Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (226433 => 226434)
--- trunk/Source/_javascript_Core/ChangeLog 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-01-05 04:15:49 UTC (rev 226434)
@@ -1,3 +1,80 @@
+2018-01-04 Yusuke Suzuki <[email protected]>
+
+ [DFG] Unify ToNumber implementation in 32bit and 64bit by changing 32bit Int32Tag and LowestTag
+ https://bugs.webkit.org/show_bug.cgi?id=181134
+
+ Reviewed by Mark Lam.
+
+ We would like to unify DFG ToNumber implementation in 32bit and 64bit. One problem is that
+ branchIfNumber signature is different between 32bit and 64bit. 32bit implementation requires
+ an additional scratch register. We do not want to allocate an unnecessary register in 64bit
+ implementation.
+
+ This patch removes the additional register in branchIfNumber/branchIfNotNumber in both 32bit
+ and 64bit implementation. To achieve this goal, we change Int32Tag and LowestTag order. By
+ setting Int32Tag as LowestTag, we can query whether the given tag is a number by checking
+ `<= LowestTag(Int32Tag)`.
+
+ We also change the order of UndefinedTag, NullTag, and BooleanTag to keep `(UndefinedTag | 1) == NullTag`.
+
+ We also clean up speculateMisc implementation by adding branchIfMisc/branchIfNotMisc.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+ (JSC::DFG::SpeculativeJIT::compileDoubleRep):
+ (JSC::DFG::SpeculativeJIT::speculateNumber):
+ (JSC::DFG::SpeculativeJIT::speculateMisc):
+ (JSC::DFG::SpeculativeJIT::compileNormalizeMapKey):
+ (JSC::DFG::SpeculativeJIT::compileToNumber):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
+ (JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
+ (JSC::DFG::SpeculativeJIT::compileObjectOrOtherLogicalNot):
+ (JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/AssemblyHelpers.cpp:
+ (JSC::AssemblyHelpers::branchIfNotType):
+ (JSC::AssemblyHelpers::jitAssertIsJSNumber):
+ (JSC::AssemblyHelpers::emitConvertValueToBoolean):
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::branchIfMisc):
+ (JSC::AssemblyHelpers::branchIfNotMisc):
+ (JSC::AssemblyHelpers::branchIfNumber):
+ (JSC::AssemblyHelpers::branchIfNotNumber):
+ (JSC::AssemblyHelpers::branchIfNotDoubleKnownNotInt32):
+ (JSC::AssemblyHelpers::emitTypeOf):
+ * jit/JITAddGenerator.cpp:
+ (JSC::JITAddGenerator::generateFastPath):
+ * jit/JITArithmetic32_64.cpp:
+ (JSC::JIT::emitBinaryDoubleOp):
+ * jit/JITDivGenerator.cpp:
+ (JSC::JITDivGenerator::loadOperand):
+ * jit/JITMulGenerator.cpp:
+ (JSC::JITMulGenerator::generateInline):
+ (JSC::JITMulGenerator::generateFastPath):
+ * jit/JITNegGenerator.cpp:
+ (JSC::JITNegGenerator::generateInline):
+ (JSC::JITNegGenerator::generateFastPath):
+ * jit/JITOpcodes32_64.cpp:
+ (JSC::JIT::emit_op_is_number):
+ (JSC::JIT::emit_op_jeq_null):
+ (JSC::JIT::emit_op_jneq_null):
+ (JSC::JIT::emit_op_to_number):
+ (JSC::JIT::emit_op_profile_type):
+ * jit/JITRightShiftGenerator.cpp:
+ (JSC::JITRightShiftGenerator::generateFastPath):
+ * jit/JITSubGenerator.cpp:
+ (JSC::JITSubGenerator::generateInline):
+ (JSC::JITSubGenerator::generateFastPath):
+ * llint/LLIntData.cpp:
+ (JSC::LLInt::Data::performAssertions):
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter32_64.asm:
+ * runtime/JSCJSValue.h:
+
2018-01-04 JF Bastien <[email protected]>
Add assembler support for x86 lfence and sfence
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -2427,7 +2427,7 @@
MacroAssembler::AboveOrEqual, tagGPR,
TrustedImm32(JSValue::LowestTag)));
} else {
- JITCompiler::Jump isNumber = m_jit.branch32(MacroAssembler::Below, tagGPR, TrustedImm32(JSValue::LowestTag));
+ JITCompiler::Jump isDouble = m_jit.branch32(MacroAssembler::Below, tagGPR, TrustedImm32(JSValue::LowestTag));
DFG_TYPE_CHECK(
op1.jsValueRegs(), node->child1(), ~SpecCell,
@@ -2442,7 +2442,7 @@
m_jit.move(payloadGPR, resultGpr);
converted.append(m_jit.jump());
- isNumber.link(&m_jit);
+ isDouble.link(&m_jit);
}
unboxDouble(tagGPR, payloadGPR, fpr, scratch.fpr());
@@ -2644,7 +2644,7 @@
MacroAssembler::Equal, op1TagGPR, TrustedImm32(JSValue::Int32Tag));
if (node->child1().useKind() == NotCellUse) {
- JITCompiler::Jump isNumber = m_jit.branch32(JITCompiler::Below, op1TagGPR, JITCompiler::TrustedImm32(JSValue::LowestTag + 1));
+ JITCompiler::Jump isDouble = m_jit.branch32(JITCompiler::Below, op1TagGPR, JITCompiler::TrustedImm32(JSValue::LowestTag));
JITCompiler::Jump isUndefined = m_jit.branch32(JITCompiler::Equal, op1TagGPR, TrustedImm32(JSValue::UndefinedTag));
static const double zero = 0;
@@ -2666,7 +2666,7 @@
m_jit.loadDouble(TrustedImmPtr(&NaN), resultFPR);
done.append(m_jit.jump());
- isNumber.link(&m_jit);
+ isDouble.link(&m_jit);
} else if (needsTypeCheck(node->child1(), SpecBytecodeNumber)) {
typeCheck(
JSValueRegs(op1TagGPR, op1PayloadGPR), node->child1(), SpecBytecodeNumber,
@@ -9127,20 +9127,8 @@
return;
JSValueOperand value(this, edge, ManualOperandSpeculation);
-#if USE(JSVALUE64)
- GPRReg gpr = value.gpr();
- typeCheck(
- JSValueRegs(gpr), edge, SpecBytecodeNumber,
- m_jit.branchTest64(MacroAssembler::Zero, gpr, GPRInfo::tagTypeNumberRegister));
-#else
- GPRReg tagGPR = value.tagGPR();
- DFG_TYPE_CHECK(
- value.jsValueRegs(), edge, ~SpecInt32Only,
- m_jit.branch32(MacroAssembler::Equal, tagGPR, TrustedImm32(JSValue::Int32Tag)));
- DFG_TYPE_CHECK(
- value.jsValueRegs(), edge, SpecBytecodeNumber,
- m_jit.branch32(MacroAssembler::AboveOrEqual, tagGPR, TrustedImm32(JSValue::LowestTag)));
-#endif
+ JSValueRegs valueRegs = value.jsValueRegs();
+ DFG_TYPE_CHECK(valueRegs, edge, SpecBytecodeNumber, m_jit.branchIfNotNumber(valueRegs));
}
void SpeculativeJIT::speculateRealNumber(Edge edge)
@@ -9606,18 +9594,7 @@
void SpeculativeJIT::speculateMisc(Edge edge, JSValueRegs regs)
{
-#if USE(JSVALUE64)
- DFG_TYPE_CHECK(
- regs, edge, SpecMisc,
- m_jit.branch64(MacroAssembler::Above, regs.gpr(), MacroAssembler::TrustedImm64(TagBitTypeOther | TagBitBool | TagBitUndefined)));
-#else
- DFG_TYPE_CHECK(
- regs, edge, ~SpecInt32Only,
- m_jit.branch32(MacroAssembler::Equal, regs.tagGPR(), MacroAssembler::TrustedImm32(JSValue::Int32Tag)));
- DFG_TYPE_CHECK(
- regs, edge, SpecMisc,
- m_jit.branch32(MacroAssembler::Below, regs.tagGPR(), MacroAssembler::TrustedImm32(JSValue::UndefinedTag)));
-#endif
+ DFG_TYPE_CHECK(regs, edge, SpecMisc, m_jit.branchIfNotMisc(regs));
}
void SpeculativeJIT::speculateMisc(Edge edge)
@@ -10930,7 +10907,7 @@
CCallHelpers::JumpList passThroughCases;
- passThroughCases.append(m_jit.branchIfNotNumber(keyRegs, scratchGPR));
+ passThroughCases.append(m_jit.branchIfNotNumber(keyRegs));
passThroughCases.append(m_jit.branchIfInt32(keyRegs));
#if USE(JSVALUE64)
@@ -11454,6 +11431,42 @@
jsValueResult(resultRegs, node, DataFormatJS, UseChildrenCalledExplicitly);
}
+void SpeculativeJIT::compileToNumber(Node* node)
+{
+ JSValueOperand argument(this, node->child1());
+ JSValueRegs argumentRegs = argument.jsValueRegs();
+
+ // We have several attempts to remove ToNumber. But ToNumber still exists.
+ // It means that converting non-numbers to numbers by this ToNumber is not rare.
+ // Instead of the slow path generator, we emit callOperation here.
