Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (98081 => 98082)
--- trunk/Source/_javascript_Core/ChangeLog 2011-10-21 08:17:03 UTC (rev 98081)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-10-21 08:19:03 UTC (rev 98082)
@@ -1,5 +1,34 @@
2011-10-20 Filip Pizlo <[email protected]>
+ DFG should not try to predict argument types by looking at the values of
+ argument registers at the time of compilation
+ https://bugs.webkit.org/show_bug.cgi?id=70578
+
+ Reviewed by Oliver Hunt.
+
+ * bytecode/CodeBlock.cpp:
+ * dfg/DFGDriver.cpp:
+ (JSC::DFG::compile):
+ (JSC::DFG::tryCompile):
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGDriver.h:
+ (JSC::DFG::tryCompileFunction):
+ * dfg/DFGGraph.cpp:
+ (JSC::DFG::Graph::predictArgumentTypes):
+ * dfg/DFGGraph.h:
+ * runtime/Executable.cpp:
+ (JSC::FunctionExecutable::compileOptimizedForCall):
+ (JSC::FunctionExecutable::compileOptimizedForConstruct):
+ (JSC::FunctionExecutable::compileForCallInternal):
+ (JSC::FunctionExecutable::compileForConstructInternal):
+ * runtime/Executable.h:
+ (JSC::FunctionExecutable::compileForCall):
+ (JSC::FunctionExecutable::compileForConstruct):
+ (JSC::FunctionExecutable::compileFor):
+ (JSC::FunctionExecutable::compileOptimizedFor):
+
+2011-10-20 Filip Pizlo <[email protected]>
+
DFG call optimization handling will fail if the call had been unlinked due
to the callee being optimized
https://bugs.webkit.org/show_bug.cgi?id=70468
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp (98081 => 98082)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2011-10-21 08:17:03 UTC (rev 98081)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.cpp 2011-10-21 08:19:03 UTC (rev 98082)
@@ -1827,16 +1827,6 @@
}
#if ENABLE(JIT)
-// FIXME: Implement OSR. If compileOptimized() is called from somewhere other than the
-// epilogue, do OSR from the old code block to the new one.
-
-// FIXME: After doing successful optimized compilation, reset the profiling counter to -1, so
-// that the next execution of the old code block will jump straight into compileOptimized()
-// and perform OSR.
-
-// FIXME: Ensure that a call to compileOptimized() just does OSR (and resets the counter to -1)
-// if the code had already been compiled.
-
CodeBlock* ProgramCodeBlock::replacement()
{
return &static_cast<ProgramExecutable*>(ownerExecutable())->generatedBytecode();
Modified: trunk/Source/_javascript_Core/dfg/DFGDriver.cpp (98081 => 98082)
--- trunk/Source/_javascript_Core/dfg/DFGDriver.cpp 2011-10-21 08:17:03 UTC (rev 98081)
+++ trunk/Source/_javascript_Core/dfg/DFGDriver.cpp 2011-10-21 08:19:03 UTC (rev 98082)
@@ -35,7 +35,7 @@
namespace JSC { namespace DFG {
enum CompileMode { CompileFunction, CompileOther };
-inline bool compile(CompileMode compileMode, ExecState* exec, ExecState* calleeArgsExec, CodeBlock* codeBlock, JITCode& jitCode, MacroAssemblerCodePtr* jitCodeWithArityCheck)
+inline bool compile(CompileMode compileMode, ExecState* exec, CodeBlock* codeBlock, JITCode& jitCode, MacroAssemblerCodePtr* jitCodeWithArityCheck)
{
JSGlobalData* globalData = &exec->globalData();
Graph dfg;
@@ -43,7 +43,7 @@
return false;
if (compileMode == CompileFunction)
- dfg.predictArgumentTypes(calleeArgsExec, codeBlock);
+ dfg.predictArgumentTypes(codeBlock);
propagate(dfg, globalData, codeBlock);
@@ -64,12 +64,12 @@
bool tryCompile(ExecState* exec, CodeBlock* codeBlock, JITCode& jitCode)
{
- return compile(CompileOther, exec, 0, codeBlock, jitCode, 0);
+ return compile(CompileOther, exec, codeBlock, jitCode, 0);
}
