summaryrefslogtreecommitdiff
path: root/Source/JavaScriptCore/jit
diff options
context:
space:
mode:
Diffstat (limited to 'Source/JavaScriptCore/jit')
-rw-r--r--Source/JavaScriptCore/jit/JIT.h1
-rw-r--r--Source/JavaScriptCore/jit/JITInlineMethods.h8
-rw-r--r--Source/JavaScriptCore/jit/JITPropertyAccess.cpp1
-rw-r--r--Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp1
4 files changed, 11 insertions, 0 deletions
diff --git a/Source/JavaScriptCore/jit/JIT.h b/Source/JavaScriptCore/jit/JIT.h
index ac7c8765b..150aae9ea 100644
--- a/Source/JavaScriptCore/jit/JIT.h
+++ b/Source/JavaScriptCore/jit/JIT.h
@@ -451,6 +451,7 @@ namespace JSC {
#endif
void emitArrayProfilingSite(RegisterID structureAndIndexingType, RegisterID scratch, ArrayProfile*);
void emitArrayProfilingSiteForBytecodeIndex(RegisterID structureAndIndexingType, RegisterID scratch, unsigned bytecodeIndex);
+ void emitArrayProfileStoreToHoleSpecialCase(ArrayProfile*);
enum FinalObjectMode { MayBeFinal, KnownNotFinal };
diff --git a/Source/JavaScriptCore/jit/JITInlineMethods.h b/Source/JavaScriptCore/jit/JITInlineMethods.h
index 302e109ca..a4f9107df 100644
--- a/Source/JavaScriptCore/jit/JITInlineMethods.h
+++ b/Source/JavaScriptCore/jit/JITInlineMethods.h
@@ -556,6 +556,14 @@ inline void JIT::emitArrayProfilingSiteForBytecodeIndex(RegisterID structureAndI
#endif
}
+inline void JIT::emitArrayProfileStoreToHoleSpecialCase(ArrayProfile* arrayProfile)
+{
+ if (!canBeOptimized())
+ return;
+
+ store8(TrustedImm32(1), arrayProfile->addressOfMayStoreToHole());
+}
+
#if USE(JSVALUE32_64)
inline void JIT::emitLoadTag(int index, RegisterID tag)
diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
index bbc289838..b4d52e225 100644
--- a/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
+++ b/Source/JavaScriptCore/jit/JITPropertyAccess.cpp
@@ -247,6 +247,7 @@ void JIT::emit_op_put_by_val(Instruction* currentInstruction)
Jump end = jump();
empty.link(this);
+ emitArrayProfileStoreToHoleSpecialCase(currentInstruction[4].u.arrayProfile);
add32(TrustedImm32(1), Address(regT2, OBJECT_OFFSETOF(ArrayStorage, m_numValuesInVector)));
branch32(Below, regT1, Address(regT2, ArrayStorage::lengthOffset())).linkTo(storeResult, this);
diff --git a/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp b/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
index 1692f33c3..ed561a28b 100644
--- a/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
+++ b/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp
@@ -283,6 +283,7 @@ void JIT::emit_op_put_by_val(Instruction* currentInstruction)
Jump end = jump();
empty.link(this);
+ emitArrayProfileStoreToHoleSpecialCase(currentInstruction[4].u.arrayProfile);
add32(TrustedImm32(1), Address(regT3, OBJECT_OFFSETOF(ArrayStorage, m_numValuesInVector)));
branch32(Below, regT2, Address(regT3, ArrayStorage::lengthOffset())).linkTo(storeResult, this);
View Lorry Controller Status