Ignore:
Timestamp:
Jan 6, 2014, 8:52:48 PM (11 years ago)
Author:
[email protected]
Message:

Make the different flavors of integer arithmetic more explicit, and don't rely on (possibly stale) results of the backwards propagator to decide integer arithmetic semantics
https://bugs.webkit.org/show_bug.cgi?id=125519

Reviewed by Geoffrey Garen.

Adds the Arith::Mode enum to arithmetic nodes, which makes it explicit what sorts of
checks and overflows the node should do. Previously this would be deduced from
backwards analysis results.

This also makes "unchecked" variants really mean that you want the int32 wrapped
result, so ArithIMul is now done in terms of ArithMul(Unchecked). That means that the
constant folder needs to compute exactly the result implied by ArithMode, instead of
just folding the double result.

  • CMakeLists.txt:
  • GNUmakefile.list.am:
  • JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
  • JavaScriptCore.xcodeproj/project.pbxproj:
  • dfg/DFGAbstractInterpreterInlines.h:

(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

  • dfg/DFGArithMode.cpp: Added.

(WTF::printInternal):

  • dfg/DFGArithMode.h: Added.

(JSC::DFG::doesOverflow):
(JSC::DFG::shouldCheckOverflow):
(JSC::DFG::shouldCheckNegativeZero):

  • dfg/DFGCSEPhase.cpp:

(JSC::DFG::CSEPhase::pureCSE):
(JSC::DFG::CSEPhase::performNodeCSE):

  • dfg/DFGConstantFoldingPhase.cpp:

(JSC::DFG::ConstantFoldingPhase::foldConstants):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::attemptToMakeIntegerAdd):

  • dfg/DFGGraph.cpp:

(JSC::DFG::Graph::dump):

  • dfg/DFGNode.h:

(JSC::DFG::Node::Node):
(JSC::DFG::Node::hasArithMode):
(JSC::DFG::Node::arithMode):
(JSC::DFG::Node::setArithMode):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
(JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
(JSC::DFG::SpeculativeJIT::compileAdd):
(JSC::DFG::SpeculativeJIT::compileArithSub):
(JSC::DFG::SpeculativeJIT::compileArithNegate):
(JSC::DFG::SpeculativeJIT::compileArithMul):
(JSC::DFG::SpeculativeJIT::compileArithDiv):
(JSC::DFG::SpeculativeJIT::compileArithMod):

  • dfg/DFGSpeculativeJIT.h:
  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToLLVM.cpp:

(JSC::FTL::LowerDFGToLLVM::compileAddSub):
(JSC::FTL::LowerDFGToLLVM::compileArithMul):
(JSC::FTL::LowerDFGToLLVM::compileArithDivMod):
(JSC::FTL::LowerDFGToLLVM::compileArithNegate):
(JSC::FTL::LowerDFGToLLVM::compileUInt32ToNumber):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp

    r161240 r161399  
    825825            LValue result = isSub ? m_out.sub(left, right) : m_out.add(left, right);
    826826
    827             if (bytecodeCanTruncateInteger(m_node->arithNodeFlags())) {
     827            if (!shouldCheckOverflow(m_node->arithMode())) {
    828828                setInt32(result);
    829829                break;
     
    879879            LValue result = m_out.mul(left, right);
    880880
    881             if (!bytecodeCanTruncateInteger(m_node->arithNodeFlags())) {
     881            if (shouldCheckOverflow(m_node->arithMode())) {
    882882                LValue overflowResult = m_out.mulWithOverflow32(left, right);
    883883                speculate(Overflow, noValue(), 0, m_out.extractValue(overflowResult, 1));
    884884            }
    885885           
    886             if (!bytecodeCanIgnoreNegativeZero(m_node->arithNodeFlags())) {
     886            if (shouldCheckNegativeZero(m_node->arithMode())) {
    887887                LBasicBlock slowCase = FTL_NEW_BLOCK(m_out, ("ArithMul slow case"));
    888888                LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("ArithMul continuation"));
     
    911911            speculate(Int52Overflow, noValue(), 0, m_out.extractValue(overflowResult, 1));
    912912
    913             if (!bytecodeCanIgnoreNegativeZero(m_node->arithNodeFlags())) {
     913            if (shouldCheckNegativeZero(m_node->arithMode())) {
    914914                LBasicBlock slowCase = FTL_NEW_BLOCK(m_out, ("ArithMul slow case"));
    915915                LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("ArithMul continuation"));
     
    961961            LValue neg2ToThe31 = m_out.constInt32(-2147483647-1);
    962962           
    963             if (bytecodeUsesAsNumber(m_node->arithNodeFlags())) {
     963            if (shouldCheckOverflow(m_node->arithMode())) {
    964964                LValue cond = m_out.bitOr(m_out.isZero32(denominator), m_out.equal(numerator, neg2ToThe31));
    965965                speculate(Overflow, noValue(), 0, cond);
     
    991991            m_out.appendTo(continuation, done);
    992992           
    993             if (!bytecodeCanIgnoreNegativeZero(m_node->arithNodeFlags())) {
     993            if (shouldCheckNegativeZero(m_node->arithMode())) {
    994994                LBasicBlock zeroNumerator = FTL_NEW_BLOCK(m_out, ("ArithDivMod zero numerator"));
    995995                LBasicBlock numeratorContinuation = FTL_NEW_BLOCK(m_out, ("ArithDivMod numerator continuation"));
     
    10111011                : m_out.rem(numerator, denominator);
    10121012           
    1013             if (bytecodeUsesAsNumber(m_node->arithNodeFlags())) {
     1013            if (shouldCheckOverflow(m_node->arithMode())) {
    10141014                speculate(
    10151015                    Overflow, noValue(), 0,
     
    11231123           
    11241124            LValue result = m_out.neg(value);
    1125             if (!bytecodeCanTruncateInteger(m_node->arithNodeFlags())) {
    1126                 if (bytecodeCanIgnoreNegativeZero(m_node->arithNodeFlags())) {
     1125            if (shouldCheckOverflow(m_node->arithMode())) {
     1126                if (!shouldCheckNegativeZero(m_node->arithMode())) {
    11271127                    // We don't have a negate-with-overflow intrinsic. Hopefully this
    11281128                    // does the trick, though.
     
    11431143                LValue value = lowWhicheverInt52(m_node->child1(), kind);
    11441144                LValue result = m_out.neg(value);
    1145                 if (!bytecodeCanIgnoreNegativeZero(m_node->arithNodeFlags()))
     1145                if (shouldCheckNegativeZero(m_node->arithMode()))
    11461146                    speculate(NegativeZero, noValue(), 0, m_out.isZero64(result));
    11471147                setInt52(result, kind);
     
    12091209        LValue value = lowInt32(m_node->child1());
    12101210
    1211         if (!nodeCanSpeculateInt32(m_node->arithNodeFlags())) {
     1211        if (doesOverflow(m_node->arithMode())) {
    12121212            setDouble(m_out.unsignedToDouble(value));
    12131213            return;
Note: See TracChangeset for help on using the changeset viewer.