JavaScriptCore

fpizlo Fri, 12 Aug 2011 16:27:53 -0700

Title: [93010] trunk/Source/_javascript_Core

Revision: 93010
Author: [email protected]
Date: 2011-08-12 16:27:45 -0700 (Fri, 12 Aug 2011)

Log Message

DFG JIT has inconsistent use of boxDouble and unboxDouble,
inconsistent use of assertions regarding doubles, and those
assertions are not turned on in debug builds
https://bugs.webkit.org/show_bug.cgi?id=66160


Reviewed by Gavin Barraclough.

JIT assertions are now turned on in debug builds.  JIT
assertions are now used for boxing and unboxing doubles, and boxing
and unboxing no longer involves code duplication.

* dfg/DFGJITCodeGenerator.cpp:
(JSC::DFG::JITCodeGenerator::fillDouble):
* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::JITCodeGenerator::boxDouble):
(JSC::DFG::JITCodeGenerator::unboxDouble):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::fillNumericToDouble):
(JSC::DFG::GeneralizedRegister::moveTo):
(JSC::DFG::GeneralizedRegister::swapWith):
* dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::boxDouble):
(JSC::DFG::JITCompiler::unboxDouble):
* dfg/DFGNode.h:
* dfg/DFGNonSpeculativeJIT.cpp:
(JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
(JSC::DFG::NonSpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::convertToDouble):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.cpp
trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h
trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp
trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h
trunk/Source/_javascript_Core/dfg/DFGNode.h
trunk/Source/_javascript_Core/dfg/DFGNonSpeculativeJIT.cpp
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (93009 => 93010)


--- trunk/Source/_javascript_Core/ChangeLog	2011-08-12 23:18:48 UTC (rev 93009)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-08-12 23:27:45 UTC (rev 93010)
@@ -1,3 +1,36 @@
+2011-08-12  Filip Pizlo  <[email protected]>
+
+        DFG JIT has inconsistent use of boxDouble and unboxDouble,
+        inconsistent use of assertions regarding doubles, and those
+        assertions are not turned on in debug builds
+        https://bugs.webkit.org/show_bug.cgi?id=66160
+
+        Reviewed by Gavin Barraclough.
+        
+        JIT assertions are now turned on in debug builds.  JIT
+        assertions are now used for boxing and unboxing doubles, and boxing
+        and unboxing no longer involves code duplication.
+
+        * dfg/DFGJITCodeGenerator.cpp:
+        (JSC::DFG::JITCodeGenerator::fillDouble):
+        * dfg/DFGJITCodeGenerator.h:
+        (JSC::DFG::JITCodeGenerator::boxDouble):
+        (JSC::DFG::JITCodeGenerator::unboxDouble):
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::fillNumericToDouble):
+        (JSC::DFG::GeneralizedRegister::moveTo):
+        (JSC::DFG::GeneralizedRegister::swapWith):
+        * dfg/DFGJITCompiler.h:
+        (JSC::DFG::JITCompiler::boxDouble):
+        (JSC::DFG::JITCompiler::unboxDouble):
+        * dfg/DFGNode.h:
+        * dfg/DFGNonSpeculativeJIT.cpp:
+        (JSC::DFG::NonSpeculativeJIT::knownConstantArithOp):
+        (JSC::DFG::NonSpeculativeJIT::compile):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+        (JSC::DFG::SpeculativeJIT::convertToDouble):
+
 2011-08-12  Mark Rowe  <[email protected]>
 
         Be more forward-looking in the choice of compiler.

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.cpp (93009 => 93010)


--- trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.cpp	2011-08-12 23:18:48 UTC (rev 93009)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.cpp	2011-08-12 23:27:45 UTC (rev 93010)
@@ -168,8 +168,7 @@
 
         // First, if we get here we have a double encoded as a JSValue
         m_jit.move(jsValueGpr, tempGpr);
-        m_jit.addPtr(GPRInfo::tagTypeNumberRegister, tempGpr);
-        m_jit.movePtrToDouble(tempGpr, fpr);
+        unboxDouble(tempGpr, fpr);
         JITCompiler::Jump hasUnboxedDouble = m_jit.jump();
 
         // Finally, handle integers.

