[FTL] Support PutByVal(ArrayStorage/SlowPutArrayStorage)
authorutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 27 Feb 2018 07:32:14 +0000 (07:32 +0000)
committerutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 27 Feb 2018 07:32:14 +0000 (07:32 +0000)
commit9047e66e938977a070207dc403be7083dbf767dd
treeb2a0c785a5f300fcefe92ffdf7f82113687e7263
parent705644d31ba26da9e216ef3d11f13633914591f0
[FTL] Support PutByVal(ArrayStorage/SlowPutArrayStorage)
https://bugs.webkit.org/show_bug.cgi?id=182965

Reviewed by Saam Barati.

JSTests:

* stress/put-by-val-array-storage.js: Added.
(shouldBe):
(testArrayStorageInBounds):
* stress/put-by-val-direct-out-of-bounds-setter.js: Added.
(shouldBe):
(testInt32.createBuiltin):
(set for):
* stress/put-by-val-slow-put-array-storage.js: Added.
(shouldBe):
(testArrayStorageInBounds):

Source/JavaScriptCore:

This patch extends FTL coverage for PutByVal by adding ArrayStorage and SlwoPutArrayStorage support.
Basically large part of the patch is porting from DFG code. Since PutByVal already emits CheckInBounds
for InBounds case, we do not have OutOfBounds check for that case.
This is the last change for FTL to support all the types of DFG nodes except for CreateThis.

* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
(JSC::FTL::DFG::LowerDFGToB3::contiguousPutByValOutOfBounds):
For consistency, we use operationPutByValXXX and operationPutByValDirectXXX.
But except for SlowPutArrayStorage case, basically it is meaningless since
we do not have indexed accessors.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@229053 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed:
JSTests/ChangeLog
JSTests/stress/put-by-val-array-storage.js [new file with mode: 0644]
JSTests/stress/put-by-val-direct-out-of-bounds-setter.js [new file with mode: 0644]
JSTests/stress/put-by-val-slow-put-array-storage.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/dfg/DFGOperations.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp
Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
Source/JavaScriptCore/ftl/FTLCapabilities.cpp
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp