commit 304fbcaaafdb95c5a3579a074516bbd782473196
author fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Mon Dec 17 21:38:51 2012 +0000
committer fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Mon Dec 17 21:38:51 2012 +0000
tree add00f5ac05455e7d46dde2a579ce5b166217df0
parent 98ff48ae0d7612550c3860a928c1fb7fa2aae5f1

Rationalize array profiling for out-of-bounds and hole cases
https://bugs.webkit.org/show_bug.cgi?id=105139

Reviewed by Geoffrey Garen.

This makes ArrayProfile track whether or not we had out-of-bounds, which allows
for more precise decision-making in the DFG.
        
Also cleaned up ExitKinds for out-of-bounds and hole cases to make it easier to
look at them in the profiler.
        
Slight speed-up (5-8%) on SunSpider/crypto-md5.

* bytecode/ArrayProfile.cpp:
(JSC::ArrayProfile::computeUpdatedPrediction):
(JSC::ArrayProfile::briefDescription):
* bytecode/ArrayProfile.h:
(JSC::ArrayProfile::ArrayProfile):
(JSC::ArrayProfile::addressOfOutOfBounds):
(JSC::ArrayProfile::expectedStructure):
(JSC::ArrayProfile::structureIsPolymorphic):
(JSC::ArrayProfile::outOfBounds):
(JSC::ArrayProfile::polymorphicStructure):
* bytecode/CodeBlock.cpp:
(JSC::dumpChain):
* bytecode/ExitKind.cpp:
(JSC::exitKindToString):
(JSC::exitKindIsCountable):
* bytecode/ExitKind.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getArrayModeAndEmitChecks):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* jit/JIT.h:
* jit/JITInlines.h:
(JSC::JIT::emitArrayProfileOutOfBoundsSpecialCase):
* jit/JITPropertyAccess.cpp:
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emitSlow_op_put_by_val):
* jit/JITPropertyAccess32_64.cpp:
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emitSlow_op_put_by_val):
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137937 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/bytecode/ExitKind.h

diff --git a/Source/JavaScriptCore/bytecode/ExitKind.h b/Source/JavaScriptCore/bytecode/ExitKind.h
index 5578765..2fafeb8c 100644
--- a/Source/JavaScriptCore/bytecode/ExitKind.h
+++ b/Source/JavaScriptCore/bytecode/ExitKind.h
@@ -36,7 +36,10 @@
     BadIndexingType, // We exited because an indexing type was wrong.
     Overflow, // We exited because of overflow.
     NegativeZero, // We exited because we encountered negative zero.
+    StoreToHole, // We had a store to a hole.
+    LoadFromHole, // We had a load from a hole.
     OutOfBounds, // We had an out-of-bounds access to an array.
+    StoreToHoleOrOutOfBounds, // We're simultaneously speculating that we're in bounds and not accessing a hole, and one of those things didn't pan out.
     InadequateCoverage, // We exited because we ended up in code that didn't have profiling coverage.
     ArgumentsEscaped, // We exited because arguments escaped but we didn't expect them to.
     Uncountable, // We exited for none of the above reasons, and we should not count it. Most uses of this should be viewed as a FIXME.