+ if (!(m_state.forNode(node->child1()).m_type & SpecBytecodeNumber)) {
+ flushRegisters();
+ JSValueRegsFlushedCallResult result(this);
+ JSValueRegs resultRegs = result.regs();
+ callOperation(operationToNumber, resultRegs, argumentRegs);
+ m_jit.exceptionCheck();
+ jsValueResult(resultRegs, node);
+ return;
+ }
+
+ JSValueRegsTemporary result(this, Reuse, argument);
+ JSValueRegs resultRegs = result.regs();
+
+ auto notNumber = m_jit.branchIfNotNumber(argumentRegs);
+ m_jit.moveValueRegs(argumentRegs, resultRegs);
+ auto done = m_jit.jump();
+
+ notNumber.link(&m_jit);
+ silentSpillAllRegisters(resultRegs);
+ callOperation(operationToNumber, resultRegs, argumentRegs);
+ silentFillAllRegisters();
+ m_jit.exceptionCheck();
+
+ done.link(&m_jit);
+
+ jsValueResult(resultRegs, node);
+}
+
void SpeculativeJIT::compileLogShadowChickenPrologue(Node* node)
{
flushRegisters();
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (226433 => 226434)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2018-01-05 04:15:49 UTC (rev 226434)
@@ -3109,6 +3109,7 @@
void compileCreateThis(Node*);
void compileNewObject(Node*);
void compileToPrimitive(Node*);
+ void compileToNumber(Node*);
void compileLogShadowChickenPrologue(Node*);
void compileLogShadowChickenTail(Node*);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -346,7 +346,7 @@
notCell.link(&m_jit);
// null or undefined?
- COMPILE_ASSERT((JSValue::UndefinedTag | 1) == JSValue::NullTag, UndefinedTag_OR_1_EQUALS_NullTag);
+ static_assert((JSValue::UndefinedTag | 1) == JSValue::NullTag, "");
m_jit.or32(TrustedImm32(1), argTagGPR, resultPayloadGPR);
m_jit.compare32(JITCompiler::Equal, resultPayloadGPR, TrustedImm32(JSValue::NullTag), resultPayloadGPR);
@@ -410,7 +410,7 @@
notCell.link(&m_jit);
// null or undefined?
- COMPILE_ASSERT((JSValue::UndefinedTag | 1) == JSValue::NullTag, UndefinedTag_OR_1_EQUALS_NullTag);
+ static_assert((JSValue::UndefinedTag | 1) == JSValue::NullTag, "");
m_jit.or32(TrustedImm32(1), argTagGPR, resultGPR);
branch32(invert ? JITCompiler::NotEqual : JITCompiler::Equal, resultGPR, JITCompiler::TrustedImm32(JSValue::NullTag), taken);
}
@@ -1781,7 +1781,7 @@
notCell.link(&m_jit);
- COMPILE_ASSERT((JSValue::UndefinedTag | 1) == JSValue::NullTag, UndefinedTag_OR_1_EQUALS_NullTag);
+ static_assert((JSValue::UndefinedTag | 1) == JSValue::NullTag, "");
if (needsTypeCheck(nodeUse, SpecCell | SpecOther)) {
m_jit.or32(TrustedImm32(1), valueTagGPR, resultPayloadGPR);
typeCheck(
@@ -1899,7 +1899,7 @@
notCell.link(&m_jit);
- COMPILE_ASSERT((JSValue::UndefinedTag | 1) == JSValue::NullTag, UndefinedTag_OR_1_EQUALS_NullTag);
+ static_assert((JSValue::UndefinedTag | 1) == JSValue::NullTag, "");
if (needsTypeCheck(nodeUse, SpecCell | SpecOther)) {
m_jit.or32(TrustedImm32(1), valueTagGPR, scratchGPR);
typeCheck(
@@ -3450,44 +3450,7 @@
}
case ToNumber: {
- JSValueOperand argument(this, node->child1());
- GPRTemporary resultTag(this, Reuse, argument, TagWord);
- GPRTemporary resultPayload(this, Reuse, argument, PayloadWord);
-
- GPRReg argumentPayloadGPR = argument.payloadGPR();
- GPRReg argumentTagGPR = argument.tagGPR();
- JSValueRegs argumentRegs = argument.jsValueRegs();
- JSValueRegs resultRegs(resultTag.gpr(), resultPayload.gpr());
-
- argument.use();
-
- // We have several attempts to remove ToNumber. But ToNumber still exists.
- // It means that converting non-numbers to numbers by this ToNumber is not rare.
- // Instead of the slow path generator, we emit callOperation here.
- if (!(m_state.forNode(node->child1()).m_type & SpecBytecodeNumber)) {
- flushRegisters();
- callOperation(operationToNumber, resultRegs, argumentRegs);
- m_jit.exceptionCheck();
- } else {
- MacroAssembler::Jump notNumber;
- {
- GPRTemporary scratch(this);
- notNumber = m_jit.branchIfNotNumber(argument.jsValueRegs(), scratch.gpr());
- }
- m_jit.move(argumentTagGPR, resultRegs.tagGPR());
- m_jit.move(argumentPayloadGPR, resultRegs.payloadGPR());
- MacroAssembler::Jump done = m_jit.jump();
-
- notNumber.link(&m_jit);
- silentSpillAllRegisters(resultRegs);
- callOperation(operationToNumber, resultRegs, argumentRegs);
- silentFillAllRegisters();
- m_jit.exceptionCheck();
-
- done.link(&m_jit);
- }
-
- jsValueResult(resultRegs.tagGPR(), resultRegs.payloadGPR(), node, UseChildrenCalledExplicitly);
+ compileToNumber(node);
break;
}
@@ -4385,8 +4348,7 @@
JSValueOperand value(this, node->child1());
GPRTemporary result(this, Reuse, value, TagWord);
- m_jit.add32(TrustedImm32(1), value.tagGPR(), result.gpr());
- m_jit.compare32(JITCompiler::Below, result.gpr(), JITCompiler::TrustedImm32(JSValue::LowestTag + 1), result.gpr());
+ m_jit.compare32(JITCompiler::BelowOrEqual, result.gpr(), JITCompiler::TrustedImm32(JSValue::LowestTag), result.gpr());
booleanResult(result.gpr(), node);
break;
}
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -3665,36 +3665,7 @@
}
case ToNumber: {
- JSValueOperand argument(this, node->child1());
- GPRTemporary result(this, Reuse, argument);
-
- GPRReg argumentGPR = argument.gpr();
- GPRReg resultGPR = result.gpr();
-
- argument.use();
-
- // We have several attempts to remove ToNumber. But ToNumber still exists.
