Allow DFGClobberize to return non-node constants that must be later created
authorbasile_clement@apple.com <basile_clement@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 May 2015 17:24:05 +0000 (17:24 +0000)
committerbasile_clement@apple.com <basile_clement@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 22 May 2015 17:24:05 +0000 (17:24 +0000)
commit29f2964684d35b43a11eccb05c269df2611392ce
tree449f960538ecfd4382a333723925a915d638399d
parent8411e762765e8c1d2c1302c461495c8798aca65d
Allow DFGClobberize to return non-node constants that must be later created
https://bugs.webkit.org/show_bug.cgi?id=145272

Reviewed by Filip Pizlo.

Source/JavaScriptCore:

This adds a new LazyNode class in DFG that represents either a Node*,
or a FrozenValue* with a way to convert it to a Node* provided a block
to insert it into. DFGClobberize is converted to use LazyNode instead
of Node* when def()'ing values, which allows to now define the array's
length as well as the value of its various fields in NewArray and
NewArrayBuffer nodes.

We also introduce a Vector<uint32_t> in DFG::Graph to collect all the
values that can be used as index, in order to avoid def()'ing too many
values at once for big NewArrayBuffers.

HeapLocation had to be updated to use a LazyNode as its index to be
able to define array values.

* CMakeLists.txt:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGCSEPhase.cpp:
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
(JSC::DFG::DefMethodClobberize::operator()):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::freezeFragile):
* dfg/DFGGraph.h:
* dfg/DFGHeapLocation.h:
(JSC::DFG::HeapLocation::HeapLocation):
(JSC::DFG::HeapLocation::index):
(JSC::DFG::HeapLocation::hash):
* dfg/DFGLazyNode.cpp: Added.
(JSC::DFG::LazyNode::dump):
* dfg/DFGLazyNode.h: Added.
(JSC::DFG::LazyNode::LazyNode):
(JSC::DFG::LazyNode::setNode):
(JSC::DFG::LazyNode::isHashTableDeletedValue):
(JSC::DFG::LazyNode::isNode):
(JSC::DFG::LazyNode::op):
(JSC::DFG::LazyNode::asNode):
(JSC::DFG::LazyNode::asValue):
(JSC::DFG::LazyNode::hash):
(JSC::DFG::LazyNode::operator==):
(JSC::DFG::LazyNode::operator!=):
(JSC::DFG::LazyNode::ensureIsNode):
(JSC::DFG::LazyNode::operator->):
(JSC::DFG::LazyNode::operator*):
(JSC::DFG::LazyNode::operator!):
(JSC::DFG::LazyNode::operator UnspecifiedBoolType*):
(JSC::DFG::LazyNode::setFrozenValue):
* dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::PreciseLocalClobberizeAdaptor::def):
* dfg/DFGPutStackSinkingPhase.cpp:

LayoutTests:

* js/regress/script-tests/cse-new-array-buffer.js: Added.
(foo):
* js/regress/script-tests/cse-new-array.js: Added.
(foo):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@184776 268f45cc-cd09-0410-ab3c-d52691b4dbfc
17 files changed:
LayoutTests/ChangeLog
LayoutTests/js/regress/script-tests/cse-new-array-buffer.js [new file with mode: 0644]
LayoutTests/js/regress/script-tests/cse-new-array.js [new file with mode: 0644]
Source/JavaScriptCore/CMakeLists.txt
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj
Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/dfg/DFGCSEPhase.cpp
Source/JavaScriptCore/dfg/DFGClobberize.h
Source/JavaScriptCore/dfg/DFGGraph.cpp
Source/JavaScriptCore/dfg/DFGGraph.h
Source/JavaScriptCore/dfg/DFGHeapLocation.h
Source/JavaScriptCore/dfg/DFGLazyNode.cpp [new file with mode: 0644]
Source/JavaScriptCore/dfg/DFGLazyNode.h [new file with mode: 0644]
Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h
Source/JavaScriptCore/dfg/DFGPutStackSinkingPhase.cpp