Google Git
Sign in
webkit / WebKit / a387b6a3bfd4c5171812a03f32eadc3c04e71fd5^! / . / Source / JavaScriptCore / dfg / DFGFixupPhase.cpp
commita387b6a3bfd4c5171812a03f32eadc3c04e71fd5[log] [tgz]
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Nov 01 07:41:43 2012 +0000
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Thu Nov 01 07:41:43 2012 +0000
tree6f544a7d9448388ef7eff8415253e396377bd501
parentf5754fb1a339e191a3ad11f885184d6917531688 [diff] [blame]
DFG optimized string access code should be enabled
https://bugs.webkit.org/show_bug.cgi?id=100825

Reviewed by Oliver Hunt.

- Removes prediction checks from the parser.
        
- Fixes the handling of array mode refinement for strings. I.e. we don't do
  any refinement - we already know it's going to be a string. We could
  revisit this in the future, but for now the DFG lacks the ability to
  handle any array modes other than Array::String for string intrinsics, so
  this is as good as it gets.
        
- Removes uses of isBlahSpeculation for checking if a mode is already
  checked. isBlahSpeculation implicitly checks if the SpeculatedType is not
  BOTTOM ("empty"), which breaks for checking if a mode is already checked
  since a mode may already be "checked" in the sense that we've proven that
  the code is unreachable.
        
~1% speed-up on V8v7, mostly from a speed-up on crypto, which uses string
intrinsics in one of the hot functions.

* bytecode/SpeculatedType.h:
(JSC::speculationChecked):
(JSC):
* dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::alreadyChecked):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsic):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@133135 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
index 670b972..5a76aa8 100644
--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp

@@ -127,9 +127,7 @@
             ASSERT(node.arrayMode().canCSEStorage());
             break;
         }
-        case GetByVal:
-        case StringCharAt:
-        case StringCharCodeAt: {
+        case GetByVal: {
             node.setArrayMode(
                 node.arrayMode().refine(
                     m_graph[node.child1()].prediction(),
@@ -138,6 +136,13 @@
             blessArrayOperation(node.child1(), node.child2(), 2);
             break;
         }
+        case StringCharAt:
+        case StringCharCodeAt: {
+            // Currently we have no good way of refining these.
+            ASSERT(node.arrayMode() == ArrayMode(Array::String));
+            blessArrayOperation(node.child1(), node.child2(), 2);
+            break;
+        }
             
         case ArrayPush: {
             blessArrayOperation(node.child1(), node.child2(), 2);