Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (259319 => 259320)
--- trunk/Source/_javascript_Core/ChangeLog 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-03-31 23:41:50 UTC (rev 259320)
@@ -1,3 +1,73 @@
+2020-03-31 Yusuke Suzuki <[email protected]>
+
+ [JSC] Introduce UCPUStrictInt32 for result type of DFG operations
+ https://bugs.webkit.org/show_bug.cgi?id=209832
+
+ Reviewed by Saam Barati.
+
+ Let's introduce UCPUStrictInt32 to DFG operations to offload StrictInt32 code into operations C++ code.
+ UCPUStrictInt32 is the same size to UCPURegister, and it is used for StrictInt32, which requires upper 32-bits
+ are zeroed.
+
+ * assembler/CPU.h:
+ * dfg/DFGOperations.cpp:
+ * dfg/DFGOperations.h:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetCharCodeAt):
+ (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+ (JSC::DFG::SpeculativeJIT::compileUInt32ToNumber):
+ (JSC::DFG::SpeculativeJIT::compileDoubleAsInt32):
+ (JSC::DFG::SpeculativeJIT::setIntTypedArrayLoadResult):
+ (JSC::DFG::SpeculativeJIT::compileBitwiseNot):
+ (JSC::DFG::SpeculativeJIT::compileBitwiseOp):
+ (JSC::DFG::SpeculativeJIT::compileShiftOp):
+ (JSC::DFG::SpeculativeJIT::compileArithAdd):
+ (JSC::DFG::SpeculativeJIT::compileArithAbs):
+ (JSC::DFG::SpeculativeJIT::compileArithClz32):
+ (JSC::DFG::SpeculativeJIT::compileArithSub):
+ (JSC::DFG::SpeculativeJIT::compileArithNegate):
+ (JSC::DFG::SpeculativeJIT::compileArithMul):
+ (JSC::DFG::SpeculativeJIT::compileArithDiv):
+ (JSC::DFG::SpeculativeJIT::compileArithMod):
+ (JSC::DFG::SpeculativeJIT::compileArithRounding):
+ (JSC::DFG::SpeculativeJIT::compileArithMinMax):
+ (JSC::DFG::SpeculativeJIT::compileGetTypedArrayByteOffset):
+ (JSC::DFG::SpeculativeJIT::compileGetArrayLength):
+ (JSC::DFG::SpeculativeJIT::compileVarargsLength):
+ (JSC::DFG::SpeculativeJIT::compileGetRestLength):
+ (JSC::DFG::SpeculativeJIT::compileArrayIndexOf):
+ (JSC::DFG::SpeculativeJIT::compileGetEnumerableLength):
+ (JSC::DFG::SpeculativeJIT::compileGetArgumentCountIncludingThis):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::strictInt32Result):
+ (JSC::DFG::SpeculativeJIT::int32Result): Deleted.
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ (JSC::DFG::SpeculativeJIT::compileStringCodePointAt):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileArithClz32):
+ (JSC::FTL::DFG::LowerDFGToB3::compileArrayIndexOf):
+ (JSC::FTL::DFG::LowerDFGToB3::compileVarargsLength):
+ (JSC::FTL::DFG::LowerDFGToB3::mapHashString):
+ (JSC::FTL::DFG::LowerDFGToB3::compileMapHash):
+ (JSC::FTL::DFG::LowerDFGToB3::compileHasOwnProperty):
+ (JSC::FTL::DFG::LowerDFGToB3::compileInstanceOfCustom):
+ (JSC::FTL::DFG::LowerDFGToB3::doubleToInt32):
+ (JSC::FTL::DFG::LowerDFGToB3::sensibleDoubleToInt32):
+ * ftl/FTLOperations.cpp:
+ (JSC::FTL::operationSwitchStringAndGetBranchOffset):
+ (JSC::FTL::operationTypeOfObjectAsTypeofType):
+ * ftl/FTLOperations.h:
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+ * runtime/MathCommon.cpp:
+ (JSC::operationToInt32):
+ (JSC::operationToInt32SensibleSlow):
+ * runtime/MathCommon.h:
+ (JSC::toUCPUStrictInt32):
+
2020-03-31 Ross Kirsling <[email protected]>
REGRESSION: ASSERTION FAILED: regExpObjectNode in JSC::DFG::StrengthReductionPhase::handleNode
Modified: trunk/Source/_javascript_Core/assembler/CPU.h (259319 => 259320)
--- trunk/Source/_javascript_Core/assembler/CPU.h 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/assembler/CPU.h 2020-03-31 23:41:50 UTC (rev 259320)
@@ -38,6 +38,8 @@
using UCPURegister = uint32_t;
#endif
+using UCPUStrictInt32 = UCPURegister;
+
constexpr bool isARMv7IDIVSupported()
{
#if HAVE(ARM_IDIV_INSTRUCTIONS)
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.cpp (259319 => 259320)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.cpp 2020-03-31 23:41:50 UTC (rev 259320)
@@ -699,7 +699,7 @@
return fabs(a);
}
-uint32_t JIT_OPERATION operationArithClz32(JSGlobalObject* globalObject, EncodedJSValue encodedOp1)
+UCPUStrictInt32 JIT_OPERATION operationArithClz32(JSGlobalObject* globalObject, EncodedJSValue encodedOp1)
{
VM& vm = globalObject->vm();
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
@@ -708,8 +708,8 @@
JSValue op1 = JSValue::decode(encodedOp1);
uint32_t value = op1.toUInt32(globalObject);
- RETURN_IF_EXCEPTION(scope, 0);
- return clz(value);
+ RETURN_IF_EXCEPTION(scope, { });
+ return toUCPUStrictInt32(clz(value));
}
double JIT_OPERATION operationArithFRound(JSGlobalObject* globalObject, EncodedJSValue encodedOp1)
@@ -2293,21 +2293,6 @@
return vm.smallStrings.objectString();
}
-int32_t JIT_OPERATION operationTypeOfObjectAsTypeofType(JSGlobalObject* globalObject, JSCell* object)
-{
- VM& vm = globalObject->vm();
- CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
- JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
-
