WebKit Bugzilla
Attachment 357671 Details for
Bug 186174
: [BigInt] Add ValueMod into DFG
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-186174-20181219120835.patch (text/plain), 28.07 KB, created by
Caio Lima
on 2018-12-19 06:08:41 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Caio Lima
Created:
2018-12-19 06:08:41 PST
Size:
28.07 KB
patch
obsolete
>Subversion Revision: 239377 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 061d90bf7ea8e8524f26e5d24178db7123fed7be..b32d771412c6a170c6e80ae1e1b7a4897a37e169 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,51 @@ >+2018-12-19 Caio Lima <ticaiolima@gmail.com> >+ >+ [BigInt] Add ValueMod into DFG >+ https://bugs.webkit.org/show_bug.cgi?id=186174 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch is introducing a new DFG node called ValueMod, that is >+ responsible to handle BigInt and Untyped specialization of op_mod. >+ With the introduction of BigInt, we think that cases where we can have >+ ValueMod(Untyped, Untyped) can be common and we introduced >+ support for such kind of node. >+ >+ * dfg/DFGAbstractInterpreterInlines.h: >+ (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): >+ * dfg/DFGBackwardsPropagationPhase.cpp: >+ (JSC::DFG::BackwardsPropagationPhase::propagate): >+ * dfg/DFGByteCodeParser.cpp: >+ (JSC::DFG::ByteCodeParser::makeSafe): >+ (JSC::DFG::ByteCodeParser::parseBlock): >+ * dfg/DFGClobberize.h: >+ (JSC::DFG::clobberize): >+ * dfg/DFGDoesGC.cpp: >+ (JSC::DFG::doesGC): >+ * dfg/DFGFixupPhase.cpp: >+ (JSC::DFG::FixupPhase::fixupArithDivInt32): >+ (JSC::DFG::FixupPhase::fixupArithDiv): >+ (JSC::DFG::FixupPhase::fixupNode): >+ * dfg/DFGNodeType.h: >+ * dfg/DFGOperations.cpp: >+ * dfg/DFGOperations.h: >+ * dfg/DFGPredictionPropagationPhase.cpp: >+ * dfg/DFGSafeToExecute.h: >+ (JSC::DFG::safeToExecute): >+ * dfg/DFGSpeculativeJIT.cpp: >+ (JSC::DFG::SpeculativeJIT::compileValueMod): >+ * dfg/DFGSpeculativeJIT.h: >+ * dfg/DFGSpeculativeJIT32_64.cpp: >+ (JSC::DFG::SpeculativeJIT::compile): >+ * dfg/DFGSpeculativeJIT64.cpp: >+ (JSC::DFG::SpeculativeJIT::compile): >+ * dfg/DFGValidate.cpp: >+ * ftl/FTLCapabilities.cpp: >+ (JSC::FTL::canCompile): >+ * ftl/FTLLowerDFGToB3.cpp: >+ (JSC::FTL::DFG::LowerDFGToB3::compileNode): >+ (JSC::FTL::DFG::LowerDFGToB3::compileValueMod): >+ > 2018-12-19 Caio Lima <ticaiolima@gmail.com> > > [BigInt] We should enable CSE into arithmetic operations that speculate BigIntUse >diff --git a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h >index 4cc88f5cca129c30c49a728c911dadc4daf007cc..c5a12dfb50c1ef93081f0474c6948e5c48d4c957 100644 >--- a/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h >+++ b/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h >@@ -917,6 +917,7 @@ bool AbstractInterpreter<AbstractStateType>::executeEffects(unsigned clobberLimi > break; > } > >+ case ValueMod: > case ValueDiv: { > if (node->binaryUseKind() == BigIntUse) > setTypeForNode(node, SpecBigInt); >diff --git a/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp b/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp >index 05c86ed1eb05f129ed4d00206d31e4e1f25d6159..265f1952f53c7db2f2eed4b67601b2234dc1095b 100644 >--- a/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp >+++ b/Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp >@@ -356,6 +356,7 @@ private: > break; > } > >+ case ValueMod: > case ArithMod: { > flags |= NodeBytecodeUsesAsNumber; > flags &= ~NodeBytecodeUsesAsOther; >diff --git a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp >index d6e3843a8d8349490154e08777274f08655f650b..e955a0a01c3e9cc66afcba1214bb96429fdefd81 100644 >--- a/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp >+++ b/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp >@@ -930,7 +930,7 @@ private: > if (m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, NegativeZero)) > node->mergeFlags(NodeMayNegZeroInDFG); > >- if (!isX86() && node->op() == ArithMod) >+ if (!isX86() && (node->op() == ArithMod || node->op() == ValueMod)) > return node; > > { >@@ -991,6 +991,7 @@ private: > case ArithAdd: > case ArithSub: > case ValueAdd: >+ case ValueMod: > case ArithMod: // for ArithMod "MayOverflow" means we tried to divide by zero, or we saw double. > node->mergeFlags(NodeMayOverflowInt32InBaseline); > break; >@@ -5059,7 +5060,10 @@ void ByteCodeParser::parseBlock(unsigned limit) > auto bytecode = currentInstruction->as<OpMod>(); > Node* op1 = get(bytecode.lhs); > Node* op2 = get(bytecode.rhs); >- set(bytecode.dst, makeSafe(addToGraph(ArithMod, op1, op2))); >+ if (op1->hasNumberResult() && op2->hasNumberResult()) >+ set(bytecode.dst, makeSafe(addToGraph(ArithMod, op1, op2))); >+ else >+ set(bytecode.dst, makeSafe(addToGraph(ValueMod, op1, op2))); > NEXT_OPCODE(op_mod); > } > >diff --git a/Source/JavaScriptCore/dfg/DFGClobberize.h b/Source/JavaScriptCore/dfg/DFGClobberize.h >index 48c846bd3897d14de4e25b27d9570d82da871ae9..6105b5717db59a5c7338ac87279af8b195c16026 100644 >--- a/Source/JavaScriptCore/dfg/DFGClobberize.h >+++ b/Source/JavaScriptCore/dfg/DFGClobberize.h >@@ -673,6 +673,7 @@ void clobberize(Graph& graph, Node* node, const ReadFunctor& read, const WriteFu > case ValueSub: > case ValueMul: > case ValueDiv: >+ case ValueMod: > if (node->isBinaryUseKind(BigIntUse)) { > def(PureValue(node)); > return; >diff --git a/Source/JavaScriptCore/dfg/DFGDoesGC.cpp b/Source/JavaScriptCore/dfg/DFGDoesGC.cpp >index df74930bdbb3864ad944bc4720712fe0f3947bd5..25533b7a6133266d024b70708d7be10946218f2d 100644 >--- a/Source/JavaScriptCore/dfg/DFGDoesGC.cpp >+++ b/Source/JavaScriptCore/dfg/DFGDoesGC.cpp >@@ -105,6 +105,7 @@ bool doesGC(Graph& graph, Node* node) > case ValueMul: > case ValueNegate: > case ValueDiv: >+ case ValueMod: > case TryGetById: > case GetById: > case GetByIdFlush: >diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp >index 307632dad59da8e23250db1b4497d0341ba95292..613964558f98fe671114fc47e86c666e5c45904a 100644 >--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp >+++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp >@@ -76,38 +76,45 @@ public: > } > > private: >- void fixupArithDiv(Node* node, Edge& leftChild, Edge& rightChild) >+ >+ void fixupArithDivInt32(Node* node, Edge& leftChild, Edge& rightChild) > { >- if (m_graph.binaryArithShouldSpeculateInt32(node, FixupPass)) { >- if (optimizeForX86() || optimizeForARM64() || optimizeForARMv7IDIVSupported()) { >- fixIntOrBooleanEdge(leftChild); >- fixIntOrBooleanEdge(rightChild); >- if (bytecodeCanTruncateInteger(node->arithNodeFlags())) >- node->setArithMode(Arith::Unchecked); >- else