[ESNext][BigInt] Implement "~" unary operation
authorticaiolima@gmail.com <ticaiolima@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 11 Mar 2019 17:21:41 +0000 (17:21 +0000)
committerticaiolima@gmail.com <ticaiolima@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 11 Mar 2019 17:21:41 +0000 (17:21 +0000)
commit25888e8584df869da3f057029c53de05a5a40cf5
tree8eeaf02de161fc1a59b282174651072587dbaef6
parentd04e8d83cefcde8e2e5713ad5e685fcc543ce377
[ESNext][BigInt] Implement "~" unary operation
https://bugs.webkit.org/show_bug.cgi?id=182216

Reviewed by Keith Miller.

JSTests:

* stress/big-int-bit-not-general.js: Added.
* stress/big-int-bitwise-not-jit.js: Added.
* stress/big-int-bitwise-not-wrapped-value.js: Added.
* stress/bit-op-with-object-returning-int32.js:
* stress/bitwise-not-fixup-rules.js: Added.
* stress/value-bit-not-ai-rule.js: Added.

PerformanceTests:

* BigIntBench/big-int-simple-bit-not.js: Added.

Source/JavaScriptCore:

This patch is adding support of BigInt into op_bitnot operations. In
addition, we are changing ArithBitNot to handle only Number operands,
while introducing a new node named ValueBitNot to handle Untyped and
BigInt. This node follows the same approach we are doing into other
arithimetic operations into DFG.

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):

It is possible that fixup and prediction propagation don't convert a
ValueBitNot(ConstInt32) into ArithBitNot(ConstInt32) because these
analysis are conservative. In such case, we are adding constant
folding rules to ValueBitNot AI.

* dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):

ValueBitNot has same rules as ArithBitNot on backwards propagation.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):

We can emit ArithBitNot if we know that operand of op_bitnot is a
Number or any int. Otherwise we fallback to ValueBitNot and rely on
fixup to convert the node to ArithBitNot when it is possible.
ValueBitNot uses heap prediction on prediction propagation and we
collect its type from op_bitnot's value profiler.

* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):

When we have the case with ValueBitNot(BigInt), we don't clobberize
world.

* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):

ValueBitNot can GC on BigIntUse because, right now, all bitNot
operation allocates temporary BigInts to perform calculations and it
can potentially trigger GC.

* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):

ValueBitNot is responsible do handle BigIntUse and UntypedUse. To all
other uses, we fallback to ArithBitNot.

* dfg/DFGNode.h:
(JSC::DFG::Node::hasHeapPrediction):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
(JSC::DFG::bitwiseBinaryOp):

This template function is abstracting the new semantics of numeric
values operations on bitwise operations. These operations usually
folow these steps:

    1. rhsNumeric = GetInt32OrBigInt(rhs)
    2. lhsNumeric = GetInt32OrBigInt(lhs)
    3. trhow error if TypeOf(rhsNumeric) != TypeOf(lhsNumeric)
    4. return BigInt::bitwiseOp(bitOp, rhs, lhs) if TypeOf(lhsNumeric) == BigInt
    5. return rhs <int32BitOp> lhs

Since we have almost the same code for every bitwise op,
we use such template to avoid code duplication. The template receives
Int32 and BigInt operations as parameter. Error message is received as
`const char*` instead of `String&` to avoid String allocation even when
there is no error to throw.

* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileValueBitNot):

ValueBitNot generates speculative code for BigIntUse and this code is a
call to `operationBitNotBigInt`. This operation is faster than
`operationValueBitNot` because there is no need to check types of
operands and execute properly operation. We still need to check
exceptions after `operationBitNotBigInt` because it can throw OOM.

(JSC::DFG::SpeculativeJIT::compileBitwiseNot):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileValueBitNot):
(JSC::FTL::DFG::LowerDFGToB3::compileArithBitNot):
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/JSBigInt.cpp:
(JSC::JSBigInt::bitwiseNot):
* runtime/JSBigInt.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242715 268f45cc-cd09-0410-ab3c-d52691b4dbfc
31 files changed:
JSTests/ChangeLog
JSTests/stress/big-int-bit-not-general.js [new file with mode: 0644]
JSTests/stress/big-int-bitwise-not-jit.js [new file with mode: 0644]
JSTests/stress/big-int-bitwise-not-wrapped-value.js [new file with mode: 0644]
JSTests/stress/bit-op-with-object-returning-int32.js
JSTests/stress/bitwise-not-fixup-rules.js [new file with mode: 0644]
JSTests/stress/value-bit-not-ai-rule.js [new file with mode: 0644]
PerformanceTests/BigIntBench/big-int-simple-bit-not.js [new file with mode: 0644]
PerformanceTests/ChangeLog
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGClobberize.h
Source/JavaScriptCore/dfg/DFGDoesGC.cpp
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Source/JavaScriptCore/dfg/DFGNode.h
Source/JavaScriptCore/dfg/DFGNodeType.h
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/dfg/DFGOperations.h
Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
Source/JavaScriptCore/dfg/DFGSafeToExecute.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
Source/JavaScriptCore/ftl/FTLCapabilities.cpp
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
Source/JavaScriptCore/runtime/JSBigInt.cpp
Source/JavaScriptCore/runtime/JSBigInt.h