Prediction tracking is not precise enough
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Sep 2011 20:35:43 +0000 (20:35 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 14 Sep 2011 20:35:43 +0000 (20:35 +0000)
commitd6e9eab82799e33295385c8fad01aafb820391d3
treef56d1a3ee05e456d2e15c3f0b86322edc2f997a2
parent5b2ac87322334ce8301b674e714b0ad3af956094
Prediction tracking is not precise enough
https://bugs.webkit.org/show_bug.cgi?id=67993

Reviewed by Oliver Hunt.

Added a richer set of type predictions, including JSFinalObject, JSString,
object that is not a JSFinalObject or JSArray (ObjectOther), some object
but we don't or care know what kind (SomeObject), definitely an object,
cell that is not an object or JSString, an value that is none of the above
(so either Undefined or Null). Made the propagator and value profiler work
with the new types.

Performance is neutral, because the DFG JIT does not take advantage of this
new knowledge yet.

In the process of writing predictionToString() (which is now considerably
more complex) I decided to finally add a BoundsCheckedPointer, which
should come in handy in other places, like at least the OSR scratch buffer
and the CompactJITCodeMap. It's great for cases where you want to
do pointer arithmetic, you want to have assertions about the
pointer not going out of bounds, but you don't want to write those
assertions yourself.

This also required refactoring inherits(), since the ValueProfiler may
want to do the equivalent of inherits() but given two ClassInfo's.

* GNUmakefile.list.am:
* JavaScriptCore.vcproj/WTF/WTF.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/PredictedType.cpp: Added.
(JSC::predictionToString):
(JSC::makePrediction):
(JSC::predictionFromValue):
* bytecode/PredictedType.h:
(JSC::isCellPrediction):
(JSC::isObjectPrediction):
(JSC::isFinalObjectPrediction):
(JSC::isStringPrediction):
(JSC::mergePredictions):
* bytecode/ValueProfile.h:
(JSC::ValueProfile::numberOfObjects):
(JSC::ValueProfile::numberOfFinalObjects):
(JSC::ValueProfile::numberOfStrings):
(JSC::ValueProfile::probabilityOfObject):
(JSC::ValueProfile::probabilityOfFinalObject):
(JSC::ValueProfile::probabilityOfString):
(JSC::ValueProfile::dump):
(JSC::ValueProfile::Statistics::Statistics):
(JSC::ValueProfile::computeStatistics):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::stronglyPredict):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGNode.h:
(JSC::DFG::Node::predict):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateNode):
* runtime/ClassInfo.h:
(JSC::ClassInfo::isSubClassOf):
* runtime/JSObject.h:
(JSC::JSCell::inherits):
* wtf/BoundsCheckedPointer.h: Added.
(WTF::BoundsCheckedPointer::BoundsCheckedPointer):
(WTF::BoundsCheckedPointer::operator=):
(WTF::BoundsCheckedPointer::operator+=):
(WTF::BoundsCheckedPointer::operator-=):
(WTF::BoundsCheckedPointer::operator+):
(WTF::BoundsCheckedPointer::operator-):
(WTF::BoundsCheckedPointer::operator++):
(WTF::BoundsCheckedPointer::operator--):
(WTF::BoundsCheckedPointer::operator<):
(WTF::BoundsCheckedPointer::operator<=):
(WTF::BoundsCheckedPointer::operator>):
(WTF::BoundsCheckedPointer::operator>=):
(WTF::BoundsCheckedPointer::operator==):
(WTF::BoundsCheckedPointer::operator!=):
(WTF::BoundsCheckedPointer::operator!):
(WTF::BoundsCheckedPointer::get):
(WTF::BoundsCheckedPointer::operator*):
(WTF::BoundsCheckedPointer::operator[]):
(WTF::BoundsCheckedPointer::strcat):
(WTF::BoundsCheckedPointer::validate):
* wtf/CMakeLists.txt:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@95115 268f45cc-cd09-0410-ab3c-d52691b4dbfc
16 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/GNUmakefile.list.am
Source/JavaScriptCore/JavaScriptCore.vcproj/WTF/WTF.vcproj
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/bytecode/PredictedType.cpp [new file with mode: 0644]
Source/JavaScriptCore/bytecode/PredictedType.h
Source/JavaScriptCore/bytecode/ValueProfile.h
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGGraph.cpp
Source/JavaScriptCore/dfg/DFGNode.h
Source/JavaScriptCore/dfg/DFGPropagator.cpp
Source/JavaScriptCore/runtime/ClassInfo.h
Source/JavaScriptCore/runtime/JSObject.h
Source/JavaScriptCore/wtf/BoundsCheckedPointer.h [new file with mode: 0644]
Source/JavaScriptCore/wtf/CMakeLists.txt
Source/JavaScriptCore/wtf/Platform.h