if (bytecodeCanIgnoreNegativeZero(node->arithNodeFlags())) >- node->setArithMode(Arith::CheckOverflow); >- else >- node->setArithMode(Arith::CheckOverflowAndNegativeZero); >- return; >- } >- >- // This will cause conversion nodes to be inserted later. >- fixDoubleOrBooleanEdge(leftChild); >- fixDoubleOrBooleanEdge(rightChild); >- >- // We don't need to do ref'ing on the children because we're stealing them from >- // the original division. >- Node* newDivision = m_insertionSet.insertNode(m_indexInBlock, SpecBytecodeDouble, *node); >- newDivision->setResult(NodeResultDouble); >- >- node->setOp(DoubleAsInt32); >- node->children.initialize(Edge(newDivision, DoubleRepUse), Edge(), Edge()); >- if (bytecodeCanIgnoreNegativeZero(node->arithNodeFlags())) >+ if (optimizeForX86() || optimizeForARM64() || optimizeForARMv7IDIVSupported()) { >+ fixIntOrBooleanEdge(leftChild); >+ fixIntOrBooleanEdge(rightChild); >+ if (bytecodeCanTruncateInteger(node->arithNodeFlags())) >+ node->setArithMode(Arith::Unchecked); >+ else if (bytecodeCanIgnoreNegativeZero(node->arithNodeFlags())) > node->setArithMode(Arith::CheckOverflow); > else > node->setArithMode(Arith::CheckOverflowAndNegativeZero); > return; > } >+ >+ // This will cause conversion nodes to be inserted later. >+ fixDoubleOrBooleanEdge(leftChild); >+ fixDoubleOrBooleanEdge(rightChild); >+ >+ // We don't need to do ref'ing on the children because we're stealing them from >+ // the original division. >+ Node* newDivision = m_insertionSet.insertNode(m_indexInBlock, SpecBytecodeDouble, *node); >+ newDivision->setResult(NodeResultDouble); >+ >+ node->setOp(DoubleAsInt32); >+ node->children.initialize(Edge(newDivision, DoubleRepUse), Edge(), Edge()); >+ if (bytecodeCanIgnoreNegativeZero(node->arithNodeFlags())) >+ node->setArithMode(Arith::CheckOverflow); >+ else >+ node->setArithMode(Arith::CheckOverflowAndNegativeZero); >+ >+ } >+ >+ void fixupArithDiv(Node* node, Edge& leftChild, Edge& rightChild) >+ { >+ if (m_graph.binaryArithShouldSpeculateInt32(node, FixupPass)) { >+ fixupArithDivInt32(node, leftChild, rightChild); >+ return; >+ } > > fixDoubleOrBooleanEdge(leftChild); > fixDoubleOrBooleanEdge(rightChild); >@@ -492,6 +499,36 @@ private: > break; > } > >+ case ValueMod: { >+ Edge& leftChild = node->child1(); >+ Edge& rightChild = node->child2(); >+ >+ if (Node::shouldSpeculateBigInt(leftChild.node(), rightChild.node())) { >+ fixEdge<BigIntUse>(leftChild); >+ fixEdge<BigIntUse>(rightChild); >+ break; >+ } >+ >+ if (m_graph.binaryArithShouldSpeculateInt32(node, FixupPass)) { >+ node->setOp(ArithMod); >+ node->setResult(NodeResultNumber); >+ fixupArithDivInt32(node, leftChild, rightChild); >+ break; >+ } >+ >+ if (leftChild->shouldSpeculateNotCell() && rightChild->shouldSpeculateNotCell()) { >+ fixDoubleOrBooleanEdge(leftChild); >+ fixDoubleOrBooleanEdge(rightChild); >+ node->setOp(ArithMod); >+ node->setResult(NodeResultDouble); >+ break; >+ } >+ >+ fixEdge<UntypedUse>(leftChild); >+ fixEdge<UntypedUse>(rightChild); >+ break; >+ } >+ > case ValueDiv: { > Edge& leftChild = node->child1(); > Edge& rightChild = node->child2(); >diff --git a/Source/JavaScriptCore/dfg/DFGNodeType.h b/Source/JavaScriptCore/dfg/DFGNodeType.h >index