- ASSERT(jsDynamicCast<JSObject*>(vm, object));
-
- if (object->structure(vm)->masqueradesAsUndefined(globalObject))
- return static_cast<int32_t>(TypeofType::Undefined);
- if (object->isFunction(vm))
- return static_cast<int32_t>(TypeofType::Function);
- return static_cast<int32_t>(TypeofType::Object);
-}
-
char* JIT_OPERATION operationAllocateSimplePropertyStorageWithInitialCapacity(VM* vmPointer)
{
VM& vm = *vmPointer;
@@ -2790,20 +2775,6 @@
return callFrame->codeBlock()->stringSwitchJumpTable(tableIndex).ctiForValue(strImpl).executableAddress<char*>();
}
-int32_t JIT_OPERATION operationSwitchStringAndGetBranchOffset(JSGlobalObject* globalObject, size_t tableIndex, JSString* string)
-{
- VM& vm = globalObject->vm();
- CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
- JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
- auto throwScope = DECLARE_THROW_SCOPE(vm);
-
- StringImpl* strImpl = string->value(globalObject).impl();
-
- RETURN_IF_EXCEPTION(throwScope, 0);
-
- return callFrame->codeBlock()->stringSwitchJumpTable(tableIndex).offsetForValue(strImpl, std::numeric_limits<int32_t>::min());
-}
-
uintptr_t JIT_OPERATION operationCompareStringImplLess(StringImpl* a, StringImpl* b)
{
return codePointCompare(a, b) < 0;
@@ -2878,7 +2849,7 @@
throwStackOverflowError(globalObject, scope);
}
-int32_t JIT_OPERATION operationSizeOfVarargs(JSGlobalObject* globalObject, EncodedJSValue encodedArguments, uint32_t firstVarArgOffset)
+UCPUStrictInt32 JIT_OPERATION operationSizeOfVarargs(JSGlobalObject* globalObject, EncodedJSValue encodedArguments, uint32_t firstVarArgOffset)
{
VM& vm = globalObject->vm();
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
@@ -2885,10 +2856,10 @@
JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
JSValue arguments = JSValue::decode(encodedArguments);
- return sizeOfVarargs(globalObject, arguments, firstVarArgOffset);
+ return toUCPUStrictInt32(sizeOfVarargs(globalObject, arguments, firstVarArgOffset));
}
-int32_t JIT_OPERATION operationHasOwnProperty(JSGlobalObject* globalObject, JSObject* thisObject, EncodedJSValue encodedKey)
+size_t JIT_OPERATION operationHasOwnProperty(JSGlobalObject* globalObject, JSObject* thisObject, EncodedJSValue encodedKey)
{
VM& vm = globalObject->vm();
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
@@ -2909,7 +2880,7 @@
return result;
}
-int32_t JIT_OPERATION operationNumberIsInteger(JSGlobalObject* globalObject, EncodedJSValue value)
+size_t JIT_OPERATION operationNumberIsInteger(JSGlobalObject* globalObject, EncodedJSValue value)
{
VM& vm = globalObject->vm();
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
@@ -2917,7 +2888,7 @@
return NumberConstructor::isIntegerImpl(JSValue::decode(value));
}
-int32_t JIT_OPERATION operationArrayIndexOfString(JSGlobalObject* globalObject, Butterfly* butterfly, JSString* searchElement, int32_t index)
+UCPUStrictInt32 JIT_OPERATION operationArrayIndexOfString(JSGlobalObject* globalObject, Butterfly* butterfly, JSString* searchElement, int32_t index)
{
VM& vm = globalObject->vm();
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
@@ -2932,17 +2903,17 @@
continue;
auto* string = asString(value);
if (string == searchElement)
- return index;
+ return toUCPUStrictInt32(index);
if (string->equal(globalObject, searchElement)) {
scope.assertNoException();
- return index;
+ return toUCPUStrictInt32(index);
}
RETURN_IF_EXCEPTION(scope, { });
}
- return -1;
+ return toUCPUStrictInt32(-1);
}
-int32_t JIT_OPERATION operationArrayIndexOfValueInt32OrContiguous(JSGlobalObject* globalObject, Butterfly* butterfly, EncodedJSValue encodedValue, int32_t index)
+UCPUStrictInt32 JIT_OPERATION operationArrayIndexOfValueInt32OrContiguous(JSGlobalObject* globalObject, Butterfly* butterfly, EncodedJSValue encodedValue, int32_t index)
{
VM& vm = globalObject->vm();
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
@@ -2960,12 +2931,12 @@
bool isEqual = JSValue::strictEqual(globalObject, searchElement, value);
RETURN_IF_EXCEPTION(scope, { });
if (isEqual)
- return index;
+ return toUCPUStrictInt32(index);
}
- return -1;
+ return toUCPUStrictInt32(-1);
}
-int32_t JIT_OPERATION operationArrayIndexOfValueDouble(JSGlobalObject* globalObject, Butterfly* butterfly, EncodedJSValue encodedValue, int32_t index)
+UCPUStrictInt32 JIT_OPERATION operationArrayIndexOfValueDouble(JSGlobalObject* globalObject, Butterfly* butterfly, EncodedJSValue encodedValue, int32_t index)
{
VM& vm = globalObject->vm();
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
@@ -2974,7 +2945,7 @@
JSValue searchElement = JSValue::decode(encodedValue);
if (!searchElement.isNumber())
- return -1;
+ return toUCPUStrictInt32(-1);
double number = searchElement.asNumber();
int32_t length = butterfly->publicLength();
@@ -2982,9 +2953,9 @@
for (; index < length; ++index) {
// This comparison ignores NaN.
if (data[index] == number)
- return index;
+ return toUCPUStrictInt32(index);
}
- return -1;
+ return toUCPUStrictInt32(-1);
}
void JIT_OPERATION operationLoadVarargs(JSGlobalObject* globalObject, int32_t firstElementDest, EncodedJSValue encodedArguments, uint32_t offset, uint32_t lengthIncludingThis, uint32_t mandatoryMinimum)
@@ -3330,13 +3301,13 @@
return putDynamicVar(globalObject, vm, scope, value, impl, getPutInfoBits, isStrictMode);
}
-int32_t JIT_OPERATION operationMapHash(JSGlobalObject* globalObject, EncodedJSValue input)
+UCPUStrictInt32 JIT_OPERATION operationMapHash(JSGlobalObject* globalObject, EncodedJSValue input)
{
VM& vm = globalObject->vm();
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
- return jsMapHash(globalObject, vm, JSValue::decode(input));
+ return toUCPUStrictInt32(jsMapHash(globalObject, vm, JSValue::decode(input)));
}
JSCell* JIT_OPERATION operationJSMapFindBucket(JSGlobalObject* globalObject, JSCell* map, EncodedJSValue key, int32_t hash)
Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.h (259319 => 259320)
--- trunk/Source/_javascript_Core/dfg/DFGOperations.h 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.h 2020-03-31 23:41:50 UTC (rev 259320)
@@ -72,7 +72,7 @@
EncodedJSValue JIT_OPERATION operationInc(JSGlobalObject*, EncodedJSValue encodedOp1) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationDec(JSGlobalObject*, EncodedJSValue encodedOp1) WTF_INTERNAL;
double JIT_OPERATION operationArithAbs(JSGlobalObject*, EncodedJSValue encodedOp1) WTF_INTERNAL;
-uint32_t JIT_OPERATION operationArithClz32(JSGlobalObject*, EncodedJSValue encodedOp1) WTF_INTERNAL;
+UCPUStrictInt32 JIT_OPERATION operationArithClz32(JSGlobalObject*, EncodedJSValue encodedOp1) WTF_INTERNAL;
double JIT_OPERATION operationArithFRound(JSGlobalObject*, EncodedJSValue encodedOp1) WTF_INTERNAL;
double JIT_OPERATION operationArithSqrt(JSGlobalObject*, EncodedJSValue encodedOp1) WTF_INTERNAL;
@@ -211,7 +211,6 @@
size_t JIT_OPERATION operationObjectIsObject(JSGlobalObject*, JSCell*) WTF_INTERNAL;
size_t JIT_OPERATION operationObjectIsFunction(JSGlobalObject*, JSCell*) WTF_INTERNAL;
JSCell* JIT_OPERATION operationTypeOfObject(JSGlobalObject*, JSCell*) WTF_INTERNAL;
-int32_t JIT_OPERATION operationTypeOfObjectAsTypeofType(JSGlobalObject*, JSCell*) WTF_INTERNAL;
char* JIT_OPERATION operationAllocateSimplePropertyStorageWithInitialCapacity(VM*) WTF_INTERNAL;
char* JIT_OPERATION operationAllocateSimplePropertyStorage(VM*, size_t newSize) WTF_INTERNAL;
char* JIT_OPERATION operationAllocateComplexPropertyStorageWithInitialCapacity(VM*, JSObject*) WTF_INTERNAL;
@@ -235,7 +234,7 @@
char* JIT_OPERATION operationInt52ToStringWithValidRadix(JSGlobalObject*, int64_t, int32_t);
char* JIT_OPERATION operationDoubleToStringWithValidRadix(JSGlobalObject*, double, int32_t);
-int32_t JIT_OPERATION operationMapHash(JSGlobalObject*, EncodedJSValue input);
+UCPUStrictInt32 JIT_OPERATION operationMapHash(JSGlobalObject*, EncodedJSValue input);
JSCell* JIT_OPERATION operationJSMapFindBucket(JSGlobalObject*, JSCell*, EncodedJSValue, int32_t);
JSCell* JIT_OPERATION operationJSSetFindBucket(JSGlobalObject*, JSCell*, EncodedJSValue, int32_t);
@@ -257,7 +256,6 @@
JSString* JIT_OPERATION operationStrCat3(JSGlobalObject*, EncodedJSValue, EncodedJSValue, EncodedJSValue);
char* JIT_OPERATION operationFindSwitchImmTargetForDouble(VM*, EncodedJSValue, size_t tableIndex);
char* JIT_OPERATION operationSwitchString(JSGlobalObject*, size_t tableIndex, JSString*);
-int32_t JIT_OPERATION operationSwitchStringAndGetBranchOffset(JSGlobalObject*, size_t tableIndex, JSString*);
uintptr_t JIT_OPERATION operationCompareStringImplLess(StringImpl*, StringImpl*);
uintptr_t JIT_OPERATION operationCompareStringImplLessEq(StringImpl*, StringImpl*);
uintptr_t JIT_OPERATION operationCompareStringImplGreater(StringImpl*, StringImpl*);
@@ -268,17 +266,16 @@
uintptr_t JIT_OPERATION operationCompareStringGreaterEq(JSGlobalObject*, JSString*, JSString*);
void JIT_OPERATION operationNotifyWrite(VM*, WatchpointSet*);
void JIT_OPERATION operationThrowStackOverflowForVarargs(JSGlobalObject*) WTF_INTERNAL;
-int32_t JIT_OPERATION operationSizeOfVarargs(JSGlobalObject*, EncodedJSValue arguments, uint32_t firstVarArgOffset);
+UCPUStrictInt32 JIT_OPERATION operationSizeOfVarargs(JSGlobalObject*, EncodedJSValue arguments, uint32_t firstVarArgOffset);
void JIT_OPERATION operationLoadVarargs(JSGlobalObject*, int32_t firstElementDest, EncodedJSValue arguments, uint32_t offset, uint32_t length, uint32_t mandatoryMinimum);
void JIT_OPERATION operationThrowDFG(JSGlobalObject*, EncodedJSValue);
void JIT_OPERATION operationThrowStaticError(JSGlobalObject*, JSString*, uint32_t);
-int32_t JIT_OPERATION operationHasOwnProperty(JSGlobalObject*, JSObject*, EncodedJSValue);
+size_t JIT_OPERATION operationHasOwnProperty(JSGlobalObject*, JSObject*, EncodedJSValue);
