- Revision
- 284646
- Author
- [email protected]
- Date
- 2021-10-21 14:40:33 -0700 (Thu, 21 Oct 2021)
Log Message
[JSC] Make GetTypedArrayLengthAsInt52 and GetTypedArrayByteOffsetAsInt52 NodeResultInt52
https://bugs.webkit.org/show_bug.cgi?id=232100
Reviewed by Robin Morisset.
This patch makes GetTypedArrayLengthAsInt52 and GetTypedArrayByteOffsetAsInt52 have NodeResultInt52 by default.
And DFG validation should skip Int52 validation before fixup phase, as we are doing for double results.
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNodeType.h:
* dfg/DFGSSALoweringPhase.cpp:
(JSC::DFG::SSALoweringPhase::handleNode):
(JSC::DFG::SSALoweringPhase::lowerBoundsCheck):
* dfg/DFGValidate.cpp:
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (284645 => 284646)
--- trunk/Source/_javascript_Core/ChangeLog 2021-10-21 21:40:13 UTC (rev 284645)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-10-21 21:40:33 UTC (rev 284646)
@@ -1,5 +1,23 @@
2021-10-21 Yusuke Suzuki <[email protected]>
+ [JSC] Make GetTypedArrayLengthAsInt52 and GetTypedArrayByteOffsetAsInt52 NodeResultInt52
+ https://bugs.webkit.org/show_bug.cgi?id=232100
+
+ Reviewed by Robin Morisset.
+
+ This patch makes GetTypedArrayLengthAsInt52 and GetTypedArrayByteOffsetAsInt52 have NodeResultInt52 by default.
+ And DFG validation should skip Int52 validation before fixup phase, as we are doing for double results.
+
+ * dfg/DFGFixupPhase.cpp:
+ (JSC::DFG::FixupPhase::fixupNode):
+ * dfg/DFGNodeType.h:
+ * dfg/DFGSSALoweringPhase.cpp:
+ (JSC::DFG::SSALoweringPhase::handleNode):
+ (JSC::DFG::SSALoweringPhase::lowerBoundsCheck):
+ * dfg/DFGValidate.cpp:
+
+2021-10-21 Yusuke Suzuki <[email protected]>
+
[JSC] Inserted GetTypedArrayLengthAsInt52 for PutByVal should have NodeResultInt52
https://bugs.webkit.org/show_bug.cgi?id=232059
Modified: trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp (284645 => 284646)
--- trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2021-10-21 21:40:13 UTC (rev 284645)
+++ trunk/Source/_javascript_Core/dfg/DFGFixupPhase.cpp 2021-10-21 21:40:33 UTC (rev 284646)
@@ -2174,13 +2174,11 @@
blessArrayOperation(node->child1(), Edge(), node->child2(), lengthNeedsStorage);
fixEdge<KnownCellUse>(node->child1());
- node->setResult(NodeResultInt52);
break;
}
case GetTypedArrayByteOffsetAsInt52: {
fixEdge<KnownCellUse>(node->child1());
- node->setResult(NodeResultInt52);
break;
}
Modified: trunk/Source/_javascript_Core/dfg/DFGNodeType.h (284645 => 284646)
--- trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2021-10-21 21:40:13 UTC (rev 284645)
+++ trunk/Source/_javascript_Core/dfg/DFGNodeType.h 2021-10-21 21:40:33 UTC (rev 284646)
@@ -262,11 +262,10 @@
macro(MultiDeleteByOffset, NodeMustGenerate | NodeResultJS) \
macro(GetArrayLength, NodeResultInt32) \
/* This is only relevant for TypedArrays, as they are the only ones that can have a length that does not fit in 32 bits. */ \
- /* GetTypedArrayLengthAsInt52 and GetTypedArrayByteOffsetAsInt52 change to returning Int52 in Fixup. Doing it before causes validation failures. */ \
- macro(GetTypedArrayLengthAsInt52, NodeResultJS) \
+ macro(GetTypedArrayLengthAsInt52, NodeResultInt52) \
macro(GetVectorLength, NodeResultInt32) \
macro(GetTypedArrayByteOffset, NodeResultInt32) \
- macro(GetTypedArrayByteOffsetAsInt52, NodeResultJS) \
+ macro(GetTypedArrayByteOffsetAsInt52, NodeResultInt52) \
macro(GetScope, NodeResultJS) \
macro(SkipScope, NodeResultJS) \
macro(ResolveScope, NodeResultJS | NodeMustGenerate) \
Modified: trunk/Source/_javascript_Core/dfg/DFGSSALoweringPhase.cpp (284645 => 284646)
--- trunk/Source/_javascript_Core/dfg/DFGSSALoweringPhase.cpp 2021-10-21 21:40:13 UTC (rev 284645)
+++ trunk/Source/_javascript_Core/dfg/DFGSSALoweringPhase.cpp 2021-10-21 21:40:33 UTC (rev 284646)
@@ -105,7 +105,6 @@
Node* length = m_insertionSet.insertNode(
m_nodeIndex, SpecInt52Any, GetTypedArrayLengthAsInt52, m_node->origin,
OpInfo(m_node->arrayMode().asWord()), base, storage);
- length->setResult(NodeResultInt52);
m_graph.varArgChild(m_node, 4) = Edge(length, Int52RepUse);
} else {
#endif
@@ -154,7 +153,6 @@
Node* length = m_insertionSet.insertNode(
m_nodeIndex, SpecInt52Any, GetTypedArrayLengthAsInt52, m_node->origin,
OpInfo(m_node->arrayMode().asWord()), Edge(base.node(), KnownCellUse), storage);
- length->setResult(NodeResultInt52);
// The return type is a dummy since this node does not actually return anything.
checkInBounds = m_insertionSet.insertNode(
m_nodeIndex, SpecInt32Only, CheckInBoundsInt52, m_node->origin,
Modified: trunk/Source/_javascript_Core/dfg/DFGValidate.cpp (284645 => 284646)
--- trunk/Source/_javascript_Core/dfg/DFGValidate.cpp 2021-10-21 21:40:13 UTC (rev 284645)
+++ trunk/Source/_javascript_Core/dfg/DFGValidate.cpp 2021-10-21 21:40:33 UTC (rev 284646)
@@ -138,7 +138,7 @@
m_myRefCounts.find(edge.node())->value++;
validateEdgeWithDoubleResultIfNecessary(node, edge);
- VALIDATE((node, edge), edge->hasInt52Result() == (edge.useKind() == Int52RepUse));
+ validateEdgeWithInt52ResultIfNecessary(node, edge);
if (m_graph.m_form == SSA) {
// In SSA, all edges must hasResult().
@@ -971,6 +971,14 @@
VALIDATE((node, edge), edge.useKind() == DoubleRepUse || edge.useKind() == DoubleRepRealUse || edge.useKind() == DoubleRepAnyIntUse);
}
+ void validateEdgeWithInt52ResultIfNecessary(Node* node, Edge edge)
+ {
+ if (m_graph.m_planStage < PlanStage::AfterFixup)
+ return;
+
+ VALIDATE((node, edge), edge->hasInt52Result() == (edge.useKind() == Int52RepUse));
+ }
+
void checkOperand(
BasicBlock* block, Operands<size_t>& getLocalPositions,
Operands<size_t>& setLocalPositions, Operand operand)
