1 2017-03-27 JF Bastien <jfbastien@apple.com>
3 WebAssembly: JSWebAssemblyCodeBlock.h belongs in JavaScriptCore/wasm/js not JavaScriptCore/wasm
4 https://bugs.webkit.org/show_bug.cgi?id=170160
8 * JavaScriptCore.xcodeproj/project.pbxproj:
9 * wasm/js/JSWebAssemblyCodeBlock.h: Renamed from Source/JavaScriptCore/wasm/JSWebAssemblyCodeBlock.h.
11 2017-03-27 JF Bastien <jfbastien@apple.com>
13 WebAssembly: misc memory testing
14 https://bugs.webkit.org/show_bug.cgi?id=170137
16 Reviewed by Keith Miller.
18 * wasm/js/WebAssemblyInstanceConstructor.cpp:
19 (JSC::WebAssemblyInstanceConstructor::createInstance): improve error messages
21 2017-03-27 Michael Saboff <msaboff@apple.com>
23 Add ARM64 system instructions to disassembler
24 https://bugs.webkit.org/show_bug.cgi?id=170084
26 Reviewed by Saam Barati.
28 This changes adds support for MRS and MSR instructions, and refactors the DMB
29 disassembly to handle all of the barrier instructions.
31 * disassembler/ARM64/A64DOpcode.cpp:
32 (JSC::ARM64Disassembler::A64DOpcodeMSRImmediate::format):
33 (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::format):
34 (JSC::ARM64Disassembler::A64DOpcodeSystemSync::format):
35 (JSC::ARM64Disassembler::A64DOpcodeDmb::format): Deleted.
36 * disassembler/ARM64/A64DOpcode.h:
37 (JSC::ARM64Disassembler::A64DOpcodeSystem::lBit):
38 (JSC::ARM64Disassembler::A64DOpcodeSystem::op0):
39 (JSC::ARM64Disassembler::A64DOpcodeSystem::op1):
40 (JSC::ARM64Disassembler::A64DOpcodeSystem::crN):
41 (JSC::ARM64Disassembler::A64DOpcodeSystem::crM):
42 (JSC::ARM64Disassembler::A64DOpcodeSystem::op2):
43 (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::opName):
44 (JSC::ARM64Disassembler::A64DOpcodeMSROrMRSRegister::systemRegister):
45 (JSC::ARM64Disassembler::A64DOpcodeSystemSync::opName):
46 (JSC::ARM64Disassembler::A64DOpcodeSystemSync::option):
47 (JSC::ARM64Disassembler::A64DOpcodeDmb::opName): Deleted.
48 (JSC::ARM64Disassembler::A64DOpcodeDmb::option): Deleted.
49 (JSC::ARM64Disassembler::A64DOpcodeDmb::crM): Deleted.
51 2017-03-26 Filip Pizlo <fpizlo@apple.com>
53 B3::fixSSA should do liveness pruning
54 https://bugs.webkit.org/show_bug.cgi?id=170111
56 Reviewed by Saam Barati.
58 This moves all of the logic of Air::Liveness<> to WTF::Liveness<> and then uses that to
59 create B3::VariableLiveness. Then this uses VariableLiveness::LiveAtHead to prune Phi
62 This makes B3::fixSSA run twice as fast. This is a 13% progression on WasmBench compile
66 * JavaScriptCore.xcodeproj/project.pbxproj:
68 (JSC::B3::BasicBlock::get):
71 * b3/B3VariableLiveness.cpp: Added.
72 (JSC::B3::VariableLiveness::VariableLiveness):
73 (JSC::B3::VariableLiveness::~VariableLiveness):
74 * b3/B3VariableLiveness.h: Added.
75 (JSC::B3::VariableLivenessAdapter::VariableLivenessAdapter):
76 (JSC::B3::VariableLivenessAdapter::numIndices):
77 (JSC::B3::VariableLivenessAdapter::valueToIndex):
78 (JSC::B3::VariableLivenessAdapter::indexToValue):
79 (JSC::B3::VariableLivenessAdapter::blockSize):
80 (JSC::B3::VariableLivenessAdapter::forEachEarlyUse):
81 (JSC::B3::VariableLivenessAdapter::forEachLateUse):
82 (JSC::B3::VariableLivenessAdapter::forEachEarlyDef):
83 (JSC::B3::VariableLivenessAdapter::forEachLateDef):
84 * b3/air/AirCFG.h: Added.
85 (JSC::B3::Air::CFG::CFG):
86 (JSC::B3::Air::CFG::root):
87 (JSC::B3::Air::CFG::newMap):
88 (JSC::B3::Air::CFG::successors):
89 (JSC::B3::Air::CFG::predecessors):
90 (JSC::B3::Air::CFG::index):
91 (JSC::B3::Air::CFG::node):
92 (JSC::B3::Air::CFG::numNodes):
93 (JSC::B3::Air::CFG::dump):
95 (JSC::B3::Air::Code::Code):
97 (JSC::B3::Air::Code::cfg):
98 * b3/air/AirLiveness.h:
99 (JSC::B3::Air::LivenessAdapter::LivenessAdapter):
100 (JSC::B3::Air::LivenessAdapter::blockSize):
101 (JSC::B3::Air::LivenessAdapter::forEachEarlyUse):
102 (JSC::B3::Air::LivenessAdapter::forEachLateUse):
103 (JSC::B3::Air::LivenessAdapter::forEachEarlyDef):
104 (JSC::B3::Air::LivenessAdapter::forEachLateDef):
105 (JSC::B3::Air::TmpLivenessAdapter::TmpLivenessAdapter):
106 (JSC::B3::Air::TmpLivenessAdapter::numIndices):
107 (JSC::B3::Air::StackSlotLivenessAdapter::StackSlotLivenessAdapter):
108 (JSC::B3::Air::StackSlotLivenessAdapter::numIndices):
109 (JSC::B3::Air::StackSlotLivenessAdapter::indexToValue):
110 (JSC::B3::Air::Liveness::Liveness):
111 (JSC::B3::Air::Liveness::LocalCalc::LocalCalc): Deleted.
112 (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable): Deleted.
113 (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator): Deleted.
114 (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++): Deleted.
115 (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*): Deleted.
116 (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==): Deleted.
117 (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=): Deleted.
118 (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin): Deleted.
119 (JSC::B3::Air::Liveness::LocalCalc::Iterable::end): Deleted.
120 (JSC::B3::Air::Liveness::LocalCalc::Iterable::contains): Deleted.
121 (JSC::B3::Air::Liveness::LocalCalc::live): Deleted.
122 (JSC::B3::Air::Liveness::LocalCalc::isLive): Deleted.
123 (JSC::B3::Air::Liveness::LocalCalc::execute): Deleted.
124 (JSC::B3::Air::Liveness::rawLiveAtHead): Deleted.
125 (JSC::B3::Air::Liveness::Iterable::Iterable): Deleted.
126 (JSC::B3::Air::Liveness::Iterable::iterator::iterator): Deleted.
127 (JSC::B3::Air::Liveness::Iterable::iterator::operator*): Deleted.
128 (JSC::B3::Air::Liveness::Iterable::iterator::operator++): Deleted.
129 (JSC::B3::Air::Liveness::Iterable::iterator::operator==): Deleted.
130 (JSC::B3::Air::Liveness::Iterable::iterator::operator!=): Deleted.
131 (JSC::B3::Air::Liveness::Iterable::begin): Deleted.
132 (JSC::B3::Air::Liveness::Iterable::end): Deleted.
133 (JSC::B3::Air::Liveness::Iterable::contains): Deleted.
134 (JSC::B3::Air::Liveness::liveAtHead): Deleted.
135 (JSC::B3::Air::Liveness::liveAtTail): Deleted.
136 (JSC::B3::Air::Liveness::workset): Deleted.
138 2017-03-25 Filip Pizlo <fpizlo@apple.com>
140 Air::Liveness shouldn't need HashSets
141 https://bugs.webkit.org/show_bug.cgi?id=170102
143 Reviewed by Yusuke Suzuki.
145 This converts Air::Liveness<> to no longer use HashSets or BitVectors. This turns out to be
146 easy because it's cheap enough to do a sorted merge of the things being added to liveAtHead and
147 the things in the predecessors' liveAtTail. This turns out to be faster - it's a 2% overall
148 compile time progression on WasmBench.
