Imported WebKit commit 37c5e5041d39a14ea0d429a77ebd352e4bd26516 (http://svn.webkit.org/repository/webkit/trunk@128608)

New snapshot that enables WebKit2 build on Windows (still some bugs) and allows for WebKit to be built with qmake && make
author: Simon Hausmann <simon.hausmann@nokia.com> 2012-09-14 16:29:47 +0200
committer: Simon Hausmann <simon.hausmann@nokia.com> 2012-09-14 16:29:47 +0200
commit: d0424a769059c84ae20beb3c217812792ea6726b (patch)
tree: 6f94a5c3db8c52c6694ee56498542a6c35417350 /Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
parent: 88a04ac016f57c2d78e714682445dff2e7db4ade (diff)
1 files changed, 65 insertions, 25 deletions
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
index c9c07da80..b1f3212f9 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
@@ -315,19 +315,37 @@ void SpeculativeJIT::checkArray(Node& node)
     case Array::String:
         expectedClassInfo = &JSString::s_info;
         break;
-    case Array::JSArray:
-    case Array::JSArrayOutOfBounds: {
-        // This code duplicates the code below in anticipation of this code being
-        // substantially changed in the future.
+    case NON_ARRAY_ARRAY_STORAGE_MODES: {
         GPRTemporary temp(this);
         m_jit.loadPtr(
             MacroAssembler::Address(baseReg, JSCell::structureOffset()), temp.gpr());
         speculationCheck(
             Uncountable, JSValueRegs(), NoNode,
-            m_jit.branchPtr(
-                MacroAssembler::NotEqual,
-                MacroAssembler::Address(temp.gpr(), Structure::classInfoOffset()),
-                MacroAssembler::TrustedImmPtr(&JSArray::s_info)));
+            m_jit.branchTest8(
+                MacroAssembler::Zero,
+                MacroAssembler::Address(temp.gpr(), Structure::indexingTypeOffset()),
+                MacroAssembler::TrustedImm32(HasArrayStorage)));
+        
+        noResult(m_compileIndex);
+        return;
+    }
+    case ARRAY_WITH_ARRAY_STORAGE_MODES: {
+        GPRTemporary temp(this);
+        GPRReg tempGPR = temp.gpr();
+        m_jit.loadPtr(
+            MacroAssembler::Address(baseReg, JSCell::structureOffset()), tempGPR);
+        m_jit.load8(MacroAssembler::Address(tempGPR, Structure::indexingTypeOffset()), tempGPR);
+        // FIXME: This can be turned into a single branch. But we currently have no evidence
+        // that doing so would be profitable, nor do I feel comfortable with the present test
+        // coverage for this code path.
+        speculationCheck(
+            Uncountable, JSValueRegs(), NoNode,
+            m_jit.branchTest32(
+                MacroAssembler::Zero, tempGPR, MacroAssembler::TrustedImm32(IsArray)));
+        speculationCheck(
+            Uncountable, JSValueRegs(), NoNode,
+            m_jit.branchTest32(
+                MacroAssembler::Zero, tempGPR, MacroAssembler::TrustedImm32(HasArrayStorage)));
         
         noResult(m_compileIndex);
         return;
@@ -1342,11 +1360,10 @@ void SpeculativeJIT::compile(BasicBlock& block)
                 InlineCallFrame* inlineCallFrame = node.codeOrigin.inlineCallFrame;
                 int argumentCountIncludingThis = inlineCallFrame->arguments.size();
                 unsigned argumentPositionStart = node.argumentPositionStart();
-                bool argumentsAreCaptured =
-                    baselineCodeBlockForInlineCallFrame(inlineCallFrame)->argumentsAreCaptured();
+                CodeBlock* codeBlock = baselineCodeBlockForInlineCallFrame(inlineCallFrame);
                 for (int i = 0; i < argumentCountIncludingThis; ++i) {
                     ValueRecovery recovery;
-                    if (argumentsAreCaptured)
+                    if (codeBlock->isCaptured(argumentToOperand(i)))
                         recovery = ValueRecovery::alreadyInRegisterFile();
                     else {
                         ArgumentPosition& argumentPosition =
@@ -3006,11 +3023,6 @@ void SpeculativeJIT::compileGetIndexedPropertyStorage(Node& node)
         m_jit.loadPtr(MacroAssembler::Address(storageReg, StringImpl::dataOffset()), storageReg);
         break;
         
-    case Array::JSArray:
-    case Array::JSArrayOutOfBounds:
-        m_jit.loadPtr(MacroAssembler::Address(baseReg, JSArray::storageOffset()), storageReg);
-        break;
-        
     default:
         ASSERT(descriptor);
         m_jit.loadPtr(MacroAssembler::Address(baseReg, descriptor->m_storageOffset), storageReg);
@@ -3125,13 +3137,12 @@ void SpeculativeJIT::compileGetArrayLength(Node& node)
     const TypedArrayDescriptor* descriptor = typedArrayDescriptor(node.arrayMode());
 
     switch (node.arrayMode()) {
-    case Array::JSArray:
-    case Array::JSArrayOutOfBounds: {
+    case ARRAY_WITH_ARRAY_STORAGE_MODES: {
         StorageOperand storage(this, node.child2());
         GPRTemporary result(this, storage);
         GPRReg storageReg = storage.gpr();
         GPRReg resultReg = result.gpr();
-        m_jit.load32(MacroAssembler::Address(storageReg, OBJECT_OFFSETOF(ArrayStorage, m_length)), resultReg);
+        m_jit.load32(MacroAssembler::Address(storageReg, ArrayStorage::lengthOffset()), resultReg);
             
         speculationCheck(Uncountable, JSValueRegs(), NoNode, m_jit.branch32(MacroAssembler::LessThan, resultReg, MacroAssembler::TrustedImm32(0)));
             
