Diff
Modified: trunk/LayoutTests/ChangeLog (160251 => 160252)
--- trunk/LayoutTests/ChangeLog 2013-12-06 22:43:46 UTC (rev 160251)
+++ trunk/LayoutTests/ChangeLog 2013-12-06 22:54:02 UTC (rev 160252)
@@ -1,3 +1,15 @@
+2013-12-06 Filip Pizlo <fpi...@apple.com>
+
+ FTL should support generic ByVal accesses
+ https://bugs.webkit.org/show_bug.cgi?id=125368
+
+ Reviewed by Mark Hahnenberg.
+
+ * js/regress/by-val-generic-expected.txt: Added.
+ * js/regress/by-val-generic.html: Added.
+ * js/regress/script-tests/by-val-generic.js: Added.
+ (foo):
+
2013-12-06 Jer Noble <jer.no...@apple.com>
Unreviewed gardening; revert r160237 after r160247 made it unnecessary.
Added: trunk/LayoutTests/js/regress/by-val-generic-expected.txt (0 => 160252)
--- trunk/LayoutTests/js/regress/by-val-generic-expected.txt (rev 0)
+++ trunk/LayoutTests/js/regress/by-val-generic-expected.txt 2013-12-06 22:54:02 UTC (rev 160252)
@@ -0,0 +1,10 @@
+JSRegress/by-val-generic
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS no exception thrown
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/js/regress/by-val-generic.html (0 => 160252)
--- trunk/LayoutTests/js/regress/by-val-generic.html (rev 0)
+++ trunk/LayoutTests/js/regress/by-val-generic.html 2013-12-06 22:54:02 UTC (rev 160252)
@@ -0,0 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<script src=""
+</head>
+<body>
+<script src=""
+<script src=""
+<script src=""
+<script src=""
+</body>
+</html>
Added: trunk/LayoutTests/js/regress/script-tests/by-val-generic.js (0 => 160252)
--- trunk/LayoutTests/js/regress/script-tests/by-val-generic.js (rev 0)
+++ trunk/LayoutTests/js/regress/script-tests/by-val-generic.js 2013-12-06 22:54:02 UTC (rev 160252)
@@ -0,0 +1,12 @@
+function foo(a, b, c) {
+ a[b] = c;
+ return a[b];
+}
+
+noInline(foo);
+
+for (var i = 0; i < 100000; ++i) {
+ var result = foo({}, "foo", "bar");
+ if (result !== "bar")
+ throw "Error: bad result: " + result;
+}
Modified: trunk/Source/_javascript_Core/ChangeLog (160251 => 160252)
--- trunk/Source/_javascript_Core/ChangeLog 2013-12-06 22:43:46 UTC (rev 160251)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-12-06 22:54:02 UTC (rev 160252)
@@ -1,5 +1,23 @@
2013-12-06 Filip Pizlo <fpi...@apple.com>
+ FTL should support generic ByVal accesses
+ https://bugs.webkit.org/show_bug.cgi?id=125368
+
+ Reviewed by Mark Hahnenberg.
+
+ * dfg/DFGGraph.h:
+ (JSC::DFG::Graph::isStrictModeFor):
+ (JSC::DFG::Graph::ecmaModeFor):
+ * ftl/FTLCapabilities.cpp:
+ (JSC::FTL::canCompile):
+ * ftl/FTLIntrinsicRepository.h:
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::LowerDFGToLLVM::compileNode):
+ (JSC::FTL::LowerDFGToLLVM::compileGetByVal):
+ (JSC::FTL::LowerDFGToLLVM::compilePutByVal):
+
+2013-12-06 Filip Pizlo <fpi...@apple.com>
+
FTL should support hole/OOB array accesses
https://bugs.webkit.org/show_bug.cgi?id=118077
Modified: trunk/Source/_javascript_Core/dfg/DFGGraph.h (160251 => 160252)
--- trunk/Source/_javascript_Core/dfg/DFGGraph.h 2013-12-06 22:43:46 UTC (rev 160251)
+++ trunk/Source/_javascript_Core/dfg/DFGGraph.h 2013-12-06 22:54:02 UTC (rev 160252)
@@ -428,6 +428,18 @@
return baselineCodeBlockForOriginAndBaselineCodeBlock(codeOrigin, m_profiledBlock);
}
+ bool isStrictModeFor(CodeOrigin codeOrigin)
+ {
+ if (!codeOrigin.inlineCallFrame)
+ return m_codeBlock->isStrictMode();
+ return jsCast<FunctionExecutable*>(codeOrigin.inlineCallFrame->executable.get())->isStrictMode();
+ }
+
+ ECMAMode ecmaModeFor(CodeOrigin codeOrigin)
+ {
+ return isStrictModeFor(codeOrigin) ? StrictMode : NotStrictMode;
+ }
+
bool masqueradesAsUndefinedWatchpointIsStillValid(const CodeOrigin& codeOrigin)
{
return m_plan.watchpoints.isStillValid(
Modified: trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp (160251 => 160252)
--- trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2013-12-06 22:43:46 UTC (rev 160251)
+++ trunk/Source/_javascript_Core/ftl/FTLCapabilities.cpp 2013-12-06 22:54:02 UTC (rev 160252)
@@ -147,8 +147,8 @@
case GetByVal:
switch (node->arrayMode().type()) {
case Array::ForceExit:
+ case Array::Generic:
case Array::String:
- return CanCompileAndOSREnter;
case Array::Int32:
case Array::Double:
case Array::Contiguous:
@@ -161,9 +161,10 @@
break;
case PutByVal:
case PutByValAlias:
+ case PutByValDirect:
switch (node->arrayMode().type()) {
case Array::ForceExit:
- return CanCompileAndOSREnter;
+ case Array::Generic:
case Array::Int32:
case Array::Double:
case Array::Contiguous:
Modified: trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h (160251 => 160252)
--- trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h 2013-12-06 22:43:46 UTC (rev 160251)
+++ trunk/Source/_javascript_Core/ftl/FTLIntrinsicRepository.h 2013-12-06 22:54:02 UTC (rev 160252)
@@ -55,6 +55,7 @@
macro(I_JITOperation_EJss, functionType(intPtr, intPtr, intPtr)) \
macro(J_JITOperation_E, functionType(int64, intPtr)) \
macro(J_JITOperation_EAZ, functionType(int64, intPtr, intPtr, int32)) \
+ macro(J_JITOperation_EJJ, functionType(int64, intPtr, int64, int64)) \
macro(J_JITOperation_EJssZ, functionType(int64, intPtr, intPtr, int32)) \
macro(J_JITOperation_ESsiJI, functionType(int64, intPtr, intPtr, int64, intPtr)) \
macro(Jss_JITOperation_EZ, functionType(intPtr, intPtr, int32)) \
@@ -65,6 +66,7 @@
macro(P_JITOperation_EStPS, functionType(intPtr, intPtr, intPtr, intPtr, intPtr)) \
macro(P_JITOperation_EStSS, functionType(intPtr, intPtr, intPtr, intPtr, intPtr)) \
macro(P_JITOperation_EStZ, functionType(intPtr, intPtr, intPtr, int32)) \
+ macro(V_JITOperation_EJJJ, functionType(voidType, intPtr, int64, int64, int64)) \
macro(V_JITOperation_EOZD, functionType(voidType, intPtr, intPtr, int32, doubleType)) \
macro(V_JITOperation_EOZJ, functionType(voidType, intPtr, intPtr, int32, int64)) \
macro(V_JITOperation_EVws, functionType(voidType, intPtr, intPtr)) \
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (160251 => 160252)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2013-12-06 22:43:46 UTC (rev 160251)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2013-12-06 22:54:02 UTC (rev 160252)
@@ -362,6 +362,7 @@
break;
case PutByVal:
case PutByValAlias:
+ case PutByValDirect:
compilePutByVal();
break;
case NewObject:
@@ -1580,6 +1581,13 @@
return;
}
+ case Array::Generic: {
+ setJSValue(vmCall(
+ m_out.operation(operationGetByVal), m_callFrame,
+ lowJSValue(m_node->child1()), lowJSValue(m_node->child2())));
+ return;
+ }
+
case Array::String: {
compileStringCharAt();
return;
@@ -1678,6 +1686,31 @@
Edge child2 = m_graph.varArgChild(m_node, 1);
Edge child3 = m_graph.varArgChild(m_node, 2);
Edge child4 = m_graph.varArgChild(m_node, 3);
+
+ switch (m_node->arrayMode().type()) {
+ case Array::Generic: {
+ V_JITOperation_EJJJ operation;
+ if (m_node->op() == PutByValDirect) {
+ if (m_graph.isStrictModeFor(m_node->codeOrigin))
+ operation = operationPutByValDirectStrict;
+ else
+ operation = operationPutByValDirectNonStrict;
+ } else {
+ if (m_graph.isStrictModeFor(m_node->codeOrigin))
+ operation = operationPutByValStrict;
+ else
+ operation = operationPutByValNonStrict;
+ }
+
+ vmCall(
+ m_out.operation(operation), m_callFrame,
+ lowJSValue(child1), lowJSValue(child2), lowJSValue(child3));
+ return;
+ }
+
+ default:
+ break;
+ }
LValue base = lowCell(child1);
LValue index = lowInt32(child2);
@@ -1759,7 +1792,7 @@
TypedArrayType type = m_node->arrayMode().typedArrayType();
if (isTypedView(type)) {
- if (m_node->op() == PutByVal) {
+ if (m_node->op() != PutByValAlias) {
speculate(
OutOfBounds, noValue(), 0,
m_out.aboveOrEqual(