-int32_t JIT_OPERATION operationArrayIndexOfString(JSGlobalObject*, Butterfly*, JSString*, int32_t);
-int32_t JIT_OPERATION operationArrayIndexOfValue(JSGlobalObject*, Butterfly*, EncodedJSValue, int32_t);
-int32_t JIT_OPERATION operationArrayIndexOfValueDouble(JSGlobalObject*, Butterfly*, EncodedJSValue, int32_t);
-int32_t JIT_OPERATION operationArrayIndexOfValueInt32OrContiguous(JSGlobalObject*, Butterfly*, EncodedJSValue, int32_t);
+UCPUStrictInt32 JIT_OPERATION operationArrayIndexOfString(JSGlobalObject*, Butterfly*, JSString*, int32_t);
+UCPUStrictInt32 JIT_OPERATION operationArrayIndexOfValueDouble(JSGlobalObject*, Butterfly*, EncodedJSValue, int32_t);
+UCPUStrictInt32 JIT_OPERATION operationArrayIndexOfValueInt32OrContiguous(JSGlobalObject*, Butterfly*, EncodedJSValue, int32_t);
JSCell* JIT_OPERATION operationSpreadFastArray(JSGlobalObject*, JSCell*);
JSCell* JIT_OPERATION operationSpreadGeneric(JSGlobalObject*, JSCell*);
@@ -294,7 +291,7 @@
int64_t JIT_OPERATION operationConvertBoxedDoubleToInt52(EncodedJSValue);
int64_t JIT_OPERATION operationConvertDoubleToInt52(double);
-int32_t JIT_OPERATION operationNumberIsInteger(JSGlobalObject*, EncodedJSValue);
+size_t JIT_OPERATION operationNumberIsInteger(JSGlobalObject*, EncodedJSValue);
size_t JIT_OPERATION operationDefaultHasInstance(JSGlobalObject*, JSCell* value, JSCell* proto);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (259319 => 259320)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2020-03-31 23:41:50 UTC (rev 259320)
@@ -2160,7 +2160,7 @@
cont8Bit.link(&m_jit);
- int32Result(scratchReg, m_currentNode);
+ strictInt32Result(scratchReg, m_currentNode);
}
void SpeculativeJIT::compileGetByValOnString(Node* node)
@@ -2344,7 +2344,7 @@
GPRReg op1GPR = op1.gpr();
GPRReg resultGPR = result.gpr();
m_jit.zeroExtend32ToPtr(op1GPR, resultGPR);
- int32Result(resultGPR, node, DataFormatInt32);
+ strictInt32Result(resultGPR, node, DataFormatInt32);
return;
}
#endif // USE(JSVALUE64)
@@ -2364,7 +2364,7 @@
addSlowPathGenerator(slowPathCall(notTruncatedToInteger, this,
hasSensibleDoubleToInt() ? operationToInt32SensibleSlow : operationToInt32, NeedToSpill, ExceptionCheckRequirement::CheckNotNeeded, gpr, fpr));
}
- int32Result(gpr, node);
+ strictInt32Result(gpr, node);
return;
}
@@ -2375,7 +2375,7 @@
SpeculateInt32Operand op1(this, node->child1(), ManualOperandSpeculation);
GPRTemporary result(this, Reuse, op1);
m_jit.move(op1.gpr(), result.gpr());
- int32Result(result.gpr(), node, op1.format());
+ strictInt32Result(result.gpr(), node, op1.format());
return;
}
case GeneratedOperandJSValue: {
@@ -2488,7 +2488,7 @@
converted.link(&m_jit);
}
#endif
- int32Result(resultGpr, node);
+ strictInt32Result(resultGpr, node);
return;
}
case GeneratedOperandTypeUnknown:
@@ -2540,7 +2540,7 @@
speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branch32(MacroAssembler::LessThan, result.gpr(), TrustedImm32(0)));
- int32Result(result.gpr(), node, op1.format());
+ strictInt32Result(result.gpr(), node, op1.format());
}
void SpeculativeJIT::compileDoubleAsInt32(Node* node)
@@ -2560,7 +2560,7 @@
shouldCheckNegativeZero(node->arithMode()));
speculationCheck(Overflow, JSValueRegs(), 0, failureCases);
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
}
void SpeculativeJIT::compileDoubleRep(Node* node)
@@ -2917,7 +2917,7 @@
void SpeculativeJIT::setIntTypedArrayLoadResult(Node* node, GPRReg resultReg, TypedArrayType type, bool canSpeculate)
{
if (elementSize(type) < 4 || isSigned(type)) {
- int32Result(resultReg, node);
+ strictInt32Result(resultReg, node);
return;
}
@@ -2924,7 +2924,7 @@
ASSERT(elementSize(type) == 4 && !isSigned(type));
if (node->shouldSpeculateInt32() && canSpeculate) {
speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branch32(MacroAssembler::LessThan, resultReg, TrustedImm32(0)));
- int32Result(resultReg, node);
+ strictInt32Result(resultReg, node);
return;
}
@@ -3574,7 +3574,7 @@
m_jit.not32(resultGPR);
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
}
template<typename SnippetGenerator, J_JITOperation_GJJ snippetSlowPathFunction>
@@ -3730,7 +3730,7 @@
bitOp(op, leftChild->asInt32(), op2.gpr(), result.gpr());
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
return;
}
@@ -3740,7 +3740,7 @@
bitOp(op, rightChild->asInt32(), op1.gpr(), result.gpr());
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
return;
}
@@ -3752,7 +3752,7 @@
GPRReg reg2 = op2.gpr();
bitOp(op, reg1, reg2, result.gpr());
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
}
void SpeculativeJIT::emitUntypedRightShiftBitOp(Node* node)
@@ -3928,7 +3928,7 @@
shiftOp(op, op1.gpr(), rightChild->asInt32() & 0x1f, result.gpr());
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
} else {
// Do not allow shift amount to be used as the result, MacroAssembler does not permit this.