- // It means that converting non-numbers to numbers by this ToNumber is not rare.
- // Instead of the slow path generator, we emit callOperation here.
- if (!(m_state.forNode(node->child1()).m_type & SpecBytecodeNumber)) {
- flushRegisters();
- callOperation(operationToNumber, resultGPR, argumentGPR);
- m_jit.exceptionCheck();
- } else {
- MacroAssembler::Jump notNumber = m_jit.branchIfNotNumber(argumentGPR);
- m_jit.move(argumentGPR, resultGPR);
- MacroAssembler::Jump done = m_jit.jump();
-
- notNumber.link(&m_jit);
- silentSpillAllRegisters(resultGPR);
- callOperation(operationToNumber, resultGPR, argumentGPR);
- silentFillAllRegisters();
- m_jit.exceptionCheck();
-
- done.link(&m_jit);
- }
-
- jsValueResult(resultGPR, node, UseChildrenCalledExplicitly);
+ compileToNumber(node);
break;
}
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -87,7 +87,7 @@
break;
case InferredType::Number:
- result.append(branchIfNotNumber(regs, tempGPR, mode));
+ result.append(branchIfNotNumber(regs, mode));
break;
case InferredType::String:
@@ -260,11 +260,9 @@
void AssemblyHelpers::jitAssertIsJSNumber(GPRReg gpr)
{
- Jump checkJSInt32 = branch32(Equal, gpr, TrustedImm32(JSValue::Int32Tag));
- Jump checkJSDouble = branch32(Below, gpr, TrustedImm32(JSValue::LowestTag));
+ Jump checkJSNumber = branch32(BelowOrEqual, gpr, TrustedImm32(JSValue::LowestTag));
abortWithReason(AHIsNotJSNumber);
- checkJSInt32.link(this);
- checkJSDouble.link(this);
+ checkJSNumber.link(this);
}
void AssemblyHelpers::jitAssertIsJSDouble(GPRReg gpr)
@@ -721,12 +719,7 @@
done.append(jump());
notBoolean.link(this);
-#if USE(JSVALUE64)
- auto isNotNumber = branchIfNotNumber(value.gpr());
-#else
- ASSERT(scratch != InvalidGPRReg);
- auto isNotNumber = branchIfNotNumber(value, scratch);
-#endif
+ auto isNotNumber = branchIfNotNumber(value);
auto isDouble = branchIfNotInt32(value);
// It's an int32.
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (226433 => 226434)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2018-01-05 04:15:49 UTC (rev 226434)
@@ -731,7 +731,29 @@
return branch32(NotEqual, tempGPR, TrustedImm32(JSValue::NullTag));
#endif
}
+
+ Jump branchIfMisc(JSValueRegs regs)
+ {
+#if USE(JSVALUE64)
+ return branch64(BelowOrEqual, regs.gpr(), TrustedImm64(TagBitTypeOther | TagBitBool | TagBitUndefined));
+#else
+ static_assert(static_cast<unsigned>(JSValue::NullTag) >= static_cast<unsigned>(JSValue::BooleanTag), "");
+ static_assert(static_cast<unsigned>(JSValue::UndefinedTag) >= static_cast<unsigned>(JSValue::BooleanTag), "");
+ return branch32(AboveOrEqual, regs.tagGPR(), TrustedImm32(JSValue::BooleanTag));
+#endif
+ }
+ Jump branchIfNotMisc(JSValueRegs regs)
+ {
+#if USE(JSVALUE64)
+ return branch64(Above, regs.gpr(), TrustedImm64(TagBitTypeOther | TagBitBool | TagBitUndefined));
+#else
+ static_assert(static_cast<unsigned>(JSValue::NullTag) >= static_cast<unsigned>(JSValue::BooleanTag), "");
+ static_assert(static_cast<unsigned>(JSValue::UndefinedTag) >= static_cast<unsigned>(JSValue::BooleanTag), "");
+ return branch32(Below, regs.tagGPR(), TrustedImm32(JSValue::BooleanTag));
+#endif
+ }
+
Jump branchIfInt32(JSValueRegs regs, TagRegistersMode mode = HaveTagRegisters)
{
#if USE(JSVALUE64)
@@ -763,16 +785,13 @@
#endif
}
- // Note that the tempGPR is not used in 64-bit mode.