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h (93009 => 93010)


--- trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h	2011-08-12 23:18:48 UTC (rev 93009)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h	2011-08-12 23:27:45 UTC (rev 93010)
@@ -357,15 +357,11 @@
     // These methods convert between doubles, and doubles boxed and JSValues.
     GPRReg boxDouble(FPRReg fpr, GPRReg gpr)
     {
-        m_jit.moveDoubleToPtr(fpr, gpr);
-        m_jit.subPtr(GPRInfo::tagTypeNumberRegister, gpr);
-        return gpr;
+        return m_jit.boxDouble(fpr, gpr);
     }
     FPRReg unboxDouble(GPRReg gpr, FPRReg fpr)
     {
-        m_jit.addPtr(GPRInfo::tagTypeNumberRegister, gpr);
-        m_jit.movePtrToDouble(gpr, fpr);
-        return fpr;
+        return m_jit.unboxDouble(gpr, fpr);
     }
     GPRReg boxDouble(FPRReg fpr)
     {

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (93009 => 93010)


--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp	2011-08-12 23:18:48 UTC (rev 93009)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp	2011-08-12 23:27:45 UTC (rev 93010)
@@ -51,9 +51,7 @@
     } else {
         loadPtr(addressFor(node.virtualRegister()), temporary);
         Jump isInteger = branchPtr(MacroAssembler::AboveOrEqual, temporary, GPRInfo::tagTypeNumberRegister);
-        jitAssertIsJSDouble(temporary);
-        addPtr(GPRInfo::tagTypeNumberRegister, temporary);
-        movePtrToDouble(temporary, fpr);
+        unboxDouble(temporary, fpr);
         Jump hasUnboxedDouble = jump();
         isInteger.link(this);
         convertInt32ToDouble(temporary, fpr);
@@ -197,8 +195,7 @@
                 notInt.link(&jit);
             }
             
-            jit.moveDoubleToPtr(fpr(), other.gpr());
-            jit.subPtr(GPRInfo::tagTypeNumberRegister, other.gpr());
+            jit.boxDouble(fpr(), other.gpr());
             
             if (done.isSet())
                 done.link(&jit);
@@ -206,8 +203,7 @@
         }
         
         if (UNLIKELY(other.isFPR())) {
-            jit.addPtr(GPRInfo::tagTypeNumberRegister, gpr());
-            jit.movePtrToDouble(gpr(), other.fpr());
+            jit.unboxDouble(gpr(), other.fpr());
             return;
         }
         
@@ -253,14 +249,12 @@
                 notInt.link(&jit);
             }
             
-            jit.moveDoubleToPtr(fpr(), other.gpr());
-            jit.subPtr(GPRInfo::tagTypeNumberRegister, other.gpr());
+            jit.boxDouble(fpr(), other.gpr());
             
             if (done.isSet())
                 done.link(&jit);
             
-            jit.addPtr(GPRInfo::tagTypeNumberRegister, scratchGPR);
-            jit.movePtrToDouble(scratchGPR, fpr());
+            jit.unboxDouble(scratchGPR, fpr());
             return;
         }

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h (93009 => 93010)


--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h	2011-08-12 23:18:48 UTC (rev 93009)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h	2011-08-12 23:27:45 UTC (rev 93010)
@@ -256,6 +256,21 @@
     void jitAssertIsCell(GPRReg) {}
 #endif
 
+    // These methods convert between doubles, and doubles boxed and JSValues.
+    GPRReg boxDouble(FPRReg fpr, GPRReg gpr)
+    {
+        moveDoubleToPtr(fpr, gpr);
+        subPtr(GPRInfo::tagTypeNumberRegister, gpr);
+        return gpr;
+    }
+    FPRReg unboxDouble(GPRReg gpr, FPRReg fpr)
+    {
+        jitAssertIsJSDouble(gpr);
+        addPtr(GPRInfo::tagTypeNumberRegister, gpr);
+        movePtrToDouble(gpr, fpr);
+        return fpr;
+    }
+
 #if ENABLE(SAMPLING_COUNTERS)
     // Debug profiling tool.
     void emitCount(AbstractSamplingCounter&, uint32_t increment = 1);

Modified: trunk/Source/_javascript_Core/dfg/DFGNode.h (93009 => 93010)