-bool tryCompileFunction(ExecState* exec, ExecState* calleeArgsExec, CodeBlock* codeBlock, JITCode& jitCode, MacroAssemblerCodePtr& jitCodeWithArityCheck)
+bool tryCompileFunction(ExecState* exec, CodeBlock* codeBlock, JITCode& jitCode, MacroAssemblerCodePtr& jitCodeWithArityCheck)
{
- return compile(CompileFunction, exec, calleeArgsExec, codeBlock, jitCode, &jitCodeWithArityCheck);
+ return compile(CompileFunction, exec, codeBlock, jitCode, &jitCodeWithArityCheck);
}
} } // namespace JSC::DFG
Modified: trunk/Source/_javascript_Core/dfg/DFGDriver.h (98081 => 98082)
--- trunk/Source/_javascript_Core/dfg/DFGDriver.h 2011-10-21 08:17:03 UTC (rev 98081)
+++ trunk/Source/_javascript_Core/dfg/DFGDriver.h 2011-10-21 08:19:03 UTC (rev 98082)
@@ -39,10 +39,10 @@
#if ENABLE(DFG_JIT)
bool tryCompile(ExecState*, CodeBlock*, JITCode&);
-bool tryCompileFunction(ExecState*, ExecState* calleeArgsExec, CodeBlock*, JITCode&, MacroAssemblerCodePtr& jitCodeWithArityCheck);
+bool tryCompileFunction(ExecState*, CodeBlock*, JITCode&, MacroAssemblerCodePtr& jitCodeWithArityCheck);
#else
inline bool tryCompile(ExecState*, CodeBlock*, JITCode&) { return false; }
-inline bool tryCompileFunction(ExecState*, ExecState*, CodeBlock*, JITCode&, MacroAssemblerCodePtr&) { return false; }
+inline bool tryCompileFunction(ExecState*, CodeBlock*, JITCode&, MacroAssemblerCodePtr&) { return false; }
#endif
} } // namespace JSC::DFG
Modified: trunk/Source/_javascript_Core/dfg/DFGGraph.cpp (98081 => 98082)
--- trunk/Source/_javascript_Core/dfg/DFGGraph.cpp 2011-10-21 08:17:03 UTC (rev 98081)
+++ trunk/Source/_javascript_Core/dfg/DFGGraph.cpp 2011-10-21 08:19:03 UTC (rev 98082)
@@ -284,15 +284,8 @@
}
}
-void Graph::predictArgumentTypes(ExecState* exec, CodeBlock* codeBlock)
+void Graph::predictArgumentTypes(CodeBlock* codeBlock)
{
- if (exec) {
- size_t numberOfArguments = std::min(exec->argumentCountIncludingThis(), m_arguments.size());
-
- for (size_t arg = 1; arg < numberOfArguments; ++arg)
- at(m_arguments[arg]).variableAccessData()->predict(predictionFromValue(exec->argument(arg - 1)));
- }
-
ASSERT(codeBlock);
ASSERT(codeBlock->alternative());
Modified: trunk/Source/_javascript_Core/dfg/DFGGraph.h (98081 => 98082)
--- trunk/Source/_javascript_Core/dfg/DFGGraph.h 2011-10-21 08:17:03 UTC (rev 98081)
+++ trunk/Source/_javascript_Core/dfg/DFGGraph.h 2011-10-21 08:19:03 UTC (rev 98082)
@@ -201,7 +201,7 @@
const char* nameOfVariableAccessData(VariableAccessData*);
#endif
- void predictArgumentTypes(ExecState*, CodeBlock*);
+ void predictArgumentTypes(CodeBlock*);
StructureSet* addStructureSet(const StructureSet& structureSet)
{
Modified: trunk/Source/_javascript_Core/runtime/Executable.cpp (98081 => 98082)
--- trunk/Source/_javascript_Core/runtime/Executable.cpp 2011-10-21 08:17:03 UTC (rev 98081)
+++ trunk/Source/_javascript_Core/runtime/Executable.cpp 2011-10-21 08:19:03 UTC (rev 98082)
@@ -384,24 +384,24 @@
Base::clearCodeVirtual();
}
-JSObject* FunctionExecutable::compileOptimizedForCall(ExecState* exec, ScopeChainNode* scopeChainNode, ExecState* calleeArgsExec)
+JSObject* FunctionExecutable::compileOptimizedForCall(ExecState* exec, ScopeChainNode* scopeChainNode)
{
ASSERT(exec->globalData().dynamicGlobalObject);
ASSERT(!!m_codeBlockForCall);
JSObject* error = 0;
if (m_codeBlockForCall->getJITType() != JITCode::topTierJIT())
- error = compileForCallInternal(exec, scopeChainNode, calleeArgsExec, JITCode::nextTierJIT(m_codeBlockForCall->getJITType()));
+ error = compileForCallInternal(exec, scopeChainNode, JITCode::nextTierJIT(m_codeBlockForCall->getJITType()));
