(Address(structure, Structure::indexingTypeOffset()), indexingType);
+        move(TrustedImm32(1), scratch);
+        lshift32(indexingType, scratch);
+        or32(scratch, AbsoluteAddress(arrayProfile->addressOfArrayModes()));
+    } else
+        load8(Address(structure, Structure::indexingTypeOffset()), indexingType);
+}
+
+inline void JIT::emitArrayProfilingSiteForBytecodeIndex(RegisterID structureAndIndexingType, RegisterID scratch, unsigned bytecodeIndex)
+{
+#if ENABLE(VALUE_PROFILER)
+    emitArrayProfilingSite(structureAndIndexingType, scratch, m_codeBlock->getOrAddArrayProfile(bytecodeIndex));
+#else
+    emitArrayProfilingSite(structureAndIndexingType, scratch, 0);
 #endif
+}
 
 #if USE(JSVALUE32_64)
 
diff --git a/Source/JavaScriptCore/jit/JITOpcodes.cpp b/Source/JavaScriptCore/jit/JITOpcodes.cpp
index 486be6bf9..642aabb2a 100644
--- a/Source/JavaScriptCore/jit/JITOpcodes.cpp
+++ b/Source/JavaScriptCore/jit/JITOpcodes.cpp
@@ -1676,7 +1676,7 @@ void JIT::emit_op_new_array(Instruction* currentInstruction)
     int dst = currentInstruction[1].u.operand;
     int values = currentInstruction[2].u.operand;
 
-    emitAllocateJSArray(values, length, regT0, regT1, regT2);
+    emitAllocateJSArray(values, length, regT0, regT1, regT2, regT3);
     emitStoreCell(dst, regT0); 
 }
 
diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
index bca68f0b4..bbc289838 100644
--- a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
+++ b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
@@ -111,10 +111,8 @@ void JIT::emit_op_get_by_val(Instruction* currentInstruction)
 
     emitJumpSlowCaseIfNotJSCell(regT0, base);
     loadPtr(Address(regT0, JSCell::structureOffset()), regT2);
-#if ENABLE(VALUE_PROFILER)
-    storePtr(regT2, currentInstruction[4].u.arrayProfile->addressOfLastSeenStructure());
-#endif
-    addSlowCase(branchTest8(Zero, Address(regT2, Structure::indexingTypeOffset()), TrustedImm32(HasArrayStorage)));
+    emitArrayProfilingSite(regT2, regT3, currentInstruction[4].u.arrayProfile);
+    addSlowCase(branchTest32(Zero, regT2, TrustedImm32(HasArrayStorage)));
 
     loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
     addSlowCase(branch32(AboveOrEqual, regT1, Address(regT2, ArrayStorage::vectorLengthOffset())));
@@ -236,10 +234,8 @@ void JIT::emit_op_put_by_val(Instruction* currentInstruction)
     zeroExtend32ToPtr(regT1, regT1);
     emitJumpSlowCaseIfNotJSCell(regT0, base);
     loadPtr(Address(regT0, JSCell::structureOffset()), regT2);
-#if ENABLE(VALUE_PROFILER)
-    storePtr(regT2, currentInstruction[4].u.arrayProfile->addressOfLastSeenStructure());
-#endif
-    addSlowCase(branchTest8(Zero, Address(regT2, Structure::indexingTypeOffset()), TrustedImm32(HasArrayStorage)));
+    emitArrayProfilingSite(regT2, regT3, currentInstruction[4].u.arrayProfile);
+    addSlowCase(branchTest32(Zero, regT2, TrustedImm32(HasArrayStorage)));
     loadPtr(Address(regT0, JSObject::butterflyOffset()), regT2);
     addSlowCase(branch32(AboveOrEqual, regT1, Address(regT2, ArrayStorage::vectorLengthOffset())));
 
@@ -656,13 +652,10 @@ void JIT::privateCompilePatchGetArrayLength(ReturnAddressPtr returnAddress)
     StructureStubInfo* stubInfo = &m_codeBlock->getStubInfo(returnAddress);
 
     // Check eax is an array
-    loadPtr(Address(regT0, JSCell::structureOffset()), regT3);
-#if ENABLE(VALUE_PROFILER)
-    storePtr(regT3, m_codeBlock->getOrAddArrayProfile(stubInfo->bytecodeIndex)->addressOfLastSeenStructure());
-#endif
-    load8(Address(regT3, Structure::indexingTypeOffset()), regT3);
-    Jump failureCases1 = branchTest32(Zero, regT3, TrustedImm32(IsArray));
-    Jump failureCases2 = branchTest32(Zero, regT3, TrustedImm32(HasArrayStorage));
+    loadPtr(Address(regT0, JSCell::structureOffset()), regT2);
+    emitArrayProfilingSiteForBytecodeIndex(regT2, regT1, stubInfo->bytecodeIndex);
+    Jump failureCases1 = branchTest32(Zero, regT2, TrustedImm32(IsArray));
+    Jump failureCases2 = branchTest32(Zero, regT2, TrustedImm32(HasArrayStorage));
 
