Butterfly storage need not be initialized for indexing type Undecided.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 18 Jul 2017 22:40:59 +0000 (22:40 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 18 Jul 2017 22:40:59 +0000 (22:40 +0000)
https://bugs.webkit.org/show_bug.cgi?id=174516

Reviewed by Saam Barati.

While it's not incorrect to initialize the butterfly storage when the
indexingType is Undecided, it is inefficient as we'll end up initializing
it again later when we convert the storage to a different indexingType.
Some of our code already skips initializing Undecided butterflies.
This patch makes it the consistent behavior everywhere.

* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
* runtime/JSArray.cpp:
(JSC::JSArray::tryCreateUninitializedRestricted):
* runtime/JSArray.h:
(JSC::JSArray::tryCreate):
* runtime/JSObject.cpp:
(JSC::JSObject::ensureLengthSlow):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@219636 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/runtime/JSArray.cpp
Source/JavaScriptCore/runtime/JSArray.h
Source/JavaScriptCore/runtime/JSObject.cpp

index 549a41c..300ac99 100644 (file)
@@ -1,3 +1,25 @@
+2017-07-18  Mark Lam  <mark.lam@apple.com>
+
+        Butterfly storage need not be initialized for indexing type Undecided.
+        https://bugs.webkit.org/show_bug.cgi?id=174516
+
+        Reviewed by Saam Barati.
+
+        While it's not incorrect to initialize the butterfly storage when the
+        indexingType is Undecided, it is inefficient as we'll end up initializing
+        it again later when we convert the storage to a different indexingType.
+        Some of our code already skips initializing Undecided butterflies.
+        This patch makes it the consistent behavior everywhere.
+
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::emitAllocateRawObject):
+        * runtime/JSArray.cpp:
+        (JSC::JSArray::tryCreateUninitializedRestricted):
+        * runtime/JSArray.h:
+        (JSC::JSArray::tryCreate):
+        * runtime/JSObject.cpp:
+        (JSC::JSObject::ensureLengthSlow):
+
 2017-07-18  Saam Barati  <sbarati@apple.com>
 
         AirLowerAfterRegAlloc may incorrectly use a callee save that's live as a scratch register
index 02c77a4..92e082f 100644 (file)
@@ -139,7 +139,7 @@ void SpeculativeJIT::emitAllocateRawObject(GPRReg resultGPR, RegisteredStructure
         slowCases, this, operationNewRawObject, resultGPR, storageGPR,
         structure, vectorLength));
 
-    if (numElements < vectorLength) {
+    if (numElements < vectorLength && LIKELY(!hasUndecided(structure->indexingType()))) {
 #if USE(JSVALUE64)
         if (hasDouble(structure->indexingType()))
             m_jit.move(TrustedImm64(bitwise_cast<int64_t>(PNaN)), scratchGPR);
index f10ed9d..670763a 100644 (file)
@@ -91,7 +91,7 @@ JSArray* JSArray::tryCreateUninitializedRestricted(ObjectInitializationScope& sc
         if (hasDouble(indexingType)) {
             for (; i < vectorLength; ++i)
                 butterfly->contiguousDouble()[i] = PNaN;
-        } else {
+        } else if (LIKELY(!hasUndecided(indexingType))) {
             for (; i < vectorLength; ++i)
                 butterfly->contiguous()[i].clear();
         }
index d36358d..ef07461 100644 (file)
@@ -239,7 +239,7 @@ inline JSArray* JSArray::tryCreate(VM& vm, Structure* structure, unsigned initia
         butterfly->setPublicLength(initialLength);
         if (hasDouble(indexingType))
             clearArray(butterfly->contiguousDouble().data(), vectorLength);
-        else
+        else if (LIKELY(!hasUndecided(indexingType)))
             clearArray(butterfly->contiguous().data(), vectorLength);
     } else {
         ASSERT(
index 5148259..594e5e2 100644 (file)
@@ -3167,7 +3167,7 @@ bool JSObject::ensureLengthSlow(VM& vm, unsigned length)
     if (hasDouble(indexingType())) {
         for (unsigned i = oldVectorLength; i < newVectorLength; ++i)
             butterfly->indexingPayload<double>()[i] = PNaN;
-    } else {
+    } else if (LIKELY(!hasUndecided(indexingType()))) {
         for (unsigned i = oldVectorLength; i < newVectorLength; ++i)
             butterfly->indexingPayload<WriteBarrier<Unknown>>()[i].clear();
     }