Google Git
Sign in
webkit / WebKit / a4990a51723f7c4886628215495c5d0bddc1895c / . / Source / JavaScriptCore / dfg / DFGAbstractInterpreterInlines.h
blob: cc05a94e852b79e5213242679d5d6ef5792c64af [file] [log] [blame]
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1/*
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]2 * Copyright (C) 2013 Apple Inc. All rights reserved.
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]26#ifndef DFGAbstractInterpreterInlines_h
27#define DFGAbstractInterpreterInlines_h
28
29#include <wtf/Platform.h>
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]30
31#if ENABLE(DFG_JIT)
32
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]33#include "DFGAbstractInterpreter.h"
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]34#include "GetByIdStatus.h"
oliver@apple.come722ad02013-01-09 02:37:29 +0000[diff] [blame]35#include "Operations.h"
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]36#include "PutByIdStatus.h"
fpizlo@apple.com0e6e1542013-03-18 18:09:22 +0000[diff] [blame]37#include "StringObject.h"
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]38
39namespace JSC { namespace DFG {
40
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]41template<typename AbstractStateType>
42AbstractInterpreter<AbstractStateType>::AbstractInterpreter(Graph& graph, AbstractStateType& state)
fpizlo@apple.comadf274c2012-02-18 07:56:10 +0000[diff] [blame]43 : m_codeBlock(graph.m_codeBlock)
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]44 , m_graph(graph)
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]45 , m_state(state)
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]46{
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]47}
48
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]49template<typename AbstractStateType>
50AbstractInterpreter<AbstractStateType>::~AbstractInterpreter()
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]51{
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]52}
53
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]54template<typename AbstractStateType>
55typename AbstractInterpreter<AbstractStateType>::BooleanResult
56AbstractInterpreter<AbstractStateType>::booleanResult(
57 Node* node, AbstractValue& value)
fpizlo@apple.com367a1102012-11-10 23:33:29 +0000[diff] [blame]58{
59 JSValue childConst = value.value();
60 if (childConst) {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]61 if (childConst.toBoolean(m_codeBlock->globalObjectFor(node->codeOrigin)->globalExec()))
fpizlo@apple.com367a1102012-11-10 23:33:29 +0000[diff] [blame]62 return DefinitelyTrue;
63 return DefinitelyFalse;
64 }
65
66 // Next check if we can fold because we know that the source is an object or string and does not equal undefined.
67 if (isCellSpeculation(value.m_type)
68 && value.m_currentKnownStructure.hasSingleton()) {
69 Structure* structure = value.m_currentKnownStructure.singleton();
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]70 if (!structure->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->codeOrigin))
fpizlo@apple.com367a1102012-11-10 23:33:29 +0000[diff] [blame]71 && structure->typeInfo().type() != StringType)
72 return DefinitelyTrue;
73 }
74
75 return UnknownBooleanResult;
76}
77
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]78template<typename AbstractStateType>
79bool AbstractInterpreter<AbstractStateType>::startExecuting(Node* node)
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]80{
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]81 ASSERT(m_state.block());
82 ASSERT(m_state.isValid());
fpizlo@apple.comb75911b2012-06-13 20:53:52 +0000[diff] [blame]83
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]84 m_state.setDidClobber(false);
fpizlo@apple.comb75911b2012-06-13 20:53:52 +0000[diff] [blame]85
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]86 node->setCanExit(false);
87
oliver@apple.com96feafa2013-07-25 04:04:57 +0000[diff] [blame]88 return node->shouldGenerate();
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]89}
90
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]91template<typename AbstractStateType>
92bool AbstractInterpreter<AbstractStateType>::startExecuting(unsigned indexInBlock)
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]93{
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]94 return startExecuting(m_state.block()->at(indexInBlock));
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]95}
96
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]97template<typename AbstractStateType>
98void AbstractInterpreter<AbstractStateType>::executeEdges(Node* node)
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]99{
100 DFG_NODE_DO_TO_CHILDREN(m_graph, node, filterEdgeByUse);
101}
102
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]103template<typename AbstractStateType>
104void AbstractInterpreter<AbstractStateType>::executeEdges(unsigned indexInBlock)
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]105{
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]106 executeEdges(m_state.block()->at(indexInBlock));
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]107}
108
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]109template<typename AbstractStateType>
110void AbstractInterpreter<AbstractStateType>::verifyEdge(Node*, Edge edge)
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]111{
112 RELEASE_ASSERT(!(forNode(edge).m_type & ~typeFilterFor(edge.useKind())));
113}
114
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]115template<typename AbstractStateType>
116void AbstractInterpreter<AbstractStateType>::verifyEdges(Node* node)
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]117{
118 DFG_NODE_DO_TO_CHILDREN(m_graph, node, verifyEdge);
119}
120
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]121template<typename AbstractStateType>
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]122bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned clobberLimit, Node* node)
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]123{
124 if (!ASSERT_DISABLED)
125 verifyEdges(node);
126
oliver@apple.com02e7a972013-07-25 04:05:04 +0000[diff] [blame]127 m_state.createValueForNode(node);
128
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]129 switch (node->op()) {
fpizlo@apple.com53aa8dc2011-11-15 21:54:38 +0000[diff] [blame]130 case JSConstant:
fpizlo@apple.com7e0f6502012-05-25 22:45:57 +0000[diff] [blame]131 case WeakJSConstant:
132 case PhantomArguments: {
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]133 forNode(node).set(m_graph, m_graph.valueOfJSConstant(node));
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]134 break;
135 }
fpizlo@apple.com5d271712012-11-16 06:19:54 +0000[diff] [blame]136
137 case Identity: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]138 forNode(node) = forNode(node->child1());
fpizlo@apple.com5d271712012-11-16 06:19:54 +0000[diff] [blame]139 break;
140 }
oliver@apple.com827d2cf2013-07-25 04:04:45 +0000[diff] [blame]141
142 case GetArgument: {
143 ASSERT(m_graph.m_form == SSA);
144 VariableAccessData* variable = node->variableAccessData();
msaboff@apple.com62aa8b72013-09-26 22:53:54 +0000[diff] [blame]145 AbstractValue& value = m_state.variables().operand(variable->local().offset());
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]146 ASSERT(value.isHeapTop());
oliver@apple.com827d2cf2013-07-25 04:04:45 +0000[diff] [blame]147 FiltrationResult result =
148 value.filter(typeFilterFor(useKindFor(variable->flushFormat())));
149 ASSERT_UNUSED(result, result == FiltrationOK);
150 forNode(node) = value;
151 break;
152 }
fpizlo@apple.com532f1e52013-09-04 06:26:04 +0000[diff] [blame]153
154 case ExtractOSREntryLocal: {
msaboff@apple.com62aa8b72013-09-26 22:53:54 +0000[diff] [blame]155 if (!(node->unlinkedLocal().isArgument())
156 && m_graph.m_lazyVars.get(node->unlinkedLocal().toLocal())) {
fpizlo@apple.com532f1e52013-09-04 06:26:04 +0000[diff] [blame]157 // This is kind of pessimistic - we could know in some cases that the
158 // DFG code at the point of the OSR had already initialized the lazy
159 // variable. But maybe this is fine, since we're inserting OSR
160 // entrypoints very early in the pipeline - so any lazy initializations
161 // ought to be hoisted out anyway.
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]162 forNode(node).makeBytecodeTop();
163 } else
164 forNode(node).makeHeapTop();
fpizlo@apple.com532f1e52013-09-04 06:26:04 +0000[diff] [blame]165 break;
166 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]167
168 case GetLocal: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]169 VariableAccessData* variableAccessData = node->variableAccessData();
fpizlo@apple.comb75911b2012-06-13 20:53:52 +0000[diff] [blame]170 if (variableAccessData->prediction() == SpecNone) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]171 m_state.setIsValid(false);
fpizlo@apple.comb75911b2012-06-13 20:53:52 +0000[diff] [blame]172 break;
173 }
msaboff@apple.com62aa8b72013-09-26 22:53:54 +0000[diff] [blame]174 AbstractValue value = m_state.variables().operand(variableAccessData->local().offset());
fpizlo@apple.com8e537cd2012-06-01 23:54:36 +0000[diff] [blame]175 if (!variableAccessData->isCaptured()) {
fpizlo@apple.com91b2c682012-05-24 06:24:36 +0000[diff] [blame]176 if (value.isClear())
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]177 node->setCanExit(true);
fpizlo@apple.com91b2c682012-05-24 06:24:36 +0000[diff] [blame]178 }
fpizlo@apple.com8e537cd2012-06-01 23:54:36 +0000[diff] [blame]179 if (value.value())
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]180 m_state.setFoundConstants(true);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]181 forNode(node) = value;
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]182 break;
183 }
184
fpizlo@apple.com9b928722012-05-24 00:18:55 +0000[diff] [blame]185 case GetLocalUnlinked: {
msaboff@apple.com62aa8b72013-09-26 22:53:54 +0000[diff] [blame]186 AbstractValue value = m_state.variables().operand(node->unlinkedLocal().offset());
fpizlo@apple.com8e537cd2012-06-01 23:54:36 +0000[diff] [blame]187 if (value.value())
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]188 m_state.setFoundConstants(true);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]189 forNode(node) = value;
fpizlo@apple.com9b928722012-05-24 00:18:55 +0000[diff] [blame]190 break;
191 }
192
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]193 case SetLocal: {
msaboff@apple.com62aa8b72013-09-26 22:53:54 +0000[diff] [blame]194 m_state.variables().operand(node->local().offset()) = forNode(node->child1());
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]195 break;
196 }
fpizlo@apple.com06f82b52013-03-06 02:27:16 +0000[diff] [blame]197
oliver@apple.com827d2cf2013-07-25 04:04:45 +0000[diff] [blame]198 case MovHint:
fpizlo@apple.com06f82b52013-03-06 02:27:16 +0000[diff] [blame]199 case MovHintAndCheck: {
200 // Don't need to do anything. A MovHint is effectively a promise that the SetLocal
201 // was dead.
202 break;
203 }
204
fpizlo@apple.com06f82b52013-03-06 02:27:16 +0000[diff] [blame]205 case ZombieHint: {
206 RELEASE_ASSERT_NOT_REACHED();
207 break;
208 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]209
210 case SetArgument:
211 // Assert that the state of arguments has been set.
