Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 49a21e7ff3275bd5b493b4ada222a04abec26ece
https://github.com/WebKit/WebKit/commit/49a21e7ff3275bd5b493b4ada222a04abec26ece
Author: Yusuke Suzuki <[email protected]>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
A JSTests/stress/int52-arith-mod-with-overflow-unchecked.js
A JSTests/stress/int52-arith-mod.js
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGGraph.h
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Log Message:
-----------
[JSC] Add ArithMod(Int52Use, Int52Use) in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=307222
rdar://169859804
Reviewed by Sosuke Suzuki.
fmod is extraordinary slow compared to int modulo operations, even if we
include double -> int conversions. This means that it is really worth
trying using int modulo operation when inputs are likely integers.
DFG / FTL already monitors inputs can be SpecAnyIntAsDouble, which means
Double but having Int52 integer. So we add ArithMod(Int52Use, Int52Use)
code generation in DFG / FTL, which puts speculation, type conversion
and doing Int52 modulo instead of Double modulo.
We are doing this optimization attempt more aggressively than
ArithAdd(Int52Use, Int52Use). The reason is the different tradeoff:
ArithAdd case has much more severe tradeoff between
DoubleToInt52Cost + DoubleToInt52Cost + AddInt52Cost v.s. AddDoubleCost
But ArithMod case,
DoubleToInt52Cost + DoubleToInt52Cost + ModInt52Cost v.s. ModDoubleCost
And ModDoubleCost is dramatically higher than the ModInt52 cases. Thus
we can try more aggressively.
Test: JSTests/stress/int52-arith-mod.js
* JSTests/stress/int52-arith-mod-with-overflow-unchecked.js: Added.
(modInt52BitOr):
(modInt52DivByZeroBitOr):
(modInt52AlwaysZeroDivisorBitOr):
(modInt52NegZeroBitOr):
(modInt52BitAnd):
(modInt52BitXor):
(modInt52BitShift):
(modInt52LogicalNot):
(modInt52LogicalNotDivByZero):
(modInt52AddBitOr):
(modInt52VaryingBitOr):
(modInt52VaryingZeroBitOr):
(modInt52StressBitOr):
* JSTests/stress/int52-arith-mod.js: Added.
(moduloInt52):
(moduloAnyIntAsDouble):
(moduloComputedInt52):
(checkNegativeZero):
(checkPositiveZero):
(modNegZero1):
(modNegZero2):
(modNegZero3):
(modNegZero4):
(modPosZero1):
(modPosZero2):
(modMinInt52):
(modMaxInt52):
(modByNegOne):
(modByOne):
(modMixed1):
(modMixed2):
(modPrime1):
(modPowerOfTwo):
(modSmallDivisor):
(modConsecutive):
(modIntermediateNegZero):
(modExactMinInt52):
(modExactMaxInt52):
(modMinByMin):
(modMaxByMax):
(modJustAboveInt32):
(modJustBelowInt32Min):
(modFibonacci):
(modMaxNegativeResult):
(modMaxPositiveResult):
(modByTwo):
(modByNegTwo):
(modMersenne):
(modAlternating):
(modNegZeroPattern):
(modAlmostDivisor):
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupArithDiv):
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileArithMod):
Canonical link: https://commits.webkit.org/307022@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
