[BigInt] Add ValueMul into DFG
authorticaiolima@gmail.com <ticaiolima@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 10 Dec 2018 21:11:43 +0000 (21:11 +0000)
committerticaiolima@gmail.com <ticaiolima@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 10 Dec 2018 21:11:43 +0000 (21:11 +0000)
commit1712451b4caed57afab5c35a7f873a885f91a6ca
tree1a8bf195b4d62e626dcf91790424ea9a67ca3450
parent01116957867576d05636375bb3cea0a35e0f95b3
[BigInt] Add ValueMul into DFG
https://bugs.webkit.org/show_bug.cgi?id=186175

Reviewed by Yusuke Suzuki.

JSTests:

* stress/big-int-mul-jit-osr.js: Added.
* stress/big-int-mul-jit-untyped.js: Added.
* stress/value-mul-fixup-int32-big-int.js: Added.

PerformanceTests:

* BigIntBench/big-int-simple-mul.js: Added.
* BigIntBench/value-mul-type-propagation.js: Added.

Source/JavaScriptCore:

This patch is adding a new DFG node called ValueMul. This node is
responsible to handle multiplication operations that can result into
non-number values. We emit such node during DFGByteCodeParser when the
operands are not numbers. During FixupPhase, we change this
operation to ArithMul if we can speculate Number/Boolean operands.

The BigInt specialization shows a small progression:

                        noSpec                changes

big-int-simple-mul  18.8090+-1.0435  ^  17.4305+-0.2673  ^ definitely 1.0791x faster

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::makeSafe):
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupMultiplication):
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::arithNodeFlags):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileValueMul):
(JSC::DFG::SpeculativeJIT::compileArithMul):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGValidate.cpp:
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileValueMul):
(JSC::FTL::DFG::LowerDFGToB3::compileArithMul):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239045 268f45cc-cd09-0410-ab3c-d52691b4dbfc
27 files changed:
JSTests/ChangeLog
JSTests/stress/big-int-mul-jit-osr.js [new file with mode: 0644]
JSTests/stress/big-int-mul-jit-untyped.js [new file with mode: 0644]
JSTests/stress/value-mul-fixup-int32-big-int.js [new file with mode: 0644]
PerformanceTests/BigIntBench/big-int-simple-mul.js [new file with mode: 0644]
PerformanceTests/BigIntBench/value-mul-type-propagation.js [new file with mode: 0644]
PerformanceTests/ChangeLog
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGClobberize.h
Source/JavaScriptCore/dfg/DFGDoesGC.cpp
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Source/JavaScriptCore/dfg/DFGNode.h
Source/JavaScriptCore/dfg/DFGNodeType.h
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/dfg/DFGOperations.h
Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
Source/JavaScriptCore/dfg/DFGSafeToExecute.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
Source/JavaScriptCore/dfg/DFGValidate.cpp
Source/JavaScriptCore/ftl/FTLCapabilities.cpp
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp