Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (194340 => 194341)
--- trunk/Source/_javascript_Core/ChangeLog 2015-12-21 20:40:04 UTC (rev 194340)
+++ trunk/Source/_javascript_Core/ChangeLog 2015-12-21 20:54:51 UTC (rev 194341)
@@ -1,3 +1,67 @@
+2015-12-21 Filip Pizlo <fpi...@apple.com>
+
+ FTL B3 should do doubleToInt32
+ https://bugs.webkit.org/show_bug.cgi?id=152484
+
+ Reviewed by Saam Barati.
+
+ We used to have a DToI32 opcode in B3 that we never implemented. This removes that opcode,
+ since double-to-int conversion has dramatically different semantics on different
+ architectures. We let FTL get the conversion instruction it wants by using a patchpoint.
+
+ * b3/B3Opcode.cpp:
+ (WTF::printInternal):
+ * b3/B3Opcode.h:
+ * b3/B3Validate.cpp:
+ * b3/B3Value.cpp:
+ (JSC::B3::Value::effects):
+ (JSC::B3::Value::key):
+ (JSC::B3::Value::typeFor):
+ * b3/B3ValueKey.cpp:
+ (JSC::B3::ValueKey::materialize):
+ * ftl/FTLB3Output.cpp:
+ (JSC::FTL::Output::Output):
+ (JSC::FTL::Output::appendTo):
+ (JSC::FTL::Output::lockedStackSlot):
+ (JSC::FTL::Output::load):
+ (JSC::FTL::Output::doublePowi):
+ (JSC::FTL::Output::hasSensibleDoubleToInt):
+ (JSC::FTL::Output::doubleToInt):
+ (JSC::FTL::Output::doubleToUInt):
+ (JSC::FTL::Output::load8SignExt32):
+ (JSC::FTL::Output::load8ZeroExt32):
+ (JSC::FTL::Output::load16SignExt32):
+ (JSC::FTL::Output::load16ZeroExt32):
+ (JSC::FTL::Output::store):
+ (JSC::FTL::Output::store32As8):
+ (JSC::FTL::Output::store32As16):
+ (JSC::FTL::Output::branch):
+ * ftl/FTLB3Output.h:
+ (JSC::FTL::Output::doubleLog):
+ (JSC::FTL::Output::signExt32To64):
+ (JSC::FTL::Output::zeroExt):
+ (JSC::FTL::Output::zeroExtPtr):
+ (JSC::FTL::Output::intToDouble):
+ (JSC::FTL::Output::unsignedToDouble):
+ (JSC::FTL::Output::castToInt32):
+ (JSC::FTL::Output::hasSensibleDoubleToInt): Deleted.
+ (JSC::FTL::Output::sensibleDoubleToInt): Deleted.
+ (JSC::FTL::Output::fpToInt32): Deleted.
+ (JSC::FTL::Output::fpToUInt32): Deleted.