ASSERT(!!m_codeBlockForCall);
return error;
}
-JSObject* FunctionExecutable::compileOptimizedForConstruct(ExecState* exec, ScopeChainNode* scopeChainNode, ExecState* calleeArgsExec)
+JSObject* FunctionExecutable::compileOptimizedForConstruct(ExecState* exec, ScopeChainNode* scopeChainNode)
{
ASSERT(exec->globalData().dynamicGlobalObject);
ASSERT(!!m_codeBlockForConstruct);
JSObject* error = 0;
if (m_codeBlockForConstruct->getJITType() != JITCode::topTierJIT())
- error = compileForConstructInternal(exec, scopeChainNode, calleeArgsExec, JITCode::nextTierJIT(m_codeBlockForConstruct->getJITType()));
+ error = compileForConstructInternal(exec, scopeChainNode, JITCode::nextTierJIT(m_codeBlockForConstruct->getJITType()));
ASSERT(!!m_codeBlockForConstruct);
return error;
}
@@ -435,7 +435,7 @@
return result.release();
}
-JSObject* FunctionExecutable::compileForCallInternal(ExecState* exec, ScopeChainNode* scopeChainNode, ExecState* calleeArgsExec, JITCode::JITType jitType)
+JSObject* FunctionExecutable::compileForCallInternal(ExecState* exec, ScopeChainNode* scopeChainNode, JITCode::JITType jitType)
{
#if !ENABLE(JIT)
UNUSED_PARAM(jitType);
@@ -459,7 +459,7 @@
if (globalData->canUseJIT()) {
bool dfgCompiled = false;
if (jitType == JITCode::DFGJIT)
- dfgCompiled = DFG::tryCompileFunction(exec, calleeArgsExec, m_codeBlockForCall.get(), m_jitCodeForCall, m_jitCodeForCallWithArityCheck);
+ dfgCompiled = DFG::tryCompileFunction(exec, m_codeBlockForCall.get(), m_jitCodeForCall, m_jitCodeForCallWithArityCheck);
if (dfgCompiled) {
if (m_codeBlockForCall->alternative())
m_codeBlockForCall->alternative()->unlinkIncomingCalls();
@@ -478,8 +478,6 @@
m_codeBlockForCall->setJITCode(m_jitCodeForCall, m_jitCodeForCallWithArityCheck);
}
-#else
- UNUSED_PARAM(calleeArgsExec);
#endif
#if ENABLE(JIT)
@@ -496,7 +494,7 @@
return 0;
}
-JSObject* FunctionExecutable::compileForConstructInternal(ExecState* exec, ScopeChainNode* scopeChainNode, ExecState* calleeArgsExec, JITCode::JITType jitType)
+JSObject* FunctionExecutable::compileForConstructInternal(ExecState* exec, ScopeChainNode* scopeChainNode, JITCode::JITType jitType)
{
UNUSED_PARAM(jitType);
@@ -519,7 +517,7 @@
if (globalData->canUseJIT()) {
bool dfgCompiled = false;
if (jitType == JITCode::DFGJIT)
- dfgCompiled = DFG::tryCompileFunction(exec, calleeArgsExec, m_codeBlockForConstruct.get(), m_jitCodeForConstruct, m_jitCodeForConstructWithArityCheck);
+ dfgCompiled = DFG::tryCompileFunction(exec, m_codeBlockForConstruct.get(), m_jitCodeForConstruct, m_jitCodeForConstructWithArityCheck);
if (dfgCompiled) {
if (m_codeBlockForConstruct->alternative())
m_codeBlockForConstruct->alternative()->unlinkIncomingCalls();
@@ -538,8 +536,6 @@
m_codeBlockForConstruct->setJITCode(m_jitCodeForConstruct, m_jitCodeForConstructWithArityCheck);
}
-#else
- UNUSED_PARAM(calleeArgsExec);
#endif
#if ENABLE(JIT)
Modified: trunk/Source/_javascript_Core/runtime/Executable.h (98081 => 98082)
--- trunk/Source/_javascript_Core/runtime/Executable.h 2011-10-21 08:17:03 UTC (rev 98081)
+++ trunk/Source/_javascript_Core/runtime/Executable.h 2011-10-21 08:19:03 UTC (rev 98082)
@@ -464,17 +464,17 @@
PassOwnPtr<FunctionCodeBlock> produceCodeBlockFor(ExecState*, ScopeChainNode*, CompilationKind, CodeSpecializationKind, JSObject*& exception);
- JSObject* compileForCall(ExecState* exec, ScopeChainNode* scopeChainNode, ExecState* calleeArgsExec = 0)
+ JSObject* compileForCall(ExecState* exec, ScopeChainNode* scopeChainNode)
{
ASSERT(exec->globalData().dynamicGlobalObject);
