- Revision
- 143242
- Author
- fpi...@apple.com
- Date
- 2013-02-18 10:43:50 -0800 (Mon, 18 Feb 2013)
Log Message
DFG::SpeculativeJIT::isKnownXYZ methods should use CFA rather than other things
https://bugs.webkit.org/show_bug.cgi?id=110092
Reviewed by Geoffrey Garen.
These methods were previously using GenerationInfo and other things to try to
gain information that the CFA could give away for free, if you asked kindly
enough.
Also fixed CallLinkStatus's dump() method since it was making an invalid
assertion: we most certainly can have a status where the structure is non-null
and the executable is null, like if we're dealing with an InternalFunction.
Also removed calls to isKnownNotXYZ from fillSpeculateABC methods in 32_64. I
don't know why that was there. But it was causing asserts if the value was
empty - i.e. we had already exited unconditionally but we didn't know it. I
could have fixed this by introducing another form of isKnownNotXYZ which was
tolerant of empty values, but I didn't feel like fixing code that I knew to be
unnecessary. (More deeply, isKnownNotCell, for example, really asks: "do you
know that this value can never be a cell?" while some of the previous uses
wanted to ask: "do you know that this is a value that is not a cell?". The
former is "true" if the value is a contradiction [i.e. BOTTOM], while the
latter is "false" for contradictions, since contradictions are not values.)
* bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::dump):
* bytecode/CallLinkStatus.h:
(JSC::CallLinkStatus::CallLinkStatus):
* dfg/DFGSpeculativeJIT.cpp:
(DFG):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isKnownInteger):
(JSC::DFG::SpeculativeJIT::isKnownCell):
(JSC::DFG::SpeculativeJIT::isKnownNotInteger):
(JSC::DFG::SpeculativeJIT::isKnownNotNumber):
(JSC::DFG::SpeculativeJIT::isKnownNotCell):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
* dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::dump):
Modified Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (143241 => 143242)
--- trunk/Source/_javascript_Core/ChangeLog 2013-02-18 18:40:09 UTC (rev 143241)
+++ trunk/Source/_javascript_Core/ChangeLog 2013-02-18 18:43:50 UTC (rev 143242)
@@ -1,3 +1,48 @@
+2013-02-18 Filip Pizlo <fpi...@apple.com>
+
+ DFG::SpeculativeJIT::isKnownXYZ methods should use CFA rather than other things
+ https://bugs.webkit.org/show_bug.cgi?id=110092
+
+ Reviewed by Geoffrey Garen.
+
+ These methods were previously using GenerationInfo and other things to try to
+ gain information that the CFA could give away for free, if you asked kindly
+ enough.
+
+ Also fixed CallLinkStatus's dump() method since it was making an invalid
+ assertion: we most certainly can have a status where the structure is non-null
+ and the executable is null, like if we're dealing with an InternalFunction.
+
+ Also removed calls to isKnownNotXYZ from fillSpeculateABC methods in 32_64. I
+ don't know why that was there. But it was causing asserts if the value was
+ empty - i.e. we had already exited unconditionally but we didn't know it. I
+ could have fixed this by introducing another form of isKnownNotXYZ which was
+ tolerant of empty values, but I didn't feel like fixing code that I knew to be
+ unnecessary. (More deeply, isKnownNotCell, for example, really asks: "do you
+ know that this value can never be a cell?" while some of the previous uses
+ wanted to ask: "do you know that this is a value that is not a cell?". The
+ former is "true" if the value is a contradiction [i.e. BOTTOM], while the
+ latter is "false" for contradictions, since contradictions are not values.)
+
+ * bytecode/CallLinkStatus.cpp:
+ (JSC::CallLinkStatus::dump):
+ * bytecode/CallLinkStatus.h:
+ (JSC::CallLinkStatus::CallLinkStatus):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (DFG):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isKnownInteger):
+ (JSC::DFG::SpeculativeJIT::isKnownCell):
+ (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
+ (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
+ (JSC::DFG::SpeculativeJIT::isKnownNotCell):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ * dfg/DFGStructureAbstractValue.h:
+ (JSC::DFG::StructureAbstractValue::dump):
+
2013-02-17 Filip Pizlo <fpi...@apple.com>
Get rid of DFG::DoubleOperand and simplify ValueToInt32
Modified: trunk/Source/_javascript_Core/bytecode/CallLinkStatus.cpp (143241 => 143242)
--- trunk/Source/_javascript_Core/bytecode/CallLinkStatus.cpp 2013-02-18 18:40:09 UTC (rev 143241)
+++ trunk/Source/_javascript_Core/bytecode/CallLinkStatus.cpp 2013-02-18 18:43:50 UTC (rev 143242)
@@ -141,9 +141,11 @@
if (m_callTarget)
out.print(comma, "Known target: ", m_callTarget);
- ASSERT(!!m_executable == !!m_structure);
if (m_executable)
- out.print(comma, "Executable/CallHash/Structure: ", RawPointer(m_executable), "/", m_executable->hashFor(CodeForCall), "/", RawPointer(m_structure));
+ out.print(comma, "Executable/CallHash: ", RawPointer(m_executable), "/", m_executable->hashFor(CodeForCall));
+
+ if (m_structure)
+ out.print(comma, "Structure: ", RawPointer(m_structure));
}
} // namespace JSC
