Google Git
Sign in
webkit / WebKit / 8bc562d0ad264aaa837adab87d03ea5ce25bd9ee^! / . / Source / JavaScriptCore / dfg / DFGAbstractInterpreterInlines.h
commit8bc562d0ad264aaa837adab87d03ea5ce25bd9ee[log] [tgz]
authorcaitp@igalia.com <caitp@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Mon Nov 14 21:14:15 2016 +0000
committercaitp@igalia.com <caitp@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Mon Nov 14 21:14:15 2016 +0000
tree8ff8ccc593cfcad5d08532ff7337c715e0900914
parentefb8ce40b2dc4ae5baed8a42a36cdbac42942e19 [diff] [blame]
[JSC] Handle new_async_func / new_async_func_exp in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=164037

Reviewed by Yusuke Suzuki.

JSTests:

Add tests based on tests from https://trac.webkit.org/changeset/194216.

* asyncFunctionTests.yaml:
* stress/async-function-create-nobaseline.js: Added.
* stress/async-function-create-optimized.js: Added.
* stress/async-function-declaration-sinking-no-double-allocate.js: Added.
* stress/async-function-declaration-sinking-osrexit.js: Added.
* stress/async-function-declaration-sinking-put.js: Added.
* stress/async-function-expression-sinking-no-double-allocate.js: Added.
* stress/async-function-expression-sinking-osrexit.js: Added.
* stress/async-function-expression-sinking-put.js: Added.

Source/JavaScriptCore:

This patch introduces new_async_func / new_async_func_exp into DFG and FTL,
in much the same capacity that https://trac.webkit.org/changeset/194216 added
DFG / FTL support for generators: by adding new DFG nodes (NewAsyncFunction and
PhantomNewAsyncFunction), rather than extending the existing NewFunction node type.

Like NewFunction and PhantomNewFunction, and the Generator variants, allocation of
async wrapper functions may be deferred or eliminated during the allocation sinking
phase.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGCapabilities.cpp:
(JSC::DFG::capabilityLevel):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGClobbersExitState.cpp:
(JSC::DFG::clobbersExitState):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGMayExit.cpp:
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToPhantomNewFunction):
(JSC::DFG::Node::convertToPhantomNewAsyncFunction):
(JSC::DFG::Node::hasCellOperand):
(JSC::DFG::Node::isFunctionAllocation):
(JSC::DFG::Node::isPhantomFunctionAllocation):
(JSC::DFG::Node::isPhantomAllocation):
* dfg/DFGNodeType.h:
* dfg/DFGObjectAllocationSinkingPhase.cpp:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileNewFunction):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStoreBarrierInsertionPhase.cpp:
* dfg/DFGStructureRegistrationPhase.cpp:
(JSC::DFG::StructureRegistrationPhase::run):
* dfg/DFGValidate.cpp:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewFunction):
* ftl/FTLOperations.cpp:
(JSC::FTL::operationPopulateObjectInOSR):
(JSC::FTL::operationMaterializeObjectInOSR):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::asyncFunctionPrototype):
(JSC::JSGlobalObject::asyncFunctionStructure):
(JSC::JSGlobalObject::lazyAsyncFunctionStructure): Deleted.
(JSC::JSGlobalObject::asyncFunctionPrototypeConcurrently): Deleted.
(JSC::JSGlobalObject::asyncFunctionStructureConcurrently): Deleted.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@208704 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
index 8c7e631..5df4da3 100644
--- a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
+++ b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h

@@ -1970,6 +1970,7 @@
     case PhantomNewObject:
     case PhantomNewFunction:
     case PhantomNewGeneratorFunction:
+    case PhantomNewAsyncFunction:
     case PhantomCreateActivation:
     case PhantomDirectArguments:
     case PhantomClonedArguments:
@@ -2014,6 +2015,11 @@
             m_graph, m_codeBlock->globalObjectFor(node->origin.semantic)->generatorFunctionStructure());
         break;
 
+    case NewAsyncFunction:
+        forNode(node).set(
+            m_graph, m_codeBlock->globalObjectFor(node->origin.semantic)->asyncFunctionStructure());
+        break;
+
     case NewFunction:
         forNode(node).set(
             m_graph, m_codeBlock->globalObjectFor(node->origin.semantic)->functionStructure());