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]212 ASSERT(!m_state.block()->valuesAtHead.operand(node->local()).isClear());
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]213 break;
214
215 case BitAnd:
216 case BitOr:
217 case BitXor:
218 case BitRShift:
219 case BitLShift:
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]220 case BitURShift: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]221 JSValue left = forNode(node->child1()).value();
222 JSValue right = forNode(node->child2()).value();
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]223 if (left && right && left.isInt32() && right.isInt32()) {
224 int32_t a = left.asInt32();
225 int32_t b = right.asInt32();
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]226 switch (node->op()) {
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]227 case BitAnd:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]228 setConstant(node, JSValue(a & b));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]229 break;
230 case BitOr:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]231 setConstant(node, JSValue(a | b));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]232 break;
233 case BitXor:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]234 setConstant(node, JSValue(a ^ b));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]235 break;
236 case BitRShift:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]237 setConstant(node, JSValue(a >> static_cast<uint32_t>(b)));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]238 break;
239 case BitLShift:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]240 setConstant(node, JSValue(a << static_cast<uint32_t>(b)));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]241 break;
242 case BitURShift:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]243 setConstant(node, JSValue(static_cast<uint32_t>(a) >> static_cast<uint32_t>(b)));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]244 break;
245 default:
oliver@apple.com5598c182013-01-23 22:25:07 +0000[diff] [blame]246 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.comcacd7dc2012-07-09 23:28:53 +0000[diff] [blame]247 break;
248 }
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]249 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]250 }
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]251 forNode(node).setType(SpecInt32);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]252 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]253 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]254
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]255 case UInt32ToNumber: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]256 JSValue child = forNode(node->child1()).value();
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]257 if (child && child.isNumber()) {
258 ASSERT(child.isInt32());
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]259 setConstant(node, JSValue(child.asUInt32()));
260 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]261 }
fpizlo@apple.comefacb612013-09-10 22:16:00 +0000[diff] [blame]262 if (!node->canSpeculateInt32())
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]263 forNode(node).setType(SpecDouble);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]264 else {
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]265 forNode(node).setType(SpecInt32);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]266 node->setCanExit(true);
fpizlo@apple.com91b2c682012-05-24 06:24:36 +0000[diff] [blame]267 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]268 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]269 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]270
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]271 case DoubleAsInt32: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]272 JSValue child = forNode(node->child1()).value();
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]273 if (child && child.isNumber()) {
274 double asDouble = child.asNumber();
275 int32_t asInt = JSC::toInt32(asDouble);
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]276 if (bitwise_cast<int64_t>(static_cast<double>(asInt)) == bitwise_cast<int64_t>(asDouble)) {
277 setConstant(node, JSValue(asInt));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]278 break;
279 }
280 }
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]281 node->setCanExit(true);
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]282 forNode(node).setType(SpecInt32);
fpizlo@apple.com3d223382012-04-24 19:19:35 +0000[diff] [blame]283 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]284 }
fpizlo@apple.com3d223382012-04-24 19:19:35 +0000[diff] [blame]285
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]286 case ValueToInt32: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]287 JSValue child = forNode(node->child1()).value();
commit-queue@webkit.orga4990a52013-10-03 08:43:07 +0000[diff] [blame^]288 if (child) {
289 if (child.isNumber()) {
290 if (child.isInt32())
291 setConstant(node, child);
292 else
293 setConstant(node, JSValue(JSC::toInt32(child.asDouble())));
294 break;
295 }
296 if (child.isBoolean()) {
297 setConstant(node, JSValue(child.asBoolean()));
298 break;
299 }
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]300 }
fpizlo@apple.com9c7addf2012-03-08 10:01:32 +0000[diff] [blame]301
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]302 forNode(node).setType(SpecInt32);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]303 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]304 }
oliver@apple.com500b53a2013-07-25 04:05:25 +0000[diff] [blame]305
306 case Int32ToDouble: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]307 JSValue child = forNode(node->child1()).value();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]308 if (child && child.isNumber()) {
309 setConstant(node, JSValue(JSValue::EncodeAsDouble, child.asNumber()));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]310 break;
311 }
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]312 if (isInt32Speculation(forNode(node->child1()).m_type))
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]313 forNode(node).setType(SpecDoubleReal);
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]314 else
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]315 forNode(node).setType(SpecDouble);
fpizlo@apple.com96cfc6b2012-03-25 23:50:24 +0000[diff] [blame]316 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]317 }
fpizlo@apple.coma1cc0fd2012-04-24 20:43:01 +0000[diff] [blame]318
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]319 case Int52ToDouble: {
320 JSValue child = forNode(node->child1()).value();
321 if (child && child.isNumber()) {
322 setConstant(node, child);
323 break;
324 }
325 forNode(node).setType(SpecDouble);
326 break;
327 }
328
329 case Int52ToValue: {
330 JSValue child = forNode(node->child1()).value();
331 if (child && child.isNumber()) {
332 setConstant(node, child);
333 break;
334 }
335 SpeculatedType type = forNode(node->child1()).m_type;
336 if (type & SpecInt52)
337 type = (type | SpecInt32 | SpecInt52AsDouble) & ~SpecInt52;
338 forNode(node).setType(type);
339 break;
340 }
341
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]342 case ValueAdd:
343 case ArithAdd: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]344 JSValue left = forNode(node->child1()).value();
345 JSValue right = forNode(node->child2()).value();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]346 if (left && right && left.isNumber() && right.isNumber()) {
347 setConstant(node, JSValue(left.asNumber() + right.asNumber()));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]348 break;
349 }
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]350 switch (node->binaryUseKind()) {
351 case Int32Use:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]352 forNode(node).setType(SpecInt32);
fpizlo@apple.comdc36e832013-09-11 03:24:09 +0000[diff] [blame]353 if (!bytecodeCanTruncateInteger(node->arithNodeFlags()))
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]354 node->setCanExit(true);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]355 break;
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]356 case MachineIntUse:
357 forNode(node).setType(SpecInt52);
358 if (!forNode(node->child1()).isType(SpecInt32)
359 || !forNode(node->child2()).isType(SpecInt32))
360 node->setCanExit(true);
361 break;
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]362 case NumberUse:
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]363 if (isFullRealNumberSpeculation(forNode(node->child1()).m_type)
364 && isFullRealNumberSpeculation(forNode(node->child2()).m_type))
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]365 forNode(node).setType(SpecDoubleReal);
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]366 else
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]367 forNode(node).setType(SpecDouble);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]368 break;
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]369 default:
370 RELEASE_ASSERT(node->op() == ValueAdd);
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]371 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]372 forNode(node).setType(SpecString | SpecBytecodeNumber);
fpizlo@apple.comc0d21912012-02-14 21:26:26 +0000[diff] [blame]373 break;
374 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]375 break;
376 }
fpizlo@apple.com4463e442013-03-20 20:29:37 +0000[diff] [blame]377
378 case MakeRope: {
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]379 forNode(node).set(m_graph, m_graph.m_vm.stringStructure.get());
fpizlo@apple.com4463e442013-03-20 20:29:37 +0000[diff] [blame]380 break;
381 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]382
fpizlo@apple.com0c31ace2012-02-01 23:08:54 +0000[diff] [blame]383 case ArithSub: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]384 JSValue left = forNode(node->child1()).value();
385 JSValue right = forNode(node->child2()).value();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]386 if (left && right && left.isNumber() && right.isNumber()) {
387 setConstant(node, JSValue(left.asNumber() - right.asNumber()));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]388 break;
389 }
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]390 switch (node->binaryUseKind()) {
391 case Int32Use:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]392 forNode(node).setType(SpecInt32);
fpizlo@apple.comdc36e832013-09-11 03:24:09 +0000[diff] [blame]393 if (!bytecodeCanTruncateInteger(node->arithNodeFlags()))
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]394 node->setCanExit(true);
395 break;
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]396 case MachineIntUse:
397 forNode(node).setType(SpecInt52);
398 if (!forNode(node->child1()).isType(SpecInt32)
399 || !forNode(node->child2()).isType(SpecInt32))
400 node->setCanExit(true);
401 break;
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]402 case NumberUse:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]403 forNode(node).setType(SpecDouble);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]404 break;
405 default:
406 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.com0c31ace2012-02-01 23:08:54 +0000[diff] [blame]407 break;
408 }
fpizlo@apple.com0c31ace2012-02-01 23:08:54 +0000[diff] [blame]409 break;
410 }
411
barraclough@apple.com8ff7e8c2012-02-28 00:31:28 +0000[diff] [blame]412 case ArithNegate: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]413 JSValue child = forNode(node->child1()).value();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]414 if (child && child.isNumber()) {
415 setConstant(node, JSValue(-child.asNumber()));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]416 break;
417 }
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]418 switch (node->child1().useKind()) {
419 case Int32Use:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]420 forNode(node).setType(SpecInt32);
fpizlo@apple.comdc36e832013-09-11 03:24:09 +0000[diff] [blame]421 if (!bytecodeCanTruncateInteger(node->arithNodeFlags()))
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]422 node->setCanExit(true);
423 break;
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]424 case MachineIntUse:
425 forNode(node).setType(SpecInt52);
426 if (m_state.forNode(node->child1()).couldBeType(SpecInt52))
427 node->setCanExit(true);
428 if (!bytecodeCanIgnoreNegativeZero(node->arithNodeFlags()))
429 node->setCanExit(true);
430 break;
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]431 case NumberUse:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]432 forNode(node).setType(SpecDouble);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]433 break;
434 default:
435 RELEASE_ASSERT_NOT_REACHED();
barraclough@apple.com8ff7e8c2012-02-28 00:31:28 +0000[diff] [blame]436 break;
437 }
barraclough@apple.com8ff7e8c2012-02-28 00:31:28 +0000[diff] [blame]438 break;
439 }
440
fpizlo@apple.comfa9f10c2012-05-22 17:18:21 +0000[diff] [blame]441 case ArithMul: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]442 JSValue left = forNode(node->child1()).value();
443 JSValue right = forNode(node->child2()).value();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]444 if (left && right && left.isNumber() && right.isNumber()) {
445 setConstant(node, JSValue(left.asNumber() * right.asNumber()));
fpizlo@apple.comfa9f10c2012-05-22 17:18:21 +0000[diff] [blame]446 break;
447 }
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]448 switch (node->binaryUseKind()) {
449 case Int32Use:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]450 forNode(node).setType(SpecInt32);
fpizlo@apple.comdc36e832013-09-11 03:24:09 +0000[diff] [blame]451 if (!bytecodeCanTruncateInteger(node->arithNodeFlags())
452 || !bytecodeCanIgnoreNegativeZero(node->arithNodeFlags()))
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]453 node->setCanExit(true);
454 break;
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]455 case MachineIntUse:
456 forNode(node).setType(SpecInt52);
457 node->setCanExit(true);
458 break;
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]459 case NumberUse:
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]460 if (isFullRealNumberSpeculation(forNode(node->child1()).m_type)
461 || isFullRealNumberSpeculation(forNode(node->child2()).m_type))
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]462 forNode(node).setType(SpecDoubleReal);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]463 else
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]464 forNode(node).setType(SpecDouble);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]465 break;
466 default:
467 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.comfa9f10c2012-05-22 17:18:21 +0000[diff] [blame]468 break;
469 }
fpizlo@apple.comfa9f10c2012-05-22 17:18:21 +0000[diff] [blame]470 break;
471 }
oliver@apple.com64367322013-04-26 00:41:38 +0000[diff] [blame]472
473 case ArithIMul: {
oliver@apple.com67e0f332013-07-25 03:59:00 +0000[diff] [blame]474 forNode(node).setType(SpecInt32);
oliver@apple.com64367322013-04-26 00:41:38 +0000[diff] [blame]475 break;
476 }
fpizlo@apple.comfa9f10c2012-05-22 17:18:21 +0000[diff] [blame]477
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]478 case ArithDiv:
479 case ArithMin:
fpizlo@apple.com19a172792012-03-24 20:15:57 +0000[diff] [blame]480 case ArithMax:
481 case ArithMod: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]482 JSValue left = forNode(node->child1()).value();
483 JSValue right = forNode(node->child2()).value();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]484 if (node->op() == ArithMod && right && right.isNumber() && right.asNumber() == 1) {
485 setConstant(node, JSValue(0));
oliver@apple.comf4443a72013-07-25 04:01:11 +0000[diff] [blame]486 break;
487 }
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]488 if (left && right && left.isNumber() && right.isNumber()) {
489 double a = left.asNumber();
490 double b = right.asNumber();
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]491 switch (node->op()) {
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]492 case ArithDiv:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]493 setConstant(node, JSValue(a / b));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]494 break;
495 case ArithMin:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]496 setConstant(node, JSValue(a < b ? a : (b <= a ? b : a + b)));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]497 break;
498 case ArithMax:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]499 setConstant(node, JSValue(a > b ? a : (b >= a ? b : a + b)));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]500 break;
501 case ArithMod:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]502 setConstant(node, JSValue(fmod(a, b)));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]503 break;
504 default:
oliver@apple.com5598c182013-01-23 22:25:07 +0000[diff] [blame]505 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]506 break;
507 }
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]508 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]509 }
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]510 switch (node->binaryUseKind()) {
511 case Int32Use:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]512 forNode(node).setType(SpecInt32);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]513 node->setCanExit(true);
514 break;
515 case NumberUse:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]516 forNode(node).setType(SpecDouble);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]517 break;
518 default:
519 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]520 break;
521 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]522 break;
523 }
524
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]525 case ArithAbs: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]526 JSValue child = forNode(node->child1()).value();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]527 if (child && child.isNumber()) {
528 setConstant(node, JSValue(fabs(child.asNumber())));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]529 break;
530 }
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]531 switch (node->child1().useKind()) {
532 case Int32Use:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]533 forNode(node).setType(SpecInt32);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]534 node->setCanExit(true);
535 break;
536 case NumberUse:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]537 forNode(node).setType(SpecDouble);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]538 break;
539 default:
540 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]541 break;
542 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]543 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]544 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]545
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]546 case ArithSqrt: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]547 JSValue child = forNode(node->child1()).value();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]548 if (child && child.isNumber()) {
549 setConstant(node, JSValue(sqrt(child.asNumber())));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]550 break;
551 }
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]552 forNode(node).setType(SpecDouble);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]553 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]554 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]555
556 case LogicalNot: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]557 switch (booleanResult(node, forNode(node->child1()))) {
fpizlo@apple.com367a1102012-11-10 23:33:29 +0000[diff] [blame]558 case DefinitelyTrue:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]559 setConstant(node, jsBoolean(false));
fpizlo@apple.com367a1102012-11-10 23:33:29 +0000[diff] [blame]560 break;
561 case DefinitelyFalse:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]562 setConstant(node, jsBoolean(true));
fpizlo@apple.com367a1102012-11-10 23:33:29 +0000[diff] [blame]563 break;
564 default:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]565 switch (node->child1().useKind()) {
566 case BooleanUse:
567 case Int32Use:
568 case NumberUse:
569 case UntypedUse:
570 break;
571 case ObjectOrOtherUse:
572 node->setCanExit(true);
573 break;
574 default:
575 RELEASE_ASSERT_NOT_REACHED();
576 break;
577 }
578 forNode(node).setType(SpecBoolean);
fpizlo@apple.com367a1102012-11-10 23:33:29 +0000[diff] [blame]579 break;
580 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]581 break;
582 }
fpizlo@apple.com1d216892012-04-12 00:55:44 +0000[diff] [blame]583
584 case IsUndefined:
585 case IsBoolean:
586 case IsNumber:
587 case IsString:
588 case IsObject:
589 case IsFunction: {
oliver@apple.com67e0f332013-07-25 03:59:00 +0000[diff] [blame]590 node->setCanExit(
591 node->op() == IsUndefined
592 && m_graph.masqueradesAsUndefinedWatchpointIsStillValid(node->codeOrigin));
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]593 JSValue child = forNode(node->child1()).value();
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]594 if (child) {
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]595 bool constantWasSet = true;
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]596 switch (node->op()) {
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]597 case IsUndefined:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]598 setConstant(node, jsBoolean(
oliver@apple.com67e0f332013-07-25 03:59:00 +0000[diff] [blame]599 child.isCell()
600 ? child.asCell()->structure()->masqueradesAsUndefined(m_codeBlock->globalObjectFor(node->codeOrigin))
601 : child.isUndefined()));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]602 break;
603 case IsBoolean:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]604 setConstant(node, jsBoolean(child.isBoolean()));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]605 break;
606 case IsNumber:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]607 setConstant(node, jsBoolean(child.isNumber()));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]608 break;
609 case IsString:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]610 setConstant(node, jsBoolean(isJSString(child)));
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]611 break;
oliver@apple.come722ad02013-01-09 02:37:29 +0000[diff] [blame]612 case IsObject:
613 if (child.isNull() || !child.isObject()) {
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]614 setConstant(node, jsBoolean(child.isNull()));
oliver@apple.come722ad02013-01-09 02:37:29 +0000[diff] [blame]615 break;
616 }
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]617 constantWasSet = false;
618 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]619 default:
fpizlo@apple.comcacd7dc2012-07-09 23:28:53 +0000[diff] [blame]620 constantWasSet = false;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]621 break;
622 }
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]623 if (constantWasSet)
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]624 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]625 }
oliver@apple.come722ad02013-01-09 02:37:29 +0000[diff] [blame]626
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]627 forNode(node).setType(SpecBoolean);
fpizlo@apple.com1d216892012-04-12 00:55:44 +0000[diff] [blame]628 break;
629 }
oliver@apple.come722ad02013-01-09 02:37:29 +0000[diff] [blame]630
631 case TypeOf: {
ggaren@apple.com9a9a4b52013-04-18 19:32:17 +0000[diff] [blame]632 VM* vm = m_codeBlock->vm();
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]633 JSValue child = forNode(node->child1()).value();
634 AbstractValue& abstractChild = forNode(node->child1());
oliver@apple.come722ad02013-01-09 02:37:29 +0000[diff] [blame]635 if (child) {
ggaren@apple.com9a9a4b52013-04-18 19:32:17 +0000[diff] [blame]636 JSValue typeString = jsTypeStringForValue(*vm, m_codeBlock->globalObjectFor(node->codeOrigin), child);
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]637 setConstant(node, typeString);
638 break;
639 }
640
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]641 if (isFullNumberSpeculation(abstractChild.m_type)) {
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]642 setConstant(node, vm->smallStrings.numberString());
643 break;
644 }
645
646 if (isStringSpeculation(abstractChild.m_type)) {
647 setConstant(node, vm->smallStrings.stringString());
648 break;
649 }
650
651 if (isFinalObjectSpeculation(abstractChild.m_type) || isArraySpeculation(abstractChild.m_type) || isArgumentsSpeculation(abstractChild.m_type)) {
652 setConstant(node, vm->smallStrings.objectString());
653 break;
654 }
655
656 if (isFunctionSpeculation(abstractChild.m_type)) {
657 setConstant(node, vm->smallStrings.functionString());
658 break;
659 }
660
661 if (isBooleanSpeculation(abstractChild.m_type)) {
662 setConstant(node, vm->smallStrings.booleanString());
663 break;
fpizlo@apple.comcd81b572013-02-11 21:39:35 +0000[diff] [blame]664 }
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]665
666 switch (node->child1().useKind()) {
667 case StringUse:
668 case CellUse:
fpizlo@apple.comcd81b572013-02-11 21:39:35 +0000[diff] [blame]669 node->setCanExit(true);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]670 break;
671 case UntypedUse:
672 break;
673 default:
674 RELEASE_ASSERT_NOT_REACHED();
675 break;
oliver@apple.come722ad02013-01-09 02:37:29 +0000[diff] [blame]676 }
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]677 forNode(node).set(m_graph, m_graph.m_vm.stringStructure.get());
oliver@apple.come722ad02013-01-09 02:37:29 +0000[diff] [blame]678 break;
679 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]680
681 case CompareLess:
682 case CompareLessEq:
683 case CompareGreater:
684 case CompareGreaterEq:
fpizlo@apple.comb03b1402013-02-11 22:23:08 +0000[diff] [blame]685 case CompareEq:
686 case CompareEqConstant: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]687 JSValue leftConst = forNode(node->child1()).value();
688 JSValue rightConst = forNode(node->child2()).value();
oliver@apple.combd15be82013-07-25 04:03:42 +0000[diff] [blame]689 if (leftConst && rightConst) {
690 if (leftConst.isNumber() && rightConst.isNumber()) {
691 double a = leftConst.asNumber();
692 double b = rightConst.asNumber();
693 switch (node->op()) {
694 case CompareLess:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]695 setConstant(node, jsBoolean(a < b));
oliver@apple.combd15be82013-07-25 04:03:42 +0000[diff] [blame]696 break;
697 case CompareLessEq:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]698 setConstant(node, jsBoolean(a <= b));
oliver@apple.combd15be82013-07-25 04:03:42 +0000[diff] [blame]699 break;
700 case CompareGreater:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]701 setConstant(node, jsBoolean(a > b));
oliver@apple.combd15be82013-07-25 04:03:42 +0000[diff] [blame]702 break;
703 case CompareGreaterEq:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]704 setConstant(node, jsBoolean(a >= b));
oliver@apple.combd15be82013-07-25 04:03:42 +0000[diff] [blame]705 break;
706 case CompareEq:
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]707 setConstant(node, jsBoolean(a == b));
oliver@apple.combd15be82013-07-25 04:03:42 +0000[diff] [blame]708 break;
709 default:
710 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]711 break;
712 }
713 break;
714 }
715
716 if (node->op() == CompareEq && leftConst.isString() && rightConst.isString()) {
717 const StringImpl* a = asString(leftConst)->tryGetValueImpl();
718 const StringImpl* b = asString(rightConst)->tryGetValueImpl();
719 if (a && b) {
720 setConstant(node, jsBoolean(WTF::equal(a, b)));
oliver@apple.combd15be82013-07-25 04:03:42 +0000[diff] [blame]721 break;
722 }
723 }
fpizlo@apple.comf884bb72012-11-09 01:57:14 +0000[diff] [blame]724 }
725
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]726 if (node->op() == CompareEqConstant || node->op() == CompareEq) {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]727 SpeculatedType leftType = forNode(node->child1()).m_type;
728 SpeculatedType rightType = forNode(node->child2()).m_type;
fpizlo@apple.comf884bb72012-11-09 01:57:14 +0000[diff] [blame]729 if ((isInt32Speculation(leftType) && isOtherSpeculation(rightType))
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]730 || (isOtherSpeculation(leftType) && isInt32Speculation(rightType))) {
731 setConstant(node, jsBoolean(false));
732 break;
733 }
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]734 }
735
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]736 forNode(node).setType(SpecBoolean);
fpizlo@apple.com8b7cf382012-03-31 02:21:35 +0000[diff] [blame]737
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]738 // This is overly conservative. But the only thing this prevents is store elimination,
739 // and how likely is it, really, that you'll have redundant stores across a comparison
740 // operation? Comparison operations are typically at the end of basic blocks, so
741 // unless we have global store elimination (super unlikely given how unprofitable that
742 // optimization is to begin with), you aren't going to be wanting to store eliminate
743 // across an equality op.