- Jump branchIfNumber(JSValueRegs regs, GPRReg tempGPR, TagRegistersMode mode = HaveTagRegisters)
+ Jump branchIfNumber(JSValueRegs regs, TagRegistersMode mode = HaveTagRegisters)
{
#if USE(JSVALUE64)
- UNUSED_PARAM(tempGPR);
return branchIfNumber(regs.gpr(), mode);
#else
UNUSED_PARAM(mode);
- add32(TrustedImm32(1), regs.tagGPR(), tempGPR);
- return branch32(Below, tempGPR, TrustedImm32(JSValue::LowestTag + 1));
+ return branch32(BelowOrEqual, regs.tagGPR(), TrustedImm32(JSValue::LowestTag));
#endif
}
@@ -785,16 +804,13 @@
}
#endif
- // Note that the tempGPR is not used in 64-bit mode.
- Jump branchIfNotNumber(JSValueRegs regs, GPRReg tempGPR, TagRegistersMode mode = HaveTagRegisters)
+ Jump branchIfNotNumber(JSValueRegs regs, TagRegistersMode mode = HaveTagRegisters)
{
#if USE(JSVALUE64)
- UNUSED_PARAM(tempGPR);
return branchIfNotNumber(regs.gpr(), mode);
#else
UNUSED_PARAM(mode);
- add32(TrustedImm32(1), regs.tagGPR(), tempGPR);
- return branch32(AboveOrEqual, tempGPR, TrustedImm32(JSValue::LowestTag + 1));
+ return branch32(Above, regs.tagGPR(), TrustedImm32(JSValue::LowestTag));
#endif
}
@@ -815,7 +831,7 @@
return branchTest64(Zero, regs.gpr(), TrustedImm64(TagTypeNumber));
#else
UNUSED_PARAM(mode);
- return branch32(AboveOrEqual, regs.tagGPR(), TrustedImm32(JSValue::LowestTag));
+ return branch32(Above, regs.tagGPR(), TrustedImm32(JSValue::LowestTag));
#endif
}
@@ -1462,7 +1478,7 @@
notCell.link(this);
- Jump notNumber = branchIfNotNumber(regs, tempGPR);
+ Jump notNumber = branchIfNotNumber(regs);
functor(TypeofType::Number, false);
notNumber.link(this);
Modified: trunk/Source/_javascript_Core/jit/JITAddGenerator.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/jit/JITAddGenerator.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/jit/JITAddGenerator.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -113,7 +113,7 @@
// Try to do doubleVar + double(intConstant).
notInt32.link(&jit);
if (!varOpr.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(var, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(var));
jit.unboxDoubleNonDestructive(var, m_leftFPR, m_scratchGPR, m_scratchFPR);
@@ -148,9 +148,9 @@
leftNotInt.link(&jit);
if (!m_leftOperand.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(m_left, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(m_left));
if (!m_rightOperand.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(m_right, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(m_right));
jit.unboxDoubleNonDestructive(m_left, m_leftFPR, m_scratchGPR, m_scratchFPR);
CCallHelpers::Jump rightIsDouble = jit.branchIfNotInt32(m_right);
@@ -160,7 +160,7 @@
rightNotInt.link(&jit);
if (!m_rightOperand.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(m_right, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(m_right));
jit.convertInt32ToDouble(m_left.payloadGPR(), m_leftFPR);
Modified: trunk/Source/_javascript_Core/jit/JITArithmetic32_64.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/jit/JITArithmetic32_64.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/jit/JITArithmetic32_64.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -178,7 +178,7 @@
// Verify Op1 is double.
if (!types.first().definitelyIsNumber())
- addSlowCase(branch32(Above, regT1, TrustedImm32(JSValue::LowestTag)));
+ addSlowCase(branch32(AboveOrEqual, regT1, TrustedImm32(JSValue::LowestTag)));
if (!op2IsInRegisters)
emitLoad(op2, regT3, regT2);
@@ -251,7 +251,7 @@
// Verify op2 is double.
if (!types.second().definitelyIsNumber())
- addSlowCase(branch32(Above, regT3, TrustedImm32(JSValue::LowestTag)));
+ addSlowCase(branch32(AboveOrEqual, regT3, TrustedImm32(JSValue::LowestTag)));
// Do the math.