SpeculateInt32Operand op1(this, leftChild);
@@ -3939,7 +3939,7 @@
GPRReg reg2 = op2.gpr();
shiftOp(op, reg1, reg2, result.gpr());
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
}
}
@@ -4333,7 +4333,7 @@
if (!shouldCheckOverflow(node->arithMode())) {
m_jit.add32(Imm32(imm2), gpr1, gprResult);
- int32Result(gprResult, node);
+ strictInt32Result(gprResult, node);
return;
}
@@ -4344,7 +4344,7 @@
} else
speculationCheck(Overflow, JSValueRegs(), 0, check);
- int32Result(gprResult, node);
+ strictInt32Result(gprResult, node);
return;
}
@@ -4371,7 +4371,7 @@
speculationCheck(Overflow, JSValueRegs(), 0, check);
}
- int32Result(gprResult, node);
+ strictInt32Result(gprResult, node);
return;
}
@@ -4437,7 +4437,7 @@
m_jit.xor32(scratch.gpr(), result.gpr());
if (shouldCheckOverflow(node->arithMode()))
speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchTest32(MacroAssembler::Signed, result.gpr()));
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
break;
}
@@ -4472,7 +4472,7 @@
GPRReg valueReg = value.gpr();
GPRReg resultReg = result.gpr();
m_jit.countLeadingZeros32(valueReg, resultReg);
- int32Result(resultReg, node);
+ strictInt32Result(resultReg, node);
return;
}
JSValueOperand op1(this, node->child1());
@@ -4482,7 +4482,7 @@
flushRegisters();
callOperation(operationArithClz32, resultReg, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), op1Regs);
m_jit.exceptionCheck();
- int32Result(resultReg, node);
+ strictInt32Result(resultReg, node);
}
void SpeculativeJIT::compileArithDoubleUnaryOp(Node* node, double (*doubleFunction)(double), double (*operation)(JSGlobalObject*, EncodedJSValue))
@@ -4528,7 +4528,7 @@
speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchSub32(MacroAssembler::Overflow, op1.gpr(), Imm32(imm2), result.gpr(), scratch.gpr()));
}
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
return;
}
@@ -4543,7 +4543,7 @@
else
speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchSub32(MacroAssembler::Overflow, op2.gpr(), result.gpr()));
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
return;
}
@@ -4557,7 +4557,7 @@
} else
speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchSub32(MacroAssembler::Overflow, op1.gpr(), op2.gpr(), result.gpr()));
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
return;
}
@@ -4659,7 +4659,7 @@
m_jit.neg32(result.gpr());
}
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
return;
}
@@ -4894,7 +4894,7 @@
}
}
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
return;
}
SpeculateInt32Operand op1(this, node->child1());
@@ -4923,7 +4923,7 @@
resultNonZero.link(&m_jit);
}
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
return;
}
@@ -5215,7 +5215,7 @@
speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchTest32(JITCompiler::NonZero, edx.gpr()));
done.link(&m_jit);
- int32Result(eax.gpr(), node);
+ strictInt32Result(eax.gpr(), node);
#elif HAVE(ARM_IDIV_INSTRUCTIONS) || CPU(ARM64)
SpeculateInt32Operand op1(this, node->child1());
SpeculateInt32Operand op2(this, node->child2());
@@ -5244,7 +5244,7 @@
speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branch32(JITCompiler::NotEqual, multiplyAnswer.gpr(), op1GPR));
}
- int32Result(quotient.gpr(), node);
+ strictInt32Result(quotient.gpr(), node);
#else
RELEASE_ASSERT_NOT_REACHED();
#endif
@@ -5392,7 +5392,7 @@
numeratorPositive.link(&m_jit);
}
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
return;
}
}
@@ -5431,7 +5431,7 @@
if (op1SaveGPR != op1Gpr)
unlock(op1SaveGPR);
- int32Result(edx.gpr(), node);
+ strictInt32Result(edx.gpr(), node);
return;
}
}
@@ -5528,7 +5528,7 @@
unlock(op1SaveGPR);
done.link(&m_jit);
- int32Result(edx.gpr(), node);
+ strictInt32Result(edx.gpr(), node);
#elif HAVE(ARM_IDIV_INSTRUCTIONS) || CPU(ARM64)
GPRTemporary temp(this);
@@ -5575,7 +5575,7 @@
done.link(&m_jit);
- int32Result(quotientThenRemainderGPR, node);
+ strictInt32Result(quotientThenRemainderGPR, node);
#else // not architecture that can do integer division
RELEASE_ASSERT_NOT_REACHED();
#endif
@@ -5622,7 +5622,7 @@
m_jit.branchConvertDoubleToInt32(resultFPR, resultGPR, failureCases, scratchFPR, shouldCheckNegativeZero(node->arithRoundingMode()));
speculationCheck(Overflow, JSValueRegs(), node, failureCases);
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
} else
doubleResult(resultFPR, node);
};
@@ -5782,7 +5782,7 @@
} else
op1Less.link(&m_jit);
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
break;
}
@@ -6931,7 +6931,7 @@
done.link(&m_jit);
nullVector.link(&m_jit);
- int32Result(vectorGPR, node);
+ strictInt32Result(vectorGPR, node);
}
void SpeculativeJIT::compileGetByValOnDirectArguments(Node* node)
@@ -7108,7 +7108,7 @@
GPRReg resultReg = result.gpr();
m_jit.load32(MacroAssembler::Address(storageReg, Butterfly::offsetOfPublicLength()), resultReg);
- int32Result(resultReg, node);
+ strictInt32Result(resultReg, node);
break;
}
case Array::ArrayStorage:
@@ -7121,7 +7121,7 @@
speculationCheck(Uncountable, JSValueRegs(), 0, m_jit.branch32(MacroAssembler::LessThan, resultReg, MacroAssembler::TrustedImm32(0)));
- int32Result(resultReg, node);
+ strictInt32Result(resultReg, node);
break;
}
case Array::String: {
@@ -7147,7 +7147,7 @@
done.link(&m_jit);
}
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
break;
}
case Array::DirectArguments: {
@@ -7171,7 +7171,7 @@
m_jit.load32(
MacroAssembler::Address(baseReg, DirectArguments::offsetOfLength()), resultReg);
- int32Result(resultReg, node);
+ strictInt32Result(resultReg, node);
break;
}
case Array::ScopedArguments: {
@@ -7195,7 +7195,7 @@
m_jit.load32(
MacroAssembler::Address(baseReg, ScopedArguments::offsetOfTotalLength()), resultReg);
- int32Result(resultReg, node);
+ strictInt32Result(resultReg, node);
break;
}
default: {
@@ -7205,7 +7205,7 @@
GPRReg baseGPR = base.gpr();
GPRReg resultGPR = result.gpr();
m_jit.load32(MacroAssembler::Address(baseGPR, JSArrayBufferView::offsetOfLength()), resultGPR);
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
break;
} }
}
@@ -7362,7 +7362,7 @@
m_jit.add32(TrustedImm32(1), GPRInfo::returnValueGPR, argCountIncludingThisGPR);
- int32Result(argCountIncludingThisGPR, node);
+ strictInt32Result(argCountIncludingThisGPR, node);
}
void SpeculativeJIT::compileLoadVarargs(Node* node)
@@ -8353,7 +8353,7 @@
if (node->numberOfArgumentsToSkip())
m_jit.sub32(TrustedImm32(node->numberOfArgumentsToSkip()), resultGPR);
done.link(&m_jit);
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
}
void SpeculativeJIT::emitPopulateSliceIndex(Edge& target, Optional<GPRReg> indexGPR, GPRReg lengthGPR, GPRReg resultGPR)
@@ -8610,7 +8610,7 @@
notFound.link(&m_jit);
m_jit.move(TrustedImm32(-1), indexGPR);
found.link(&m_jit);
- int32Result(indexGPR, node);
+ strictInt32Result(indexGPR, node);
};
if (searchElementEdge.useKind() == Int32Use) {
@@ -8717,7 +8717,7 @@
notFound.link(&m_jit);
m_jit.move(TrustedImm32(-1), indexGPR);
found.link(&m_jit);
- int32Result(indexGPR, node);
+ strictInt32Result(indexGPR, node);
return;
}
@@ -8734,7 +8734,7 @@
callOperation(operationArrayIndexOfString, lengthGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), storageGPR, searchElementGPR, indexGPR);
m_jit.exceptionCheck();
- int32Result(lengthGPR, node);
+ strictInt32Result(lengthGPR, node);
return;
}
@@ -8758,7 +8758,7 @@
}
m_jit.exceptionCheck();
- int32Result(lengthGPR, node);
+ strictInt32Result(lengthGPR, node);
return;
}
@@ -12172,7 +12172,7 @@
GPRReg resultGPR = result.gpr();
m_jit.load32(MacroAssembler::Address(enumerator.gpr(), JSPropertyNameEnumerator::indexedLengthOffset()), resultGPR);
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
}
void SpeculativeJIT::compileHasGenericProperty(Node* node)
@@ -12477,7 +12477,7 @@
else
argumentCountRegister = CallFrameSlot::argumentCountIncludingThis;
m_jit.load32(JITCompiler::payloadFor(argumentCountRegister), result.gpr());
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
}
void SpeculativeJIT::compileSetArgumentCountIncludingThis(Node* node)
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (259319 => 259320)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2020-03-31 23:41:50 UTC (rev 259320)
@@ -768,7 +768,7 @@
// These method called to initialize the GenerationInfo
// to describe the result of an operation.