744 node->setCanExit(true);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]745 break;
746 }
747
fpizlo@apple.comb03b1402013-02-11 22:23:08 +0000[diff] [blame]748 case CompareStrictEq:
749 case CompareStrictEqConstant: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]750 Node* leftNode = node->child1().node();
751 Node* rightNode = node->child2().node();
752 JSValue left = forNode(leftNode).value();
753 JSValue right = forNode(rightNode).value();
oliver@apple.combd15be82013-07-25 04:03:42 +0000[diff] [blame]754 if (left && right) {
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]755 if (left.isNumber() && right.isNumber()) {
756 setConstant(node, jsBoolean(left.asNumber() == right.asNumber()));
oliver@apple.combd15be82013-07-25 04:03:42 +0000[diff] [blame]757 break;
758 }
759 if (left.isString() && right.isString()) {
760 const StringImpl* a = asString(left)->tryGetValueImpl();
761 const StringImpl* b = asString(right)->tryGetValueImpl();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]762 if (a && b) {
763 setConstant(node, jsBoolean(WTF::equal(a, b)));
oliver@apple.combd15be82013-07-25 04:03:42 +0000[diff] [blame]764 break;
765 }
766 }
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]767 }
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]768 forNode(node).setType(SpecBoolean);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]769 node->setCanExit(true); // This is overly conservative.
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]770 break;
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]771 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]772
773 case StringCharCodeAt:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]774 node->setCanExit(true);
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]775 forNode(node).setType(SpecInt32);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]776 break;
777
commit-queue@webkit.orgaa31a5e2013-04-09 06:45:16 +0000[diff] [blame]778 case StringFromCharCode:
oliver@apple.com67e0f332013-07-25 03:59:00 +0000[diff] [blame]779 forNode(node).setType(SpecString);
commit-queue@webkit.orgaa31a5e2013-04-09 06:45:16 +0000[diff] [blame]780 break;
781
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]782 case StringCharAt:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]783 node->setCanExit(true);
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]784 forNode(node).set(m_graph, m_graph.m_vm.stringStructure.get());
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]785 break;
786
787 case GetByVal: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]788 node->setCanExit(true);
789 switch (node->arrayMode().type()) {
fpizlo@apple.coma0ec0592012-10-22 23:52:15 +0000[diff] [blame]790 case Array::SelectUsingPredictions:
fpizlo@apple.com97af5762012-09-19 22:36:44 +0000[diff] [blame]791 case Array::Unprofiled:
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]792 case Array::Undecided:
oliver@apple.com5598c182013-01-23 22:25:07 +0000[diff] [blame]793 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]794 break;
795 case Array::ForceExit:
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]796 m_state.setIsValid(false);
fpizlo@apple.com6306b5652011-12-23 05:47:17 +0000[diff] [blame]797 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]798 case Array::Generic:
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]799 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]800 forNode(node).makeHeapTop();
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]801 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]802 case Array::String:
oliver@apple.com211b3be2013-07-25 04:03:39 +0000[diff] [blame]803 if (node->arrayMode().isOutOfBounds()) {
804 // If the watchpoint was still valid we could totally set this to be
805 // SpecString | SpecOther. Except that we'd have to be careful. If we
806 // tested the watchpoint state here then it could change by the time
807 // we got to the backend. So to do this right, we'd have to get the
808 // fixup phase to check the watchpoint state and then bake into the
809 // GetByVal operation the fact that we're using a watchpoint, using
810 // something like Array::SaneChain (except not quite, because that
811 // implies an in-bounds access). None of this feels like it's worth it,
oliver@apple.come6427742013-07-25 04:05:12 +0000[diff] [blame]812 // so we're going with TOP for now. The same thing applies to
813 // clobbering the world.
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]814 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]815 forNode(node).makeHeapTop();
oliver@apple.com211b3be2013-07-25 04:03:39 +0000[diff] [blame]816 } else
817 forNode(node).set(m_graph, m_graph.m_vm.stringStructure.get());
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]818 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]819 case Array::Arguments:
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]820 forNode(node).makeHeapTop();
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]821 break;
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]822 case Array::Int32:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]823 if (node->arrayMode().isOutOfBounds()) {
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]824 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]825 forNode(node).makeHeapTop();
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]826 } else
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]827 forNode(node).setType(SpecInt32);
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]828 break;
829 case Array::Double:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]830 if (node->arrayMode().isOutOfBounds()) {
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]831 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]832 forNode(node).makeHeapTop();
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]833 } else if (node->arrayMode().isSaneChain())
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]834 forNode(node).setType(SpecDouble);
fpizlo@apple.com94e84e92012-11-11 02:56:12 +0000[diff] [blame]835 else
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]836 forNode(node).setType(SpecDoubleReal);
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]837 break;
fpizlo@apple.com34d1f082012-10-28 06:13:23 +0000[diff] [blame]838 case Array::Contiguous:
839 case Array::ArrayStorage:
840 case Array::SlowPutArrayStorage:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]841 if (node->arrayMode().isOutOfBounds())
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]842 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]843 forNode(node).makeHeapTop();
fpizlo@apple.comfa34ff82012-09-05 01:27:50 +0000[diff] [blame]844 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]845 case Array::Int8Array:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]846 forNode(node).setType(SpecInt32);
oliver@apple.comaeec3d82011-12-02 01:56:53 +0000[diff] [blame]847 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]848 case Array::Int16Array:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]849 forNode(node).setType(SpecInt32);
oliver@apple.comaeec3d82011-12-02 01:56:53 +0000[diff] [blame]850 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]851 case Array::Int32Array:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]852 forNode(node).setType(SpecInt32);
oliver@apple.comaeec3d82011-12-02 01:56:53 +0000[diff] [blame]853 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]854 case Array::Uint8Array:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]855 forNode(node).setType(SpecInt32);
oliver@apple.comaeec3d82011-12-02 01:56:53 +0000[diff] [blame]856 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]857 case Array::Uint8ClampedArray:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]858 forNode(node).setType(SpecInt32);
caio.oliveira@openbossa.org992fc372012-01-18 01:11:16 +0000[diff] [blame]859 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]860 case Array::Uint16Array:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]861 forNode(node).setType(SpecInt32);
oliver@apple.comaeec3d82011-12-02 01:56:53 +0000[diff] [blame]862 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]863 case Array::Uint32Array:
fpizlo@apple.comefacb612013-09-10 22:16:00 +0000[diff] [blame]864 if (node->shouldSpeculateInt32())
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]865 forNode(node).setType(SpecInt32);
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]866 else if (enableInt52() && node->shouldSpeculateMachineInt())
867 forNode(node).setType(SpecInt52);
fpizlo@apple.com691ac792012-03-13 22:59:43 +0000[diff] [blame]868 else
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]869 forNode(node).setType(SpecDouble);
oliver@apple.comaeec3d82011-12-02 01:56:53 +0000[diff] [blame]870 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]871 case Array::Float32Array:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]872 forNode(node).setType(SpecDouble);
oliver@apple.com07d75732011-12-03 01:47:27 +0000[diff] [blame]873 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]874 case Array::Float64Array:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]875 forNode(node).setType(SpecDouble);
oliver@apple.com07d75732011-12-03 01:47:27 +0000[diff] [blame]876 break;
fpizlo@apple.com0e9910a2012-10-09 23:39:53 +0000[diff] [blame]877 default:
oliver@apple.com5598c182013-01-23 22:25:07 +0000[diff] [blame]878 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.com0e9910a2012-10-09 23:39:53 +0000[diff] [blame]879 break;
oliver@apple.com07d75732011-12-03 01:47:27 +0000[diff] [blame]880 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]881 break;
882 }
883
884 case PutByVal:
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]885 case PutByValAlias: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]886 node->setCanExit(true);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]887 switch (node->arrayMode().modeForPut().type()) {
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]888 case Array::ForceExit:
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]889 m_state.setIsValid(false);
fpizlo@apple.com6306b5652011-12-23 05:47:17 +0000[diff] [blame]890 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]891 case Array::Generic:
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]892 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]893 break;
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]894 case Array::Int32:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]895 if (node->arrayMode().isOutOfBounds())
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]896 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]897 break;
898 case Array::Double:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]899 if (node->arrayMode().isOutOfBounds())
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]900 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]901 break;
fpizlo@apple.com34d1f082012-10-28 06:13:23 +0000[diff] [blame]902 case Array::Contiguous:
903 case Array::ArrayStorage:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]904 if (node->arrayMode().isOutOfBounds())
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]905 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com34d1f082012-10-28 06:13:23 +0000[diff] [blame]906 break;
907 case Array::SlowPutArrayStorage:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]908 if (node->arrayMode().mayStoreToHole())
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]909 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]910 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]911 default:
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]912 break;
oliver@apple.com07d75732011-12-03 01:47:27 +0000[diff] [blame]913 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]914 break;
915 }
916
917 case ArrayPush:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]918 node->setCanExit(true);
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]919 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]920 forNode(node).setType(SpecBytecodeNumber);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]921 break;
922
923 case ArrayPop:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]924 node->setCanExit(true);
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]925 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]926 forNode(node).makeHeapTop();
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]927 break;
928
barraclough@apple.com077fdd42012-03-18 01:08:16 +0000[diff] [blame]929 case RegExpExec:
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]930 forNode(node).makeHeapTop();
barraclough@apple.com077fdd42012-03-18 01:08:16 +0000[diff] [blame]931 break;
msaboff@apple.com3fc51292013-04-25 18:35:04 +0000[diff] [blame]932
933 case RegExpTest:
oliver@apple.com67e0f332013-07-25 03:59:00 +0000[diff] [blame]934 forNode(node).setType(SpecBoolean);
msaboff@apple.com3fc51292013-04-25 18:35:04 +0000[diff] [blame]935 break;
barraclough@apple.com077fdd42012-03-18 01:08:16 +0000[diff] [blame]936
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]937 case Jump:
938 break;
939
940 case Branch: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]941 Node* child = node->child1().node();
942 BooleanResult result = booleanResult(node, forNode(child));
fpizlo@apple.com367a1102012-11-10 23:33:29 +0000[diff] [blame]943 if (result == DefinitelyTrue) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]944 m_state.setBranchDirection(TakeTrue);
fpizlo@apple.com367a1102012-11-10 23:33:29 +0000[diff] [blame]945 break;
946 }
947 if (result == DefinitelyFalse) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]948 m_state.setBranchDirection(TakeFalse);
fpizlo@apple.comdb7ba192012-05-24 02:28:52 +0000[diff] [blame]949 break;
950 }
951 // FIXME: The above handles the trivial cases of sparse conditional
952 // constant propagation, but we can do better:
fpizlo@apple.com367a1102012-11-10 23:33:29 +0000[diff] [blame]953 // We can specialize the source variable's value on each direction of
954 // the branch.
