Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (182928 => 182929)
--- trunk/Source/_javascript_Core/ChangeLog 2015-04-17 00:28:20 UTC (rev 182928)
+++ trunk/Source/_javascript_Core/ChangeLog 2015-04-17 00:44:58 UTC (rev 182929)
@@ -1,3 +1,18 @@
+2015-04-16 Basile Clement <basile_clem...@apple.com>
+
+ Inline JSFunction allocation in FTL
+ https://bugs.webkit.org/show_bug.cgi?id=143851
+
+ Reviewed by Filip Pizlo.
+
+ JSFunction allocation is a simple operation that should be inlined when possible.
+
+ * ftl/FTLAbstractHeapRepository.h:
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::compileNewFunction):
+ * runtime/JSFunction.h:
+ (JSC::JSFunction::allocationSize):
+
2015-04-16 Mark Lam <mark....@apple.com>
Add $vm debugging tool.
Modified: trunk/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h (182928 => 182929)
--- trunk/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h 2015-04-17 00:28:20 UTC (rev 182928)
+++ trunk/Source/_javascript_Core/ftl/FTLAbstractHeapRepository.h 2015-04-17 00:44:58 UTC (rev 182929)
@@ -60,6 +60,7 @@
macro(JSCell_gcData, JSCell::gcDataOffset()) \
macro(JSFunction_executable, JSFunction::offsetOfExecutable()) \
macro(JSFunction_scope, JSFunction::offsetOfScopeChain()) \
+ macro(JSFunction_rareData, JSFunction::offsetOfRareData()) \
macro(JSObject_butterfly, JSObject::butterflyOffset()) \
macro(JSPropertyNameEnumerator_cachedInlineCapacity, JSPropertyNameEnumerator::cachedInlineCapacityOffset()) \
macro(JSPropertyNameEnumerator_cachedPropertyNamesVector, JSPropertyNameEnumerator::cachedPropertyNamesVectorOffset()) \
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (182928 => 182929)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2015-04-17 00:28:20 UTC (rev 182928)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2015-04-17 00:44:58 UTC (rev 182929)
@@ -2920,17 +2920,43 @@
void compileNewFunction()
{
+ LValue scope = lowCell(m_node->child1());
FunctionExecutable* executable = m_node->castOperand<FunctionExecutable*>();
- J_JITOperation_EJscC function;
- if (executable->singletonFunction()->isStillValid())
- function = operationNewFunction;
- else
- function = operationNewFunctionWithInvalidatedReallocationWatchpoint;
+ if (executable->singletonFunction()->isStillValid()) {
+ LValue callResult = vmCall(
+ m_out.operation(operationNewFunction), m_callFrame, scope, weakPointer(executable));
+ setJSValue(callResult);
+ return;
+ }
- LValue result = vmCall(
- m_out.operation(function), m_callFrame, lowCell(m_node->child1()),
- weakPointer(executable));
- setJSValue(result);
+ Structure* structure = m_graph.globalObjectFor(m_node->origin.semantic)->functionStructure();
+
+ LBasicBlock slowPath = FTL_NEW_BLOCK(m_out, ("NewFunction slow path"));
+ LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("NewFunction continuation"));
+
+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(slowPath);
+
+ LValue fastObject = allocateObject<JSFunction>(
+ structure, m_out.intPtrZero, slowPath);
+
+ // We don't need memory barriers since we just fast-created the function, so it
+ // must be young.
+ m_out.storePtr(scope, fastObject, m_heaps.JSFunction_scope);
+ m_out.storePtr(weakPointer(executable), fastObject, m_heaps.JSFunction_executable);
+ m_out.storePtr(m_out.intPtrZero, fastObject, m_heaps.JSFunction_rareData);
+
+ ValueFromBlock fastResult = m_out.anchor(fastObject);
+ m_out.jump(continuation);
+
+ m_out.appendTo(slowPath, continuation);
+ LValue callResult = vmCall(
+ m_out.operation(operationNewFunctionWithInvalidatedReallocationWatchpoint),
+ m_callFrame, scope, weakPointer(executable));
+ ValueFromBlock slowResult = m_out.anchor(callResult);
+ m_out.jump(continuation);
+
+ m_out.appendTo(continuation, lastNext);
+ setJSValue(m_out.phi(m_out.intPtr, fastResult, slowResult));
}
void compileCreateDirectArguments()
Modified: trunk/Source/_javascript_Core/runtime/JSFunction.h (182928 => 182929)
--- trunk/Source/_javascript_Core/runtime/JSFunction.h 2015-04-17 00:28:20 UTC (rev 182928)
+++ trunk/Source/_javascript_Core/runtime/JSFunction.h 2015-04-17 00:44:58 UTC (rev 182929)
@@ -59,6 +59,12 @@
typedef JSCallee Base;
const static unsigned StructureFlags = Base::StructureFlags | OverridesGetOwnPropertySlot | OverridesGetPropertyNames;
+ static size_t allocationSize(size_t inlineCapacity)
+ {
+ ASSERT_UNUSED(inlineCapacity, !inlineCapacity);
+ return sizeof(JSFunction);
+ }
+
JS_EXPORT_PRIVATE static JSFunction* create(VM&, JSGlobalObject*, int length, const String& name, NativeFunction, Intrinsic = NoIntrinsic, NativeFunction nativeConstructor = callHostFunctionAsConstructor);
static JSFunction* createWithInvalidatedReallocationWatchpoint(VM&, FunctionExecutable*, JSScope*);
