Google Git
Sign in
webkit / WebKit / 81c360ed7d3e9335a2c30f0bbb5fa3b3462a6b41^! / . / Source / JavaScriptCore / dfg / DFGAbstractState.cpp
commit81c360ed7d3e9335a2c30f0bbb5fa3b3462a6b41[log] [tgz]
authorggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Sep 14 02:17:01 2012 +0000
committerggaren@apple.com <ggaren@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Fri Sep 14 02:17:01 2012 +0000
tree5f1d1cc9f97ebfe6a26300c6cc73f5d28fd4d507
parentb331ec22aaf9523ed8bbb5fe83809a9f86c1e319 [diff] [blame]
Refactored the DFG to make fewer assumptions about variable capture
https://bugs.webkit.org/show_bug.cgi?id=96680

Reviewed by Gavin Barraclough.

A variable capture optimization patch I'm working on broke DFG
correctness and the arguments simplification optimization phase, so I've
refactored both to make fewer assumptions about variable capture.

* bytecode/CodeBlock.h:
(JSC::CodeBlock::isCaptured): This is the new One True Way to find out
if a variable was captured. This gives us a single point of maintenance
as we chagne capture behavior.

* dfg/DFGAbstractState.cpp:
(JSC::DFG::AbstractState::clobberCapturedVars): Don't assume that captured
variables have any particular location. Instead, ask the One True Function.

* dfg/DFGArgumentsSimplificationPhase.cpp:
(JSC::DFG::ArgumentsSimplificationPhase::run):
(JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
(JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize): Mechanical
changes to separate being captured from being 'arguments'. What used
to be
        if (captured)
                if (arguments)
                        x
                y
is now
        if (arguments)
                x
                y
        else if (captured)
                y

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::getLocal):
(JSC::DFG::ByteCodeParser::setLocal):
(JSC::DFG::ByteCodeParser::getArgument):
(JSC::DFG::ByteCodeParser::setArgument):
(JSC::DFG::ByteCodeParser::flushDirect):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile): Use the One True Function.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@128544 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/dfg/DFGAbstractState.cpp b/Source/JavaScriptCore/dfg/DFGAbstractState.cpp
index f6145c1..b860a73 100644
--- a/Source/JavaScriptCore/dfg/DFGAbstractState.cpp
+++ b/Source/JavaScriptCore/dfg/DFGAbstractState.cpp

@@ -1522,11 +1522,14 @@
             m_variables.local(i).makeTop();
         }
     } else {
-        for (size_t i = m_codeBlock->m_numCapturedVars; i--;)
-            m_variables.local(i).makeTop();
+        for (size_t i = m_codeBlock->m_numVars; i--;) {
+            if (m_codeBlock->isCaptured(i))
+                m_variables.local(i).makeTop();
+        }
     }
-    if (m_codeBlock->argumentsAreCaptured()) {
-        for (size_t i = m_variables.numberOfArguments(); i--;)
+
+    for (size_t i = m_variables.numberOfArguments(); i--;) {
+        if (m_codeBlock->isCaptured(argumentToOperand(i)))
             m_variables.argument(i).makeTop();
     }
 }