150 * b3/B3LowerToAir.cpp:
151 (JSC::B3::Air::LowerToAir::lower): Add a FIXME unrelated to this patch.
152 * b3/air/AirLiveness.h:
153 (JSC::B3::Air::AbstractLiveness::AbstractLiveness):
154 (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc):
155 (JSC::B3::Air::AbstractLiveness::rawLiveAtHead):
156 (JSC::B3::Air::AbstractLiveness::liveAtHead):
157 (JSC::B3::Air::AbstractLiveness::liveAtTail):
159 (JSC::B3::Air::Tmp::bank):
160 (JSC::B3::Air::Tmp::tmpIndex):
161 * dfg/DFGStoreBarrierClusteringPhase.cpp:
163 2017-03-26 Filip Pizlo <fpizlo@apple.com>
165 Air should use RegisterSet for RegLiveness
166 https://bugs.webkit.org/show_bug.cgi?id=170108
168 Reviewed by Yusuke Suzuki.
170 The biggest change here is the introduction of the new RegLiveness class. This is a
171 drop-in replacement for the old RegLiveness, which was a specialization of
172 AbstractLiveness<>, but it's about 30% faster. It gets its speed boost from just using
173 sets everywhere, which is efficient for registers since RegisterSet is just two (on
174 x86-64) or three 32-bit (on ARM64) statically allocated words. This looks like a 1%
175 compile time progression on WasmBench.
178 * JavaScriptCore.xcodeproj/project.pbxproj:
179 * b3/B3TimingScope.cpp: Records phase timing totals.
180 (JSC::B3::TimingScope::TimingScope):
181 (JSC::B3::TimingScope::~TimingScope):
182 * b3/B3TimingScope.h:
183 * b3/air/AirAllocateRegistersByGraphColoring.cpp:
184 (JSC::B3::Air::allocateRegistersByGraphColoring):
185 * b3/air/AirLiveness.h: Move code around and rename a bit to make it more like RegLiveness; in particular we want the `iterator` to be called `iterator` not `Iterator`, and we want it to be internal to its iterable. Also rename this template to Liveness, to match the header filename.
186 (JSC::B3::Air::Liveness::Liveness):
187 (JSC::B3::Air::Liveness::LocalCalc::LocalCalc):
188 (JSC::B3::Air::Liveness::LocalCalc::Iterable::Iterable):
189 (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::iterator):
190 (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator++):
191 (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator*):
192 (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator==):
193 (JSC::B3::Air::Liveness::LocalCalc::Iterable::iterator::operator!=):
194 (JSC::B3::Air::Liveness::LocalCalc::Iterable::begin):
195 (JSC::B3::Air::Liveness::LocalCalc::Iterable::end):
196 (JSC::B3::Air::Liveness::Iterable::Iterable):
197 (JSC::B3::Air::Liveness::Iterable::iterator::iterator):
198 (JSC::B3::Air::RegLivenessAdapter::RegLivenessAdapter): Deleted.
199 (JSC::B3::Air::RegLivenessAdapter::numIndices): Deleted.
200 (JSC::B3::Air::RegLivenessAdapter::acceptsBank): Deleted.
201 (JSC::B3::Air::RegLivenessAdapter::acceptsRole): Deleted.
202 (JSC::B3::Air::RegLivenessAdapter::valueToIndex): Deleted.
203 (JSC::B3::Air::RegLivenessAdapter::indexToValue): Deleted.
204 (JSC::B3::Air::AbstractLiveness::AbstractLiveness): Deleted.
205 (JSC::B3::Air::AbstractLiveness::LocalCalc::LocalCalc): Deleted.
206 (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::Iterator): Deleted.
207 (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator++): Deleted.
208 (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator*): Deleted.
209 (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator==): Deleted.
210 (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterator::operator!=): Deleted.
211 (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::Iterable): Deleted.
212 (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::begin): Deleted.
213 (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::end): Deleted.
214 (JSC::B3::Air::AbstractLiveness::LocalCalc::Iterable::contains): Deleted.
215 (JSC::B3::Air::AbstractLiveness::LocalCalc::live): Deleted.
