Diff - 69e2784d0cb640800bfd5b8b37fb56902d99e472^! - WebKit

commit	69e2784d0cb640800bfd5b8b37fb56902d99e472	[log] [tgz]
author	fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Wed Sep 19 21:43:10 2012 +0000
committer	fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Wed Sep 19 21:43:10 2012 +0000
tree	d0624caf08c442c3c9a8f1620c56a3a31c928c37
parent	1ca04beeadd91caa77a9b4c48d7b8486b7061e18 [diff] [blame]

DFG should not emit PutByVal hole case unless it has to https://bugs.webkit.org/show_bug.cgi?id=97080 Reviewed by Geoffrey Garen. This causes us to generate less code for typical PutByVal's. But if profiling tells us that the hole case is being hit, we generate the same code as we would have generated before. This seems like a slight speed-up across the board. * assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::store8): (MacroAssemblerARMv7): * assembler/MacroAssemblerX86.h: (MacroAssemblerX86): (JSC::MacroAssemblerX86::store8): * assembler/MacroAssemblerX86_64.h: (MacroAssemblerX86_64): (JSC::MacroAssemblerX86_64::store8): * assembler/X86Assembler.h: (X86Assembler): (JSC::X86Assembler::movb_i8m): * bytecode/ArrayProfile.h: (JSC::ArrayProfile::ArrayProfile): (JSC::ArrayProfile::addressOfMayStoreToHole): (JSC::ArrayProfile::mayStoreToHole): (ArrayProfile): * dfg/DFGArrayMode.cpp: (JSC::DFG::fromObserved): (JSC::DFG::modeAlreadyChecked): (JSC::DFG::modeToString): * dfg/DFGArrayMode.h: (DFG): (JSC::DFG::mayStoreToHole): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * jit/JIT.h: (JIT): * jit/JITInlineMethods.h: (JSC::JIT::emitArrayProfileStoreToHoleSpecialCase): (JSC): * jit/JITPropertyAccess.cpp: (JSC::JIT::emit_op_put_by_val): * jit/JITPropertyAccess32_64.cpp: (JSC::JIT::emit_op_put_by_val): * llint/LowLevelInterpreter32_64.asm: * llint/LowLevelInterpreter64.asm: git-svn-id: http://svn.webkit.org/repository/webkit/trunk@129045 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/jit/JITInlineMethods.h b/Source/JavaScriptCore/jit/JITInlineMethods.h index 302e109..a4f9107 100644 --- a/Source/JavaScriptCore/jit/JITInlineMethods.h +++ b/Source/JavaScriptCore/jit/JITInlineMethods.h

@@ -556,6 +556,14 @@ #endif } +inline void JIT::emitArrayProfileStoreToHoleSpecialCase(ArrayProfile* arrayProfile) +{ + if (!canBeOptimized()) + return; + + store8(TrustedImm32(1), arrayProfile->addressOfMayStoreToHole()); +} + #if USE(JSVALUE32_64) inline void JIT::emitLoadTag(int index, RegisterID tag)