Modified: trunk/Source/_javascript_Core/bytecode/CallLinkStatus.h (143241 => 143242)
--- trunk/Source/_javascript_Core/bytecode/CallLinkStatus.h 2013-02-18 18:40:09 UTC (rev 143241)
+++ trunk/Source/_javascript_Core/bytecode/CallLinkStatus.h 2013-02-18 18:43:50 UTC (rev 143242)
@@ -63,6 +63,7 @@
, m_couldTakeSlowPath(false)
, m_isProved(false)
{
+ ASSERT(!!executable == !!structure);
}
CallLinkStatus& setIsProved(bool isProved)
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (143241 => 143242)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2013-02-18 18:40:09 UTC (rev 143241)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2013-02-18 18:43:50 UTC (rev 143242)
@@ -931,51 +931,6 @@
}
}
-bool SpeculativeJIT::isKnownInteger(Node* node)
-{
- if (isInt32Constant(node))
- return true;
-
- if (node->hasInt32Result())
- return true;
-
- GenerationInfo& info = m_generationInfo[node->virtualRegister()];
-
- return info.isJSInteger();
-}
-
-bool SpeculativeJIT::isKnownCell(Node* node)
-{
- return m_generationInfo[node->virtualRegister()].isJSCell();
-}
-
-bool SpeculativeJIT::isKnownNotCell(Node* node)
-{
- VirtualRegister virtualRegister = node->virtualRegister();
- GenerationInfo& info = m_generationInfo[virtualRegister];
- if (node->hasConstant() && !valueOfJSConstant(node).isCell())
- return true;
- return !(info.isJSCell() || info.isUnknownJS());
-}
-
-bool SpeculativeJIT::isKnownNotInteger(Node* node)
-{
- VirtualRegister virtualRegister = node->virtualRegister();
- GenerationInfo& info = m_generationInfo[virtualRegister];
-
- return info.isJSDouble() || info.isJSCell() || info.isJSBoolean()
- || (node->hasConstant() && !valueOfJSConstant(node).isInt32());
-}
-
-bool SpeculativeJIT::isKnownNotNumber(Node* node)
-{
- VirtualRegister virtualRegister = node->virtualRegister();
- GenerationInfo& info = m_generationInfo[virtualRegister];
-
- return (!info.isJSDouble() && !info.isJSInteger() && !info.isUnknownJS())
- || (node->hasConstant() && !isNumberConstant(node));
-}
-
void SpeculativeJIT::writeBarrier(MacroAssembler& jit, GPRReg owner, GPRReg scratch1, GPRReg scratch2, WriteBarrierUseKind useKind)
{
UNUSED_PARAM(jit);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (143241 => 143242)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2013-02-18 18:40:09 UTC (rev 143241)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2013-02-18 18:43:50 UTC (rev 143242)
@@ -523,13 +523,12 @@
}
}
- bool isKnownInteger(Node*);
- bool isKnownCell(Node*);
+ bool isKnownInteger(Node* node) { return !(m_state.forNode(node).m_type & ~SpecInt32); }
+ bool isKnownCell(Node* node) { return !(m_state.forNode(node).m_type & ~SpecCell); }
- bool isKnownNotInteger(Node*);
- bool isKnownNotNumber(Node*);
-
- bool isKnownNotCell(Node*);
+ bool isKnownNotInteger(Node* node) { return !(m_state.forNode(node).m_type & SpecInt32); }
+ bool isKnownNotNumber(Node* node) { return !(m_state.forNode(node).m_type & SpecNumber); }
+ bool isKnownNotCell(Node* node) { return !(m_state.forNode(node).m_type & SpecCell); }
// Checks/accessors for constant values.
bool isConstant(Node* node) { return m_jit.graph().isConstant(node); }
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (143241 => 143242)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2013-02-18 18:40:09 UTC (rev 143241)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2013-02-18 18:43:50 UTC (rev 143242)
@@ -849,12 +849,6 @@
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLogF("SpecInt@%d ", node->index());
#endif
- if (isKnownNotInteger(node)) {
- terminateSpeculativeExecution(Uncountable, JSValueRegs(), 0, direction);
- returnFormat = DataFormatInteger;
- return allocate();
- }
-
SpeculatedType type = m_state.forNode(node).m_type;
VirtualRegister virtualRegister = node->virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -946,11 +940,6 @@
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLogF("SpecDouble@%d ", node->index());
#endif
- if (isKnownNotNumber(node)) {
- terminateSpeculativeExecution(Uncountable, JSValueRegs(), 0, direction);
- return fprAllocate();
- }
-
SpeculatedType type = m_state.forNode(node).m_type;
VirtualRegister virtualRegister = node->virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -1080,11 +1069,6 @@
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLogF("SpecCell@%d ", node->index());
#endif
- if (isKnownNotCell(node)) {
- terminateSpeculativeExecution(Uncountable, JSValueRegs(), 0, direction);
- return allocate();
- }
-
SpeculatedType type = m_state.forNode(node).m_type;
VirtualRegister virtualRegister = node->virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
Modified: trunk/Source/_javascript_Core/dfg/DFGStructureAbstractValue.h (143241 => 143242)
--- trunk/Source/_javascript_Core/dfg/DFGStructureAbstractValue.h 2013-02-18 18:40:09 UTC (rev 143241)
+++ trunk/Source/_javascript_Core/dfg/DFGStructureAbstractValue.h 2013-02-18 18:43:50 UTC (rev 143242)
@@ -307,7 +307,7 @@
out.print("[");
if (m_structure)
- out.print(RawPointer(m_structure));
+ out.print(RawPointer(m_structure), "(", m_structure->classInfo()->className, ")");
out.print("]");
}