dc2f3e16b832aac0af7f0ad63c4c8e281dcba34e..ef78f220997484fb9f7bd9cd6db4de7052e216a3 100644 >--- a/Source/JavaScriptCore/dfg/DFGNodeType.h >+++ b/Source/JavaScriptCore/dfg/DFGNodeType.h >@@ -176,6 +176,7 @@ namespace JSC { namespace DFG { > macro(ValueSub, NodeResultJS | NodeMustGenerate) \ > macro(ValueMul, NodeResultJS | NodeMustGenerate) \ > macro(ValueDiv, NodeResultJS | NodeMustGenerate) \ >+ macro(ValueMod, NodeResultJS | NodeMustGenerate) \ > \ > /* Add of values that always convers its inputs to strings. May have two or three kids. */\ > macro(StrCat, NodeResultJS | NodeMustGenerate) \ >diff --git a/Source/JavaScriptCore/dfg/DFGOperations.cpp b/Source/JavaScriptCore/dfg/DFGOperations.cpp >index 0b26c2d162c7f24cfacebc3a79516c49d732144c..e01a427368741408b352b28c5e4cc1e1ddee0cc1 100644 >--- a/Source/JavaScriptCore/dfg/DFGOperations.cpp >+++ b/Source/JavaScriptCore/dfg/DFGOperations.cpp >@@ -352,6 +352,34 @@ JSCell* JIT_OPERATION operationToObject(ExecState* exec, JSGlobalObject* globalO > RELEASE_AND_RETURN(scope, value.toObject(exec, globalObject)); > } > >+EncodedJSValue JIT_OPERATION operationValueMod(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) >+{ >+ VM* vm = &exec->vm(); >+ NativeCallFrameTracer tracer(vm, exec); >+ auto scope = DECLARE_THROW_SCOPE(*vm); >+ >+ JSValue op1 = JSValue::decode(encodedOp1); >+ JSValue op2 = JSValue::decode(encodedOp2); >+ >+ auto leftNumeric = op1.toNumeric(exec); >+ RETURN_IF_EXCEPTION(scope, encodedJSValue()); >+ auto rightNumeric = op2.toNumeric(exec); >+ RETURN_IF_EXCEPTION(scope, encodedJSValue()); >+ >+ if (WTF::holds_alternative<JSBigInt*>(leftNumeric) || WTF::holds_alternative<JSBigInt*>(rightNumeric)) { >+ if (WTF::holds_alternative<JSBigInt*>(leftNumeric) && WTF::holds_alternative<JSBigInt*>(rightNumeric)) >+ RELEASE_AND_RETURN(scope, JSValue::encode(JSBigInt::remainder(exec, WTF::get<JSBigInt*>(leftNumeric), WTF::get<JSBigInt*>(rightNumeric)))); >+ >+ return throwVMTypeError(exec, scope, "Invalid mix of BigInt and other type in remainder operation."); >+ } >+ >+ scope.release(); >+ >+ double a = WTF::get<double>(leftNumeric); >+ double b = WTF::get<double>(rightNumeric); >+ return JSValue::encode(jsNumber(jsMod(a, b))); >+} >+ > EncodedJSValue JIT_OPERATION operationValueBitNot(ExecState* exec, EncodedJSValue encodedOp1) > { > VM* vm = &exec->vm(); >@@ -1352,6 +1380,17 @@ JSCell* JIT_OPERATION operationMulBigInt(ExecState* exec, JSCell* op1, JSCell* o > return JSBigInt::multiply(exec, leftOperand, rightOperand); > } > >+JSCell* JIT_OPERATION operationModBigInt(ExecState* exec, JSCell* op1, JSCell* op2) >+{ >+ VM* vm = &exec->vm(); >+ NativeCallFrameTracer tracer(vm, exec); >+ >+ JSBigInt* leftOperand = jsCast<JSBigInt*>(op1); >+ JSBigInt* rightOperand = jsCast<JSBigInt*>(op2); >+ >+ return JSBigInt::remainder(exec, leftOperand, rightOperand); >+} >+ > JSCell* JIT_OPERATION operationDivBigInt(ExecState* exec, JSCell* op1, JSCell* op2) > { > VM* vm = &exec->vm(); >diff --git a/Source/JavaScriptCore/dfg/DFGOperations.h b/Source/JavaScriptCore/dfg/DFGOperations.h >index 38c116a54f91a615b81c15112148f25f94adb1ef..9d7cf2ad3c9a35f29238dbbff5b8b5bb615eebfa 100644 >--- a/Source/JavaScriptCore/dfg/DFGOperations.h >+++ b/Source/JavaScriptCore/dfg/DFGOperations.h >@@ -50,6 +50,7 @@ JSCell* JIT_OPERATION