- void int32Result(GPRReg reg, Node* node, DataFormat format = DataFormatInt32, UseChildrenMode mode = CallUseChildren)
+ void strictInt32Result(GPRReg reg, Node* node, DataFormat format = DataFormatInt32, UseChildrenMode mode = CallUseChildren)
{
if (mode == CallUseChildren)
useChildren(node);
@@ -791,9 +791,9 @@
#endif
}
}
- void int32Result(GPRReg reg, Node* node, UseChildrenMode mode)
+ void strictInt32Result(GPRReg reg, Node* node, UseChildrenMode mode)
{
- int32Result(reg, node, DataFormatInt32, mode);
+ strictInt32Result(reg, node, DataFormatInt32, mode);
}
void int52Result(GPRReg reg, Node* node, DataFormat format, UseChildrenMode mode = CallUseChildren)
{
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (259319 => 259320)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2020-03-31 23:41:50 UTC (rev 259320)
@@ -1851,7 +1851,7 @@
GPRTemporary result(this);
m_jit.load32(JITCompiler::payloadFor(node->machineLocal()), result.gpr());
- // Like int32Result, but don't useChildren - our children are phi nodes,
+ // Like strictInt32Result, but don't useChildren - our children are phi nodes,
// and don't represent values within this dataflow with virtual registers.
VirtualRegister virtualRegister = node->virtualRegister();
m_gprs.retain(result.gpr(), virtualRegister, SpillOrderInteger);
@@ -2366,7 +2366,7 @@
MacroAssembler::BaseIndex(
storageReg, propertyReg, MacroAssembler::TimesEight, PayloadOffset),
resultPayload.gpr());
- int32Result(resultPayload.gpr(), node);
+ strictInt32Result(resultPayload.gpr(), node);
break;
}
@@ -3045,7 +3045,7 @@
m_jit.move(value.gpr(), result.gpr());
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
break;
}
@@ -3059,7 +3059,7 @@
GPRReg resultGPR = result.gpr();
m_jit.move(valueGPR, resultGPR);
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
break;
}
@@ -3739,7 +3739,7 @@
GPRReg resultGPR = result.gpr();
callOperation(operationMapHash, resultGPR, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(node->origin.semantic)), inputRegs);
m_jit.exceptionCheck();
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
break;
}
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (259319 => 259320)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2020-03-31 23:41:50 UTC (rev 259320)
@@ -1959,7 +1959,7 @@
GPRTemporary result(this);
m_jit.load32(JITCompiler::payloadFor(node->machineLocal()), result.gpr());
- // Like int32Result, but don't useChildren - our children are phi nodes,
+ // Like strictInt32Result, but don't useChildren - our children are phi nodes,
// and don't represent values within this dataflow with virtual registers.
VirtualRegister virtualRegister = node->virtualRegister();
m_gprs.retain(result.gpr(), virtualRegister, SpillOrderInteger);
@@ -3391,7 +3391,7 @@
JSValueRegs(value.gpr()), node->child1(), SpecBoolean, m_jit.branchTest64(
JITCompiler::NonZero, result.gpr(), TrustedImm32(static_cast<int32_t>(~1))));
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
break;
}
@@ -3402,7 +3402,7 @@
if (!m_interpreter.needsTypeCheck(node->child1(), SpecBoolInt32 | SpecBoolean)) {
m_jit.move(value.gpr(), result.gpr());
m_jit.and32(TrustedImm32(1), result.gpr());
- int32Result(result.gpr(), node);
+ strictInt32Result(result.gpr(), node);
break;
}
@@ -4148,7 +4148,7 @@
m_jit.move(inputGPR, resultGPR);
m_jit.wangsInt64Hash(resultGPR, tempGPR);
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
break;
}
case CellUse:
@@ -4193,7 +4193,7 @@
m_jit.exceptionCheck();
done.link(&m_jit);
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
break;
}
default:
@@ -4236,7 +4236,7 @@
m_jit.exceptionCheck();
done.link(&m_jit);
- int32Result(resultGPR, node);
+ strictInt32Result(resultGPR, node);
break;
}
@@ -4834,7 +4834,7 @@
m_jit.load8SignedExtendTo32(baseIndex, t2);
else
m_jit.load8(baseIndex, t2);
- int32Result(t2, node);
+ strictInt32Result(t2, node);
break;
case 2: {
auto emitLittleEndianLoad = [&] {
@@ -4863,7 +4863,7 @@
emitBigEndianLoad();
done.link(&m_jit);
}
- int32Result(t2, node);
+ strictInt32Result(t2, node);
break;
}
case 4: {
@@ -4879,7 +4879,7 @@
}
if (data.isSigned)
- int32Result(t2, node);
+ strictInt32Result(t2, node);
else
strictInt52Result(t2, node);
break;
@@ -5436,7 +5436,7 @@
m_jit.getEffectiveAddress(CCallHelpers::BaseIndex(scratch1GPR, scratch3GPR, CCallHelpers::TimesOne, -U16_SURROGATE_OFFSET), scratch1GPR);
done.link(&m_jit);
- int32Result(scratch1GPR, m_currentNode);
+ strictInt32Result(scratch1GPR, m_currentNode);
}
void SpeculativeJIT::compileDeleteById(Node* node)
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (259319 => 259320)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2020-03-31 23:41:50 UTC (rev 259320)
@@ -2474,7 +2474,7 @@
}
DFG_ASSERT(m_graph, m_node, m_node->child1().useKind() == UntypedUse, m_node->child1().useKind());
LValue argument = lowJSValue(m_node->child1());
- LValue result = vmCall(Int32, operationArithClz32, weakPointer(globalObject), argument);
+ LValue result = m_out.castToInt32(vmCall(Int64, operationArithClz32, weakPointer(globalObject), argument));
setInt32(result);
}
@@ -5753,17 +5753,17 @@
case StringUse:
ASSERT(m_node->arrayMode().type() == Array::Contiguous);
- setInt32(vmCall(Int32, operationArrayIndexOfString, weakPointer(globalObject), storage, lowString(searchElementEdge), startIndex));
+ setInt32(m_out.castToInt32(vmCall(Int64, operationArrayIndexOfString, weakPointer(globalObject), storage, lowString(searchElementEdge), startIndex)));
break;
case UntypedUse:
switch (m_node->arrayMode().type()) {
case Array::Double:
- setInt32(vmCall(Int32, operationArrayIndexOfValueDouble, weakPointer(globalObject), storage, lowJSValue(searchElementEdge), startIndex));
+ setInt32(m_out.castToInt32(vmCall(Int64, operationArrayIndexOfValueDouble, weakPointer(globalObject), storage, lowJSValue(searchElementEdge), startIndex)));
break;
case Array::Int32:
case Array::Contiguous:
- setInt32(vmCall(Int32, operationArrayIndexOfValueInt32OrContiguous, weakPointer(globalObject), storage, lowJSValue(searchElementEdge), startIndex));
+ setInt32(m_out.castToInt32(vmCall(Int64, operationArrayIndexOfValueInt32OrContiguous, weakPointer(globalObject), storage, lowJSValue(searchElementEdge), startIndex)));
break;
default:
RELEASE_ASSERT_NOT_REACHED();
@@ -9832,9 +9832,7 @@
LoadVarargsData* data = ""
LValue jsArguments = lowJSValue(m_node->argumentsChild());
- LValue length = vmCall(
- Int32, operationSizeOfVarargs, weakPointer(globalObject), jsArguments,
- m_out.constInt32(data->offset));
+ LValue length = m_out.castToInt32(vmCall(Int64, operationSizeOfVarargs, weakPointer(globalObject), jsArguments, m_out.constInt32(data->offset)));
LValue lengthIncludingThis = m_out.add(length, m_out.int32One);
@@ -10620,8 +10618,7 @@
unsure(slowCase), unsure(continuation));
m_out.appendTo(slowCase, continuation);
- ValueFromBlock slowResult = m_out.anchor(
- vmCall(Int32, operationMapHash, weakPointer(globalObject), string));
+ ValueFromBlock slowResult = m_out.anchor(m_out.castToInt32(vmCall(Int64, operationMapHash, weakPointer(globalObject), string)));
m_out.jump(continuation);
m_out.appendTo(continuation, lastNext);
@@ -10708,8 +10705,7 @@
m_out.jump(continuation);
m_out.appendTo(slowCase, continuation);
- ValueFromBlock slowResult = m_out.anchor(
- vmCall(Int32, operationMapHash, weakPointer(globalObject), value));
+ ValueFromBlock slowResult = m_out.anchor(m_out.castToInt32(vmCall(Int64, operationMapHash, weakPointer(globalObject), value)));
m_out.jump(continuation);
m_out.appendTo(continuation, lastNext);
@@ -11383,7 +11379,7 @@
m_out.appendTo(slowCase, continuation);
ValueFromBlock slowResult;
- slowResult = m_out.anchor(vmCall(Int32, operationHasOwnProperty, weakPointer(globalObject), object, keyAsValue));
+ slowResult = m_out.anchor(m_out.notZero64(vmCall(Int64, operationHasOwnProperty, weakPointer(globalObject), object, keyAsValue)));
m_out.jump(continuation);
m_out.appendTo(continuation, lastNext);
@@ -11561,7 +11557,7 @@
LValue constructor = lowCell(m_node->child2());
LValue hasInstance = lowJSValue(m_node->child3());
- setBoolean(m_out.logicalNot(m_out.equal(m_out.constInt32(0), vmCall(Int32, operationInstanceOfCustom, weakPointer(globalObject), value, constructor, hasInstance))));
+ setBoolean(m_out.notZero64(vmCall(Int64, operationInstanceOfCustom, weakPointer(globalObject), value, constructor, hasInstance)));
}
void compileCountExecution()
@@ -15919,7 +15915,7 @@
m_out.jump(continuation);
m_out.appendTo(slowPath, continuation);
- results.append(m_out.anchor(m_out.callWithoutSideEffects(Int32, operationToInt32, doubleValue)));
+ results.append(m_out.anchor(m_out.castToInt32(m_out.callWithoutSideEffects(Int64, operationToInt32, doubleValue))));
m_out.jump(continuation);
m_out.appendTo(continuation, lastNext);
@@ -15959,7 +15955,7 @@
rarely(slowPath), usually(continuation));
LBasicBlock lastNext = m_out.appendTo(slowPath, continuation);
- ValueFromBlock slowResult = m_out.anchor(m_out.callWithoutSideEffects(Int32, operationToInt32SensibleSlow, doubleValue));
+ ValueFromBlock slowResult = m_out.anchor(m_out.castToInt32(m_out.callWithoutSideEffects(Int64, operationToInt32SensibleSlow, doubleValue)));
m_out.jump(continuation);
m_out.appendTo(continuation, lastNext);
Modified: trunk/Source/_javascript_Core/ftl/FTLOperations.cpp (259319 => 259320)
--- trunk/Source/_javascript_Core/ftl/FTLOperations.cpp 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/ftl/FTLOperations.cpp 2020-03-31 23:41:50 UTC (rev 259320)
@@ -642,6 +642,35 @@
}
}
+extern "C" int32_t JIT_OPERATION operationSwitchStringAndGetBranchOffset(JSGlobalObject* globalObject, size_t tableIndex, JSString* string)
+{
+ VM& vm = globalObject->vm();
+ CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+ JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+ auto throwScope = DECLARE_THROW_SCOPE(vm);
+
+ StringImpl* strImpl = string->value(globalObject).impl();
+
+ RETURN_IF_EXCEPTION(throwScope, 0);
+
+ return callFrame->codeBlock()->stringSwitchJumpTable(tableIndex).offsetForValue(strImpl, std::numeric_limits<int32_t>::min());
+}
+
+extern "C" int32_t JIT_OPERATION operationTypeOfObjectAsTypeofType(JSGlobalObject* globalObject, JSCell* object)