@@ -3227,6 +3238,20 @@ bool SpeculativeJIT::compileRegExpExec(Node& node)
 
 void SpeculativeJIT::compileAllocatePropertyStorage(Node& node)
 {
+    if (hasIndexingHeader(node.structureTransitionData().previousStructure->indexingType())) {
+        SpeculateCellOperand base(this, node.child1());
+        
+        GPRReg baseGPR = base.gpr();
+        
+        flushRegisters();
+
+        GPRResult result(this);
+        callOperation(operationReallocateButterflyToHavePropertyStorageWithInitialCapacity, result.gpr(), baseGPR);
+        
+        storageResult(result.gpr(), m_compileIndex);
+        return;
+    }
+    
     SpeculateCellOperand base(this, node.child1());
     GPRTemporary scratch(this);
         
@@ -3248,13 +3273,31 @@ void SpeculativeJIT::compileAllocatePropertyStorage(Node& node)
     addSlowPathGenerator(
         slowPathCall(slowPath, this, operationAllocatePropertyStorageWithInitialCapacity, scratchGPR));
         
-    m_jit.storePtr(scratchGPR, JITCompiler::Address(baseGPR, JSObject::offsetOfOutOfLineStorage()));
+    m_jit.storePtr(scratchGPR, JITCompiler::Address(baseGPR, JSObject::butterflyOffset()));
         
     storageResult(scratchGPR, m_compileIndex);
 }
 
 void SpeculativeJIT::compileReallocatePropertyStorage(Node& node)
 {
+    size_t oldSize = node.structureTransitionData().previousStructure->outOfLineCapacity() * sizeof(JSValue);
+    size_t newSize = oldSize * outOfLineGrowthFactor;
+    ASSERT(newSize == node.structureTransitionData().newStructure->outOfLineCapacity() * sizeof(JSValue));
+
+    if (hasIndexingHeader(node.structureTransitionData().previousStructure->indexingType())) {
+        SpeculateCellOperand base(this, node.child1());
+        
+        GPRReg baseGPR = base.gpr();
+        
+        flushRegisters();
+
+        GPRResult result(this);
+        callOperation(operationReallocateButterflyToGrowPropertyStorage, result.gpr(), baseGPR, newSize / sizeof(JSValue));
+        
+        storageResult(result.gpr(), m_compileIndex);
+        return;
+    }
+    
     SpeculateCellOperand base(this, node.child1());
     StorageOperand oldStorage(this, node.child2());
     GPRTemporary scratch1(this);
@@ -3267,9 +3310,6 @@ void SpeculativeJIT::compileReallocatePropertyStorage(Node& node)
         
     JITCompiler::Jump slowPath;
         
-    size_t oldSize = node.structureTransitionData().previousStructure->outOfLineCapacity() * sizeof(JSValue);
-    size_t newSize = oldSize * outOfLineGrowthFactor;
-    ASSERT(newSize == node.structureTransitionData().newStructure->outOfLineCapacity() * sizeof(JSValue));
     CopiedAllocator* copiedAllocator = &m_jit.globalData()->heap.storageAllocator();
         
     m_jit.loadPtr(&copiedAllocator->m_currentRemaining, scratchGPR2);
@@ -3280,13 +3320,13 @@ void SpeculativeJIT::compileReallocatePropertyStorage(Node& node)
     m_jit.addPtr(JITCompiler::TrustedImm32(sizeof(JSValue)), scratchGPR2);
         
     addSlowPathGenerator(
-        slowPathCall(slowPath, this, operationAllocatePropertyStorage, scratchGPR2, newSize));
+        slowPathCall(slowPath, this, operationAllocatePropertyStorage, scratchGPR2, newSize / sizeof(JSValue)));
     // We have scratchGPR2 = new storage, scratchGPR1 = scratch
     for (ptrdiff_t offset = 0; offset < static_cast<ptrdiff_t>(oldSize); offset += sizeof(void*)) {
         m_jit.loadPtr(JITCompiler::Address(oldStorageGPR, -(offset + sizeof(JSValue) + sizeof(void*))), scratchGPR1);
         m_jit.storePtr(scratchGPR1, JITCompiler::Address(scratchGPR2, -(offset + sizeof(JSValue) + sizeof(void*))));
     }
-    m_jit.storePtr(scratchGPR2, JITCompiler::Address(baseGPR, JSObject::offsetOfOutOfLineStorage()));
+    m_jit.storePtr(scratchGPR2, JITCompiler::Address(baseGPR, JSObject::butterflyOffset()));
     
     storageResult(scratchGPR2, m_compileIndex);
 }
author	Simon Hausmann <simon.hausmann@nokia.com>	2012-09-14 16:29:47 +0200
committer	Simon Hausmann <simon.hausmann@nokia.com>	2012-09-14 16:29:47 +0200
commit	d0424a769059c84ae20beb3c217812792ea6726b (patch)
tree	6f94a5c3db8c52c6694ee56498542a6c35417350 /Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
parent	88a04ac016f57c2d78e714682445dff2e7db4ade (diff)