DFG JIT cannot compile op_new_object, op_new_array,
[WebKit.git] / Source / JavaScriptCore / ChangeLog
index a691225..159d5bd 100644 (file)
@@ -1,5 +1,42 @@
 2011-09-27  Filip Pizlo  <fpizlo@apple.com>
 
+        DFG JIT cannot compile op_new_object, op_new_array,
+        op_new_array_buffer, or op_new_regexp
+        https://bugs.webkit.org/show_bug.cgi?id=68580
+
+        Reviewed by Oliver Hunt.
+        
+        This implements all four opcodes, but has op_new_regexp turns off
+        by default because it unveils some bad speculation logic when
+        compiling string-validate-input.
+        
+        With op_new_regexp turned off, this is a 5% win on Kraken and a
+        0.7% speed-up on V8. Neutral on SunSpider.
+
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        * dfg/DFGCapabilities.h:
+        (JSC::DFG::canCompileOpcode):
+        * dfg/DFGJITCodeGenerator.h:
+        (JSC::DFG::callOperation):
+        * dfg/DFGNode.h:
+        (JSC::DFG::Node::hasConstantBuffer):
+        (JSC::DFG::Node::startConstant):
+        (JSC::DFG::Node::numConstants):
+        (JSC::DFG::Node::hasRegexpIndex):
+        (JSC::DFG::Node::regexpIndex):
+        * dfg/DFGOperations.cpp:
+        * dfg/DFGOperations.h:
+        * dfg/DFGPropagator.cpp:
+        (JSC::DFG::Propagator::propagateNodePredictions):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::emitAllocateJSFinalObject):
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGSpeculativeJIT.h:
+        (JSC::DFG::SpeculativeJIT::isKnownArray):
+
+2011-09-27  Filip Pizlo  <fpizlo@apple.com>
+
         DFG JIT should speculate more aggressively on reads of array.length
         https://bugs.webkit.org/show_bug.cgi?id=68932