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]955 node->setCanExit(true); // This is overly conservative.
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]956 m_state.setBranchDirection(TakeBoth);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]957 break;
958 }
oliver@apple.com9b7647b2013-07-25 04:03:00 +0000[diff] [blame]959
960 case Switch: {
961 // Nothing to do for now.
962 // FIXME: Do sparse conditional things.
963 break;
964 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]965
966 case Return:
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]967 m_state.setIsValid(false);
fpizlo@apple.com91b2c682012-05-24 06:24:36 +0000[diff] [blame]968 break;
969
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]970 case Throw:
971 case ThrowReferenceError:
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]972 m_state.setIsValid(false);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]973 node->setCanExit(true);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]974 break;
975
976 case ToPrimitive: {
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]977 JSValue childConst = forNode(node->child1()).value();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]978 if (childConst && childConst.isNumber()) {
979 setConstant(node, childConst);
fpizlo@apple.com3187c922012-05-18 21:47:53 +0000[diff] [blame]980 break;
981 }
982
fpizlo@apple.com0e6e1542013-03-18 18:09:22 +0000[diff] [blame]983 ASSERT(node->child1().useKind() == UntypedUse);
984
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]985 AbstractValue& source = forNode(node->child1());
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]986 AbstractValue& destination = forNode(node);
987
988 // NB. The more canonical way of writing this would have been:
989 //
990 // destination = source;
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]991 // if (destination.m_type & !(SpecFullNumber | SpecString | SpecBoolean)) {
992 // destination.filter(SpecFullNumber | SpecString | SpecBoolean);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]993 // AbstractValue string;
ggaren@apple.com9a9a4b52013-04-18 19:32:17 +0000[diff] [blame]994 // string.set(vm->stringStructure);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]995 // destination.merge(string);
996 // }
997 //
998 // The reason why this would, in most other cases, have been better is that
999 // then destination would preserve any non-SpeculatedType knowledge of source.
1000 // As it stands, the code below forgets any non-SpeculatedType knowledge that
1001 // source would have had. Fortunately, though, for things like strings and
1002 // numbers and booleans, we don't care about the non-SpeculatedType knowedge:
1003 // the structure won't tell us anything we don't already know, and neither
1004 // will ArrayModes. And if the source was a meaningful constant then we
1005 // would have handled that above. Unfortunately, this does mean that
1006 // ToPrimitive will currently forget string constants. But that's not a big
1007 // deal since we don't do any optimization on those currently.
1008
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1009 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com0e6e1542013-03-18 18:09:22 +0000[diff] [blame]1010
fpizlo@apple.com62336162012-06-07 01:35:59 +0000[diff] [blame]1011 SpeculatedType type = source.m_type;
fpizlo@apple.com6921b292013-09-18 17:14:02 +0000[diff] [blame]1012 if (type & ~(SpecFullNumber | SpecString | SpecBoolean))
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1013 type = (SpecHeapTop & ~SpecCell) | SpecString;
oliver@apple.comb06642f2013-08-02 22:38:28 +0000[diff] [blame]1014
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1015 destination.setType(type);
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1016 if (destination.isClear())
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1017 m_state.setIsValid(false);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1018 break;
1019 }
fpizlo@apple.com0e6e1542013-03-18 18:09:22 +0000[diff] [blame]1020
1021 case ToString: {
1022 switch (node->child1().useKind()) {
1023 case StringObjectUse:
1024 // This also filters that the StringObject has the primordial StringObject
1025 // structure.
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1026 filter(
1027 node->child1(),
oliver@apple.com37bd9382013-07-25 04:02:17 +0000[diff] [blame]1028 m_graph.globalObjectFor(node->codeOrigin)->stringObjectStructure());
fpizlo@apple.com0e6e1542013-03-18 18:09:22 +0000[diff] [blame]1029 node->setCanExit(true); // We could be more precise but it's likely not worth it.
1030 break;
1031 case StringOrStringObjectUse:
1032 node->setCanExit(true); // We could be more precise but it's likely not worth it.
1033 break;
1034 case CellUse:
1035 case UntypedUse:
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1036 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com0e6e1542013-03-18 18:09:22 +0000[diff] [blame]1037 break;
1038 default:
1039 RELEASE_ASSERT_NOT_REACHED();
1040 break;
1041 }
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1042 forNode(node).set(m_graph, m_graph.m_vm.stringStructure.get());
fpizlo@apple.com0e6e1542013-03-18 18:09:22 +0000[diff] [blame]1043 break;
1044 }
1045
1046 case NewStringObject: {
fpizlo@apple.com10ae2d02013-08-14 02:41:47 +0000[diff] [blame]1047 ASSERT(node->structure()->classInfo() == StringObject::info());
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1048 forNode(node).set(m_graph, node->structure());
fpizlo@apple.com0e6e1542013-03-18 18:09:22 +0000[diff] [blame]1049 break;
1050 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1051
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1052 case NewArray:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1053 node->setCanExit(true);
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1054 forNode(node).set(
1055 m_graph,
1056 m_graph.globalObjectFor(node->codeOrigin)->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()));
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1057 m_state.setHaveStructures(true);
fpizlo@apple.com6c89cd32012-06-26 19:42:05 +0000[diff] [blame]1058 break;
1059
fpizlo@apple.com1c4a32c2012-09-17 20:56:39 +0000[diff] [blame]1060 case NewArrayBuffer:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1061 node->setCanExit(true);
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1062 forNode(node).set(
1063 m_graph,
1064 m_graph.globalObjectFor(node->codeOrigin)->arrayStructureForIndexingTypeDuringAllocation(node->indexingType()));
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1065 m_state.setHaveStructures(true);
fpizlo@apple.com1c4a32c2012-09-17 20:56:39 +0000[diff] [blame]1066 break;
1067
fpizlo@apple.com6c89cd32012-06-26 19:42:05 +0000[diff] [blame]1068 case NewArrayWithSize:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1069 node->setCanExit(true);
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1070 forNode(node).setType(SpecArray);
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1071 m_state.setHaveStructures(true);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1072 break;
fpizlo@apple.com372fa822013-08-21 19:43:47 +0000[diff] [blame]1073
1074 case NewTypedArray:
1075 switch (node->child1().useKind()) {
1076 case Int32Use:
1077 break;
1078 case UntypedUse:
1079 clobberWorld(node->codeOrigin, clobberLimit);
1080 break;
1081 default:
1082 RELEASE_ASSERT_NOT_REACHED();
1083 break;
1084 }
1085 forNode(node).set(
1086 m_graph,
1087 m_graph.globalObjectFor(node->codeOrigin)->typedArrayStructure(
1088 node->typedArrayType()));
1089 m_state.setHaveStructures(true);
1090 break;
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1091
1092 case NewRegexp:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1093 forNode(node).set(m_graph, m_graph.globalObjectFor(node->codeOrigin)->regExpStructure());
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1094 m_state.setHaveStructures(true);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1095 break;
1096
oliver@apple.come2fe4ce2013-07-25 03:59:41 +0000[diff] [blame]1097 case ToThis: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1098 AbstractValue& source = forNode(node->child1());
1099 AbstractValue& destination = forNode(node);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1100
fpizlo@apple.com018818d2013-09-13 23:18:19 +0000[diff] [blame]1101 if (m_graph.executableFor(node->codeOrigin)->isStrictMode())
1102 destination.makeHeapTop();
1103 else {
1104 destination = source;
1105 destination.merge(SpecObject);
1106 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1107 break;
1108 }
barraclough@apple.comcef11dc2012-05-10 18:40:29 +0000[diff] [blame]1109
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1110 case CreateThis: {
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1111 forNode(node).setType(SpecFinalObject);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1112 break;
1113 }
fpizlo@apple.comf5db15e2012-11-14 07:22:57 +0000[diff] [blame]1114
ggaren@apple.comc862eac2013-01-29 05:48:01 +0000[diff] [blame]1115 case AllocationProfileWatchpoint:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1116 node->setCanExit(true);
fpizlo@apple.comf5db15e2012-11-14 07:22:57 +0000[diff] [blame]1117 break;
barraclough@apple.comcef11dc2012-05-10 18:40:29 +0000[diff] [blame]1118
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1119 case NewObject:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1120 forNode(node).set(m_graph, node->structure());
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1121 m_state.setHaveStructures(true);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1122 break;
fpizlo@apple.com17da7f32012-02-25 23:05:38 +0000[diff] [blame]1123
1124 case CreateActivation:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1125 forNode(node).set(
1126 m_graph, m_codeBlock->globalObjectFor(node->codeOrigin)->activationStructure());
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1127 m_state.setHaveStructures(true);
fpizlo@apple.com17da7f32012-02-25 23:05:38 +0000[diff] [blame]1128 break;
oliver@apple.com83ec76b2013-09-21 00:00:30 +0000[diff] [blame]1129
fpizlo@apple.comf860f9b2012-05-22 20:02:25 +0000[diff] [blame]1130 case CreateArguments:
oliver@apple.com83ec76b2013-09-21 00:00:30 +0000[diff] [blame]1131 forNode(node).setType(SpecArguments);
fpizlo@apple.comf860f9b2012-05-22 20:02:25 +0000[diff] [blame]1132 break;
1133
fpizlo@apple.com17da7f32012-02-25 23:05:38 +0000[diff] [blame]1134 case TearOffActivation:
fpizlo@apple.com15c03c72012-05-23 02:34:13 +0000[diff] [blame]1135 case TearOffArguments:
fpizlo@apple.com17da7f32012-02-25 23:05:38 +0000[diff] [blame]1136 // Does nothing that is user-visible.
1137 break;
fpizlo@apple.com91b2c682012-05-24 06:24:36 +0000[diff] [blame]1138
1139 case CheckArgumentsNotCreated:
fpizlo@apple.com62336162012-06-07 01:35:59 +0000[diff] [blame]1140 if (isEmptySpeculation(
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1141 m_state.variables().operand(
msaboff@apple.com62aa8b72013-09-26 22:53:54 +0000[diff] [blame]1142 m_graph.argumentsRegisterFor(node->codeOrigin).offset()).m_type))
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1143 m_state.setFoundConstants(true);
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]1144 else
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1145 node->setCanExit(true);
fpizlo@apple.com91b2c682012-05-24 06:24:36 +0000[diff] [blame]1146 break;
fpizlo@apple.com17da7f32012-02-25 23:05:38 +0000[diff] [blame]1147
fpizlo@apple.com6d4456e2012-05-23 03:48:52 +0000[diff] [blame]1148 case GetMyArgumentsLength:
fpizlo@apple.com9a548f12012-05-24 05:33:09 +0000[diff] [blame]1149 // We know that this executable does not escape its arguments, so we can optimize
1150 // the arguments a bit. Note that this is not sufficient to force constant folding
1151 // of GetMyArgumentsLength, because GetMyArgumentsLength is a clobbering operation.
