DFG::operationNewArray is unnecessarily slow, and may use the wrong array prototype when inlined https://bugs.webkit.org/show_bug.cgi?id=89821 Source/JavaScriptCore: Reviewed by Geoffrey Garen. Fixes all array allocations to use the right structure, and hence the right prototype. Adds inlining of new Array(...) with a non-zero number of arguments. Optimizes allocations of empty arrays. * dfg/DFGAbstractState.cpp: (JSC::DFG::AbstractState::execute): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleConstantInternalFunction): * dfg/DFGCCallHelpers.h: (JSC::DFG::CCallHelpers::setupArgumentsWithExecState): (CCallHelpers): * dfg/DFGNodeType.h: (DFG): * dfg/DFGOperations.cpp: * dfg/DFGOperations.h: * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSpeculativeJIT.h: (JSC::DFG::SpeculativeJIT::callOperation): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * runtime/JSArray.h: (JSC): (JSC::constructArray): * runtime/JSGlobalObject.h: (JSC): (JSC::constructArray): LayoutTests: Rubber stamped by Geoffrey Garen. * fast/js/dfg-cross-global-object-inline-new-array-expected.txt: Added. * fast/js/dfg-cross-global-object-inline-new-array-literal-expected.txt: Added. * fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables-expected.txt: Added. * fast/js/dfg-cross-global-object-inline-new-array-literal-with-variables.html: Added. * fast/js/dfg-cross-global-object-inline-new-array-literal.html: Added. * fast/js/dfg-cross-global-object-inline-new-array-with-elements-expected.txt: Added. * fast/js/dfg-cross-global-object-inline-new-array-with-elements.html: Added. * fast/js/dfg-cross-global-object-inline-new-array-with-size-expected.txt: Added. * fast/js/dfg-cross-global-object-inline-new-array-with-size.html: Added. * fast/js/dfg-cross-global-object-inline-new-array.html: Added. * fast/js/script-tests/cross-global-object-inline-global-var.js: (done): * fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal-with-variables.js: Added. (foo): (done): (doit): * fast/js/script-tests/dfg-cross-global-object-inline-new-array-literal.js: Added. (foo): (done): (doit): * fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-elements.js: Added. (foo): (done): (doit): * fast/js/script-tests/dfg-cross-global-object-inline-new-array-with-size.js: Added. (foo): (done): (doit): * fast/js/script-tests/dfg-cross-global-object-inline-new-array.js: Added. (foo): (done): (doit): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121280 268f45cc-cd09-0410-ab3c-d52691b4dbfc

commit: 6c89cd3fdecaf5709b8f7b9f4dd1afb6c6a5cab5 [log] [tgz]
author: fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Tue Jun 26 19:42:05 2012 +0000
committer: fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Tue Jun 26 19:42:05 2012 +0000
tree: 51b153270152ac10e5948645bf82afcd02bfb0b4
parent: 68244f407eb69244c37c40001a200783c73da339 [diff] [blame]
diff --git a/Source/JavaScriptCore/runtime/JSArray.h b/Source/JavaScriptCore/runtime/JSArray.h
index c1a3a63..52c5913 100644
--- a/Source/JavaScriptCore/runtime/JSArray.h
+++ b/Source/JavaScriptCore/runtime/JSArray.h

@@ -380,7 +380,42 @@
     
         return size;
     }
+
+    inline JSArray* constructArray(ExecState* exec, Structure* arrayStructure, const ArgList& values)
+    {
+        JSGlobalData& globalData = exec->globalData();
+        unsigned length = values.size();
+        JSArray* array = JSArray::tryCreateUninitialized(globalData, arrayStructure, length);
+
+        // FIXME: we should probably throw an out of memory error here, but
+        // when making this change we should check that all clients of this
+        // function will correctly handle an exception being thrown from here.
+        if (!array)
+            CRASH();
+
+        for (unsigned i = 0; i < length; ++i)
+            array->initializeIndex(globalData, i, values.at(i));
+        array->completeInitialization(length);
+        return array;
+    }
     
-    } // namespace JSC
+    inline JSArray* constructArray(ExecState* exec, Structure* arrayStructure, const JSValue* values, unsigned length)
+    {
+        JSGlobalData& globalData = exec->globalData();
+        JSArray* array = JSArray::tryCreateUninitialized(globalData, arrayStructure, length);
+
+        // FIXME: we should probably throw an out of memory error here, but
+        // when making this change we should check that all clients of this
+        // function will correctly handle an exception being thrown from here.
+        if (!array)
+            CRASH();
+
+        for (unsigned i = 0; i < length; ++i)
+            array->initializeIndex(globalData, i, values[i]);
+        array->completeInitialization(length);
+        return array;
+    }
+
+} // namespace JSC
 
 #endif // JSArray_h
commit	6c89cd3fdecaf5709b8f7b9f4dd1afb6c6a5cab5	[log] [tgz]
author	fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Tue Jun 26 19:42:05 2012 +0000
committer	fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Tue Jun 26 19:42:05 2012 +0000
tree	51b153270152ac10e5948645bf82afcd02bfb0b4
parent	68244f407eb69244c37c40001a200783c73da339 [diff] [blame]