source: webkit/trunk/Source/JavaScriptCore/dfg/DFGWatchpointCollectionPhase.cpp

Last change on this file was 274037, checked in by Alexey Shvayka, 4 years ago

BooleanConstructor should be inlined in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=220322

Reviewed by Yusuke Suzuki.

JSTests:

Reorganize tests so the every UseKind / needsTypeCheck / invert combination is covered.

  • microbenchmarks/array-filter-boolean-constructor.js: Added.
  • stress/dfg-branch.js: Added.
  • stress/dfg-to-boolean.js: Added.
  • stress/logical-not-masquerades-as-undefined.js: Removed.
  • stress/logical-not-masquerades.js: Removed.
  • stress/logical-not.js: Removed.
  • stress/value-to-boolean.js: Removed.

Source/JavaScriptCore:

array.filter(Boolean) is a rather popular idiom for removing falsy items from an array.
Also, Boolean(X) is sometimes used for explicit type casting.

This patch introduces ToBoolean DFG node and reorganizes compileLogicalNot(node) into
compileToBoolean(node, bool invert), leveraging already existing emitConvertValueToBoolean().

This approach is better than emitting LogicalNot<KnownBooleanUse>(LogicalNot(X)) as it results
in cleaner DFG node tree and is ~7% faster w/o FTL. Also, it enables adding a op_to_boolean
bytecode that will be generated for very common !!X patterns, reducing instruction count.

Just as LogicalNot, BooleanConstructor should handle masquerader objects, because Annex B
patches ToBoolean abstract op [1], preventing us from emitting simpler code.

This change advances provided microbenchmark by 110%, and is neutral for other ToBoolean cases.

[1]: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot-to-boolean

  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::handleConstantInternalFunction):

  • dfg/DFGClobberize.h:

(JSC::DFG::clobberize):

  • dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):

  • dfg/DFGMayExit.cpp:
  • dfg/DFGNodeType.h:
  • dfg/DFGPredictionPropagationPhase.cpp:
  • dfg/DFGSafeToExecute.h:

(JSC::DFG::safeToExecute):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileToBooleanString):
(JSC::DFG::SpeculativeJIT::compileToBooleanStringOrOther):
(JSC::DFG::SpeculativeJIT::compileStringZeroLength): Deleted.
(JSC::DFG::SpeculativeJIT::compileLogicalNotStringOrOther): Deleted.

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::compileToBoolean):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): Deleted.
(JSC::DFG::SpeculativeJIT::compileLogicalNot): Deleted.

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::compileToBoolean):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot): Deleted.
(JSC::DFG::SpeculativeJIT::compileLogicalNot): Deleted.

  • dfg/DFGWatchpointCollectionPhase.cpp:

(JSC::DFG::WatchpointCollectionPhase::handle):

  • ftl/FTLCapabilities.cpp:

(JSC::FTL::canCompile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileToBoolean):
File size: 4.3 KB
Line 
1/*
2 * Copyright (C) 2013-2019 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "config.h"
27#include "DFGWatchpointCollectionPhase.h"
28
29#if ENABLE(DFG_JIT)
30
31#include "DFGGraph.h"
32#include "DFGPhase.h"
33#include "JSCJSValueInlines.h"
34
35// FIXME: Remove this phase entirely by moving the addLazily() calls into either the backend or
36// into the phase that performs the optimization. Moving the calls into the backend makes the most
37// sense when the intermediate phases don't need to know that the watchpoint was set. Moving the
38// calls earlier usually only makes sense if the node's only purpose was to convey the need for
39// the watchpoint (like VarInjectionWatchpoint). But, it can also make sense if the fact that the
40// watchpoint was set enables other optimizations.
41// https://bugs.webkit.org/show_bug.cgi?id=144669
42
43namespace JSC { namespace DFG {
44
45class WatchpointCollectionPhase : public Phase {
46 static constexpr bool verbose = false;
47
48public:
49 WatchpointCollectionPhase(Graph& graph)
50 : Phase(graph, "watchpoint collection")
51 {
52 }
53
54 bool run()
55 {
56 for (BlockIndex blockIndex = m_graph.numBlocks(); blockIndex--;) {
57 BasicBlock* block = m_graph.block(blockIndex);
58 if (!block)
59 continue;
60
61 for (unsigned nodeIndex = block->size(); nodeIndex--;) {
62 m_node = block->at(nodeIndex);
63 handle();
64 }
65 }
66
67 return true;
68 }
69
70private:
71 void handle()
72 {
73 switch (m_node->op()) {
74 case TypeOfIsUndefined:
75 handleMasqueradesAsUndefined();
76 break;
77
78 case CompareEq:
79 if (m_node->isBinaryUseKind(ObjectUse)
80 || (m_node->child1().useKind() == ObjectUse && m_node->child2().useKind() == ObjectOrOtherUse)
81 || (m_node->child1().useKind() == ObjectOrOtherUse && m_node->child2().useKind() == ObjectUse)
82 || (m_node->child1().useKind() == KnownOtherUse || m_node->child2().useKind() == KnownOtherUse))
83 handleMasqueradesAsUndefined();
84 break;
85
86 case ToBoolean:
87 case LogicalNot:
88 case Branch:
89 switch (m_node->child1().useKind()) {
90 case ObjectOrOtherUse:
91 case UntypedUse:
92 handleMasqueradesAsUndefined();
93 break;
94 default:
95 break;
96 }
97 break;
98
99 default:
100 break;
101 }
102 }
103
104 void handleMasqueradesAsUndefined()
105 {
106 if (m_graph.masqueradesAsUndefinedWatchpointIsStillValid(m_node->origin.semantic))
107 addLazily(globalObject()->masqueradesAsUndefinedWatchpoint());
108 }
109
110 void addLazily(WatchpointSet* set)
111 {
112 m_graph.watchpoints().addLazily(set);
113 }
114
115 JSGlobalObject* globalObject()
116 {
117 return m_graph.globalObjectFor(m_node->origin.semantic);
118 }
119
120 Node* m_node;
121};
122
123bool performWatchpointCollection(Graph& graph)
124{
125 return runPhase<WatchpointCollectionPhase>(graph);
126}
127
128} } // namespace JSC::DFG
129
130#endif // ENABLE(DFG_JIT)
131
Note: See TracBrowser for help on using the repository browser.