Inline caching should try to flatten uncacheable dictionaries
authormhahnenberg@apple.com <mhahnenberg@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 11 Jun 2014 22:55:34 +0000 (22:55 +0000)
committermhahnenberg@apple.com <mhahnenberg@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 11 Jun 2014 22:55:34 +0000 (22:55 +0000)
commit10eba0113168aecb6e3fc58a6bc8a265a6bcc7de
tree7d44402c64030bcb77dba577fa25fb26b62588f8
parent39047c2955ed3187cdce08c2cd8a0e5ba5964319
Inline caching should try to flatten uncacheable dictionaries
https://bugs.webkit.org/show_bug.cgi?id=133683

Reviewed by Geoffrey Garen.

There exists a body of JS code that deletes properties off of objects (especially function/constructor objects),
which puts them into an uncacheable dictionary state. This prevents all future inline caching for these objects.
If properties are deleted out of the object during its initialization, we can enable caching for that object by
attempting to flatten it when we see we're trying to do inline caching with that object. We then record that we
performed this flattening optimization in the object's Structure. If it ever re-enters the uncacheable dictionary
state then we can just give up on caching that object.

In refactoring some of the code in tryCacheGetById and tryBuildGetByIdList to reduce some duplication, I added
the InlineCacheAction enum, a new way to indicate the success or failure of an inline caching attempt. I changed
the other inline caching functions to return this enum rather than the opaque booleans that we were previously
returning.

* jit/Repatch.cpp:
(JSC::actionForCell):
(JSC::tryCacheGetByID):
(JSC::repatchGetByID):
(JSC::tryBuildGetByIDList):
(JSC::buildGetByIDList):
(JSC::tryCachePutByID):
(JSC::repatchPutByID):
(JSC::tryBuildPutByIdList):
(JSC::buildPutByIdList):
(JSC::tryRepatchIn):
(JSC::repatchIn):
* runtime/Structure.cpp:
(JSC::Structure::Structure):
(JSC::Structure::flattenDictionaryStructure):
* runtime/Structure.h:
(JSC::Structure::hasBeenFlattenedBefore):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@169853 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/Repatch.cpp
Source/JavaScriptCore/runtime/Structure.cpp
Source/JavaScriptCore/runtime/Structure.h