216 (JSC::B3::Air::AbstractLiveness::LocalCalc::isLive): Deleted.
217 (JSC::B3::Air::AbstractLiveness::LocalCalc::execute): Deleted.
218 (JSC::B3::Air::AbstractLiveness::rawLiveAtHead): Deleted.
219 (JSC::B3::Air::AbstractLiveness::Iterable::Iterable): Deleted.
220 (JSC::B3::Air::AbstractLiveness::Iterable::iterator::iterator): Deleted.
221 (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator*): Deleted.
222 (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator++): Deleted.
223 (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator==): Deleted.
224 (JSC::B3::Air::AbstractLiveness::Iterable::iterator::operator!=): Deleted.
225 (JSC::B3::Air::AbstractLiveness::Iterable::begin): Deleted.
226 (JSC::B3::Air::AbstractLiveness::Iterable::end): Deleted.
227 (JSC::B3::Air::AbstractLiveness::Iterable::contains): Deleted.
228 (JSC::B3::Air::AbstractLiveness::liveAtHead): Deleted.
229 (JSC::B3::Air::AbstractLiveness::liveAtTail): Deleted.
230 (JSC::B3::Air::AbstractLiveness::workset): Deleted.
231 * b3/air/AirLogRegisterPressure.cpp:
232 * b3/air/AirLowerAfterRegAlloc.cpp:
233 * b3/air/AirRegLiveness.cpp: Added.
234 (JSC::B3::Air::RegLiveness::RegLiveness):
235 (JSC::B3::Air::RegLiveness::~RegLiveness):
236 (JSC::B3::Air::RegLiveness::LocalCalc::execute):
237 * b3/air/AirRegLiveness.h: Added.
238 (JSC::B3::Air::RegLiveness::LocalCalc::LocalCalc):
239 (JSC::B3::Air::RegLiveness::LocalCalc::live):
240 (JSC::B3::Air::RegLiveness::LocalCalc::isLive):
241 (JSC::B3::Air::RegLiveness::liveAtHead):
242 (JSC::B3::Air::RegLiveness::liveAtTail):
243 * b3/air/AirReportUsedRegisters.cpp:
245 (JSC::RegisterSet::add):
246 (JSC::RegisterSet::remove):
247 (JSC::RegisterSet::contains):
248 (JSC::RegisterSet::subsumes):
249 (JSC::RegisterSet::iterator::iterator):
250 (JSC::RegisterSet::iterator::operator*):
251 (JSC::RegisterSet::iterator::operator++):
252 (JSC::RegisterSet::iterator::operator==):
253 (JSC::RegisterSet::iterator::operator!=):
254 (JSC::RegisterSet::begin):
255 (JSC::RegisterSet::end):
257 2017-03-25 Filip Pizlo <fpizlo@apple.com>
259 Fix wasm by returning after we do TLS.
261 Rubber stamped by Keith Miller.
263 * jit/AssemblyHelpers.h:
264 (JSC::AssemblyHelpers::storeWasmContext):
266 2017-03-24 Mark Lam <mark.lam@apple.com>
268 Add some instrumentation in Heap::resumeThePeriphery() to help debug an issue.
269 https://bugs.webkit.org/show_bug.cgi?id=170086
270 <rdar://problem/31253673>
272 Reviewed by Saam Barati.
274 Adding some instrumentation in Heap::resumeThePeriphery() to dump some Heap state
275 just before we RELEASE_ASSERT_NOT_REACHED.
278 (JSC::Heap::resumeThePeriphery):
280 2017-03-24 JF Bastien <jfbastien@apple.com>
282 WebAssembly: store state in TLS instead of on VM
283 https://bugs.webkit.org/show_bug.cgi?id=169611
285 Reviewed by Filip Pizlo.
287 Using thread-local storage instead of VM makes code more position
288 independent. We used to store the WebAssembly top Instance (the
289 latest one in the call stack) on VM, now we instead store it in
290 TLS. This top Instance is used to access a bunch of state such as
291 Memory location, size, table (for call_indirect), etc.
293 Instead of calling it "top", which is confusing, we now just call
296 Making the code PIC means future patches will be able to
297 postMessage and structured clone into IDB without having to
298 recompile the code. This wasn't possible before because we
299 hard-coded the address of VM at compilation time. That doesn't
300 work between workers, and doesn't work across reloads (which IDB
303 It'll also potentially make code faster once we start tuning
304 what's in TLS, what's in which of the 4 free slots, and what's in
305 pinned registers. I'm leaving this tuning for later because
306 there's lower lying fruit for us to pick.
309 * JavaScriptCore.xcodeproj/project.pbxproj:
310 * assembler/AbstractMacroAssembler.h:
311 * assembler/AllowMacroScratchRegisterUsageIf.h: Copied from assembler/AllowMacroScratchRegisterUsage.h.
312 (JSC::AllowMacroScratchRegisterUsageIf::AllowMacroScratchRegisterUsageIf):
313 (JSC::AllowMacroScratchRegisterUsageIf::~AllowMacroScratchRegisterUsageIf):
314 * assembler/MacroAssembler.h:
315 (JSC::MacroAssembler::storeToTLSPtr): we previously didn't have
316 the code required to store to TLS, only to load
317 * assembler/MacroAssemblerARM64.h:
318 (JSC::MacroAssemblerARM64::loadFromTLSPtrNeedsMacroScratchRegister):
319 (JSC::MacroAssemblerARM64::storeToTLS32):
320 (JSC::MacroAssemblerARM64::storeToTLS64):
321 (JSC::MacroAssemblerARM64::storeToTLSPtrNeedsMacroScratchRegister):
322 * assembler/MacroAssemblerX86Common.h:
323 (JSC::MacroAssemblerX86Common::loadFromTLSPtrNeedsMacroScratchRegister):
324 (JSC::MacroAssemblerX86Common::storeToTLS32):
325 (JSC::MacroAssemblerX86Common::storeToTLSPtrNeedsMacroScratchRegister):
326 * assembler/MacroAssemblerX86_64.h:
327 (JSC::MacroAssemblerX86_64::loadFromTLS64): was loading 32-bit instead of 64-bit
328 (JSC::MacroAssemblerX86_64::storeToTLS64):
329 * assembler/X86Assembler.h:
330 (JSC::X86Assembler::movl_rm):
331 (JSC::X86Assembler::movq_rm):
333 (JSC::B3::testFastTLSLoad):
334 (JSC::B3::testFastTLSStore):
336 * jit/AssemblyHelpers.h:
337 (JSC::AssemblyHelpers::loadWasmContext):
338 (JSC::AssemblyHelpers::storeWasmContext):
339 (JSC::AssemblyHelpers::loadWasmContextNeedsMacroScratchRegister):
340 (JSC::AssemblyHelpers::storeWasmContextNeedsMacroScratchRegister):
342 (JSC::webAssemblyOwner):
343 * jit/ThunkGenerators.cpp:
344 (JSC::throwExceptionFromWasmThunkGenerator):
349 * wasm/WasmB3IRGenerator.cpp:
350 (JSC::Wasm::loadWasmContext):
351 (JSC::Wasm::storeWasmContext):
352 (JSC::Wasm::B3IRGenerator::B3IRGenerator):
353 (JSC::Wasm::getMemoryBaseAndSize):
354 (JSC::Wasm::restoreWebAssemblyGlobalState):
355 (JSC::Wasm::createJSToWasmWrapper):
356 (JSC::Wasm::parseAndCompile):
357 * wasm/WasmBinding.cpp:
358 (JSC::Wasm::materializeImportJSCell):
359 (JSC::Wasm::wasmToJs):
360 (JSC::Wasm::wasmToWasm):
361 * wasm/WasmContext.cpp: Added.
362 (JSC::loadWasmContext):
363 (JSC::storeWasmContext):
364 * wasm/WasmContext.h: Added. Replaces "top" JSWebAssemblyInstance.
365 * wasm/js/WebAssemblyFunction.cpp:
366 (JSC::callWebAssemblyFunction):
367 * wasm/js/WebAssemblyInstanceConstructor.h:
369 2017-03-24 JF Bastien <jfbastien@apple.com>
371 WebAssembly: spec-tests/memory.wast.js fails in debug
372 https://bugs.webkit.org/show_bug.cgi?id=169794
374 Reviewed by Keith Miller.
376 The failure was due to empty memories (with maximum size 0). Those
377 only occur in tests and in code that's trying to trip us. This
378 patch adds memory mode "none" which represents no memory. It can
379 work with either bounds checked or signaling code because it never
380 contains loads and stores.