JSObject* error = 0;
if (!m_codeBlockForCall)
- error = compileForCallInternal(exec, scopeChainNode, calleeArgsExec, JITCode::bottomTierJIT());
+ error = compileForCallInternal(exec, scopeChainNode, JITCode::bottomTierJIT());
ASSERT(!error == !!m_codeBlockForCall);
return error;
}
- JSObject* compileOptimizedForCall(ExecState*, ScopeChainNode*, ExecState* calleeArgsExec = 0);
+ JSObject* compileOptimizedForCall(ExecState*, ScopeChainNode*);
#if ENABLE(JIT)
void jettisonOptimizedCodeForCall(JSGlobalData&);
@@ -491,17 +491,17 @@
return *m_codeBlockForCall;
}
- JSObject* compileForConstruct(ExecState* exec, ScopeChainNode* scopeChainNode, ExecState* calleeArgsExec = 0)
+ JSObject* compileForConstruct(ExecState* exec, ScopeChainNode* scopeChainNode)
{
ASSERT(exec->globalData().dynamicGlobalObject);
JSObject* error = 0;
if (!m_codeBlockForConstruct)
- error = compileForConstructInternal(exec, scopeChainNode, calleeArgsExec, JITCode::bottomTierJIT());
+ error = compileForConstructInternal(exec, scopeChainNode, JITCode::bottomTierJIT());
ASSERT(!error == !!m_codeBlockForConstruct);
return error;
}
- JSObject* compileOptimizedForConstruct(ExecState*, ScopeChainNode*, ExecState* calleeArgsExec = 0);
+ JSObject* compileOptimizedForConstruct(ExecState*, ScopeChainNode*);
#if ENABLE(JIT)
void jettisonOptimizedCodeForConstruct(JSGlobalData&);
@@ -520,30 +520,26 @@
JSObject* compileFor(ExecState* exec, ScopeChainNode* scopeChainNode, CodeSpecializationKind kind)
{
- // compileFor should only be called with a callframe set up to call this function,
- // since we will make speculative optimizations based on the arguments.
ASSERT(exec->callee());
ASSERT(exec->callee()->inherits(&JSFunction::s_info));
ASSERT(asFunction(exec->callee())->jsExecutable() == this);
if (kind == CodeForCall)
- return compileForCall(exec, scopeChainNode, exec);
+ return compileForCall(exec, scopeChainNode);
ASSERT(kind == CodeForConstruct);
- return compileForConstruct(exec, scopeChainNode, exec);
+ return compileForConstruct(exec, scopeChainNode);
}
JSObject* compileOptimizedFor(ExecState* exec, ScopeChainNode* scopeChainNode, CodeSpecializationKind kind)
{
- // compileOptimizedFor should only be called with a callframe set up to call this function,
- // since we will make speculative optimizations based on the arguments.
ASSERT(exec->callee());
ASSERT(exec->callee()->inherits(&JSFunction::s_info));
ASSERT(asFunction(exec->callee())->jsExecutable() == this);
if (kind == CodeForCall)
- return compileOptimizedForCall(exec, scopeChainNode, exec);
+ return compileOptimizedForCall(exec, scopeChainNode);
ASSERT(kind == CodeForConstruct);
- return compileOptimizedForConstruct(exec, scopeChainNode, exec);
+ return compileOptimizedForConstruct(exec, scopeChainNode);
}
#if ENABLE(JIT)
@@ -606,8 +602,8 @@
FunctionExecutable(JSGlobalData&, const Identifier& name, const SourceCode&, bool forceUsesArguments, FunctionParameters*, bool);
FunctionExecutable(ExecState*, const Identifier& name, const SourceCode&, bool forceUsesArguments, FunctionParameters*, bool);
- JSObject* compileForCallInternal(ExecState*, ScopeChainNode*, ExecState* calleeArgsExec, JITCode::JITType);
- JSObject* compileForConstructInternal(ExecState*, ScopeChainNode*, ExecState* calleeArgsExec, JITCode::JITType);
+ JSObject* compileForCallInternal(ExecState*, ScopeChainNode*, JITCode::JITType);
+ JSObject* compileForConstructInternal(ExecState*, ScopeChainNode*, JITCode::JITType);
OwnPtr<FunctionCodeBlock>& codeBlockFor(CodeSpecializationKind kind)
{