switch (opcodeID) {
Modified: trunk/Source/_javascript_Core/jit/JITDivGenerator.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/jit/JITDivGenerator.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/jit/JITDivGenerator.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -50,7 +50,7 @@
#endif
} else {
if (!opr.definitelyIsNumber())
- m_slowPathJumpList.append(jit.branchIfNotNumber(oprRegs, m_scratchGPR));
+ m_slowPathJumpList.append(jit.branchIfNotNumber(oprRegs));
CCallHelpers::Jump notInt32 = jit.branchIfNotInt32(oprRegs);
jit.convertInt32ToDouble(oprRegs.payloadGPR(), destFPR);
CCallHelpers::Jump oprIsLoaded = jit.jump();
Modified: trunk/Source/_javascript_Core/jit/JITMulGenerator.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/jit/JITMulGenerator.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/jit/JITMulGenerator.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -51,9 +51,9 @@
return JITMathICInlineResult::DontGenerate;
if (!m_leftOperand.definitelyIsNumber())
- state.slowPathJumps.append(jit.branchIfNotNumber(m_left, m_scratchGPR));
+ state.slowPathJumps.append(jit.branchIfNotNumber(m_left));
if (!m_rightOperand.definitelyIsNumber())
- state.slowPathJumps.append(jit.branchIfNotNumber(m_right, m_scratchGPR));
+ state.slowPathJumps.append(jit.branchIfNotNumber(m_right));
state.slowPathJumps.append(jit.branchIfInt32(m_left));
state.slowPathJumps.append(jit.branchIfInt32(m_right));
jit.unboxDoubleNonDestructive(m_left, m_leftFPR, m_scratchGPR, m_scratchFPR);
@@ -130,7 +130,7 @@
// Try to do doubleVar * double(intConstant).
notInt32.link(&jit);
if (!varOpr.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(var, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(var));
jit.unboxDoubleNonDestructive(var, m_leftFPR, m_scratchGPR, m_scratchFPR);
@@ -163,9 +163,9 @@
leftNotInt.link(&jit);
if (!m_leftOperand.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(m_left, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(m_left));
if (!m_rightOperand.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(m_right, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(m_right));
jit.unboxDoubleNonDestructive(m_left, m_leftFPR, m_scratchGPR, m_scratchFPR);
CCallHelpers::Jump rightIsDouble = jit.branchIfNotInt32(m_right);
@@ -175,7 +175,7 @@
rightNotInt.link(&jit);
if (!m_rightOperand.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(m_right, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(m_right));
jit.convertInt32ToDouble(m_left.payloadGPR(), m_leftFPR);
Modified: trunk/Source/_javascript_Core/jit/JITNegGenerator.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/jit/JITNegGenerator.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/jit/JITNegGenerator.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -64,7 +64,7 @@
}
if (observedTypes.isOnlyNumber()) {
state.slowPathJumps.append(jit.branchIfInt32(m_src));
- state.slowPathJumps.append(jit.branchIfNotNumber(m_src, m_scratchGPR));
+ state.slowPathJumps.append(jit.branchIfNotNumber(m_src));
#if USE(JSVALUE64)
if (m_src.payloadGPR() != m_result.payloadGPR()) {
jit.move(CCallHelpers::TrustedImm64(static_cast<int64_t>(1ull << 63)), m_result.payloadGPR());
@@ -74,6 +74,7 @@
jit.xor64(m_scratchGPR, m_result.payloadGPR());
}
#else
+ UNUSED_PARAM(m_scratchGPR);
jit.moveValueRegs(m_src, m_result);
jit.xor32(CCallHelpers::TrustedImm32(1 << 31), m_result.tagGPR());
#endif
@@ -106,7 +107,7 @@
endJumpList.append(jit.jump());
srcNotInt.link(&jit);
- slowPathJumpList.append(jit.branchIfNotNumber(m_src, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(m_src));
// For a double, all we need to do is to invert the sign bit.
#if USE(JSVALUE64)
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes32_64.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -273,8 +273,7 @@
int value = currentInstruction[2].u.operand;
emitLoadTag(value, regT0);
- add32(TrustedImm32(1), regT0);
- compare32(Below, regT0, TrustedImm32(JSValue::LowestTag + 1), regT0);
+ compare32(BelowOrEqual, regT0, TrustedImm32(JSValue::LowestTag), regT0);
emitStoreBool(dst, regT0);
}
@@ -401,7 +400,7 @@
// Now handle the immediate cases - undefined & null
isImmediate.link(this);
- ASSERT((JSValue::UndefinedTag + 1 == JSValue::NullTag) && (JSValue::NullTag & 0x1));
+ static_assert((JSValue::UndefinedTag + 1 == JSValue::NullTag) && (JSValue::NullTag & 0x1), "");
or32(TrustedImm32(1), regT1);
addJump(branch32(Equal, regT1, TrustedImm32(JSValue::NullTag)), target);
@@ -427,7 +426,7 @@
// Now handle the immediate cases - undefined & null
isImmediate.link(this);
- ASSERT((JSValue::UndefinedTag + 1 == JSValue::NullTag) && (JSValue::NullTag & 0x1));
+ static_assert((JSValue::UndefinedTag + 1 == JSValue::NullTag) && (JSValue::NullTag & 0x1), "");
or32(TrustedImm32(1), regT1);
addJump(branch32(NotEqual, regT1, TrustedImm32(JSValue::NullTag)), target);
@@ -654,9 +653,7 @@
emitLoad(src, regT1, regT0);
- Jump isInt32 = branch32(Equal, regT1, TrustedImm32(JSValue::Int32Tag));
- addSlowCase(branch32(AboveOrEqual, regT1, TrustedImm32(JSValue::LowestTag)));
- isInt32.link(this);
+ addSlowCase(branch32(Above, regT1, TrustedImm32(JSValue::LowestTag)));
emitValueProfilingSite();
if (src != dst)
@@ -1113,10 +1110,9 @@
jumpToEnd.append(branch32(Equal, regT3, TrustedImm32(JSValue::BooleanTag)));
else if (cachedTypeLocation->m_lastSeenType == TypeAnyInt)
jumpToEnd.append(branch32(Equal, regT3, TrustedImm32(JSValue::Int32Tag)));
- else if (cachedTypeLocation->m_lastSeenType == TypeNumber) {
- jumpToEnd.append(branch32(Below, regT3, TrustedImm32(JSValue::LowestTag)));
- jumpToEnd.append(branch32(Equal, regT3, TrustedImm32(JSValue::Int32Tag)));
- } else if (cachedTypeLocation->m_lastSeenType == TypeString) {
+ else if (cachedTypeLocation->m_lastSeenType == TypeNumber)
+ jumpToEnd.append(branch32(BelowOrEqual, regT3, TrustedImm32(JSValue::LowestTag)));
+ else if (cachedTypeLocation->m_lastSeenType == TypeString) {
Jump isNotCell = branch32(NotEqual, regT3, TrustedImm32(JSValue::CellTag));
jumpToEnd.append(branch8(Equal, Address(regT0, JSCell::typeInfoTypeOffset()), TrustedImm32(StringType)));
isNotCell.link(this);
Modified: trunk/Source/_javascript_Core/jit/JITRightShiftGenerator.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/jit/JITRightShiftGenerator.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/jit/JITRightShiftGenerator.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -67,7 +67,7 @@
// Try to do (doubleVar >> intConstant).
