summaryrefslogtreecommitdiffstats
path: root/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Imported QtWebKit TP3 (git b57bc6801f1876c3220d5a4bfea33d620d477443)Konstantin Tokarev2017-02-021-228/+492
| | | | | Change-Id: I3b1d8a2808782c9f34d50240000e20cb38d3680f Reviewed-by: Konstantin Tokarev <annulen@yandex.ru>
* REGRESSION: Crash when opening Facebook.comOliver Hunt2014-09-251-2/+2
| | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=119155 Reviewed by Andreas Kling. Scope nodes are always objects, so we should be using SpecObjectOther rather than SpecCellOther. Marking Scopes as CellOther leads to a contradiction in the CFA, resulting in bogus codegen. * dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::::executeEffects): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): Change-Id: Ic083c04b9351c904ea4b5ee41bcc98c7d66d757d git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153410 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Crash during exception unwindingOliver Hunt2014-07-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://webkit.org/b/119860 Reviewed by Filip Pizlo. Add an "Unreachable" NodeType, and then rearrange op_throw and op_throw_reference_error to plant Throw or ThrowReferenceError followed by a flush and then the Unreachable node. We need this so that Throw and ThrowReferenceError no longer need to be treated as terminals and the subsequent flush keeps the activation (and other registers) live. * dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::::executeEffects): * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGClobberize.h: (JSC::DFG::clobberize): * dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * dfg/DFGNode.h: (JSC::DFG::Node::isTerminal): * dfg/DFGNodeType.h: * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): * dfg/DFGSafeToExecute.h: (JSC::DFG::safeToExecute): * dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::compile): * dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): Change-Id: Idb894e780cd3ebe15515d1796c58a339ae54d55f git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154290 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Import Qt5x2 branch of QtWebkit for Qt 5.2Allan Sandfeld Jensen2013-09-191-521/+268
| | | | | | | Importing a new snapshot of webkit. Change-Id: I2d01ad12cdc8af8cb015387641120a9d7ea5f10c Reviewed-by: Allan Sandfeld Jensen <allan.jensen@digia.com>
* DFG is too aggressive with eliding overflow checks in loopsFilip Pizlo2013-03-271-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=105226 Reviewed by Mark Hahnenberg and Oliver Hunt. Source/JavaScriptCore: If we see a variable's live range cross basic block boundaries, conservatively assume that it may be part of a data-flow back-edge, and as a result, we may have entirely integer operations that could lead to the creation of an integer that is out of range of 2^52 (the significand of a double float). This does not seem to regress any of the benchmarks we care about, and it fixes the bug. In future we may want to actually look at whether or not there was a data-flow back-edge instead of being super conservative about it. But we have no evidence, yet, that this would help us on real code. * dfg/DFGNodeFlags.h: (DFG): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): LayoutTests: * fast/js/dfg-int-overflow-in-loop-expected.txt: Added. * fast/js/dfg-int-overflow-in-loop.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-int-overflow-in-loop.js: Added. (foo): Change-Id: I9df2d6d17ba404802456f4e2da313e47f0f4f62e git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137963 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* DFG is too aggressive eliding overflow checks for additions involving large ↵Filip Pizlo2013-03-261-3/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | constants https://bugs.webkit.org/show_bug.cgi?id=105239 Reviewed by Gavin Barraclough. Source/JavaScriptCore: If we elide overflow checks on an addition (or subtraction) involving a larger-than-2^32 immediate, then make sure that the non-constant child of the addition knows that he's got to do an overflow check, by flowing the UsedAsNumber property at him. * dfg/DFGGraph.h: (JSC::DFG::Graph::addSpeculationMode): (Graph): (JSC::DFG::Graph::addShouldSpeculateInteger): (JSC::DFG::Graph::addImmediateShouldSpeculateInteger): * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): LayoutTests: * fast/js/dfg-int-overflow-large-constants-in-a-line-expected.txt: Added. * fast/js/dfg-int-overflow-large-constants-in-a-line.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-int-overflow-large-constants-in-a-line.js: Added. (foo): Change-Id: If9f7c71050b6f07fc024e6e9f42083d7d3ca71f6 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137980 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* javascript integer overflowFilip Pizlo2013-03-261-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | https://bugs.webkit.org/show_bug.cgi?id=104967 Reviewed by Mark Hahnenberg. Source/JavaScriptCore: Fix PutScopedVar backward flow. * dfg/DFGPredictionPropagationPhase.cpp: (JSC::DFG::PredictionPropagationPhase::propagate): LayoutTests: * fast/js/dfg-put-scoped-var-backward-flow-expected.txt: Added. * fast/js/dfg-put-scoped-var-backward-flow.html: Added. * fast/js/jsc-test-list: * fast/js/script-tests/dfg-put-scoped-var-backward-flow.js: Added. (sum): Change-Id: I63c3091751555d3690f22e38a55408ced098adf8 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@137951 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Jocelyn Turcotte <jocelyn.turcotte@digia.com>
* Imported WebKit commit e89504fa9195b2063b2530961d4b73dd08de3242 ↵Simon Hausmann2012-11-221-49/+139
| | | | | | | (http://svn.webkit.org/repository/webkit/trunk@135485) Change-Id: I03774e5ac79721c13ffa30d152537a74d0b12e66 Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
* Imported WebKit commit e2c32e2f53e02d388e70b9db88b91d8d9d28fc84 ↵Simon Hausmann2012-11-091-47/+28
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@133952) Revert back to an older snapshot that should build on ARM
* Imported WebKit commit 7bcdfab9a40db7d16b4b95bb77d78b8a59c9e701 ↵Simon Hausmann2012-11-091-28/+47
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@134025) New snapshot with numerious build fixes, including MSVC 2012 and ARM Thumb-2.