     // Checks out okay! - get the length from the storage
     loadPtr(Address(regT0, JSObject::butterflyOffset()), regT3);
diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
index 04d7c3815..1692f33c3 100644
--- a/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
+++ b/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
@@ -210,10 +210,8 @@ void JIT::emit_op_get_by_val(Instruction* currentInstruction)
     addSlowCase(branch32(NotEqual, regT3, TrustedImm32(JSValue::Int32Tag)));
     emitJumpSlowCaseIfNotJSCell(base, regT1);
     loadPtr(Address(regT0, JSCell::structureOffset()), regT1);
-#if ENABLE(VALUE_PROFILER)
-    storePtr(regT1, currentInstruction[4].u.arrayProfile->addressOfLastSeenStructure());
-#endif
-    addSlowCase(branchTest8(Zero, Address(regT1, Structure::indexingTypeOffset()), TrustedImm32(HasArrayStorage)));
+    emitArrayProfilingSite(regT1, regT3, currentInstruction[4].u.arrayProfile);
+    addSlowCase(branchTest32(Zero, regT1, TrustedImm32(HasArrayStorage)));
     
     loadPtr(Address(regT0, JSObject::butterflyOffset()), regT3);
     addSlowCase(branch32(AboveOrEqual, regT2, Address(regT3, ArrayStorage::vectorLengthOffset())));
@@ -269,10 +267,8 @@ void JIT::emit_op_put_by_val(Instruction* currentInstruction)
     addSlowCase(branch32(NotEqual, regT3, TrustedImm32(JSValue::Int32Tag)));
     emitJumpSlowCaseIfNotJSCell(base, regT1);
     loadPtr(Address(regT0, JSCell::structureOffset()), regT1);
-#if ENABLE(VALUE_PROFILER)
-    storePtr(regT1, currentInstruction[4].u.arrayProfile->addressOfLastSeenStructure());
-#endif
-    addSlowCase(branchTest8(Zero, Address(regT1, Structure::indexingTypeOffset()), TrustedImm32(HasArrayStorage)));
+    emitArrayProfilingSite(regT1, regT3, currentInstruction[4].u.arrayProfile);
+    addSlowCase(branchTest32(Zero, regT1, TrustedImm32(HasArrayStorage)));
     loadPtr(Address(regT0, JSObject::butterflyOffset()), regT3);
     addSlowCase(branch32(AboveOrEqual, regT2, Address(regT3, ArrayStorage::vectorLengthOffset())));
 
@@ -617,10 +613,7 @@ void JIT::privateCompilePatchGetArrayLength(ReturnAddressPtr returnAddress)
     
     // Check for array
     loadPtr(Address(regT0, JSCell::structureOffset()), regT2);
-#if ENABLE(VALUE_PROFILER)
-    storePtr(regT2, m_codeBlock->getOrAddArrayProfile(stubInfo->bytecodeIndex)->addressOfLastSeenStructure());
-#endif
-    load8(Address(regT2, Structure::indexingTypeOffset()), regT3);
+    emitArrayProfilingSiteForBytecodeIndex(regT2, regT3, stubInfo->bytecodeIndex);
     Jump failureCases1 = branchTest32(Zero, regT2, TrustedImm32(IsArray));
     Jump failureCases2 = branchTest32(Zero, regT2, TrustedImm32(HasArrayStorage));
     
diff --git a/Source/JavaScriptCore/jit/JITStubs.cpp b/Source/JavaScriptCore/jit/JITStubs.cpp
index 40d653b5d..e63f06cef 100644
--- a/Source/JavaScriptCore/jit/JITStubs.cpp
+++ b/Source/JavaScriptCore/jit/JITStubs.cpp
@@ -2323,7 +2323,7 @@ DEFINE_STUB_FUNCTION(void, op_tear_off_arguments)
     ASSERT(callFrame->codeBlock()->usesArguments());
     Arguments* arguments = jsCast<Arguments*>(stackFrame.args[0].jsValue());
     if (JSValue activationValue = stackFrame.args[1].jsValue()) {
-        arguments->didTearOffActivation(callFrame->globalData(), jsCast<JSActivation*>(activationValue));
+        arguments->didTearOffActivation(callFrame, jsCast<JSActivation*>(activationValue));
         return;
     }
     arguments->tearOff(callFrame);
author	Simon Hausmann <simon.hausmann@digia.com>	2012-09-18 15:53:33 +0200
committer	Simon Hausmann <simon.hausmann@digia.com>	2012-09-18 15:53:33 +0200
commit	6bbb7fbbac94d0f511a7bd0cbd50854ab643bfb2 (patch)
tree	d9c68d1cca0b3e352f1e438561f3e504e641a08f /Source/JavaScriptCore/jit
parent	d0424a769059c84ae20beb3c217812792ea6726b (diff)
download	qtwebkit-6bbb7fbbac94d0f511a7bd0cbd50854ab643bfb2.tar.gz