operationObjectCreateObject(ExecState*, JSObject*) WTF_INT > JSCell* JIT_OPERATION operationCreateThis(ExecState*, JSObject* constructor, uint32_t inlineCapacity) WTF_INTERNAL; > EncodedJSValue JIT_OPERATION operationToThis(ExecState*, EncodedJSValue encodedOp1) WTF_INTERNAL; > EncodedJSValue JIT_OPERATION operationToThisStrict(ExecState*, EncodedJSValue encodedOp1) WTF_INTERNAL; >+EncodedJSValue JIT_OPERATION operationValueMod(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL; > EncodedJSValue JIT_OPERATION operationValueBitNot(ExecState*, EncodedJSValue encodedOp1) WTF_INTERNAL; > EncodedJSValue JIT_OPERATION operationValueBitAnd(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL; > EncodedJSValue JIT_OPERATION operationValueBitOr(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL; >@@ -168,6 +169,7 @@ size_t JIT_OPERATION operationRegExpTestGeneric(ExecState*, JSGlobalObject*, Enc > size_t JIT_OPERATION operationCompareStrictEqCell(ExecState*, JSCell* op1, JSCell* op2) WTF_INTERNAL; > JSCell* JIT_OPERATION operationSubBigInt(ExecState*, JSCell* op1, JSCell* op2) WTF_INTERNAL; > JSCell* JIT_OPERATION operationMulBigInt(ExecState*, JSCell* op1, JSCell* op2) WTF_INTERNAL; >+JSCell* JIT_OPERATION operationModBigInt(ExecState*, JSCell* op1, JSCell* op2) WTF_INTERNAL; > JSCell* JIT_OPERATION operationDivBigInt(ExecState*, JSCell* op1, JSCell* op2) WTF_INTERNAL; > JSCell* JIT_OPERATION operationBitAndBigInt(ExecState*, JSCell* op1, JSCell* op2) WTF_INTERNAL; > JSCell* JIT_OPERATION operationBitOrBigInt(ExecState*, JSCell* op1, JSCell* op2) WTF_INTERNAL; >diff --git a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp >index b3c69bcf124727bfcc676b2afadab5a88c22f93a..2cd46bc1e7f50f0d503e99530bce4a351247d203 100644 >--- a/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp >+++ b/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp >@@ -356,6 +356,7 @@ private: > } > > case ValueDiv: >+ case ValueMod: > case ArithDiv: > case ArithMod: { > SpeculatedType left = node->child1()->prediction(); >@@ -368,11 +369,11 @@ private: > changed |= mergePrediction(SpecInt32Only); > else > changed |= mergePrediction(SpecBytecodeDouble); >- } else if (op == ValueDiv && isBigIntSpeculation(left) && isBigIntSpeculation(right)) >+ } else if ((op == ValueDiv || op == ValueMod) && isBigIntSpeculation(left) && isBigIntSpeculation(right)) > changed |= mergePrediction(SpecBigInt); > else { > changed |= mergePrediction(SpecInt32Only | SpecBytecodeDouble); >- if (op == ValueDiv && (node->mayHaveBigIntResult() >+ if ((op == ValueDiv || op == ValueMod) && (node->mayHaveBigIntResult() > || (left & SpecBigInt) > || (right & SpecBigInt))) > changed |= mergePrediction(SpecBigInt); >@@ -609,6 +610,7 @@ private: > case ArithMax: > case ArithMod: > case ValueDiv: >+ case ValueMod: > case ArithDiv: { > SpeculatedType left = node->child1()->prediction(); > SpeculatedType right = node->child2()->prediction(); >@@ -1124,6 +1126,7 @@ private: > case ValueSub: > case ValueMul: > case ValueDiv: >+ case ValueMod: > case ArithAdd: > case ArithSub: > case ArithNegate: >diff --git a/Source/JavaScriptCore/dfg/DFGSafeToExecute.h b/Source/JavaScriptCore/dfg/DFGSafeToExecute.h >index f106982ae39ff3bcc36cfb5aee0d716c07e94316..e748e5088ee661e97bbc0e106b1b4c22360ce885 