2010-07-08 Oliver Hunt <oliver@apple.com>
authoroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 9 Jul 2010 05:47:49 +0000 (05:47 +0000)
committeroliver@apple.com <oliver@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 9 Jul 2010 05:47:49 +0000 (05:47 +0000)
commit83c2eadd7e15243660a6b4b2277c9ecce571cc89
treeb99b12e0b4a1cbffd4a4f26bdf65231fdae4de4b
parent7068ee9b2d962b8107bbe524026f2624c8902135
2010-07-08  Oliver Hunt  <oliver@apple.com>

        Reviewed by Sam Weinig.

        Property declarations in an object literal should not consider the prototype chain when being added to the new object
        https://bugs.webkit.org/show_bug.cgi?id=41929

        To fix this all we need to do is ensure that all new properties are
        added with putDirect rather than a fully generic call to put.  This
        is safe as an object literal is by definition going to produce a
        completely normal object.

        Rather than duplicating all the put_by_id logic we add an additional
        flag to op_put_by_id to indicate it should be using putDirect.  In
        the interpreter this adds a runtime branch, but in the jit this is
        essentially free as the branch is taken at compile time.  This does
        actually improve object literal creation time even in the interpreter
        as we no longer need to walk the prototype chain to verify that the
        cached put is safe.

        We still emit normal put_by_id code when emitting __proto__ as we want
        to get the correct handling for changing the prototype.

        Sunspider claims this is a 0.7% speedup which is conceivably real due
        to the performance improvement in object literals, but I suspect its
        really just the result of code motion.

        * bytecode/Opcode.h:
        * bytecompiler/BytecodeGenerator.cpp:
        (JSC::BytecodeGenerator::emitPutById):
        (JSC::BytecodeGenerator::emitDirectPutById):
        * bytecompiler/BytecodeGenerator.h:
        * bytecompiler/NodesCodegen.cpp:
        (JSC::PropertyListNode::emitBytecode):
        * interpreter/Interpreter.cpp:
        (JSC::Interpreter::privateExecute):
        * jit/JIT.h:
        (JSC::JIT::compilePutByIdTransition):
        * jit/JITPropertyAccess.cpp:
        (JSC::JIT::emit_op_put_by_id):
        (JSC::JIT::emitSlow_op_put_by_id):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::patchPutByIdReplace):
        * jit/JITPropertyAccess32_64.cpp:
        (JSC::JIT::emitSlow_op_put_by_id):
        (JSC::JIT::privateCompilePutByIdTransition):
        (JSC::JIT::patchPutByIdReplace):
        * jit/JITStubs.cpp:
        (JSC::JITThunks::tryCachePutByID):
        (JSC::DEFINE_STUB_FUNCTION):
        * jit/JITStubs.h:
        (JSC::):
        * runtime/JSGlobalData.cpp:
        (JSC::JSGlobalData::JSGlobalData):
        * runtime/JSObject.h:
        (JSC::JSObject::putDirect):
        (JSC::JSValue::putDirect):
        * runtime/JSValue.h:
2010-07-08  Oliver Hunt  <oliver@apple.com>

        Reviewed by Sam Weinig.

        Property declarations in an object literal should not consider the prototype chain when being added to the new object
        https://bugs.webkit.org/show_bug.cgi?id=41929

        Add tests to ensure correct behaviour of object literals when there
        are setters on the prototype chain.

        * fast/js/object-literal-direct-put-expected.txt: Added.
        * fast/js/object-literal-direct-put.html: Added.
        * fast/js/script-tests/object-literal-direct-put.js: Added.
        * ietestcenter/Javascript/15.4.4.14-9-b-i-6-expected.txt:
        * ietestcenter/Javascript/15.4.4.15-8-b-i-6-expected.txt:
        * platform/chromium/test_expectations.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@62896 268f45cc-cd09-0410-ab3c-d52691b4dbfc
20 files changed:
JavaScriptCore/ChangeLog
JavaScriptCore/bytecode/Opcode.h
JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
JavaScriptCore/bytecompiler/BytecodeGenerator.h
JavaScriptCore/bytecompiler/NodesCodegen.cpp
JavaScriptCore/interpreter/Interpreter.cpp
JavaScriptCore/jit/JIT.h
JavaScriptCore/jit/JITPropertyAccess.cpp
JavaScriptCore/jit/JITPropertyAccess32_64.cpp
JavaScriptCore/jit/JITStubs.cpp
JavaScriptCore/jit/JITStubs.h
JavaScriptCore/runtime/JSObject.h
JavaScriptCore/runtime/JSValue.h
LayoutTests/ChangeLog
LayoutTests/fast/js/object-literal-direct-put-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/object-literal-direct-put.html [new file with mode: 0644]
LayoutTests/fast/js/script-tests/object-literal-direct-put.js [new file with mode: 0644]
LayoutTests/ietestcenter/Javascript/15.4.4.14-9-b-i-6-expected.txt
LayoutTests/ietestcenter/Javascript/15.4.4.15-8-b-i-6-expected.txt
LayoutTests/platform/chromium/test_expectations.txt