From 8995b83bcbfbb68245f779b64e5517627c6cc6ea Mon Sep 17 00:00:00 2001 From: Simon Hausmann Date: Wed, 17 Oct 2012 16:21:14 +0200 Subject: Imported WebKit commit cf4f8fc6f19b0629f51860cb2d4b25e139d07e00 (http://svn.webkit.org/repository/webkit/trunk@131592) New snapshot that includes the build fixes for Mac OS X 10.6 and earlier as well as the previously cherry-picked changes --- Source/JavaScriptCore/dfg/DFGAbstractState.cpp | 32 +++++++++++++++++++------- 1 file changed, 24 insertions(+), 8 deletions(-) (limited to 'Source/JavaScriptCore/dfg/DFGAbstractState.cpp') diff --git a/Source/JavaScriptCore/dfg/DFGAbstractState.cpp b/Source/JavaScriptCore/dfg/DFGAbstractState.cpp index db0861c7d..da5682f55 100644 --- a/Source/JavaScriptCore/dfg/DFGAbstractState.cpp +++ b/Source/JavaScriptCore/dfg/DFGAbstractState.cpp @@ -859,12 +859,16 @@ bool AbstractState::execute(unsigned indexInBlock) forNode(node.child2()).filter(SpecInt32); forNode(nodeIndex).makeTop(); break; + case IN_BOUNDS_CONTIGUOUS_MODES: case IN_BOUNDS_ARRAY_STORAGE_MODES: forNode(node.child2()).filter(SpecInt32); forNode(nodeIndex).makeTop(); break; + case OUT_OF_BOUNDS_CONTIGUOUS_MODES: case OUT_OF_BOUNDS_ARRAY_STORAGE_MODES: - case ALL_EFFECTFUL_ARRAY_STORAGE_MODES: + case SLOW_PUT_ARRAY_STORAGE_MODES: + case ALL_EFFECTFUL_MODES: + forNode(node.child1()).filter(SpecCell); forNode(node.child2()).filter(SpecInt32); clobberWorld(node.codeOrigin, indexInBlock); forNode(nodeIndex).makeTop(); @@ -908,6 +912,9 @@ bool AbstractState::execute(unsigned indexInBlock) forNode(node.child2()).filter(SpecInt32); forNode(nodeIndex).set(SpecDouble); break; + default: + ASSERT_NOT_REACHED(); + break; } break; } @@ -915,6 +922,7 @@ bool AbstractState::execute(unsigned indexInBlock) case PutByVal: case PutByValAlias: { node.setCanExit(true); + Edge child1 = m_graph.varArgChild(node, 0); Edge child2 = m_graph.varArgChild(node, 1); Edge child3 = m_graph.varArgChild(node, 2); switch (modeForPut(node.arrayMode())) { @@ -924,11 +932,17 @@ bool AbstractState::execute(unsigned indexInBlock) case Array::Generic: clobberWorld(node.codeOrigin, indexInBlock); break; + case IN_BOUNDS_CONTIGUOUS_MODES: + case CONTIGUOUS_TO_TAIL_MODES: case IN_BOUNDS_ARRAY_STORAGE_MODES: forNode(child2).filter(SpecInt32); break; + case OUT_OF_BOUNDS_CONTIGUOUS_MODES: + case ARRAY_STORAGE_TO_HOLE_MODES: case OUT_OF_BOUNDS_ARRAY_STORAGE_MODES: - case ALL_EFFECTFUL_ARRAY_STORAGE_MODES: + case SLOW_PUT_ARRAY_STORAGE_MODES: + case ALL_EFFECTFUL_MODES: + forNode(child1).filter(SpecCell); forNode(child2).filter(SpecInt32); clobberWorld(node.codeOrigin, indexInBlock); break; @@ -1110,16 +1124,15 @@ bool AbstractState::execute(unsigned indexInBlock) break; case NewArrayBuffer: - // Unless we're having a bad time, this node can change its mind about what structure - // it uses. - node.setCanExit(false); - forNode(nodeIndex).set(SpecArray); + node.setCanExit(true); + forNode(nodeIndex).set(m_graph.globalObjectFor(node.codeOrigin)->arrayStructure()); + m_haveStructures = true; break; case NewArrayWithSize: node.setCanExit(true); forNode(node.child1()).filter(SpecInt32); - forNode(nodeIndex).set(m_graph.globalObjectFor(node.codeOrigin)->arrayStructure()); + forNode(nodeIndex).set(SpecArray); m_haveStructures = true; break; @@ -1367,6 +1380,7 @@ bool AbstractState::execute(unsigned indexInBlock) case Array::String: forNode(node.child1()).filter(SpecString); break; + case ALL_CONTIGUOUS_MODES: case ALL_ARRAY_STORAGE_MODES: // This doesn't filter anything meaningful right now. We may want to add // CFA tracking of array mode speculations, but we don't have that, yet. @@ -1410,9 +1424,11 @@ bool AbstractState::execute(unsigned indexInBlock) } case Arrayify: { switch (node.arrayMode()) { - case EFFECTFUL_NON_ARRAY_ARRAY_STORAGE_MODES: + case ALL_EFFECTFUL_MODES: node.setCanExit(true); forNode(node.child1()).filter(SpecCell); + if (node.child2()) + forNode(node.child2()).filter(SpecInt32); forNode(nodeIndex).clear(); clobberStructures(indexInBlock); break; -- cgit v1.2.1