Allow CreateActivation sinking
https://bugs.webkit.org/show_bug.cgi?id=144300
Reviewed by Filip Pizlo.
Source/JavaScriptCore:
This pursues the work started in
https://bugs.webkit.org/show_bug.cgi?id=144016 to expand the set of
allocations we are able to sink by allowing sinking of CreateActivation
node.
This is achieved by following closely the way NewObject is currently
sunk: we add a new PhantomCreateActivation node to record the initial
position of the CreateActivation node, new ClosureVarPLoc promoted heap
locations to keep track of the variables put in the activation, and a
new MaterializeCreateActivation node to allocate and populate the sunk
activation.
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToPutClosureVarHint):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToPhantomCreateActivation):
(JSC::DFG::Node::isActivationAllocation):
(JSC::DFG::Node::isPhantomActivationAllocation):
(JSC::DFG::Node::isPhantomAllocation):
* dfg/DFGNodeType.h:
* dfg/DFGObjectAllocationSinkingPhase.cpp:
(JSC::DFG::ObjectAllocationSinkingPhase::lowerNonReadingOperationsOnPhantomAllocations):
(JSC::DFG::ObjectAllocationSinkingPhase::handleNode):
(JSC::DFG::ObjectAllocationSinkingPhase::createMaterialize):
(JSC::DFG::ObjectAllocationSinkingPhase::populateMaterialize):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGPromotedHeapLocation.cpp:
(WTF::printInternal):
* dfg/DFGPromotedHeapLocation.h:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGValidate.cpp:
(JSC::DFG::Validate::validateCPS):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileMaterializeCreateActivation):
* ftl/FTLOperations.cpp:
(JSC::FTL::operationMaterializeObjectInOSR):
* tests/stress/activation-sink-osrexit.js: Added.
(bar):
(foo.set result):
* tests/stress/activation-sink.js: Added.
(bar):
LayoutTests:
Add a performance test for activation allocation sinking.
* js/regress/script-tests/sink-huge-activation.js: Added.
(bar):
(foo):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@183812 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/js/regress/script-tests/sink-huge-activation.js b/LayoutTests/js/regress/script-tests/sink-huge-activation.js
new file mode 100644
index 0000000..c6c66ad
--- /dev/null
+++ b/LayoutTests/js/regress/script-tests/sink-huge-activation.js
@@ -0,0 +1,41 @@
+function bar() { }
+
+function foo(alpha) {
+ var x0 = 0;
+ var x1 = 0;
+ var x2 = 0;
+ var x3 = 0;
+ var x4 = 0;
+ var x5 = 0;
+ var x6 = 0;
+ var x7 = 0;
+ var x8 = 0;
+ var x9 = 0;
+ var x10 = 0;
+ var x11 = 0;
+ var x12 = 0;
+ var x13 = 0;
+ var x14 = 0;
+ var x15 = 0;
+ var x16 = 0;
+ var x17 = 0;
+ var x18 = 0;
+ var x19 = 0;
+ if (alpha) {
+ bar(function () {
+ return (x0 + x1 + x2 + x3 + x4 + x5 + x6 + x7 + x8 + x9 + x10 +
+ x11 + x12 + x13 + x14 + x15 + x16 + x17 + x18 + x19);
+ });
+ return x17;
+ }
+ return x12;
+}
+
+noInline(bar);
+noInline(foo);
+
+for (var i = 0; i < 1000000; i++) {
+ var result = foo(!(i % 1000));
+ if (result !== 0)
+ throw "Error: expected undefined, got " + result;
+}