notInt.link(&jit);
- m_slowPathJumpList.append(jit.branchIfNotNumber(m_left, m_scratchGPR));
+ m_slowPathJumpList.append(jit.branchIfNotNumber(m_left));
jit.unboxDoubleNonDestructive(m_left, m_leftFPR, m_scratchGPR, m_scratchFPR);
m_slowPathJumpList.append(jit.branchTruncateDoubleToInt32(m_leftFPR, m_scratchGPR));
@@ -120,7 +120,7 @@
// Try to do (doubleVar >> intVar).
leftNotInt.link(&jit);
- m_slowPathJumpList.append(jit.branchIfNotNumber(m_left, m_scratchGPR));
+ m_slowPathJumpList.append(jit.branchIfNotNumber(m_left));
jit.unboxDoubleNonDestructive(m_left, m_leftFPR, m_scratchGPR, m_scratchFPR);
m_slowPathJumpList.append(jit.branchTruncateDoubleToInt32(m_leftFPR, m_scratchGPR));
Modified: trunk/Source/_javascript_Core/jit/JITSubGenerator.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/jit/JITSubGenerator.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/jit/JITSubGenerator.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -51,9 +51,9 @@
return JITMathICInlineResult::DontGenerate;
if (!m_leftOperand.definitelyIsNumber())
- state.slowPathJumps.append(jit.branchIfNotNumber(m_left, m_scratchGPR));
+ state.slowPathJumps.append(jit.branchIfNotNumber(m_left));
if (!m_rightOperand.definitelyIsNumber())
- state.slowPathJumps.append(jit.branchIfNotNumber(m_right, m_scratchGPR));
+ state.slowPathJumps.append(jit.branchIfNotNumber(m_right));
state.slowPathJumps.append(jit.branchIfInt32(m_left));
state.slowPathJumps.append(jit.branchIfInt32(m_right));
jit.unboxDoubleNonDestructive(m_left, m_leftFPR, m_scratchGPR, m_scratchFPR);
@@ -107,9 +107,9 @@
leftNotInt.link(&jit);
if (!m_leftOperand.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(m_left, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(m_left));
if (!m_rightOperand.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(m_right, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(m_right));
jit.unboxDoubleNonDestructive(m_left, m_leftFPR, m_scratchGPR, m_scratchFPR);
CCallHelpers::Jump rightIsDouble = jit.branchIfNotInt32(m_right);
@@ -119,7 +119,7 @@
rightNotInt.link(&jit);
if (!m_rightOperand.definitelyIsNumber())
- slowPathJumpList.append(jit.branchIfNotNumber(m_right, m_scratchGPR));
+ slowPathJumpList.append(jit.branchIfNotNumber(m_right));
jit.convertInt32ToDouble(m_left.payloadGPR(), m_leftFPR);
Modified: trunk/Source/_javascript_Core/llint/LLIntData.cpp (226433 => 226434)
--- trunk/Source/_javascript_Core/llint/LLIntData.cpp 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/llint/LLIntData.cpp 2018-01-05 04:15:49 UTC (rev 226434)
@@ -117,16 +117,7 @@
ASSERT(OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.tag) == 4);
ASSERT(OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload) == 0);
#endif
-#if USE(JSVALUE32_64)
- STATIC_ASSERT(JSValue::Int32Tag == static_cast<unsigned>(-1));
- STATIC_ASSERT(JSValue::BooleanTag == static_cast<unsigned>(-2));
- STATIC_ASSERT(JSValue::NullTag == static_cast<unsigned>(-3));
- STATIC_ASSERT(JSValue::UndefinedTag == static_cast<unsigned>(-4));
- STATIC_ASSERT(JSValue::CellTag == static_cast<unsigned>(-5));
- STATIC_ASSERT(JSValue::EmptyValueTag == static_cast<unsigned>(-6));
- STATIC_ASSERT(JSValue::DeletedValueTag == static_cast<unsigned>(-7));
- STATIC_ASSERT(JSValue::LowestTag == static_cast<unsigned>(-7));
-#else
+#if USE(JSVALUE64)
