- Revision
- 95594
- Author
- fpi...@apple.com
- Date
- 2011-09-20 19:22:52 -0700 (Tue, 20 Sep 2011)
Log Message
DFG JIT always speculates integer on modulo
https://bugs.webkit.org/show_bug.cgi?id=68485
Reviewed by Oliver Hunt.
Added support for double modulo, which is a call to fmod().
Also added support for recording the old JIT's statistics
on op_mod and propagating them along the graph. Finally,
fixed a goof in the ArithNodeFlags propagation logic that
was made obvious when I started testing ArithMod.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::makeSafe):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGNode.h:
(JSC::DFG::Node::hasArithNodeFlags):
* dfg/DFGPropagator.cpp:
(JSC::DFG::Propagator::propagateArithNodeFlags):
(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compile):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (95593 => 95594)
--- trunk/Source/_javascript_Core/ChangeLog 2011-09-21 01:49:03 UTC (rev 95593)
+++ trunk/Source/_javascript_Core/ChangeLog 2011-09-21 02:22:52 UTC (rev 95594)
@@ -1,3 +1,28 @@
+2011-09-20 Filip Pizlo <fpi...@apple.com>
+
+ DFG JIT always speculates integer on modulo
+ https://bugs.webkit.org/show_bug.cgi?id=68485
+
+ Reviewed by Oliver Hunt.
+
+ Added support for double modulo, which is a call to fmod().
+ Also added support for recording the old JIT's statistics
+ on op_mod and propagating them along the graph. Finally,
+ fixed a goof in the ArithNodeFlags propagation logic that
+ was made obvious when I started testing ArithMod.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::makeSafe):
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ * dfg/DFGNode.h:
+ (JSC::DFG::Node::hasArithNodeFlags):
+ * dfg/DFGPropagator.cpp:
+ (JSC::DFG::Propagator::propagateArithNodeFlags):
+ (JSC::DFG::Propagator::propagateNodePredictions):
+ (JSC::DFG::Propagator::fixupNode):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+
2011-09-20 ChangSeok Oh <shivami...@gmail.com>
[GTK] requestAnimationFrame support for gtk port
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (95593 => 95594)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2011-09-21 01:49:03 UTC (rev 95593)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2011-09-21 02:22:52 UTC (rev 95594)
@@ -521,6 +521,7 @@
case ArithAdd:
case ArithSub:
case ValueAdd:
+ case ArithMod: // for ArithMode "MayOverflow" means we tried to divide by zero, or we saw double.
m_graph[nodeIndex].mergeArithNodeFlags(NodeMayOverflow);
break;
@@ -897,7 +898,7 @@
case op_mod: {
NodeIndex op1 = getToNumber(currentInstruction[2].u.operand);
NodeIndex op2 = getToNumber(currentInstruction[3].u.operand);
- set(currentInstruction[1].u.operand, addToGraph(ArithMod, op1, op2));
+ set(currentInstruction[1].u.operand, makeSafe(addToGraph(ArithMod, OpInfo(NodeUseBottom), op1, op2)));
NEXT_OPCODE(op_mod);
}
Modified: trunk/Source/_javascript_Core/dfg/DFGNode.h (95593 => 95594)
--- trunk/Source/_javascript_Core/dfg/DFGNode.h 2011-09-21 01:49:03 UTC (rev 95593)
+++ trunk/Source/_javascript_Core/dfg/DFGNode.h 2011-09-21 02:22:52 UTC (rev 95594)
@@ -480,6 +480,7 @@
case ArithAbs:
case ArithMin:
case ArithMax:
+ case ArithMod:
case ValueAdd:
return true;
default:
Modified: trunk/Source/_javascript_Core/dfg/DFGPropagator.cpp (95593 => 95594)
--- trunk/Source/_javascript_Core/dfg/DFGPropagator.cpp 2011-09-21 01:49:03 UTC (rev 95593)
+++ trunk/Source/_javascript_Core/dfg/DFGPropagator.cpp 2011-09-21 02:22:52 UTC (rev 95594)
@@ -261,7 +261,7 @@
changed |= m_graph[node.child1()].mergeArithNodeFlags(flags);
if (node.child2() == NoNode)
break;
- changed |= m_graph[node.child1()].mergeArithNodeFlags(flags);
+ changed |= m_graph[node.child2()].mergeArithNodeFlags(flags);
if (node.child3() == NoNode)
break;
changed |= m_graph[node.child3()].mergeArithNodeFlags(flags);
@@ -360,12 +360,24 @@
case BitRShift:
case BitLShift:
case BitURShift:
- case ValueToInt32:
- case ArithMod: {
+ case ValueToInt32: {
changed |= setPrediction(makePrediction(PredictInt32, StrongPrediction));
break;
}
+
+ case ArithMod: {
+ PredictedType left = m_predictions[node.child1()];
+ PredictedType right = m_predictions[node.child2()];
+ if (isStrongPrediction(left) && isStrongPrediction(right)) {
+ if (isInt32Prediction(mergePredictions(left, right)) && nodeCanSpeculateInteger(node.arithNodeFlags()))
+ changed |= mergePrediction(makePrediction(PredictInt32, StrongPrediction));
+ else
+ changed |= mergePrediction(makePrediction(PredictDouble, StrongPrediction));
+ }
+ break;
+ }
+
case UInt32ToNumber: {
if (nodeCanSpeculateInteger(node.arithNodeFlags()))
changed |= setPrediction(makePrediction(PredictInt32, StrongPrediction));
@@ -621,7 +633,8 @@
case ArithSub:
case ArithMul:
case ArithMin:
- case ArithMax: {
+ case ArithMax:
+ case ArithMod: {
if (!nodeCanSpeculateInteger(node.arithNodeFlags())) {
toDouble(node.child1());
toDouble(node.child2());
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (95593 => 95594)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2011-09-21 01:49:03 UTC (rev 95593)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2011-09-21 02:22:52 UTC (rev 95594)
@@ -1105,6 +1105,24 @@
}
case ArithMod: {
+ if (shouldNotSpeculateInteger(node.child1()) || shouldNotSpeculateInteger(node.child2())
+ || !nodeCanSpeculateInteger(node.arithNodeFlags())) {
+ SpeculateDoubleOperand op1(this, node.child1());
+ SpeculateDoubleOperand op2(this, node.child2());
+
+ FPRReg op1FPR = op1.fpr();
+ FPRReg op2FPR = op2.fpr();
+
+ flushRegisters();
+
+ FPRResult result(this);
+
+ callOperation(fmod, result.fpr(), op1FPR, op2FPR);
+
+ doubleResult(result.fpr(), m_compileIndex);
+ break;
+ }
+
SpeculateIntegerOperand op1(this, node.child1());
SpeculateIntegerOperand op2(this, node.child2());
GPRTemporary eax(this, X86Registers::eax);