382 The spec tests which were failing did the following:
383 > (module (memory (data)) (func (export "memsize") (result i32) (current_memory)))
384 > (assert_return (invoke "memsize") (i32.const 0))
385 > (module (memory (data "")) (func (export "memsize") (result i32) (current_memory)))
386 > (assert_return (invoke "memsize") (i32.const 0))
387 > (module (memory (data "x")) (func (export "memsize") (result i32) (current_memory)))
388 > (assert_return (invoke "memsize") (i32.const 1))
390 * wasm/WasmB3IRGenerator.cpp:
391 (JSC::Wasm::B3IRGenerator::memoryKind):
392 * wasm/WasmMemory.cpp:
393 (JSC::Wasm::tryGetFastMemory):
394 (JSC::Wasm::releaseFastMemory):
395 (JSC::Wasm::Memory::Memory):
396 (JSC::Wasm::Memory::createImpl):
397 (JSC::Wasm::Memory::create):
398 (JSC::Wasm::Memory::grow):
399 (JSC::Wasm::Memory::makeString):
401 * wasm/WasmMemoryInformation.cpp:
402 (JSC::Wasm::MemoryInformation::MemoryInformation):
403 * wasm/js/JSWebAssemblyCodeBlock.cpp:
404 (JSC::JSWebAssemblyCodeBlock::isSafeToRun):
405 * wasm/js/JSWebAssemblyModule.cpp:
406 (JSC::JSWebAssemblyModule::codeBlock):
407 (JSC::JSWebAssemblyModule::finishCreation):
408 * wasm/js/JSWebAssemblyModule.h:
409 (JSC::JSWebAssemblyModule::codeBlock):
410 (JSC::JSWebAssemblyModule::codeBlockFor):
412 2017-03-24 Mark Lam <mark.lam@apple.com>
414 Array memcpy'ing fast paths should check if we're having a bad time if they cannot handle it.
415 https://bugs.webkit.org/show_bug.cgi?id=170064
416 <rdar://problem/31246098>
418 Reviewed by Geoffrey Garen.
420 * runtime/ArrayPrototype.cpp:
421 (JSC::arrayProtoPrivateFuncConcatMemcpy):
422 * runtime/JSArray.cpp:
423 (JSC::JSArray::fastSlice):
425 2017-03-23 Yusuke Suzuki <utatane.tea@gmail.com>
427 [JSC] Use jsNontrivialString agressively for ToString(Int52)
428 https://bugs.webkit.org/show_bug.cgi?id=170002
430 Reviewed by Sam Weinig.
432 We use the same logic used for Int32 to use jsNontvirialString.
433 After single character check, produced string is always longer than 1.
434 Thus, we can use jsNontrivialString.
436 * runtime/NumberPrototype.cpp:
437 (JSC::int52ToString):
439 2017-03-23 Yusuke Suzuki <utatane.tea@gmail.com>
441 [JSC] Use WeakRandom for SamplingProfiler interval fluctuation
442 https://bugs.webkit.org/show_bug.cgi?id=170045
444 Reviewed by Mark Lam.
446 It is unnecessary to use cryptographicallyRandomNumber for SamplingProfiler
447 interval fluctuation. Use WeakRandom instead.
449 * runtime/SamplingProfiler.cpp:
450 (JSC::SamplingProfiler::SamplingProfiler):
451 (JSC::SamplingProfiler::timerLoop):
452 * runtime/SamplingProfiler.h:
454 2017-03-23 Mark Lam <mark.lam@apple.com>
456 Array.prototype.splice behaves incorrectly when the VM is "having a bad time".
457 https://bugs.webkit.org/show_bug.cgi?id=170025
458 <rdar://problem/31228679>
460 Reviewed by Saam Barati.
462 * runtime/ArrayPrototype.cpp:
463 (JSC::copySplicedArrayElements):
464 (JSC::arrayProtoFuncSplice):
466 2017-03-23 Yusuke Suzuki <utatane.tea@gmail.com>
468 [JSC][DFG] Make addShouldSpeculateAnyInt more conservative to avoid regression caused by Double <-> Int52 conversions
469 https://bugs.webkit.org/show_bug.cgi?id=169998
471 Reviewed by Saam Barati.
473 Double <-> Int52 and JSValue <-> Int52 conversions are not so cheap. Thus, Int52Rep is super carefully emitted.
474 We make addShouldSpeculateAnyInt more conservative to avoid regressions caused by the above conversions.
475 We select ArithAdd(Int52, Int52) only when this calculation is beneficial compared to added Int52Rep conversions.
477 This patch tighten the conditions of addShouldSpeculateAnyInt.
479 1. Honor DoubleConstant.
481 When executing imaging-darkroom, we have a thing like that,
483 132:< 2:loc36> DoubleConstant(Double|UseAsOther, AnyIntAsDouble, Double: 4607182418800017408, 1.000000, bc#114)
484 1320:< 1:loc38> Int52Rep(Check:Int32:@82, Int52|PureInt, Int32, Exits, bc#114)
485 1321:< 1:loc39> Int52Constant(Int52|PureInt, Boolint32Nonboolint32Int52, Double: 4607182418800017408, 1.000000, bc#114)
486 133:<!3:loc39> ArithSub(Int52Rep:@1320<Int52>, Int52Rep:@1321<Int52>, Int52|MustGen, Int52, CheckOverflow, Exits, bc#114)
488 The LHS of ArithSub says predicting Boolint32, and the rhs says AnyIntAsDouble. Thus we select ArithSub(Int52, Int52) instead
489 of ArithSub(Double, Double). However, it soon causes OSR exits. In imaging-darkroom, LHS's Int32 prediction will be broken.
490 While speculating Int32 in the above situation is reasonable approach since the given LHS says predicting Int32, this causes
491 severe performance regression.
493 Previously, we always select ArithSub(Double, Double). So accidentally, we do not encounter this misprediction issue.
495 One thing can be found that we have DoubleConstant in the RHS. It means that we have `1.0` instead of `1` in the code.
496 We can see the code like `lhs - 1.0` instead of `lhs - 1` in imaging-darkroom. It offers good information that lhs and
497 the resulting value would be double. Handling the above ArithSub in double seems more appropriate rather than handling
500 So, in this patch, we honor DoubleConstant. If we find DoubleConstant on one operand, we give up selecting
501 Arith[Sub,Add](Int52, Int52). This change removes OSR exits occurr in imaging-darkroom right now.
503 2. Two Int52Rep(Double) conversions are not desirable.
505 We allow AnyInt ArithAdd only when the one operand of the binary operation should be speculated AnyInt. It is a bit conservative
506 decision. This is because Double to Int52 conversion is not so cheap. Frequent back-and-forth conversions between Double and Int52
507 rather hurt the performance. If the one operand of the operation is already Int52, the cost for constructing ArithAdd becomes
508 cheap since only one Double to Int52 conversion could be required.
509 This recovers some regression in assorted tests while keeping kraken crypto improvements.
511 3. Avoid frequent Int52 to JSValue conversions.
513 Int52 to JSValue conversion is not so cheap. Thus, we would like to avoid such situations. So, in this patch, we allow
514 Arith(Int52, Int52) with AnyIntAsDouble operand only when the node is used as number. By doing so, we avoid the case like,
515 converting Int52, performing ArithAdd, and soon converting back to JSValue.
517 The above 3 changes recover the regression measured in microbenchmarks/int52-back-and-forth.js and assorted benchmarks.
518 And still it keeps kraken crypto improvements.
522 imaging-darkroom 201.112+-3.192 ^ 189.532+-2.883 ^ definitely 1.0611x faster
523 stanford-crypto-pbkdf2 103.953+-2.325 100.926+-2.396 might be 1.0300x faster
524 stanford-crypto-sha256-iterative 35.103+-1.071 ? 36.049+-1.143 ? might be 1.0270x slower
527 (JSC::DFG::Graph::addShouldSpeculateAnyInt):
529 == Rolled over to ChangeLog-2017-03-23 ==
git://git.webkit.org / WebKit-https.git / blob