* Imported WebKit commit 20271caf2e2c016d5cef40184cddeefeac4f1876 ↵Simon Hausmann2012-11-071-1/+2
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@133733) New snapshot that contains all previous fixes as well as build fix for latest QtMultimedia API changes.
* Imported WebKit commit 302e7806bff028bd1167a1ec7c86a1ee00ecfb49 ↵Simon Hausmann2012-10-221-8/+23
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@132067) New snapshot that fixes build without QtWidgets
* Imported WebKit commit 6339232fec7f5d9984a33388aecfd2cbc7832053 ↵Simon Hausmann2012-09-241-2/+3
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@129343) New snapshot with build fixes for latest qtbase
* Imported WebKit commit 080af0beaa6f0ba8ff8f44cb8bd8b5dcf75ac0af ↵Simon Hausmann2012-09-201-1/+2
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@129119) New snapshot with prospective build fix for incorrect QtWebKit master module header file creation
* Imported WebKit commit 37c5e5041d39a14ea0d429a77ebd352e4bd26516 ↵Simon Hausmann2012-09-141-1/+1
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@128608) New snapshot that enables WebKit2 build on Windows (still some bugs) and allows for WebKit to be built with qmake && make
* Imported WebKit commit 68645295d2e3e09af2c942f092556f06aa5f8b0d ↵Simon Hausmann2012-09-101-3/+6
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@128073) New snapshot
* Imported WebKit commit a5ae8a56a48e44ebfb9b81aaa5488affaffdb175 ↵Simon Hausmann2012-08-231-12/+0
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@126420) New snapshot with OS X 10.6 build fix
* Imported WebKit commit 356d83016b090995d08ad568f2d2c243aa55e831 ↵Simon Hausmann2012-08-211-0/+1
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@126147) New snapshot including various build fixes for newer Qt 5
* Imported WebKit commit a77350243e054f3460d1137301d8b3faee3d2052 ↵Simon Hausmann2012-08-121-59/+25
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@125365) New snapshot with build fixes for latest API changes in Qt and all WK1 Win MSVC fixes upstream
* Imported WebKit commit e65cbc5b6ac32627c797e7fc7f46eb7794410c92 ↵Simon Hausmann2012-07-231-1/+3
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@123308) New snapshot with better configure tests
* Imported WebKit commit ff52235a78888e5cb8e286a828a8698042200e67 ↵Simon Hausmann2012-07-181-3/+3
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@122948) New snapshot that should fix the rendering issues recently introduced
* Imported WebKit commit 8ff1f22783a32de82fee915abd55bd1b298f2644 ↵Simon Hausmann2012-07-111-0/+1
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@122325) New snapshot that should work with the latest Qt build system changes
* Imported WebKit commit 26cd9bd8ab0471ffe987c9b60368f63dc0f1f31b ↵Simon Hausmann2012-06-271-0/+6
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@121325) New snapshot with more Windows build fixes
* Imported WebKit commit 3a8c29f35d00659d2ce7a0ccdfa8304f14e82327 ↵Simon Hausmann2012-06-201-92/+95
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@120813) New snapshot with Windows build fixes
* Imported WebKit commit 8d6c5efc74f0222dfc7bcce8d845d4a2707ed9e6 ↵Simon Hausmann2012-05-271-1/+3
| | | | (http://svn.webkit.org/repository/webkit/trunk@118629)
* Imported WebKit commit eb5c1b8fe4d4b1b90b5137433fc58a91da0e6878 ↵Simon Hausmann2012-05-251-8/+71
| | | | (http://svn.webkit.org/repository/webkit/trunk@118516)
* Imported WebKit commit 7e538425aa020340619e927792f3d895061fb54b ↵Simon Hausmann2012-05-071-188/+286
| | | | (http://svn.webkit.org/repository/webkit/trunk@116286)
* Imported WebKit commit 3db4eb1820ac8fb03065d7ea73a4d9db1e8fea1a ↵Simon Hausmann2012-03-121-8/+44
| | | | | | (http://svn.webkit.org/repository/webkit/trunk@110422) This includes build fixes for the latest qtbase/qtdeclarative as well as the final QML2 API.
* Imported WebKit commit bb52bf3c0119e8a128cd93afe5572413a8617de9 ↵Simon Hausmann2012-02-241-0/+709
(http://svn.webkit.org/repository/webkit/trunk@108790)
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-18 08:24:04 +0000