| Summary: | [DFG] DFG should handle ArrayConstructor call for super() | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Yusuke Suzuki <ysuzuki> | ||||||||||||||||||||||||||
| Component: | JavaScriptCore | Assignee: | Yusuke Suzuki <ysuzuki> | ||||||||||||||||||||||||||
| Status: | NEW --- | ||||||||||||||||||||||||||||
| Severity: | Normal | CC: | buildbot, ews-watchlist, keith_miller, mark.lam, msaboff, rniwa, saam | ||||||||||||||||||||||||||
| Priority: | P2 | ||||||||||||||||||||||||||||
| Version: | WebKit Nightly Build | ||||||||||||||||||||||||||||
| Hardware: | Unspecified | ||||||||||||||||||||||||||||
| OS: | Unspecified | ||||||||||||||||||||||||||||
| Bug Depends on: | 179478, 144458, 178067 | ||||||||||||||||||||||||||||
| Bug Blocks: | |||||||||||||||||||||||||||||
| Attachments: |
|
||||||||||||||||||||||||||||
Hopefully, we have internalFunctionAllocationStructure in FunctionRareData. That is super fine for the first step. Oh, lol. Bunch of issues should be fixed. Currently, CallLinkInfo::lastSeenCallee only remember JSFunction. So InternalFunction is not recorded... (In reply to Yusuke Suzuki from comment #2) > Oh, lol. Bunch of issues should be fixed. > Currently, CallLinkInfo::lastSeenCallee only remember JSFunction. So > InternalFunction is not recorded... Ah, no. lastSeenCallee itself should hold it. But CallLinkInfo::lastSeenCallee only returns JSFunction*. We should remember the new.target in op_construct's CallLinkInfo. Then, we should emit NewArray etc. with this information & watchpoint. I believe we'll need something like this as well when deriving from a builtin and converting to doing poly proto. Added bug 144458 as dependency. InternalFunction call should be tracked. Created attachment 326690 [details]
WIP
WIP
Since the default constructor of the derived class is constructor(...args) { super(...args); }, this becomes construct_varargs + rest/spread, and it is not well-handled in DFGByteCodeParser.
After arguments elimination phase, these rest/spread becomes phantom, and ConstructVarargs becomes Construct. After that, we should lower it to NewArrayWithSize.
Comment on attachment 326690 [details] WIP Attachment 326690 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/5192310 Number of test failures exceeded the failure limit. Created attachment 326693 [details]
Archive of layout-test-results from ews113 for mac-elcapitan
The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews113 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Let's do this first while this patch does not improve ARES-6/ML directly.
This is because ARES-6/ML's super constructor is like this.
class DerivedArray extends Array {
};
Then, default constructor implementation is,
constructor(...args)
{
super(...args);
}
This is not good for DFG since we cannot optimize ArrayConstructor (super) calls with varargs.
Created attachment 337079 [details]
Patch
WIP
Comment on attachment 337079 [details] Patch Attachment 337079 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/7193588 Number of test failures exceeded the failure limit. Created attachment 337080 [details]
Archive of layout-test-results from ews103 for mac-sierra
The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews103 Port: mac-sierra Platform: Mac OS X 10.12.6
This pattern happens a bunch in ARES6 ML subtest Comment on attachment 337079 [details] Patch Attachment 337079 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/7193593 Number of test failures exceeded the failure limit. Created attachment 337081 [details]
Archive of layout-test-results from ews107 for mac-sierra-wk2
The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews107 Port: mac-sierra-wk2 Platform: Mac OS X 10.12.6
Created attachment 337082 [details]
Patch
WIP
Created attachment 337089 [details]
Patch
WIP
Created attachment 337101 [details]
Patch
WIP
Created attachment 337104 [details]
Patch
WIP
Comment on attachment 337104 [details] Patch Attachment 337104 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/7196513 New failing tests: imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-fetch-error.sub.html inspector/unit-tests/resource-query-controller.html imported/w3c/web-platform-tests/fetch/api/response/response-clone.html fast/canvas/webgl/array-unit-tests.html webgl/1.0.2/conformance/typedarrays/array-unit-tests.html http/wpt/fetch/request-clone.html inspector/codemirror/prettyprinting-css.html fast/canvas/webgl/webgl2-texture-upload-enums.html imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/module/dynamic-import/dynamic-imports-script-error.html jquery/core.html imported/w3c/web-platform-tests/streams/readable-streams/tee.dedicatedworker.html http/tests/inspector/network/resource-mime-type.html Created attachment 337116 [details]
Archive of layout-test-results from ews113 for mac-sierra
The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews113 Port: mac-sierra Platform: Mac OS X 10.12.6
Comment on attachment 337104 [details] Patch Attachment 337104 [details] did not pass win-ews (win): Output: http://webkit-queues.webkit.org/results/7196917 New failing tests: http/tests/preload/onload_event.html Created attachment 337121 [details]
Archive of layout-test-results from ews206 for win-future
The attached test failures were seen while running run-webkit-tests on the win-ews.
Bot: ews206 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Created attachment 337158 [details]
Patch
WIP
|
We have a class like, class Matrix4x4 extends Array { constructor() { super(4); .... } } In that case, we cannot inline super(4)'s ArrayConstructor call right now.