Google Git
Sign in
webkit / WebKit / 9f46ddc56ff7a3c36f5aa6cbf23f2c713a7e9bce
commit9f46ddc56ff7a3c36f5aa6cbf23f2c713a7e9bce[log] [tgz]
authorbenjamin@webkit.org <benjamin@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Apr 30 04:40:55 2015 +0000
committerbenjamin@webkit.org <benjamin@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Apr 30 04:40:55 2015 +0000
treedace9bbfd1148340e32517c0157f2dc4babe17ed
parenta81819b15dda342e745c4240e3a383ee8ed7df5a [diff]
[JSC] Remove RageConvert array conversion
https://bugs.webkit.org/show_bug.cgi?id=144433

Patch by Benjamin Poulain <bpoulain@apple.com> on 2015-04-29
Reviewed by Filip Pizlo.

RageConvert was causing a subtle bug that was hitting the Kraken crypto tests
pretty hard:
-The indexing types shows that the array access varies between Int32 and DoubleArray.
-ArrayMode::fromObserved() decided to use the most generic type: DoubleArray.
 An Arrayify node would convert the Int32 to that type.
-Somewhere, a GetByVal or PutByVal would have the flag NodeBytecodeUsesAsInt. That
 node would use RageConvert instead of Convert.
-The Arrayify for that GetByVal with RageConvert would not convert the array to
 Contiguous.
-All the following array access that do not have the flag NodeBytecodeUsesAsInt would
 now expect a DoubleArray and always get a Contiguous Array. The CheckStructure
 fail systematically and we never get to run the later code.

Getting rid of RageConvert fixes the problem and does not seems to have any
negative side effect on other benchmarks.

The improvments on Kraken are:
    -stanford-crypto-aes: definitely 1.0915x faster.
    -stanford-crypto-pbkdf2: definitely 1.2446x faster.
    -stanford-crypto-sha256-iterative: definitely 1.0544x faster.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::refine):
(JSC::DFG::arrayConversionToString):
* dfg/DFGArrayMode.h:
* dfg/DFGArrayifySlowPathGenerator.h:
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGTypeCheckHoistingPhase.cpp:
(JSC::DFG::TypeCheckHoistingPhase::identifyRedundantStructureChecks):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileArrayifyToStructure):
* runtime/JSObject.cpp:
(JSC::JSObject::convertDoubleToContiguous):
(JSC::JSObject::ensureContiguousSlow):
(JSC::JSObject::genericConvertDoubleToContiguous): Deleted.
(JSC::JSObject::rageConvertDoubleToContiguous): Deleted.
(JSC::JSObject::rageEnsureContiguousSlow): Deleted.
* runtime/JSObject.h:
(JSC::JSObject::rageEnsureContiguous): Deleted.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@183615 268f45cc-cd09-0410-ab3c-d52691b4dbfc
13 files changed
tree: dace9bbfd1148340e32517c0157f2dc4babe17ed
  1. Examples/
  2. LayoutTests/
  3. ManualTests/
  4. PerformanceTests/
  5. Source/
  6. Tools/
  7. WebKit.xcworkspace/
  8. WebKitLibraries/
  9. Websites/
  10. .dir-locals.el
  11. .gitattributes
  12. .gitignore
  13. ChangeLog
  14. ChangeLog-2012-05-22
  15. CMakeLists.txt
  16. Makefile
  17. Makefile.shared