100644 >--- a/Source/JavaScriptCore/dfg/DFGSafeToExecute.h >+++ b/Source/JavaScriptCore/dfg/DFGSafeToExecute.h >@@ -236,6 +236,7 @@ bool safeToExecute(AbstractStateType& state, Graph& graph, Node* node, bool igno > case ValueSub: > case ValueMul: > case ValueDiv: >+ case ValueMod: > case TryGetById: > case DeleteById: > case DeleteByVal: >diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >index 2164e2de53ea901088bf9fbbdaa3fa858d0e9241..655402bf9c7b28ee1666072559d59de7cc674b26 100644 >--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp >@@ -5265,6 +5265,44 @@ void SpeculativeJIT::compileArithFRound(Node* node) > doubleResult(result.fpr(), node); > } > >+void SpeculativeJIT::compileValueMod(Node* node) >+{ >+ Edge& leftChild = node->child1(); >+ Edge& rightChild = node->child2(); >+ >+ if (leftChild.useKind() == BigIntUse && rightChild.useKind() == BigIntUse) { >+ SpeculateCellOperand left(this, leftChild); >+ SpeculateCellOperand right(this, rightChild); >+ GPRReg leftGPR = left.gpr(); >+ GPRReg rightGPR = right.gpr(); >+ >+ speculateBigInt(leftChild, leftGPR); >+ speculateBigInt(rightChild, rightGPR); >+ >+ flushRegisters(); >+ GPRFlushedCallResult result(this); >+ GPRReg resultGPR = result.gpr(); >+ >+ callOperation(operationModBigInt, resultGPR, leftGPR, rightGPR); >+ >+ m_jit.exceptionCheck(); >+ cellResult(resultGPR, node); >+ return; >+ } >+ >+ DFG_ASSERT(m_jit.graph(), node, node->binaryUseKind() == UntypedUse, node->binaryUseKind()); >+ JSValueOperand op1(this, leftChild); >+ JSValueOperand op2(this, rightChild); >+ JSValueRegs op1Regs = op1.jsValueRegs(); >+ JSValueRegs op2Regs = op2.jsValueRegs(); >+ flushRegisters(); >+ JSValueRegsFlushedCallResult result(this); >+ JSValueRegs resultRegs = result.regs(); >+ callOperation(operationValueMod, resultRegs, op1Regs, op2Regs); >+ m_jit.exceptionCheck(); >+ jsValueResult(resultRegs, node); >+} >+ > void SpeculativeJIT::compileArithMod(Node* node) > { > switch (node->binaryUseKind()) { >diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h >index 48463c5f79df446456e0aaf744104fe3e02ebf63..245b19b62fce14473c7dd5e201d7bb1d2a30266c 100644 >--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h >+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h >@@ -1360,6 +1360,7 @@ public: > void compileValueDiv(Node*); > void compileArithDiv(Node*); > void compileArithFRound(Node*); >+ void compileValueMod(Node*); > void compileArithMod(Node*); > void compileArithPow(Node*); > void compileArithRounding(Node*); >diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp >index 20c053a9553ac9e0152360d767b12c4abc73fbf4..42b237aab678d84d233daa5dc4f69c937ae1295d 100644 >--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp >+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp >@@ -2081,6 +2081,11 @@ void SpeculativeJIT::compile(Node* node) > break; > } > >+ case ValueMod: { >+ compileValueMod(node); >+ break; >+ } >+ > case ArithMod: { > compileArithMod(node); > break; >diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp >index 8c3a1eeef61c5ece660460c5a13b3d0146f61d27..cf959cdffb223c65c4670180df474287f6a113a1 100644 >--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp >+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp >@@ -2223,6 +2223,11 @@ void