Modified: trunk/Source/_javascript_Core/ChangeLog (200990 => 200991)
--- trunk/Source/_javascript_Core/ChangeLog 2016-05-17 03:28:46 UTC (rev 200990)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-05-17 03:31:12 UTC (rev 200991)
@@ -1,5 +1,20 @@
2016-05-16 Benjamin Poulain <bpoul...@apple.com>
+ [JSC] Remove the index check from op_get_by_val/op_put_by_val when the index is constant
+ https://bugs.webkit.org/show_bug.cgi?id=157766
+
+ Reviewed by Geoffrey Garen.
+
+ If the index is an integer constant, do not generate the index check.
+
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emitSlow_op_put_by_val):
+
+2016-05-16 Benjamin Poulain <bpoul...@apple.com>
+
[JSC][DFG] Fill spilled Int32 as Int32 instead of JSInt32
https://bugs.webkit.org/show_bug.cgi?id=157700
Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp (200990 => 200991)
--- trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2016-05-17 03:28:46 UTC (rev 200990)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2016-05-17 03:31:12 UTC (rev 200991)
@@ -100,20 +100,28 @@
ArrayProfile* profile = ""
ByValInfo* byValInfo = m_codeBlock->addByValInfo();
- emitGetVirtualRegisters(base, regT0, property, regT1);
+ emitGetVirtualRegister(base, regT0);
+ bool propertyNameIsIntegerConstant = isOperandConstantInt(property);
+ if (propertyNameIsIntegerConstant)
+ move(Imm32(getOperandConstantInt(property)), regT1);
+ else
+ emitGetVirtualRegister(property, regT1);
emitJumpSlowCaseIfNotJSCell(regT0, base);
- PatchableJump notIndex = emitPatchableJumpIfNotInt(regT1);
- addSlowCase(notIndex);
+ PatchableJump notIndex;
+ if (!propertyNameIsIntegerConstant) {
+ notIndex = emitPatchableJumpIfNotInt(regT1);
+ addSlowCase(notIndex);
- // This is technically incorrect - we're zero-extending an int32. On the hot path this doesn't matter.
- // We check the value as if it was a uint32 against the m_vectorLength - which will always fail if
- // number was signed since m_vectorLength is always less than intmax (since the total allocation
- // size is always less than 4Gb). As such zero extending will have been correct (and extending the value
- // to 64-bits is necessary since it's used in the address calculation). We zero extend rather than sign
- // extending since it makes it easier to re-tag the value in the slow case.
- zeroExtend32ToPtr(regT1, regT1);
+ // This is technically incorrect - we're zero-extending an int32. On the hot path this doesn't matter.
+ // We check the value as if it was a uint32 against the m_vectorLength - which will always fail if
+ // number was signed since m_vectorLength is always less than intmax (since the total allocation
+ // size is always less than 4Gb). As such zero extending will have been correct (and extending the value
+ // to 64-bits is necessary since it's used in the address calculation). We zero extend rather than sign
+ // extending since it makes it easier to re-tag the value in the slow case.
+ zeroExtend32ToPtr(regT1, regT1);
+ }
emitArrayProfilingSiteWithCell(regT0, regT2, profile);
and32(TrustedImm32(IndexingShapeMask), regT2);
@@ -237,7 +245,9 @@
ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo;
linkSlowCaseIfNotJSCell(iter, base); // base cell check
- linkSlowCase(iter); // property int32 check
+
+ if (!isOperandConstantInt(property))
+ linkSlowCase(iter); // property int32 check
Jump nonCell = jump();
linkSlowCase(iter); // base array check
Jump notString = branchStructure(NotEqual,
@@ -274,12 +284,21 @@
ArrayProfile* profile = ""
ByValInfo* byValInfo = m_codeBlock->addByValInfo();
- emitGetVirtualRegisters(base, regT0, property, regT1);
+ emitGetVirtualRegister(base, regT0);
+ bool propertyNameIsIntegerConstant = isOperandConstantInt(property);
+ if (propertyNameIsIntegerConstant)
+ move(Imm32(getOperandConstantInt(property)), regT1);
+ else
+ emitGetVirtualRegister(property, regT1);
+
emitJumpSlowCaseIfNotJSCell(regT0, base);
- PatchableJump notIndex = emitPatchableJumpIfNotInt(regT1);
- addSlowCase(notIndex);
- // See comment in op_get_by_val.
- zeroExtend32ToPtr(regT1, regT1);
+ PatchableJump notIndex;
+ if (!propertyNameIsIntegerConstant) {
+ notIndex = emitPatchableJumpIfNotInt(regT1);
+ addSlowCase(notIndex);
+ // See comment in op_get_by_val.
+ zeroExtend32ToPtr(regT1, regT1);
+ }
emitArrayProfilingSiteWithCell(regT0, regT2, profile);
and32(TrustedImm32(IndexingShapeMask), regT2);
@@ -451,7 +470,8 @@
ByValInfo* byValInfo = m_byValCompilationInfo[m_byValInstructionIndex].byValInfo;
linkSlowCaseIfNotJSCell(iter, base); // base cell check
- linkSlowCase(iter); // property int32 check
+ if (!isOperandConstantInt(property))
+ linkSlowCase(iter); // property int32 check
linkSlowCase(iter); // base not array check
linkSlowCase(iter); // out of bounds