1152 // We perform further optimizations on this later on.
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1153 if (node->codeOrigin.inlineCallFrame) {
1154 forNode(node).set(
1155 m_graph, jsNumber(node->codeOrigin.inlineCallFrame->arguments.size() - 1));
1156 } else
1157 forNode(node).setType(SpecInt32);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1158 node->setCanExit(
fpizlo@apple.com62336162012-06-07 01:35:59 +0000[diff] [blame]1159 !isEmptySpeculation(
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1160 m_state.variables().operand(
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1161 m_graph.argumentsRegisterFor(node->codeOrigin)).m_type));
fpizlo@apple.com9a548f12012-05-24 05:33:09 +0000[diff] [blame]1162 break;
1163
1164 case GetMyArgumentsLengthSafe:
fpizlo@apple.com6d4456e2012-05-23 03:48:52 +0000[diff] [blame]1165 // This potentially clobbers all structures if the arguments object had a getter
1166 // installed on the length property.
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1167 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com6d4456e2012-05-23 03:48:52 +0000[diff] [blame]1168 // We currently make no guarantee about what this returns because it does not
1169 // speculate that the length property is actually a length.
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1170 forNode(node).makeHeapTop();
fpizlo@apple.com6d4456e2012-05-23 03:48:52 +0000[diff] [blame]1171 break;
1172
1173 case GetMyArgumentByVal:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1174 node->setCanExit(true);
fpizlo@apple.com9a548f12012-05-24 05:33:09 +0000[diff] [blame]1175 // We know that this executable does not escape its arguments, so we can optimize
1176 // the arguments a bit. Note that this ends up being further optimized by the
1177 // ArgumentsSimplificationPhase.
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1178 forNode(node).makeHeapTop();
fpizlo@apple.com9a548f12012-05-24 05:33:09 +0000[diff] [blame]1179 break;
1180
1181 case GetMyArgumentByValSafe:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1182 node->setCanExit(true);
fpizlo@apple.com6d4456e2012-05-23 03:48:52 +0000[diff] [blame]1183 // This potentially clobbers all structures if the property we're accessing has
1184 // a getter. We don't speculate against this.
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1185 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com6d4456e2012-05-23 03:48:52 +0000[diff] [blame]1186 // And the result is unknown.
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1187 forNode(node).makeHeapTop();
fpizlo@apple.com6d4456e2012-05-23 03:48:52 +0000[diff] [blame]1188 break;
1189
fpizlo@apple.com507dca12013-07-17 23:27:31 +0000[diff] [blame]1190 case NewFunction: {
1191 AbstractValue& value = forNode(node);
1192 value = forNode(node->child1());
1193
1194 if (!(value.m_type & SpecEmpty)) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1195 m_state.setFoundConstants(true);
fpizlo@apple.com507dca12013-07-17 23:27:31 +0000[diff] [blame]1196 break;
1197 }
1198
oliver@apple.com02039462013-07-25 03:59:29 +0000[diff] [blame]1199 value.setType((value.m_type & ~SpecEmpty) | SpecFunction);
fpizlo@apple.com507dca12013-07-17 23:27:31 +0000[diff] [blame]1200 break;
1201 }
1202
fpizlo@apple.com17da7f32012-02-25 23:05:38 +0000[diff] [blame]1203 case NewFunctionExpression:
1204 case NewFunctionNoCheck:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1205 forNode(node).set(
1206 m_graph, m_codeBlock->globalObjectFor(node->codeOrigin)->functionStructure());
fpizlo@apple.com17da7f32012-02-25 23:05:38 +0000[diff] [blame]1207 break;
1208
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1209 case GetCallee:
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1210 forNode(node).setType(SpecFunction);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1211 break;
fpizlo@apple.com5e2296a2013-01-07 02:24:58 +0000[diff] [blame]1212
fpizlo@apple.com5e2296a2013-01-07 02:24:58 +0000[diff] [blame]1213 case GetScope: // FIXME: We could get rid of these if we know that the JSFunction is a constant. https://bugs.webkit.org/show_bug.cgi?id=106202
fpizlo@apple.com20d46242012-11-30 21:56:24 +0000[diff] [blame]1214 case GetMyScope:
1215 case SkipTopScope:
oliver@apple.comeca9fbe2013-07-28 18:04:18 +0000[diff] [blame]1216 forNode(node).setType(SpecObjectOther);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1217 break;
ggaren@apple.comce086ca2012-09-23 22:48:19 +0000[diff] [blame]1218
fpizlo@apple.coma0bd0582012-12-04 20:25:24 +0000[diff] [blame]1219 case SkipScope: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1220 JSValue child = forNode(node->child1()).value();
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]1221 if (child) {
1222 setConstant(node, JSValue(jsCast<JSScope*>(child.asCell())->next()));
fpizlo@apple.coma0bd0582012-12-04 20:25:24 +0000[diff] [blame]1223 break;
1224 }
oliver@apple.comeca9fbe2013-07-28 18:04:18 +0000[diff] [blame]1225 forNode(node).setType(SpecObjectOther);
fpizlo@apple.coma0bd0582012-12-04 20:25:24 +0000[diff] [blame]1226 break;
1227 }
1228
oliver@apple.com58c86752013-07-25 04:02:40 +0000[diff] [blame]1229 case GetClosureRegisters:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1230 forNode(node).clear(); // The result is not a JS value.
ggaren@apple.comce086ca2012-09-23 22:48:19 +0000[diff] [blame]1231 break;
1232
oliver@apple.com58c86752013-07-25 04:02:40 +0000[diff] [blame]1233 case GetClosureVar:
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1234 forNode(node).makeHeapTop();
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1235 break;
1236
oliver@apple.com58c86752013-07-25 04:02:40 +0000[diff] [blame]1237 case PutClosureVar:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1238 clobberCapturedVars(node->codeOrigin);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1239 break;
1240
1241 case GetById:
fpizlo@apple.comdc03dc52012-01-17 00:53:40 +0000[diff] [blame]1242 case GetByIdFlush:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1243 node->setCanExit(true);
1244 if (!node->prediction()) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1245 m_state.setIsValid(false);
fpizlo@apple.com49bfe572011-10-31 23:50:57 +0000[diff] [blame]1246 break;
1247 }
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1248 if (isCellSpeculation(node->child1()->prediction())) {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1249 if (Structure* structure = forNode(node->child1()).bestProvenStructure()) {
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1250 GetByIdStatus status = GetByIdStatus::computeFor(
ggaren@apple.com9a9a4b52013-04-18 19:32:17 +0000[diff] [blame]1251 m_graph.m_vm, structure,
oliver@apple.com90fce822013-07-25 04:00:13 +0000[diff] [blame]1252 m_graph.identifiers()[node->identifierNumber()]);
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1253 if (status.isSimple()) {
1254 // Assert things that we can't handle and that the computeFor() method
1255 // above won't be able to return.
1256 ASSERT(status.structureSet().size() == 1);
oliver@apple.com98fb6bf2013-07-25 03:59:44 +0000[diff] [blame]1257 ASSERT(!status.chain());
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1258
1259 if (status.specificValue())
fpizlo@apple.com49e37d32013-09-11 21:49:47 +0000[diff] [blame]1260 setConstant(node, status.specificValue());
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1261 else
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1262 forNode(node).makeHeapTop();
oliver@apple.com37bd9382013-07-25 04:02:17 +0000[diff] [blame]1263 filter(node->child1(), status.structureSet());
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1264
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1265 m_state.setFoundConstants(true);
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1266 break;
1267 }
1268 }
1269 }
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1270 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1271 forNode(node).makeHeapTop();
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1272 break;
1273
1274 case GetArrayLength:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1275 node->setCanExit(true); // Lies, but it's true for the common case of JSArray, so it's good enough.
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1276 forNode(node).setType(SpecInt32);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1277 break;
fpizlo@apple.com5e2296a2013-01-07 02:24:58 +0000[diff] [blame]1278
1279 case CheckExecutable: {
1280 // FIXME: We could track executables in AbstractValue, which would allow us to get rid of these checks
1281 // more thoroughly. https://bugs.webkit.org/show_bug.cgi?id=106200
1282 // FIXME: We could eliminate these entirely if we know the exact value that flows into this.
1283 // https://bugs.webkit.org/show_bug.cgi?id=106201
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1284 node->setCanExit(true);
fpizlo@apple.com5e2296a2013-01-07 02:24:58 +0000[diff] [blame]1285 break;
1286 }
oliver@apple.comf4596ca2011-10-19 21:25:10 +0000[diff] [blame]1287
oliver@apple.com500b53a2013-07-25 04:05:25 +0000[diff] [blame]1288 case CheckStructure: {
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1289 // FIXME: We should be able to propagate the structure sets of constants (i.e. prototypes).
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1290 AbstractValue& value = forNode(node->child1());
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]1291 ASSERT(!(value.m_type & ~SpecCell)); // Edge filtering should have already ensured this.
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1292
1293 StructureSet& set = node->structureSet();
1294
1295 if (value.m_currentKnownStructure.isSubsetOf(set)) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1296 m_state.setFoundConstants(true);
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1297 break;
1298 }
1299
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1300 node->setCanExit(true);
oliver@apple.com0402d952013-07-25 04:05:07 +0000[diff] [blame]1301 m_state.setHaveStructures(true);
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1302
fpizlo@apple.comeb3323d2012-08-20 06:11:24 +0000[diff] [blame]1303 // If this structure check is attempting to prove knowledge already held in
1304 // the futurePossibleStructure set then the constant folding phase should
1305 // turn this into a watchpoint instead.
fpizlo@apple.com99f37622012-10-29 04:02:08 +0000[diff] [blame]1306 if (value.m_futurePossibleStructure.isSubsetOf(set)
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1307 && value.m_futurePossibleStructure.hasSingleton()) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1308 m_state.setFoundConstants(true);
oliver@apple.com37bd9382013-07-25 04:02:17 +0000[diff] [blame]1309 filter(value, value.m_futurePossibleStructure.singleton());
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1310 break;
1311 }
1312
oliver@apple.com37bd9382013-07-25 04:02:17 +0000[diff] [blame]1313 filter(value, set);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1314 break;
fpizlo@apple.com91b2c682012-05-24 06:24:36 +0000[diff] [blame]1315 }
fpizlo@apple.com04e41152012-06-15 22:14:53 +0000[diff] [blame]1316
oliver@apple.com500b53a2013-07-25 04:05:25 +0000[diff] [blame]1317 case StructureTransitionWatchpoint: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1318 AbstractValue& value = forNode(node->child1());
fpizlo@apple.comeb3323d2012-08-20 06:11:24 +0000[diff] [blame]1319
oliver@apple.com37bd9382013-07-25 04:02:17 +0000[diff] [blame]1320 filter(value, node->structure());
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1321 m_state.setHaveStructures(true);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1322 node->setCanExit(true);
fpizlo@apple.com04e41152012-06-15 22:14:53 +0000[diff] [blame]1323 break;
1324 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1325
1326 case PutStructure:
fpizlo@apple.com7e0f6502012-05-25 22:45:57 +0000[diff] [blame]1327 case PhantomPutStructure:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1328 if (!forNode(node->child1()).m_currentKnownStructure.isClear()) {
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1329 clobberStructures(clobberLimit);
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1330 forNode(node->child1()).set(m_graph, node->structureTransitionData().newStructure);
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1331 m_state.setHaveStructures(true);
fpizlo@apple.com6e0a9ed2012-09-16 02:36:22 +0000[diff] [blame]1332 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1333 break;
fpizlo@apple.comd8dd0532012-09-13 04:18:52 +0000[diff] [blame]1334 case GetButterfly:
fpizlo@apple.com1ffdcff2012-07-19 00:30:34 +0000[diff] [blame]1335 case AllocatePropertyStorage:
1336 case ReallocatePropertyStorage:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1337 forNode(node).clear(); // The result is not a JS value.