SpeculativeJIT::compile(Node* node) > break; > } > >+ case ValueMod: { >+ compileValueMod(node); >+ break; >+ } >+ > case ArithMod: { > compileArithMod(node); > break; >diff --git a/Source/JavaScriptCore/dfg/DFGValidate.cpp b/Source/JavaScriptCore/dfg/DFGValidate.cpp >index abd1ab2f512c35677cad4f4c95fdd5fb94ec15ce..9118058240a72f3e81ff427be21cc02a945e7f58 100644 >--- a/Source/JavaScriptCore/dfg/DFGValidate.cpp >+++ b/Source/JavaScriptCore/dfg/DFGValidate.cpp >@@ -257,6 +257,7 @@ public: > case ValueSub: > case ValueMul: > case ValueDiv: >+ case ValueMod: > case ArithAdd: > case ArithSub: > case ArithMul: >diff --git a/Source/JavaScriptCore/ftl/FTLCapabilities.cpp b/Source/JavaScriptCore/ftl/FTLCapabilities.cpp >index 23c9396f4d69e04f6f0cb5f491ba04e6ccfad10a..93428a9ed6517d873c01d66a672ec7a985f5a5ef 100644 >--- a/Source/JavaScriptCore/ftl/FTLCapabilities.cpp >+++ b/Source/JavaScriptCore/ftl/FTLCapabilities.cpp >@@ -96,6 +96,7 @@ inline CapabilityLevel canCompile(Node* node) > case ValueSub: > case ValueMul: > case ValueDiv: >+ case ValueMod: > case StrCat: > case ArithAdd: > case ArithClz32: >diff --git a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >index 02d218067cffbdde1eb371d488ad8d3b83f7c4c1..c3d31bb20e0c731ac29381292f25fdb8e96c93b6 100644 >--- a/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >+++ b/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp >@@ -619,6 +619,9 @@ private: > case ArithDiv: > compileArithDiv(); > break; >+ case ValueMod: >+ compileValueMod(); >+ break; > case ArithMod: > compileArithMod(); > break; >@@ -2367,6 +2370,24 @@ private: > } > } > >+ void compileValueMod() >+ { >+ if (m_node->binaryUseKind() == BigIntUse) { >+ LValue left = lowBigInt(m_node->child1()); >+ LValue right = lowBigInt(m_node->child2()); >+ >+ LValue result = vmCall(pointerType(), m_out.operation(operationModBigInt), m_callFrame, left, right); >+ setJSValue(result); >+ return; >+ } >+ >+ DFG_ASSERT(m_graph, m_node, m_node->binaryUseKind() == UntypedUse, m_node->binaryUseKind()); >+ LValue left = lowJSValue(m_node->child1()); >+ LValue right = lowJSValue(m_node->child2()); >+ LValue result = vmCall(Int64, m_out.operation(operationValueMod), m_callFrame, left, right); >+ setJSValue(result); >+ } >+ > void compileArithMod() > { > switch (m_node->binaryUseKind()) { >diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog >index 2e9900f43aa0e0c0250801254893b1558e4be833..d3aac3bee3b7df29f82b292e5bfcecb58e44cdf2 100644 >--- a/JSTests/ChangeLog >+++ b/JSTests/ChangeLog >@@ -1,3 +1,13 @@ >+2018-12-19 Caio Lima <ticaiolima@gmail.com> >+ >+ [BigInt] Add ValueMod into DFG >+ https://bugs.webkit.org/show_bug.cgi?id=186174 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * microbenchmarks/mod-untyped.js: Added. >+ * stress/big-int-mod-osr.js: Added. >+ > 2018-12-19 Tadeu Zagallo <tzagallo@apple.com> > > String overflow in JSC::createError results in ASSERT in WTF::makeString >diff --git a/JSTests/microbenchmarks/mod-untyped.js b/JSTests/microbenchmarks/mod-untyped.js >new file mode 100644 >index 0000000000000000000000000000000000000000..800864d03d1133012e697418f5ee12d17ca5249f >--- /dev/null >+++ b/JSTests/microbenchmarks/mod-untyped.js >@@ -0,0 +1,39 @@ >+let assert = { >+ sameValue: function(i, e, m) { >+ if (i !