The StringFromCharCode DFG intrinsic should support untyped operands.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Jan 2016 23:28:38 +0000 (23:28 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 13 Jan 2016 23:28:38 +0000 (23:28 +0000)
commitd6a345da2ff94975ca9f745139d301fb1a0a3ba2
tree653a5de0fc59fb150bc49d3b859010459d46b458
parent5a59b57a0b8f480d028c797e0f54ece87f06e02f
The StringFromCharCode DFG intrinsic should support untyped operands.
https://bugs.webkit.org/show_bug.cgi?id=153046

Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

The current StringFromCharCode DFG intrinsic assumes that its operand charCode
must be an Int32.  This results in 26000+ BadType OSR exits in the LongSpider
crypto-aes benchmark.  With support for Untyped operands, the number of OSR
exits drops to 202.

* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileFromCharCode):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
* dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validate):
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::toUInt32):

LayoutTests:

* js/regress/ftl-polymorphic-StringFromCharCode-expected.txt: Added.
* js/regress/ftl-polymorphic-StringFromCharCode.html: Added.
* js/regress/script-tests/ftl-polymorphic-StringFromCharCode.js: Added.
(o1.valueOf):
(foo):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@194996 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed:
LayoutTests/ChangeLog
LayoutTests/js/regress/ftl-polymorphic-StringFromCharCode-expected.txt [new file with mode: 0644]
LayoutTests/js/regress/ftl-polymorphic-StringFromCharCode.html [new file with mode: 0644]
LayoutTests/js/regress/script-tests/ftl-polymorphic-StringFromCharCode.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGClobberize.h
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/dfg/DFGOperations.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Source/JavaScriptCore/dfg/DFGValidate.cpp
Source/JavaScriptCore/runtime/JSCJSValueInlines.h