The put_by_id IC store barrier contract should benefit transition over replace
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 Sep 2015 17:00:05 +0000 (17:00 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 8 Sep 2015 17:00:05 +0000 (17:00 +0000)
commitde341e033f3851b9a0aa55ac79df5037419c1fc7
tree61f1cc21cb84d1627bcc6a1d11a549446a7064e8
parent1d0fb3660eca663521e73b4de418da17c5bb32a5
The put_by_id IC store barrier contract should benefit transition over replace
https://bugs.webkit.org/show_bug.cgi?id=148943

Reviewed by Mark Lam.

Previously, we would only emit a barrier if the value being stored was possibly a cell, so
the transition stub code generator would have to emit a barrier for the store of the
structure, just in case the structure was newer than the base object.

This changes the contract so that the put_by_id callsite would always have a barrier on the
base (except if it proved that the base was brand new). That way, the transition doesn't have
to have a barrier unless it allocates.

This is meant to be a perf-neutral change that I need for the IC refactoring in
https://bugs.webkit.org/show_bug.cgi?id=148717.

* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGStoreBarrierInsertionPhase.cpp:
* jit/Repatch.cpp:
(JSC::emitPutTransitionStub):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@189492 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp
Source/JavaScriptCore/jit/Repatch.cpp