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1338 break;
fpizlo@apple.com04c19742012-08-26 22:35:26 +0000[diff] [blame]1339 case CheckArray: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1340 if (node->arrayMode().alreadyChecked(m_graph, node, forNode(node->child1()))) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1341 m_state.setFoundConstants(true);
fpizlo@apple.com04c19742012-08-26 22:35:26 +0000[diff] [blame]1342 break;
1343 }
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1344 node->setCanExit(true); // Lies, but this is followed by operations (like GetByVal) that always exit, so there is no point in us trying to be clever here.
1345 switch (node->arrayMode().type()) {
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1346 case Array::String:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1347 filter(node->child1(), SpecString);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1348 break;
fpizlo@apple.com75c91a72012-11-08 22:28:25 +0000[diff] [blame]1349 case Array::Int32:
1350 case Array::Double:
fpizlo@apple.com34d1f082012-10-28 06:13:23 +0000[diff] [blame]1351 case Array::Contiguous:
1352 case Array::ArrayStorage:
1353 case Array::SlowPutArrayStorage:
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1354 break;
fpizlo@apple.com04c19742012-08-26 22:35:26 +0000[diff] [blame]1355 case Array::Arguments:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1356 filter(node->child1(), SpecArguments);
fpizlo@apple.com04c19742012-08-26 22:35:26 +0000[diff] [blame]1357 break;
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1358 case Array::Int8Array:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1359 filter(node->child1(), SpecInt8Array);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1360 break;
1361 case Array::Int16Array:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1362 filter(node->child1(), SpecInt16Array);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1363 break;
1364 case Array::Int32Array:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1365 filter(node->child1(), SpecInt32Array);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1366 break;
1367 case Array::Uint8Array:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1368 filter(node->child1(), SpecUint8Array);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1369 break;
1370 case Array::Uint8ClampedArray:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1371 filter(node->child1(), SpecUint8ClampedArray);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1372 break;
1373 case Array::Uint16Array:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1374 filter(node->child1(), SpecUint16Array);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1375 break;
1376 case Array::Uint32Array:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1377 filter(node->child1(), SpecUint32Array);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1378 break;
1379 case Array::Float32Array:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1380 filter(node->child1(), SpecFloat32Array);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1381 break;
1382 case Array::Float64Array:
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1383 filter(node->child1(), SpecFloat64Array);
fpizlo@apple.com7aed8d82012-08-23 03:38:52 +0000[diff] [blame]1384 break;
1385 default:
oliver@apple.com5598c182013-01-23 22:25:07 +0000[diff] [blame]1386 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.comf860f9b2012-05-22 20:02:25 +0000[diff] [blame]1387 break;
1388 }
oliver@apple.com52be8f82013-07-25 04:04:33 +0000[diff] [blame]1389 filterArrayModes(node->child1(), node->arrayMode().arrayModesThatPassFiltering());
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1390 m_state.setHaveStructures(true);
fpizlo@apple.com04c19742012-08-26 22:35:26 +0000[diff] [blame]1391 break;
1392 }
fpizlo@apple.com497c7512012-09-19 01:20:52 +0000[diff] [blame]1393 case Arrayify: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1394 if (node->arrayMode().alreadyChecked(m_graph, node, forNode(node->child1()))) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1395 m_state.setFoundConstants(true);
fpizlo@apple.com372c6d52012-10-20 06:53:04 +0000[diff] [blame]1396 break;
1397 }
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1398 ASSERT(node->arrayMode().conversion() == Array::Convert
1399 || node->arrayMode().conversion() == Array::RageConvert);
1400 node->setCanExit(true);
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1401 clobberStructures(clobberLimit);
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1402 filterArrayModes(node->child1(), node->arrayMode().arrayModesThatPassFiltering());
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1403 m_state.setHaveStructures(true);
fpizlo@apple.com497c7512012-09-19 01:20:52 +0000[diff] [blame]1404 break;
1405 }
fpizlo@apple.com99f37622012-10-29 04:02:08 +0000[diff] [blame]1406 case ArrayifyToStructure: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1407 AbstractValue& value = forNode(node->child1());
1408 StructureSet set = node->structure();
fpizlo@apple.com99f37622012-10-29 04:02:08 +0000[diff] [blame]1409 if (value.m_futurePossibleStructure.isSubsetOf(set)
1410 || value.m_currentKnownStructure.isSubsetOf(set))
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1411 m_state.setFoundConstants(true);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1412 node->setCanExit(true);
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1413 clobberStructures(clobberLimit);
oliver@apple.com37bd9382013-07-25 04:02:17 +0000[diff] [blame]1414 filter(value, set);
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1415 m_state.setHaveStructures(true);
fpizlo@apple.com99f37622012-10-29 04:02:08 +0000[diff] [blame]1416 break;
1417 }
fpizlo@apple.com04c19742012-08-26 22:35:26 +0000[diff] [blame]1418 case GetIndexedPropertyStorage: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1419 forNode(node).clear();
oliver@apple.com43e511c2011-12-09 08:45:46 +0000[diff] [blame]1420 break;
1421 }
fpizlo@apple.com537a4772013-08-19 23:16:01 +0000[diff] [blame]1422
1423 case GetTypedArrayByteOffset: {
1424 forNode(node).setType(SpecInt32);
1425 break;
1426 }
1427
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]1428 case GetByOffset: {
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1429 forNode(node).makeHeapTop();
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1430 break;
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]1431 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1432
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1433 case PutByOffset: {
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1434 break;
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1435 }
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1436
fpizlo@apple.com18e7bc12012-11-12 22:52:32 +0000[diff] [blame]1437 case CheckFunction: {
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1438 JSValue value = forNode(node->child1()).value();
1439 if (value == node->function()) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1440 m_state.setFoundConstants(true);
fpizlo@apple.com18e7bc12012-11-12 22:52:32 +0000[diff] [blame]1441 ASSERT(value);
fpizlo@apple.com18e7bc12012-11-12 22:52:32 +0000[diff] [blame]1442 break;
1443 }
1444
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1445 node->setCanExit(true); // Lies! We can do better.
oliver@apple.com37bd9382013-07-25 04:02:17 +0000[diff] [blame]1446 filterByValue(node->child1(), node->function());
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1447 break;
fpizlo@apple.com18e7bc12012-11-12 22:52:32 +0000[diff] [blame]1448 }
fpizlo@apple.comb75911b2012-06-13 20:53:52 +0000[diff] [blame]1449
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1450 case PutById:
1451 case PutByIdDirect:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1452 node->setCanExit(true);
1453 if (Structure* structure = forNode(node->child1()).bestProvenStructure()) {
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1454 PutByIdStatus status = PutByIdStatus::computeFor(
ggaren@apple.com9a9a4b52013-04-18 19:32:17 +0000[diff] [blame]1455 m_graph.m_vm,
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1456 m_graph.globalObjectFor(node->codeOrigin),
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1457 structure,
oliver@apple.com90fce822013-07-25 04:00:13 +0000[diff] [blame]1458 m_graph.identifiers()[node->identifierNumber()],
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1459 node->op() == PutByIdDirect);
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1460 if (status.isSimpleReplace()) {
oliver@apple.com37bd9382013-07-25 04:02:17 +0000[diff] [blame]1461 filter(node->child1(), structure);
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1462 m_state.setFoundConstants(true);
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1463 break;
1464 }
1465 if (status.isSimpleTransition()) {
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1466 clobberStructures(clobberLimit);
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1467 forNode(node->child1()).set(m_graph, status.newStructure());
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1468 m_state.setHaveStructures(true);
1469 m_state.setFoundConstants(true);
fpizlo@apple.comc2c67632012-11-17 08:37:14 +0000[diff] [blame]1470 break;
1471 }
1472 }
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1473 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1474 break;
oliver@apple.comb3e5acb2013-07-25 04:02:53 +0000[diff] [blame]1475
1476 case In:
1477 // FIXME: We can determine when the property definitely exists based on abstract
1478 // value information.
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1479 clobberWorld(node->codeOrigin, clobberLimit);
oliver@apple.comb3e5acb2013-07-25 04:02:53 +0000[diff] [blame]1480 forNode(node).setType(SpecBoolean);
1481 break;
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1482
1483 case GetGlobalVar:
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1484 forNode(node).makeHeapTop();
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1485 break;
fpizlo@apple.comb75911b2012-06-13 20:53:52 +0000[diff] [blame]1486
1487 case GlobalVarWatchpoint:
oliver@apple.com58c86752013-07-25 04:02:40 +0000[diff] [blame]1488 case VarInjectionWatchpoint:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1489 node->setCanExit(true);
fpizlo@apple.comb75911b2012-06-13 20:53:52 +0000[diff] [blame]1490 break;
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1491
1492 case PutGlobalVar:
1493 break;
1494
1495 case CheckHasInstance:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1496 node->setCanExit(true);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1497 // Sadly, we don't propagate the fact that we've done CheckHasInstance
1498 break;
1499
1500 case InstanceOf:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1501 node->setCanExit(true);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1502 // Again, sadly, we don't propagate the fact that we've done InstanceOf
oliver@apple.comfe0cc192013-07-25 03:58:58 +0000[diff] [blame]1503 forNode(node).setType(SpecBoolean);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1504 break;
1505
1506 case Phi:
oliver@apple.com827d2cf2013-07-25 04:04:45 +0000[diff] [blame]1507 RELEASE_ASSERT(m_graph.m_form == SSA);
1508 // The state of this node would have already been decided.
