commit 406c2f859dca4efd418f85a2e6f4a402218f62d6
author akling@apple.com <akling@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Tue Jun 16 18:38:04 2015 +0000
committer akling@apple.com <akling@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Tue Jun 16 18:38:04 2015 +0000
tree 7fec4d068a1457130022b7887dcb681db70bc804
parent cb292d8282c1a9e6223470c3e0782cf91e533c72

[JSC] Pre-bake final Structure for RegExp matches arrays.
<https://webkit.org/b/146006>

Reviewed by Darin Adler.

Since we always add the "index" and "input" fields to RegExp matches arrays,
cache a finished structure on the global object so we can create these arrays without
starting from scratch with a bare array every time.

10% progression on Octane/regexp (on my MBP.)

* runtime/JSArray.h:
(JSC::JSArray::create):
(JSC::JSArray::tryCreateUninitialized):
(JSC::JSArray::createWithButterfly): Factored out JSArray construction into a helper
so we can call this from RegExpMatchesArray.cpp.

* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::regExpMatchesArrayStructure): Add a cached Structure for RegExp
subpattern matches arrays.

* runtime/JSObject.h:
(JSC::JSNonFinalObject::finishCreation): Tweak assertion that used to check that
JSNonFinalObjects always start out with zero capacity. Since RegExp matches arrays now
start out with capacity for 2 properties, that won't work. Change it to check that we
don't have inline storage instead, since that should only be used by final objects.

* runtime/RegExpMatchesArray.h:
* runtime/RegExpMatchesArray.cpp:
(JSC::tryCreateUninitializedRegExpMatchesArray): Helper to construct a JSArray with
the cached Structure and a Butterfly with 2 slots of property storage.

(JSC::createRegExpMatchesArray):
(JSC::createRegExpMatchesArrayStructure): Creates the array Structure that gets cached
by the JSGlobalObject.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@185597 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/runtime/JSArray.h

diff --git a/Source/JavaScriptCore/runtime/JSArray.h b/Source/JavaScriptCore/runtime/JSArray.h
index b76fc9b..af061507 100644
--- a/Source/JavaScriptCore/runtime/JSArray.h
+++ b/Source/JavaScriptCore/runtime/JSArray.h
@@ -53,6 +53,7 @@
 
 public:
     static JSArray* create(VM&, Structure*, unsigned initialLength = 0);
+    static JSArray* createWithButterfly(VM&, Structure*, Butterfly*);
 
     // tryCreateUninitialized is used for fast construction of arrays whose size and
     // contents are known at time of creation. Clients of this interface must:
@@ -213,9 +214,8 @@
             || structure->indexingType() == ArrayWithArrayStorage);
         butterfly = createArrayButterfly(vm, 0, initialLength);
     }
-    JSArray* array = new (NotNull, allocateCell<JSArray>(vm.heap)) JSArray(vm, structure, butterfly);
-    array->finishCreation(vm);
-    return array;
+
+    return createWithButterfly(vm, structure, butterfly);
 }
 
 inline JSArray* JSArray::tryCreateUninitialized(VM& vm, Structure* structure, unsigned initialLength)
@@ -253,7 +253,12 @@
         storage->m_sparseMap.clear();
         storage->m_numValuesInVector = initialLength;
     }
-        
+
+    return createWithButterfly(vm, structure, butterfly);
+}
+
+inline JSArray* JSArray::createWithButterfly(VM& vm, Structure* structure, Butterfly* butterfly)
+{
     JSArray* array = new (NotNull, allocateCell<JSArray>(vm.heap)) JSArray(vm, structure, butterfly);
     array->finishCreation(vm);
     return array;