+{
+ VM& vm = globalObject->vm();
+ CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
+ JITOperationPrologueCallFrameTracer tracer(vm, callFrame);
+
+ ASSERT(jsDynamicCast<JSObject*>(vm, object));
+
+ if (object->structure(vm)->masqueradesAsUndefined(globalObject))
+ return static_cast<int32_t>(TypeofType::Undefined);
+ if (object->isFunction(vm))
+ return static_cast<int32_t>(TypeofType::Function);
+ return static_cast<int32_t>(TypeofType::Object);
+}
+
extern "C" void* JIT_OPERATION operationCompileFTLLazySlowPath(CallFrame* callFrame, unsigned index)
{
VM& vm = callFrame->deprecatedVM();
Modified: trunk/Source/_javascript_Core/ftl/FTLOperations.h (259319 => 259320)
--- trunk/Source/_javascript_Core/ftl/FTLOperations.h 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/ftl/FTLOperations.h 2020-03-31 23:41:50 UTC (rev 259320)
@@ -42,6 +42,9 @@
void* JIT_OPERATION operationCompileFTLLazySlowPath(CallFrame*, unsigned) WTF_INTERNAL;
+int32_t JIT_OPERATION operationSwitchStringAndGetBranchOffset(JSGlobalObject*, size_t tableIndex, JSString*) WTF_INTERNAL;
+int32_t JIT_OPERATION operationTypeOfObjectAsTypeofType(JSGlobalObject*, JSCell*) WTF_INTERNAL;
+
} // extern "C"
} } // namespace JSC::DFG
Modified: trunk/Source/_javascript_Core/jit/JITOperations.cpp (259319 => 259320)
--- trunk/Source/_javascript_Core/jit/JITOperations.cpp 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/jit/JITOperations.cpp 2020-03-31 23:41:50 UTC (rev 259320)
@@ -1916,7 +1916,7 @@
scopeSlot = scopeSlot.Register::scope()->next();
}
-int32_t JIT_OPERATION operationInstanceOfCustom(JSGlobalObject* globalObject, EncodedJSValue encodedValue, JSObject* constructor, EncodedJSValue encodedHasInstance)
+size_t JIT_OPERATION operationInstanceOfCustom(JSGlobalObject* globalObject, EncodedJSValue encodedValue, JSObject* constructor, EncodedJSValue encodedHasInstance)
{
VM& vm = globalObject->vm();
CallFrame* callFrame = DECLARE_CALL_FRAME(vm);
Modified: trunk/Source/_javascript_Core/jit/JITOperations.h (259319 => 259320)
--- trunk/Source/_javascript_Core/jit/JITOperations.h 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/jit/JITOperations.h 2020-03-31 23:41:50 UTC (rev 259320)
@@ -280,7 +280,7 @@
void JIT_OPERATION operationExceptionFuzz(JSGlobalObject*);
int32_t JIT_OPERATION operationCheckIfExceptionIsUncatchableAndNotifyProfiler(VM*);
-int32_t JIT_OPERATION operationInstanceOfCustom(JSGlobalObject*, EncodedJSValue encodedValue, JSObject* constructor, EncodedJSValue encodedHasInstance) WTF_INTERNAL;
+size_t JIT_OPERATION operationInstanceOfCustom(JSGlobalObject*, EncodedJSValue encodedValue, JSObject* constructor, EncodedJSValue encodedHasInstance) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationValueAdd(JSGlobalObject*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2) WTF_INTERNAL;
EncodedJSValue JIT_OPERATION operationValueAddProfiled(JSGlobalObject*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2, BinaryArithProfile*) WTF_INTERNAL;
Modified: trunk/Source/_javascript_Core/runtime/MathCommon.cpp (259319 => 259320)
--- trunk/Source/_javascript_Core/runtime/MathCommon.cpp 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/runtime/MathCommon.cpp 2020-03-31 23:41:50 UTC (rev 259320)
@@ -450,14 +450,14 @@
return mathPowInternal(x, y);
}
-int32_t JIT_OPERATION operationToInt32(double value)
+UCPUStrictInt32 JIT_OPERATION operationToInt32(double value)
{
- return JSC::toInt32(value);
+ return toUCPUStrictInt32(JSC::toInt32(value));
}
-int32_t JIT_OPERATION operationToInt32SensibleSlow(double number)
+UCPUStrictInt32 JIT_OPERATION operationToInt32SensibleSlow(double number)
{
- return toInt32Internal<ToInt32Mode::AfterSensibleConversionAttempt>(number);
+ return toUCPUStrictInt32(toInt32Internal<ToInt32Mode::AfterSensibleConversionAttempt>(number));
}
#if HAVE(ARM_IDIV_INSTRUCTIONS)
Modified: trunk/Source/_javascript_Core/runtime/MathCommon.h (259319 => 259320)
--- trunk/Source/_javascript_Core/runtime/MathCommon.h 2020-03-31 23:03:29 UTC (rev 259319)
+++ trunk/Source/_javascript_Core/runtime/MathCommon.h 2020-03-31 23:41:50 UTC (rev 259320)
@@ -25,6 +25,7 @@
#pragma once
+#include "CPU.h"
#include <cmath>
#include <wtf/Optional.h>
@@ -32,8 +33,8 @@
const int32_t maxExponentForIntegerMathPow = 1000;
double JIT_OPERATION operationMathPow(double x, double y) WTF_INTERNAL;
-int32_t JIT_OPERATION operationToInt32(double) WTF_INTERNAL;
-int32_t JIT_OPERATION operationToInt32SensibleSlow(double) WTF_INTERNAL;
+UCPUStrictInt32 JIT_OPERATION operationToInt32(double) WTF_INTERNAL;
+UCPUStrictInt32 JIT_OPERATION operationToInt32SensibleSlow(double) WTF_INTERNAL;
constexpr double maxSafeInteger()
{
@@ -156,6 +157,12 @@
return toInt32(number);
}
+ALWAYS_INLINE constexpr UCPUStrictInt32 toUCPUStrictInt32(int32_t value)
+{
+ // StrictInt32 format requires that higher bits are all zeros even if value is negative.
+ return static_cast<UCPUStrictInt32>(static_cast<uint32_t>(value));
+}
+
inline Optional<double> safeReciprocalForDivByConst(double constant)
{
// No "weird" numbers (NaN, Denormal, etc).