== e) >+ throw new Error(m); >+ } >+} >+ >+function untypedMod(x, y) { >+ return x % y; >+} >+noInline(untypedMod); >+ >+let o = {valueOf: () => 10}; >+ >+for (let i = 0; i < 100000; i++) { >+ let r = untypedMod(30, o); >+ assert.sameValue(r, 0, 30 + " % {valueOf: () => 10} = " + r); >+} >+ >+o2 = {valueOf: () => 10000}; >+ >+for (let i = 0; i < 100000; i++) { >+ let r = untypedMod(o2, o); >+ assert.sameValue(r, 0, "{valueOf: () => 10000} % {valueOf: () => 10} = " + r); >+} >+ >+o = Object(10); >+let r = untypedMod(30, o); >+assert.sameValue(r, 0, 30 + " % Object(10) = " + r); >+ >+o2 = Object(3240); >+r = untypedMod(o2, o); >+assert.sameValue(r, 0, "Object(3240) % Object(10) = " + r); >+ >+for (let i = 0; i < 100000; i++) { >+ let r = untypedMod("9", "8"); >+ assert.sameValue(r, 1, "9 % 8 = " + r); >+} >+ >diff --git a/JSTests/stress/big-int-mod-osr.js b/JSTests/stress/big-int-mod-osr.js >new file mode 100644 >index 0000000000000000000000000000000000000000..8c109052c2b9c74e5a4476a0c861d570122b1008 >--- /dev/null >+++ b/JSTests/stress/big-int-mod-osr.js >@@ -0,0 +1,30 @@ >+//@ runBigIntEnabled >+ >+let assert = { >+ sameValue: function(i, e, m) { >+ if (i !== e) >+ throw new Error(m); >+ } >+} >+ >+function bigIntMod(x, y) { >+ return x % y; >+} >+noInline(bigIntMod); >+ >+for (let i = 0; i < 10000; i++) { >+ let r = bigIntMod(3n, 10n); >+ assert.sameValue(r, 3n, 3n + " % " + 10n + " = " + r); >+} >+ >+let r = bigIntMod(3, 10); >+assert.sameValue(r, 3, 3 + " % " + 10 + " = " + r); >+ >+for (let i = 0; i < 10000; i++) { >+ let r = bigIntMod(3n, 10n); >+ assert.sameValue(r, 3n, 3n + " % " + 10n + " = " + r); >+} >+ >+r = bigIntMod("3", "10"); >+assert.sameValue(r, 3, 3 + " % " + 10 + " = " + r); >+ >diff --git a/PerformanceTests/BigIntBench/big-int-simple-mod.js b/PerformanceTests/BigIntBench/big-int-simple-mod.js >new file mode 100644 >index 0000000000000000000000000000000000000000..a50dc6ff372d153523a9c873cea55d32304e1133 >--- /dev/null >+++ b/PerformanceTests/BigIntBench/big-int-simple-mod.js >@@ -0,0 +1,15 @@ >+function bigInt(a, b) { >+ let c = a % b; >+ return a + c % b; >+} >+noInline(bigInt); >+ >+for (let i = 0; i < 100000; i++) { >+ bigInt(0b1111n, 0b1010n); >+} >+ >+let out; >+for (let i = 0; i < 100000; i++) { >+ out = bigInt(0xffffffffffffffffffn, 0xaaffffffffffffffffffn); >+} >+ >diff --git a/PerformanceTests/ChangeLog b/PerformanceTests/ChangeLog >index 8bc4eefe68471163e5ede053b9be3e6b68b42958..dde8d3c38aa8230692cec91cd7b4bafbb5ddebba 100644 >--- a/PerformanceTests/ChangeLog >+++ b/PerformanceTests/ChangeLog >@@ -1,3 +1,12 @@ >+2018-12-19 Caio Lima <ticaiolima@gmail.com> >+ >+ [BigInt] Add ValueMod into DFG >+ https://bugs.webkit.org/show_bug.cgi?id=186174 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * BigIntBench/big-int-simple-mod.js: Added. >+ > 2018-12-19 Caio Lima <ticaiolima@gmail.com> > > [BigInt] We should enable CSE into arithmetic operations that speculate BigIntUse
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=357671">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186174
:
357312
|
357558
|
357559
|
357630
|
357669
|
357671
|
358259
|
358260
|
359609
|
359875
|
359877
|
359973
|
360005
|
360926
|
362254
|
364011
|
367063
|
368939
|
368952
|
369347
|
369361
|
369381
|
369390
|
369393