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::DFG::LowerDFGToLLVM::compileArithPow):
+ (JSC::FTL::DFG::LowerDFGToLLVM::compilePutByVal):
+ (JSC::FTL::DFG::LowerDFGToLLVM::compileSwitch):
+ (JSC::FTL::DFG::LowerDFGToLLVM::doubleToInt32):
+ (JSC::FTL::DFG::LowerDFGToLLVM::sensibleDoubleToInt32):
+ (JSC::FTL::DFG::LowerDFGToLLVM::convertDoubleToInt32):
+ * ftl/FTLOutput.h:
+ (JSC::FTL::Output::hasSensibleDoubleToInt):
+ (JSC::FTL::Output::doubleToInt):
+ (JSC::FTL::Output::doubleToUInt):
+ (JSC::FTL::Output::signExt32To64):
+ (JSC::FTL::Output::zeroExt):
+
2015-12-21 Skachkov Oleksandr <gskach...@gmail.com>
Unexpected exception assigning to this._property inside arrow function
Modified: trunk/Source/_javascript_Core/b3/B3Opcode.cpp (194340 => 194341)
--- trunk/Source/_javascript_Core/b3/B3Opcode.cpp 2015-12-21 20:40:04 UTC (rev 194340)
+++ trunk/Source/_javascript_Core/b3/B3Opcode.cpp 2015-12-21 20:54:51 UTC (rev 194341)
@@ -176,9 +176,6 @@
case IToD:
out.print("IToD");
return;
- case DToI32:
- out.print("DToI32");
- return;
case FloatToDouble:
out.print("FloatToDouble");
return;
Modified: trunk/Source/_javascript_Core/b3/B3Opcode.h (194340 => 194341)
--- trunk/Source/_javascript_Core/b3/B3Opcode.h 2015-12-21 20:40:04 UTC (rev 194340)
+++ trunk/Source/_javascript_Core/b3/B3Opcode.h 2015-12-21 20:54:51 UTC (rev 194341)
@@ -100,10 +100,10 @@
ZExt32,
// Takes Int64 and returns Int32:
Trunc,
- // Takes ints and returns Double:
+ // Takes ints and returns Double. Note that we don't currently provide the opposite operation,
+ // because double-to-int conversions have weirdly different semantics on different platforms. Use
+ // a patchpoint if you need to do that.
IToD,
- // Takes Double and returns Int32:
- DToI32,
// Convert between double and float.
FloatToDouble,
DoubleToFloat,
Modified: trunk/Source/_javascript_Core/b3/B3Validate.cpp (194340 => 194341)
--- trunk/Source/_javascript_Core/b3/B3Validate.cpp 2015-12-21 20:40:04 UTC (rev 194340)
+++ trunk/Source/_javascript_Core/b3/B3Validate.cpp 2015-12-21 20:54:51 UTC (rev 194341)
@@ -221,11 +221,6 @@
VALIDATE(isInt(value->child(0)->type()), ("At ", *value));
VALIDATE(value->type() == Double, ("At ", *value));
break;
- case DToI32:
- VALIDATE(value->numChildren() == 1, ("At ", *value));
- VALIDATE(value->child(0)->type() == Double, ("At ", *value));
- VALIDATE(value->type() == Int32, ("At ", *value));
- break;
case FloatToDouble:
VALIDATE(value->numChildren() == 1, ("At ", *value));
VALIDATE(value->child(0)->type() == Float, ("At ", *value));
Modified: trunk/Source/_javascript_Core/b3/B3Value.cpp (194340 => 194341)
--- trunk/Source/_javascript_Core/b3/B3Value.cpp 2015-12-21 20:40:04 UTC (rev 194340)
+++ trunk/Source/_javascript_Core/b3/B3Value.cpp 2015-12-21 20:54:51 UTC (rev 194341)
@@ -383,7 +383,6 @@
case ZExt32:
case Trunc:
case IToD:
- case DToI32:
case FloatToDouble:
case DoubleToFloat:
case Equal:
@@ -464,7 +463,6 @@
case Clz:
case Trunc:
case IToD:
- case DToI32:
case FloatToDouble:
case DoubleToFloat:
case Check:
@@ -575,7 +573,6 @@
case SExt8:
case SExt16:
case Trunc:
- case DToI32:
case Equal:
case NotEqual:
case LessThan:
Modified: trunk/Source/_javascript_Core/b3/B3ValueKey.cpp (194340 => 194341)
--- trunk/Source/_javascript_Core/b3/B3ValueKey.cpp 2015-12-21 20:40:04 UTC (rev 194340)