1509 break;
1510
1511 case Upsilon: {
oliver@apple.com02e7a972013-07-25 04:05:04 +0000[diff] [blame]1512 m_state.createValueForNode(node->phi());
oliver@apple.com827d2cf2013-07-25 04:04:45 +0000[diff] [blame]1513 AbstractValue& value = forNode(node->child1());
1514 forNode(node) = value;
1515 forNode(node->phi()) = value;
1516 break;
1517 }
1518
fpizlo@apple.comd9ded3b2011-10-22 01:22:46 +0000[diff] [blame]1519 case Flush:
fpizlo@apple.com3fa6f5d2013-02-09 19:33:00 +0000[diff] [blame]1520 case PhantomLocal:
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1521 case Breakpoint:
1522 break;
1523
1524 case Call:
1525 case Construct:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1526 node->setCanExit(true);
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1527 clobberWorld(node->codeOrigin, clobberLimit);
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1528 forNode(node).makeHeapTop();
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1529 break;
oliver@apple.comc909f5f2012-10-18 23:37:40 +0000[diff] [blame]1530
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1531 case ForceOSRExit:
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1532 node->setCanExit(true);
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1533 m_state.setIsValid(false);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1534 break;
1535
mark.lam@apple.com10d23a12013-04-25 02:59:51 +0000[diff] [blame]1536 case CheckWatchdogTimer:
1537 node->setCanExit(true);
1538 break;
1539
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1540 case Phantom:
fpizlo@apple.com116a0892011-11-03 08:06:42 +0000[diff] [blame]1541 case InlineStart:
fpizlo@apple.com4a81fa42012-12-05 01:26:13 +0000[diff] [blame]1542 case CountExecution:
fpizlo@apple.com532f1e52013-09-04 06:26:04 +0000[diff] [blame]1543 case CheckTierUpInLoop:
1544 case CheckTierUpAtReturn:
1545 break;
1546
1547 case CheckTierUpAndOSREnter:
1548 case LoopHint:
1549 // We pretend that it can exit because it may want to get all state.
1550 node->setCanExit(true);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1551 break;
oliver@apple.com1fc04182013-08-19 19:40:13 +0000[diff] [blame]1552
1553 case Unreachable:
1554 RELEASE_ASSERT_NOT_REACHED();
1555 break;
1556
fpizlo@apple.comd7897b12012-03-12 23:15:45 +0000[diff] [blame]1557 case LastNodeType:
oliver@apple.com5598c182013-01-23 22:25:07 +0000[diff] [blame]1558 RELEASE_ASSERT_NOT_REACHED();
fpizlo@apple.comd7897b12012-03-12 23:15:45 +0000[diff] [blame]1559 break;
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1560 }
1561
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1562 return m_state.isValid();
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1563}
1564
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1565template<typename AbstractStateType>
1566bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned indexInBlock)
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]1567{
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1568 return executeEffects(indexInBlock, m_state.block()->at(indexInBlock));
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]1569}
1570
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1571template<typename AbstractStateType>
1572bool AbstractInterpreter<AbstractStateType>::execute(unsigned indexInBlock)
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]1573{
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1574 Node* node = m_state.block()->at(indexInBlock);
oliver@apple.com37bd9382013-07-25 04:02:17 +0000[diff] [blame]1575 if (!startExecuting(node))
fpizlo@apple.com7a1964c2013-02-21 22:59:02 +0000[diff] [blame]1576 return true;
1577
1578 executeEdges(node);
1579 return executeEffects(indexInBlock, node);
1580}
1581
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1582template<typename AbstractStateType>
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1583bool AbstractInterpreter<AbstractStateType>::execute(Node* node)
1584{
1585 if (!startExecuting(node))
1586 return true;
1587
1588 executeEdges(node);
1589 return executeEffects(UINT_MAX, node);
1590}
1591
1592template<typename AbstractStateType>
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1593void AbstractInterpreter<AbstractStateType>::clobberWorld(
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1594 const CodeOrigin& codeOrigin, unsigned clobberLimit)
fpizlo@apple.com75824e82012-05-30 17:02:49 +0000[diff] [blame]1595{
fpizlo@apple.comcaa68812012-08-02 04:32:30 +0000[diff] [blame]1596 clobberCapturedVars(codeOrigin);
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1597 clobberStructures(clobberLimit);
fpizlo@apple.comcaa68812012-08-02 04:32:30 +0000[diff] [blame]1598}
1599
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1600template<typename AbstractStateType>
1601void AbstractInterpreter<AbstractStateType>::clobberCapturedVars(const CodeOrigin& codeOrigin)
fpizlo@apple.comcaa68812012-08-02 04:32:30 +0000[diff] [blame]1602{
fpizlo@apple.com75824e82012-05-30 17:02:49 +0000[diff] [blame]1603 if (codeOrigin.inlineCallFrame) {
1604 const BitVector& capturedVars = codeOrigin.inlineCallFrame->capturedVars;
1605 for (size_t i = capturedVars.size(); i--;) {
1606 if (!capturedVars.quickGet(i))
1607 continue;
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1608 m_state.variables().local(i).makeHeapTop();
fpizlo@apple.com75824e82012-05-30 17:02:49 +0000[diff] [blame]1609 }
1610 } else {
ggaren@apple.com81c360e2012-09-14 02:17:01 +0000[diff] [blame]1611 for (size_t i = m_codeBlock->m_numVars; i--;) {
msaboff@apple.com62aa8b72013-09-26 22:53:54 +0000[diff] [blame]1612 if (m_codeBlock->isCaptured(virtualRegisterForLocal(i)))
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1613 m_state.variables().local(i).makeHeapTop();
ggaren@apple.com81c360e2012-09-14 02:17:01 +0000[diff] [blame]1614 }
fpizlo@apple.com75824e82012-05-30 17:02:49 +0000[diff] [blame]1615 }
ggaren@apple.com81c360e2012-09-14 02:17:01 +0000[diff] [blame]1616
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1617 for (size_t i = m_state.variables().numberOfArguments(); i--;) {
msaboff@apple.com62aa8b72013-09-26 22:53:54 +0000[diff] [blame]1618 if (m_codeBlock->isCaptured(virtualRegisterForArgument(i)))
fpizlo@apple.comff779d02013-09-10 21:55:45 +0000[diff] [blame]1619 m_state.variables().argument(i).makeHeapTop();
fpizlo@apple.com75824e82012-05-30 17:02:49 +0000[diff] [blame]1620 }
fpizlo@apple.com75824e82012-05-30 17:02:49 +0000[diff] [blame]1621}
1622
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1623template<typename AbstractStateType>
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1624void AbstractInterpreter<AbstractStateType>::clobberStructures(unsigned clobberLimit)
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1625{
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1626 if (!m_state.haveStructures())
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1627 return;
oliver@apple.come17632e2013-07-25 04:05:31 +0000[diff] [blame]1628 if (clobberLimit >= m_state.block()->size())
1629 clobberLimit = m_state.block()->size();
1630 else
1631 clobberLimit++;
1632 ASSERT(clobberLimit <= m_state.block()->size());
1633 for (size_t i = clobberLimit; i--;)
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1634 forNode(m_state.block()->at(i)).clobberStructures();
oliver@apple.com96feafa2013-07-25 04:04:57 +0000[diff] [blame]1635 if (m_graph.m_form == SSA) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1636 HashSet<Node*>::iterator iter = m_state.block()->ssa->liveAtHead.begin();
1637 HashSet<Node*>::iterator end = m_state.block()->ssa->liveAtHead.end();
oliver@apple.com96feafa2013-07-25 04:04:57 +0000[diff] [blame]1638 for (; iter != end; ++iter)
1639 forNode(*iter).clobberStructures();
1640 }
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1641 for (size_t i = m_state.variables().numberOfArguments(); i--;)
1642 m_state.variables().argument(i).clobberStructures();
1643 for (size_t i = m_state.variables().numberOfLocals(); i--;)
1644 m_state.variables().local(i).clobberStructures();
1645 m_state.setHaveStructures(true);
1646 m_state.setDidClobber(true);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1647}
1648
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1649template<typename AbstractStateType>
1650void AbstractInterpreter<AbstractStateType>::dump(PrintStream& out)
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1651{
oliver@apple.com96feafa2013-07-25 04:04:57 +0000[diff] [blame]1652 CommaPrinter comma(" ");
1653 if (m_graph.m_form == SSA) {
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1654 HashSet<Node*>::iterator iter = m_state.block()->ssa->liveAtHead.begin();
1655 HashSet<Node*>::iterator end = m_state.block()->ssa->liveAtHead.end();
oliver@apple.com96feafa2013-07-25 04:04:57 +0000[diff] [blame]1656 for (; iter != end; ++iter) {
1657 Node* node = *iter;
1658 AbstractValue& value = forNode(node);
1659 if (value.isClear())
1660 continue;
1661 out.print(comma, node, ":", value);
1662 }
1663 }
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1664 for (size_t i = 0; i < m_state.block()->size(); ++i) {
1665 Node* node = m_state.block()->at(i);
fpizlo@apple.com8ff092f2013-01-29 08:01:03 +0000[diff] [blame]1666 AbstractValue& value = forNode(node);
yuqiang.xian@intel.com861d9182012-03-01 07:39:31 +0000[diff] [blame]1667 if (value.isClear())
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1668 continue;
oliver@apple.com96feafa2013-07-25 04:04:57 +0000[diff] [blame]1669 out.print(comma, node, ":", value);
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1670 }
1671}
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1672
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1673template<typename AbstractStateType>
1674FiltrationResult AbstractInterpreter<AbstractStateType>::filter(
1675 AbstractValue& value, const StructureSet& set)
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1676{
1677 if (value.filter(m_graph, set) == FiltrationOK)
1678 return FiltrationOK;
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1679 m_state.setIsValid(false);
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1680 return Contradiction;
1681}
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1682
1683template<typename AbstractStateType>
1684FiltrationResult AbstractInterpreter<AbstractStateType>::filterArrayModes(
1685 AbstractValue& value, ArrayModes arrayModes)
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1686{
1687 if (value.filterArrayModes(arrayModes) == FiltrationOK)
1688 return FiltrationOK;
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1689 m_state.setIsValid(false);
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1690 return Contradiction;
1691}
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1692
1693template<typename AbstractStateType>
1694FiltrationResult AbstractInterpreter<AbstractStateType>::filter(
1695 AbstractValue& value, SpeculatedType type)
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1696{
1697 if (value.filter(type) == FiltrationOK)
1698 return FiltrationOK;
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1699 m_state.setIsValid(false);
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1700 return Contradiction;
1701}
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1702
1703template<typename AbstractStateType>
1704FiltrationResult AbstractInterpreter<AbstractStateType>::filterByValue(
oliver@apple.com37bd9382013-07-25 04:02:17 +0000[diff] [blame]1705 AbstractValue& abstractValue, JSValue concreteValue)
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1706{
1707 if (abstractValue.filterByValue(concreteValue) == FiltrationOK)
1708 return FiltrationOK;
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1709 m_state.setIsValid(false);
oliver@apple.com33913872013-07-25 04:02:13 +0000[diff] [blame]1710 return Contradiction;
1711}
1712
fpizlo@apple.com4ffd3952011-10-12 02:05:53 +0000[diff] [blame]1713} } // namespace JSC::DFG
1714
1715#endif // ENABLE(DFG_JIT)
1716
oliver@apple.com55d32d92013-07-25 04:05:03 +0000[diff] [blame]1717#endif // DFGAbstractInterpreterInlines_h
1718