--- trunk/Source/_javascript_Core/dfg/DFGNode.h	2011-08-12 23:18:48 UTC (rev 93009)
+++ trunk/Source/_javascript_Core/dfg/DFGNode.h	2011-08-12 23:27:45 UTC (rev 93010)
@@ -29,7 +29,11 @@
 // Emit various logging information for debugging, including dumping the dataflow graphs.
 #define DFG_DEBUG_VERBOSE 0
 // Enable generation of dynamic checks into the instruction stream.
+#if !ASSERT_DISABLED
+#define DFG_JIT_ASSERT 1
+#else
 #define DFG_JIT_ASSERT 0
+#endif
 // Consistency check contents compiler data structures.
 #define DFG_CONSISTENCY_CHECK 0
 // Emit a breakpoint into the head of every generated function, to aid debugging in GDB.

Modified: trunk/Source/_javascript_Core/dfg/DFGNonSpeculativeJIT.cpp (93009 => 93010)


--- trunk/Source/_javascript_Core/dfg/DFGNonSpeculativeJIT.cpp	2011-08-12 23:18:48 UTC (rev 93009)
+++ trunk/Source/_javascript_Core/dfg/DFGNonSpeculativeJIT.cpp	2011-08-12 23:27:45 UTC (rev 93010)
@@ -201,8 +201,7 @@
             notInt.link(&m_jit);
             
             m_jit.move(regArgGPR, resultGPR);
-            m_jit.addPtr(GPRInfo::tagTypeNumberRegister, resultGPR);
-            m_jit.movePtrToDouble(resultGPR, tmp2FPR);
+            unboxDouble(resultGPR, tmp2FPR);
             
             haveValue.link(&m_jit);
         }
@@ -213,8 +212,7 @@
             m_jit.addDouble(tmp1FPR, tmp2FPR);
         else
             m_jit.subDouble(tmp1FPR, tmp2FPR);
-        m_jit.moveDoubleToPtr(tmp2FPR, resultGPR);
-        m_jit.subPtr(GPRInfo::tagTypeNumberRegister, resultGPR);
+        boxDouble(tmp2FPR, resultGPR);
         break;
         
     default:
@@ -480,8 +478,7 @@
         m_jit.convertInt32ToDouble(op1.gpr(), boxer.fpr());
         m_jit.addDouble(JITCompiler::AbsoluteAddress(&twoToThe32), boxer.fpr());
         
-        m_jit.moveDoubleToPtr(boxer.fpr(), result.gpr());
-        m_jit.subPtr(GPRInfo::tagTypeNumberRegister, result.gpr());
+        boxDouble(boxer.fpr(), result.gpr());
         
         JITCompiler::Jump done = m_jit.jump();

Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (93009 => 93010)


--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2011-08-12 23:18:48 UTC (rev 93009)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2011-08-12 23:27:45 UTC (rev 93010)
@@ -241,8 +241,7 @@
 
         // First, if we get here we have a double encoded as a JSValue
         m_jit.move(jsValueGpr, tempGpr);
-        m_jit.addPtr(GPRInfo::tagTypeNumberRegister, tempGpr);
-        m_jit.movePtrToDouble(tempGpr, fpr);
+        unboxDouble(tempGpr, fpr);
         JITCompiler::Jump hasUnboxedDouble = m_jit.jump();
 
         // Finally, handle integers.
@@ -393,8 +392,7 @@
     JITCompiler::Jump notNumber = m_jit.branchTestPtr(MacroAssembler::Zero, value, GPRInfo::tagTypeNumberRegister);
     
     m_jit.move(value, tmp);
-    m_jit.addPtr(GPRInfo::tagTypeNumberRegister, tmp);
-    m_jit.movePtrToDouble(tmp, result);
+    unboxDouble(tmp, result);
     
     JITCompiler::Jump done = m_jit.jump();

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes

[webkit-changes] [93010] trunk/Source/JavaScriptCore

Log Message

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (93009 => 93010)

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.cpp (93009 => 93010)

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h (93009 => 93010)

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (93009 => 93010)

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.h (93009 => 93010)

Modified: trunk/Source/_javascript_Core/dfg/DFGNode.h (93009 => 93010)

Modified: trunk/Source/_javascript_Core/dfg/DFGNonSpeculativeJIT.cpp (93009 => 93010)

Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (93009 => 93010)

Reply via email to