DFG::operationNewArray is unnecessarily slow, and may use the wrong array
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 26 Jun 2012 19:42:05 +0000 (19:42 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 26 Jun 2012 19:42:05 +0000 (19:42 +0000)
commit8e5e75a8691ce778a00b6da0e13c78ddc7517442
tree51b153270152ac10e5948645bf82afcd02bfb0b4
parent2c17c813ae13af07fba49822ab21bbabd5539667
DFG::operationNewArray is unnecessarily slow, and may use the wrong array
prototype when inlined
https://bugs.webkit.org/show_bug.cgi?id=89821

Source/JavaScriptCore:

Reviewed by Geoffrey Garen.

Fixes all array allocations to use the right structure, and hence the right prototype. Adds
inlining of new Array(...) with a non-zero number of arguments. Optimizes allocations of
empty arrays.

* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):
* dfg/DFGCCallHelpers.h:
(JSC::DFG::CCallHelpers::setupArgumentsWithExecState):
(CCallHelpers):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/JSArray.h:
(JSC):
(JSC::constructArray):
* runtime/JSGlobalObject.h:
(JSC):
(JSC::constructArray):

LayoutTests:

Rubber stamped by Geoffrey Garen.

* fast/js/dfg-cross-global-object-inline-new-array-expected.txt: Added.
* fast/js/dfg-cross-global-object-inline-new-array-literal-expected.txt: Added.
* fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables-expected.txt: Added.
* fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables.html: Added.
* fast/js/dfg-cross-global-object-inline-new-array-literal.html: Added.
* fast/js/dfg-cross-global-object-inline-new-array-with-elements-expected.txt: Added.
* fast/js/dfg-cross-global-object-inline-new-array-with-elements.html: Added.
* fast/js/dfg-cross-global-object-inline-new-array-with-size-expected.txt: Added.
* fast/js/dfg-cross-global-object-inline-new-array-with-size.html: Added.
* fast/js/dfg-cross-global-object-inline-new-array.html: Added.
* fast/js/script-tests/cross-global-object-inline-global-var.js:
(done):
* fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal-with-variables.js: Added.
(foo):
(done):
(doit):
* fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal.js: Added.
(foo):
(done):
(doit):
* fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-elements.js: Added.
(foo):
(done):
(doit):
* fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-size.js: Added.
(foo):
(done):
(doit):
* fast/js/script-tests/dfg-cross-global-object-inline-new-array.js: Added.
(foo):
(done):
(doit):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@121280 268f45cc-cd09-0410-ab3c-d52691b4dbfc
30 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/js/dfg-cross-global-object-inline-new-array-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/dfg-cross-global-object-inline-new-array-literal-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables.html [new file with mode: 0644]
LayoutTests/fast/js/dfg-cross-global-object-inline-new-array-literal.html [new file with mode: 0644]
LayoutTests/fast/js/dfg-cross-global-object-inline-new-array-with-elements-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/dfg-cross-global-object-inline-new-array-with-elements.html [new file with mode: 0644]
LayoutTests/fast/js/dfg-cross-global-object-inline-new-array-with-size-expected.txt [new file with mode: 0644]
LayoutTests/fast/js/dfg-cross-global-object-inline-new-array-with-size.html [new file with mode: 0644]
LayoutTests/fast/js/dfg-cross-global-object-inline-new-array.html [new file with mode: 0644]
LayoutTests/fast/js/script-tests/cross-global-object-inline-global-var.js
LayoutTests/fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal-with-variables.js [new file with mode: 0644]
LayoutTests/fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal.js [new file with mode: 0644]
LayoutTests/fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-elements.js [new file with mode: 0644]
LayoutTests/fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-size.js [new file with mode: 0644]
LayoutTests/fast/js/script-tests/dfg-cross-global-object-inline-new-array.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGAbstractState.cpp
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGCCallHelpers.h
Source/JavaScriptCore/dfg/DFGNodeType.h
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/dfg/DFGOperations.h
Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
Source/JavaScriptCore/runtime/JSArray.h
Source/JavaScriptCore/runtime/JSGlobalObject.h