+++ trunk/Source/_javascript_Core/b3/B3ValueKey.cpp 2015-12-21 20:54:51 UTC (rev 194341)
@@ -54,7 +54,6 @@
case Clz:
case Trunc:
case IToD:
- case DToI32:
case FloatToDouble:
case DoubleToFloat:
case Check:
Modified: trunk/Source/_javascript_Core/ftl/FTLB3Output.cpp (194340 => 194341)
--- trunk/Source/_javascript_Core/ftl/FTLB3Output.cpp 2015-12-21 20:40:04 UTC (rev 194340)
+++ trunk/Source/_javascript_Core/ftl/FTLB3Output.cpp 2015-12-21 20:54:51 UTC (rev 194341)
@@ -30,9 +30,12 @@
#if FTL_USES_B3
#include "B3MathExtras.h"
+#include "B3StackmapGenerationParams.h"
namespace JSC { namespace FTL {
+using namespace B3;
+
Output::Output(State& state)
: CommonValues(state.context)
, m_proc(*state.proc)
@@ -59,68 +62,100 @@
m_block = block;
}
-B3::StackSlotValue* Output::lockedStackSlot(size_t bytes)
+StackSlotValue* Output::lockedStackSlot(size_t bytes)
{
- return m_block->appendNew<B3::StackSlotValue>(m_proc, origin(), bytes, B3::StackSlotKind::Locked);
+ return m_block->appendNew<StackSlotValue>(m_proc, origin(), bytes, StackSlotKind::Locked);
}
LValue Output::load(TypedPointer pointer, LType type)
{
- LValue load = m_block->appendNew<B3::MemoryValue>(m_proc, B3::Load, type, origin(), pointer.value());
+ LValue load = m_block->appendNew<MemoryValue>(m_proc, Load, type, origin(), pointer.value());
pointer.heap().decorateInstruction(load, *m_heaps);
return load;
}
LValue Output::doublePowi(LValue x, LValue y)
{
+ // FIXME: powDoubleInt32() should be inlined here since Output knows about block layout and
+ // should be involved in any operation that creates blocks.
+ // https://bugs.webkit.org/show_bug.cgi?id=152223
auto result = powDoubleInt32(m_proc, m_block, origin(), x, y);
m_block = result.first;
return result.second;
}
+bool Output::hasSensibleDoubleToInt()
+{
+ return optimizeForX86();
+}
+
+LValue Output::doubleToInt(LValue value)
+{
+ PatchpointValue* result = patchpoint(Int32);
+ result->append(value, ValueRep::SomeRegister);
+ result->setGenerator(
+ [] (CCallHelpers& jit, const StackmapGenerationParams& params) {
+ jit.truncateDoubleToInt32(params[1].fpr(), params[0].gpr());
+ });
+ result->effects = Effects::none();
+ return result;
+}
+
+LValue Output::doubleToUInt(LValue value)
+{
+ PatchpointValue* result = patchpoint(Int32);
+ result->append(value, ValueRep::SomeRegister);
+ result->setGenerator(
+ [] (CCallHelpers& jit, const StackmapGenerationParams& params) {
+ jit.truncateDoubleToUint32(params[1].fpr(), params[0].gpr());
+ });
+ result->effects = Effects::none();
+ return result;
+}
+
LValue Output::load8SignExt32(TypedPointer pointer)
{
- LValue load = m_block->appendNew<B3::MemoryValue>(m_proc, B3::Load8S, B3::Int32, origin(), pointer.value());
+ LValue load = m_block->appendNew<MemoryValue>(m_proc, Load8S, Int32, origin(), pointer.value());
pointer.heap().decorateInstruction(load, *m_heaps);
return load;
}
LValue Output::load8ZeroExt32(TypedPointer pointer)
{
- LValue load = m_block->appendNew<B3::MemoryValue>(m_proc, B3::Load8Z, B3::Int32, origin(), pointer.value());
+ LValue load = m_block->appendNew<MemoryValue>(m_proc, Load8Z, Int32, origin(), pointer.value());
pointer.heap().decorateInstruction(load, *m_heaps);
return load;
}
LValue Output::load16SignExt32(TypedPointer pointer)
{
- LValue load = m_block->appendNew<B3::MemoryValue>(m_proc, B3::Load16S, B3::Int32, origin(), pointer.value());