STATIC_ASSERT(TagBitTypeOther == 0x2);
STATIC_ASSERT(TagBitBool == 0x4);
STATIC_ASSERT(TagBitUndefined == 0x8);
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm (226433 => 226434)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2018-01-05 04:15:49 UTC (rev 226434)
@@ -194,14 +194,14 @@
const TagTypeNumber = 0xffff000000000000
const TagMask = TagTypeNumber | TagBitTypeOther
else
- const Int32Tag = -1
- const BooleanTag = -2
- const NullTag = -3
- const UndefinedTag = -4
- const CellTag = -5
- const EmptyValueTag = -6
- const DeletedValueTag = -7
- const LowestTag = DeletedValueTag
+ const NullTag = constexpr JSValue::NullTag
+ const UndefinedTag = constexpr JSValue::UndefinedTag
+ const BooleanTag = constexpr JSValue::BooleanTag
+ const CellTag = constexpr JSValue::CellTag
+ const EmptyValueTag = constexpr JSValue::EmptyValueTag
+ const DeletedValueTag = constexpr JSValue::DeletedValueTag
+ const Int32Tag = constexpr JSValue::Int32Tag
+ const LowestTag = constexpr JSValue::LowestTag
end
# PutByIdFlags data
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (226433 => 226434)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2018-01-05 04:15:49 UTC (rev 226434)
@@ -914,9 +914,8 @@
loadi 8[PC], t0
loadi 4[PC], t1
loadConstantOrVariable(t0, t2, t3)
- bieq t2, Int32Tag, .opToNumberIsInt
- biaeq t2, LowestTag, .opToNumberSlow
-.opToNumberIsInt:
+ bia t2, Int32Tag, .opToNumberSlow
+.opToNumberIsNumber:
storei t2, TagOffset[cfr, t1, 8]
storei t3, PayloadOffset[cfr, t1, 8]
valueProfile(t2, t3, 12, t1)
@@ -1274,8 +1273,7 @@
loadi 4[PC], t2
loadConstantOrVariableTag(t1, t0)
storei BooleanTag, TagOffset[cfr, t2, 8]
- addi 1, t0
- cib t0, LowestTag + 1, t1
+ cibeq t0, LowestTag, t1
storei t1, PayloadOffset[cfr, t2, 8]
dispatch(constexpr op_is_number_length)
@@ -1492,15 +1490,9 @@
bilt t1, PutByIdSecondaryTypeInt32, .opPutByIdTypeCheckLessThanInt32
# We are either Int32 or Number.
- bieq t1, PutByIdSecondaryTypeNumber, .opPutByIdTypeCheckNumber
-
- bieq t2, Int32Tag, .opPutByIdDoneCheckingTypes
+ bibeq t2, LowestTag, .opPutByIdDoneCheckingTypes
jmp .opPutByIdSlow
-.opPutByIdTypeCheckNumber:
- bib t2, LowestTag + 1, .opPutByIdDoneCheckingTypes
- jmp .opPutByIdSlow
-
.opPutByIdTypeCheckLessThanInt32:
# We are one of the following: Bottom, Boolean, Other
bineq t1, PutByIdSecondaryTypeBoolean, .opPutByIdTypeCheckBottomOrOther
Modified: trunk/Source/_javascript_Core/runtime/JSCJSValue.h (226433 => 226434)
--- trunk/Source/_javascript_Core/runtime/JSCJSValue.h 2018-01-05 02:17:27 UTC (rev 226433)
+++ trunk/Source/_javascript_Core/runtime/JSCJSValue.h 2018-01-05 04:15:49 UTC (rev 226434)
@@ -147,15 +147,15 @@
public:
#if USE(JSVALUE32_64)
- enum { Int32Tag = 0xffffffff };
- enum { BooleanTag = 0xfffffffe };
- enum { NullTag = 0xfffffffd };
- enum { UndefinedTag = 0xfffffffc };
- enum { CellTag = 0xfffffffb };
- enum { EmptyValueTag = 0xfffffffa };
- enum { DeletedValueTag = 0xfffffff9 };
+ enum { NullTag = 0xffffffff };
+ enum { UndefinedTag = 0xfffffffe }; // ^ Other
+ enum { BooleanTag = 0xfffffffd }; // ^ Misc
+ enum { CellTag = 0xfffffffc };
+ enum { EmptyValueTag = 0xfffffffb };
+ enum { DeletedValueTag = 0xfffffffa };
+ enum { Int32Tag = 0xfffffff9 }; // v Number
- enum { LowestTag = DeletedValueTag };
+ enum { LowestTag = Int32Tag };
#endif
static EncodedJSValue encode(JSValue);
