Changeset 37453 in webkit for trunk/JavaScriptCore/VM/CTI.cpp

Timestamp:

Oct 9, 2008, 4:59:26 PM (17 years ago)

Author:

[email protected]

Message:

JavaScriptCore:

2008-10-09 Gavin Barraclough <​[email protected]>

Reviewed by Cameron Zwarich.

Fix for bug #21160, x=0;1/(x*-1) == -Infinity

• ChangeLog:
• VM/CTI.cpp: (JSC::CTI::emitFastArithDeTagImmediate): (JSC::CTI::emitFastArithDeTagImmediateJumpIfZero): (JSC::CTI::compileBinaryArithOp): (JSC::CTI::compileBinaryArithOpSlowCase): (JSC::CTI::privateCompileMainPass): (JSC::CTI::privateCompileSlowCases):
• VM/CTI.h:
• masm/X86Assembler.h: (JSC::X86Assembler::): (JSC::X86Assembler::emitUnlinkedJs):

LayoutTests:

2008-10-09 Gavin Barraclough <​[email protected]>

Reviewed by Cameron Zwarich.

Correct results for -0 cases.

• fast/js/math-transforms-expected.txt:

File:

• trunk/JavaScriptCore/VM/CTI.cpp (modified) (6 diffs)

trunk/JavaScriptCore/VM/CTI.cpp

@@ -415 +415 @@
 ALWAYS_INLINE void CTI::emitFastArithDeTagImmediate(X86Assembler::RegisterID reg)
 {
-    // op_mod relies on this being a sub - setting zf if result is 0.
     m_jit.subl_i8r(JSImmediate::TagBitTypeInteger, reg);
+}
+
+ALWAYS_INLINE X86Assembler::JmpSrc CTI::emitFastArithDeTagImmediateJumpIfZero(X86Assembler::RegisterID reg)
+{
+    m_jit.subl_i8r(JSImmediate::TagBitTypeInteger, reg);
+    return m_jit.emitUnlinkedJe();
 }
 
@@ -809 +814 @@
     } else {
         ASSERT(opcodeID == op_mul);
-        emitFastArithDeTagImmediate(X86::eax);
+        // convert eax & edx from JSImmediates to ints, and check if either are zero
         emitFastArithImmToInt(X86::edx);
+        X86Assembler::JmpSrc op1Zero = emitFastArithDeTagImmediateJumpIfZero(X86::eax);
+        m_jit.testl_rr(X86::edx, X86::edx);
+        X86Assembler::JmpSrc op2NonZero = m_jit.emitUnlinkedJne();
+        m_jit.link(op1Zero, m_jit.label());
+        // if either input is zero, add the two together, and check if the result is < 0.
+        // If it is, we have a problem (N < 0), (N * 0) == -0, not representatble as a JSImmediate. 
+        m_jit.movl_rr(X86::eax, X86::ecx);
+        m_jit.addl_rr(X86::edx, X86::ecx);
+        m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJs(), i));
+        // Skip the above check if neither input is zero
+        m_jit.link(op2NonZero, m_jit.label());
         m_jit.imull_rr(X86::edx, X86::eax);
         m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJo(), i));
@@ -852 +868 @@
         m_jit.link((++iter)->from, here);
     } else
+        m_jit.link((++iter)->from, here);
+
+    // additional entry point to handle -0 cases.
+    if (opcodeID == op_mul)
         m_jit.link((++iter)->from, here);
 
@@ -1140 +1160 @@
             unsigned src2 = instruction[i + 3].u.operand;
 
-            if (JSValue* src1Value = getConstantImmediateNumericArg(src1)) {
+            // For now, only plant a fast int case if the constant operand is greater than zero.
+            JSValue* src1Value = getConstantImmediateNumericArg(src1);
+            JSValue* src2Value = getConstantImmediateNumericArg(src2);
+            int32_t value;
+            if (src1Value && ((value = JSImmediate::intValue(src1Value)) > 0)) {
                 emitGetArg(src2, X86::eax);
                 emitJumpSlowCaseIfNotImmNum(X86::eax, i);
-                emitFastArithImmToInt(X86::eax);
-                m_jit.imull_i32r(X86::eax, getDeTaggedConstantImmediate(src1Value), X86::eax);
+                emitFastArithDeTagImmediate(X86::eax);
+                m_jit.imull_i32r(X86::eax, value, X86::eax);
                 m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJo(), i));
                 emitFastArithReTagImmediate(X86::eax);
                 emitPutResult(dst);
-            } else if (JSValue* src2Value = getConstantImmediateNumericArg(src2)) {
+            } else if (src2Value && ((value = JSImmediate::intValue(src2Value)) > 0)) {
                 emitGetArg(src1, X86::eax);
                 emitJumpSlowCaseIfNotImmNum(X86::eax, i);
-                emitFastArithImmToInt(X86::eax);
-                m_jit.imull_i32r(X86::eax, getDeTaggedConstantImmediate(src2Value), X86::eax);
+                emitFastArithDeTagImmediate(X86::eax);
+                m_jit.imull_i32r(X86::eax, value, X86::eax);
                 m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJo(), i));
                 emitFastArithReTagImmediate(X86::eax);
@@ -1628 +1652 @@
             emitJumpSlowCaseIfNotImmNum(X86::ecx, i);
             emitFastArithDeTagImmediate(X86::eax);
-            emitFastArithDeTagImmediate(X86::ecx);
-            m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJe(), i)); // This is checking if the last detag resulted in a value 0.
+            m_slowCases.append(SlowCaseEntry(emitFastArithDeTagImmediateJumpIfZero(X86::ecx), i));
             m_jit.cdq();
             m_jit.idivl_r(X86::ecx);
@@ -2510 +2533 @@
             int src1 = instruction[i + 2].u.operand;
             int src2 = instruction[i + 3].u.operand;
-            if (getConstantImmediateNumericArg(src1) || getConstantImmediateNumericArg(src2)) {
+            JSValue* src1Value = getConstantImmediateNumericArg(src1);
+            JSValue* src2Value = getConstantImmediateNumericArg(src2);
+            int32_t value;
+            if (src1Value && ((value = JSImmediate::intValue(src1Value)) > 0)) {
                 m_jit.link(iter->from, m_jit.label());
+                // There is an extra slow case for (op1 * -N) or (-N * op2), to check for 0 since this should produce a result of -0.
+                emitGetPutArg(src1, 0, X86::ecx);
+                emitGetPutArg(src2, 4, X86::ecx);
+                emitCall(i, Machine::cti_op_mul);
+                emitPutResult(dst);
+            } else if (src2Value && ((value = JSImmediate::intValue(src2Value)) > 0)) {
+                m_jit.link(iter->from, m_jit.label());
+                // There is an extra slow case for (op1 * -N) or (-N * op2), to check for 0 since this should produce a result of -0.
                 emitGetPutArg(src1, 0, X86::ecx);
                 emitGetPutArg(src2, 4, X86::ecx);