+ LValue load = m_block->appendNew<MemoryValue>(m_proc, Load16S, Int32, origin(), pointer.value());
pointer.heap().decorateInstruction(load, *m_heaps);
return load;
}
LValue Output::load16ZeroExt32(TypedPointer pointer)
{
- LValue load = m_block->appendNew<B3::MemoryValue>(m_proc, B3::Load16Z, B3::Int32, origin(), pointer.value());
+ LValue load = m_block->appendNew<MemoryValue>(m_proc, Load16Z, Int32, origin(), pointer.value());
pointer.heap().decorateInstruction(load, *m_heaps);
return load;
}
void Output::store(LValue value, TypedPointer pointer)
{
- LValue store = m_block->appendNew<B3::MemoryValue>(m_proc, B3::Store, origin(), value, pointer.value());
+ LValue store = m_block->appendNew<MemoryValue>(m_proc, Store, origin(), value, pointer.value());
pointer.heap().decorateInstruction(store, *m_heaps);
}
void Output::store32As8(LValue value, TypedPointer pointer)
{
- LValue store = m_block->appendNew<B3::MemoryValue>(m_proc, B3::Store8, origin(), value, pointer.value());
+ LValue store = m_block->appendNew<MemoryValue>(m_proc, Store8, origin(), value, pointer.value());
pointer.heap().decorateInstruction(store, *m_heaps);
}
void Output::store32As16(LValue value, TypedPointer pointer)
{
- LValue store = m_block->appendNew<B3::MemoryValue>(m_proc, B3::Store16, origin(), value, pointer.value());
+ LValue store = m_block->appendNew<MemoryValue>(m_proc, Store16, origin(), value, pointer.value());
pointer.heap().decorateInstruction(store, *m_heaps);
}
@@ -152,10 +187,10 @@
void Output::branch(LValue condition, LBasicBlock taken, Weight takenWeight, LBasicBlock notTaken, Weight notTakenWeight)
{
- m_block->appendNew<B3::ControlValue>(
+ m_block->appendNew<ControlValue>(
m_proc, B3::Branch, origin(), condition,
- B3::FrequentedBlock(taken, takenWeight.frequencyClass()),
- B3::FrequentedBlock(notTaken, notTakenWeight.frequencyClass()));
+ FrequentedBlock(taken, takenWeight.frequencyClass()),
+ FrequentedBlock(notTaken, notTakenWeight.frequencyClass()));
}
} } // namespace JSC::FTL
Modified: trunk/Source/_javascript_Core/ftl/FTLB3Output.h (194340 => 194341)
--- trunk/Source/_javascript_Core/ftl/FTLB3Output.h 2015-12-21 20:40:04 UTC (rev 194340)
+++ trunk/Source/_javascript_Core/ftl/FTLB3Output.h 2015-12-21 20:54:51 UTC (rev 194341)
@@ -175,8 +175,9 @@
LValue doubleLog(LValue value) { return callWithoutSideEffects(B3::Double, log, value); }
- static bool hasSensibleDoubleToInt() { CRASH(); }
- LValue sensibleDoubleToInt(LValue) { CRASH(); }
+ static bool hasSensibleDoubleToInt();
+ LValue doubleToInt(LValue);
+ LValue doubleToUInt(LValue);
LValue signExt32To64(LValue value) { return m_block->appendNew<B3::Value>(m_proc, B3::SExt32, origin(), value); }
LValue zeroExt(LValue value, LType type)
@@ -186,8 +187,6 @@
return m_block->appendNew<B3::Value>(m_proc, B3::ZExt32, origin(), value);
}
LValue zeroExtPtr(LValue value) { return zeroExt(value, B3::Int64); }
- LValue fpToInt32(LValue value) { CRASH(); }
- LValue fpToUInt32(LValue value) { CRASH(); }
LValue intToDouble(LValue value) { return m_block->appendNew<B3::Value>(m_proc, B3::IToD, origin(), value); }
LValue unsignedToDouble(LValue value) { CRASH(); }
LValue castToInt32(LValue value)
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp (194340 => 194341)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2015-12-21 20:40:04 UTC (rev 194340)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToLLVM.cpp 2015-12-21 20:54:51 UTC (rev 194341)
@@ -2084,7 +2084,7 @@
LBasicBlock nanExceptionResultIsNaN = FTL_NEW_BLOCK(m_out, ("ArithPow NaN Exception, result is NaN."));
LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("ArithPow continuation"));
- LValue integerExponent = m_out.fpToInt32(exponent);
+ LValue integerExponent = m_out.doubleToInt(exponent);
LValue integerExponentConvertedToDouble = m_out.intToDouble(integerExponent);
LValue exponentIsInteger = m_out.doubleEqual(exponent, integerExponentConvertedToDouble);
m_out.branch(exponentIsInteger, unsure(integerExponentIsSmallBlock), unsure(doubleExponentPowBlockEntry));
@@ -3282,7 +3282,7 @@
unsure(continuation), unsure(withinRange));
m_out.appendTo(withinRange, continuation);
- intValues.append(m_out.anchor(m_out.fpToInt32(doubleValue)));
+ intValues.append(m_out.anchor(m_out.doubleToInt(doubleValue)));
m_out.jump(continuation);
m_out.appendTo(continuation, lastNext);
@@ -5513,7 +5513,7 @@
m_out.appendTo(isDouble, innerLastNext);
LValue doubleValue = unboxDouble(boxedValue);
- LValue intInDouble = m_out.fpToInt32(doubleValue);
+ LValue intInDouble = m_out.doubleToInt(doubleValue);
intValues.append(m_out.anchor(intInDouble));
m_out.branch(
m_out.doubleEqual(m_out.intToDouble(intInDouble), doubleValue),
@@ -8274,9 +8274,9 @@
m_out.appendTo(withinRange, slowPath);
LValue fastResult;
if (isSigned)
- fastResult = m_out.fpToInt32(doubleValue);
+ fastResult = m_out.doubleToInt(doubleValue);
else
- fastResult = m_out.fpToUInt32(doubleValue);
+ fastResult = m_out.doubleToUInt(doubleValue);
results.append(m_out.anchor(fastResult));
m_out.jump(continuation);
@@ -8302,7 +8302,7 @@
LBasicBlock slowPath = FTL_NEW_BLOCK(m_out, ("sensible doubleToInt32 slow path"));
LBasicBlock continuation = FTL_NEW_BLOCK(m_out, ("sensible doubleToInt32 continuation"));
- LValue fastResultValue = m_out.sensibleDoubleToInt(doubleValue);
+ LValue fastResultValue = m_out.doubleToInt(doubleValue);
ValueFromBlock fastResult = m_out.anchor(fastResultValue);
m_out.branch(
m_out.equal(fastResultValue, m_out.constInt32(0x80000000)),
@@ -8958,7 +8958,7 @@
LValue convertDoubleToInt32(LValue value, bool shouldCheckNegativeZero)
{
- LValue integerValue = m_out.fpToInt32(value);
+ LValue integerValue = m_out.doubleToInt(value);
LValue integerValueConvertedToDouble = m_out.intToDouble(integerValue);
LValue valueNotConvertibleToInteger = m_out.doubleNotEqualOrUnordered(value, integerValueConvertedToDouble);
speculate(Overflow, FormattedValue(DataFormatDouble, value), m_node, valueNotConvertibleToInteger);
Modified: trunk/Source/_javascript_Core/ftl/FTLOutput.h (194340 => 194341)
--- trunk/Source/_javascript_Core/ftl/FTLOutput.h 2015-12-21 20:40:04 UTC (rev 194340)
+++ trunk/Source/_javascript_Core/ftl/FTLOutput.h 2015-12-21 20:54:51 UTC (rev 194341)
@@ -215,6 +215,8 @@
static bool hasSensibleDoubleToInt() { return isX86(); }
LValue sensibleDoubleToInt(LValue);
+ LValue doubleToInt(LValue value) { return fpToInt32(value); }
+ LValue doubleToUInt(LValue value) { return fpToUInt32(value); }
LValue signExt32To64(LValue value) { return signExt(value, int64); }
LValue zeroExt(LValue value, LType type) { return buildZExt(m_builder, value, type); }
