Google Git
Sign in
webkit / WebKit / 1ffdcff17ce8997ac57bc5307e5c5c6d168ba7c8^! / . / Source / JavaScriptCore / runtime / Structure.h
commit1ffdcff17ce8997ac57bc5307e5c5c6d168ba7c8[log] [tgz]
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Jul 19 00:30:34 2012 +0000
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Jul 19 00:30:34 2012 +0000
tree9cb4f2dede57a95211efa424bb1ff3eac20cab0a
parent013243d1fe34278c17ccee825fe522347fe1adb2 [diff] [blame]
DFG should emit inline code for property storage (re)allocation
https://bugs.webkit.org/show_bug.cgi?id=91597

Reviewed by Oliver Hunt.

This adds two new ops to the DFG IR: AllocatePropertyStorage and
ReallocatePropertyStorage. It enables these to interact properly with
CSE so that a GetPropertyStorage on something for which we have
obviously done a (Re)AllocatePropertyStorage will result in the
GetPropertyStorage being eliminated. Other than that, the code
emitted for these ops is identical to the code we were emitting in
the corresponding PutById stub.

* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::execute):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCSEPhase.cpp:
(JSC::DFG::CSEPhase::putStructureStoreElimination):
(JSC::DFG::CSEPhase::getPropertyStorageLoadElimination):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasStructureTransitionData):
* dfg/DFGNodeType.h:
(DFG):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileAllocatePropertyStorage):
(DFG):
(JSC::DFG::SpeculativeJIT::compileReallocatePropertyStorage):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::callOperation):
(SpeculativeJIT):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* runtime/Structure.cpp:
(JSC::nextOutOfLineStorageCapacity):
* runtime/Structure.h:
(JSC):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@123052 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/runtime/Structure.h b/Source/JavaScriptCore/runtime/Structure.h
index d2d025b..712ea6bb 100644
--- a/Source/JavaScriptCore/runtime/Structure.h
+++ b/Source/JavaScriptCore/runtime/Structure.h

@@ -53,6 +53,15 @@
     class SlotVisitor;
     class JSString;
 
+    // The out-of-line property storage capacity to use when first allocating out-of-line
+    // storage. Note that all objects start out without having any out-of-line storage;
+    // this comes into play only on the first property store that exhausts inline storage.
+    static const unsigned initialOutOfLineCapacity = 4;
+
+    // The factor by which to grow out-of-line storage when it is exhausted, after the
+    // initial allocation.
+    static const unsigned outOfLineGrowthFactor = 2;
+
     class Structure : public JSCell {
     public:
         friend class StructureTransitionTable;