DFG should not load the property storage if it is inline.
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 9 Apr 2012 07:48:08 +0000 (07:48 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 9 Apr 2012 07:48:08 +0000 (07:48 +0000)
commit8c279b5e17300c97d036cb0d78961c548cffd922
tree5fc30ca5d7faf2dab9b99fe1ab0a80357f28931c
parent1289cae00f7d9a6494d2b3d256d857b49089784a
DFG should not load the property storage if it is inline.
https://bugs.webkit.org/show_bug.cgi?id=83455

Reviewed by Gavin Barraclough.

We had previously decided to have all property storage accesses go through
the property storage pointer even if they don't "really" have to, because
we were thinking this would help GC barriers somehow. Well, we never ended
up doing anything with that. Hence, doing these wasted loads of the
property storage pointer when the storage is inline is just a waste of CPU
cycles.

This change makes the DFG's inline property accesses (GetByOffset and
PutByOffset) go directly to the inline property storage if the structure(s)
tell us that it's OK.

This looks like an across-the-board 1% win.

* bytecode/StructureSet.h:
(JSC):
(JSC::StructureSet::allAreUsingInlinePropertyStorage):
(StructureSet):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillStorage):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@113557 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/StructureSet.h
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp