FTL B3 does not logicalNot correctly
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Dec 2015 21:59:59 +0000 (21:59 +0000)
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 22 Dec 2015 21:59:59 +0000 (21:59 +0000)
commit8e1114c2326c61513801e4a6d4105b0472014f7d
tree780d80f7d7c92ed77b881bf0c756566848e8a7b3
parent92d3cbd21e9cfaa8a67b178cb12f73ec980a9662
FTL B3 does not logicalNot correctly
https://bugs.webkit.org/show_bug.cgi?id=152512

Reviewed by Saam Barati.

Source/JavaScriptCore:

I'm working on a bug where V8/richards does not run correctly. I noticed that the codegen was
doing a log of Not32's followed by branches, which smelled like badness. To debug this, I
needed B3's origins to dump as something other than a hexed pointer to a node. The node index
would be better. So, I added the notion of an origin printer to Procedure.

The bug was easy enough to fix. This introduces Output::logicalNot(). In LLVM, it's the same
as bitNot(). In B3, it's compiled to Equal(value, 0). We could have also compiled it to
BitXor(value, 1), except that B3 will strength-reduce to that anyway whenever it's safe. It's
sort of nice that right now, you could use logicalNot() on non-bool values and get C-like
behavior.

Richards still doesn't run, though. There are more bugs!

* JavaScriptCore.xcodeproj/project.pbxproj:
* b3/B3BasicBlock.cpp:
(JSC::B3::BasicBlock::dump):
(JSC::B3::BasicBlock::deepDump):
* b3/B3BasicBlock.h:
(JSC::B3::BasicBlock::frequency):
(JSC::B3::DeepBasicBlockDump::DeepBasicBlockDump):
(JSC::B3::DeepBasicBlockDump::dump):
(JSC::B3::deepDump):
* b3/B3LowerToAir.cpp:
(JSC::B3::Air::LowerToAir::run):
(JSC::B3::Air::LowerToAir::lower):
* b3/B3Origin.h:
(JSC::B3::Origin::data):
* b3/B3OriginDump.h: Added.
(JSC::B3::OriginDump::OriginDump):
(JSC::B3::OriginDump::dump):
* b3/B3Procedure.cpp:
(JSC::B3::Procedure::~Procedure):
(JSC::B3::Procedure::printOrigin):
(JSC::B3::Procedure::addBlock):
(JSC::B3::Procedure::dump):
* b3/B3Procedure.h:
(JSC::B3::Procedure::setOriginPrinter):
* b3/B3Value.cpp:
(JSC::B3::Value::dumpChildren):
(JSC::B3::Value::deepDump):
* b3/B3Value.h:
(JSC::B3::DeepValueDump::DeepValueDump):
(JSC::B3::DeepValueDump::dump):
(JSC::B3::deepDump):
* ftl/FTLB3Output.cpp:
(JSC::FTL::Output::lockedStackSlot):
(JSC::FTL::Output::bitNot):
(JSC::FTL::Output::logicalNot):
(JSC::FTL::Output::load):
* ftl/FTLB3Output.h:
(JSC::FTL::Output::aShr):
(JSC::FTL::Output::lShr):
(JSC::FTL::Output::ctlz32):
(JSC::FTL::Output::addWithOverflow32):
(JSC::FTL::Output::lessThanOrEqual):
(JSC::FTL::Output::doubleEqual):
(JSC::FTL::Output::doubleEqualOrUnordered):
(JSC::FTL::Output::doubleNotEqualOrUnordered):
(JSC::FTL::Output::doubleLessThan):
(JSC::FTL::Output::doubleLessThanOrEqual):
(JSC::FTL::Output::doubleGreaterThan):
(JSC::FTL::Output::doubleGreaterThanOrEqual):
(JSC::FTL::Output::doubleNotEqualAndOrdered):
(JSC::FTL::Output::doubleLessThanOrUnordered):
(JSC::FTL::Output::doubleLessThanOrEqualOrUnordered):
(JSC::FTL::Output::doubleGreaterThanOrUnordered):
(JSC::FTL::Output::doubleGreaterThanOrEqualOrUnordered):
(JSC::FTL::Output::isZero32):
(JSC::FTL::Output::notZero32):
(JSC::FTL::Output::addIncomingToPhi):
(JSC::FTL::Output::bitCast):
(JSC::FTL::Output::bitNot): Deleted.
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::DFG::LowerDFGToLLVM::compileCheckArray):
(JSC::FTL::DFG::LowerDFGToLLVM::compileGetTypedArrayByteOffset):
(JSC::FTL::DFG::LowerDFGToLLVM::compileLogicalNot):
(JSC::FTL::DFG::LowerDFGToLLVM::compileCallOrConstruct):
(JSC::FTL::DFG::LowerDFGToLLVM::compileInstanceOfCustom):
(JSC::FTL::DFG::LowerDFGToLLVM::compileCountExecution):
(JSC::FTL::DFG::LowerDFGToLLVM::boolify):
(JSC::FTL::DFG::LowerDFGToLLVM::isMisc):
(JSC::FTL::DFG::LowerDFGToLLVM::isNotBoolean):
(JSC::FTL::DFG::LowerDFGToLLVM::isBoolean):
(JSC::FTL::DFG::LowerDFGToLLVM::unboxBoolean):
(JSC::FTL::DFG::LowerDFGToLLVM::isNotType):
(JSC::FTL::DFG::LowerDFGToLLVM::speculateObject):
* ftl/FTLOutput.h:
(JSC::FTL::Output::aShr):
(JSC::FTL::Output::lShr):
(JSC::FTL::Output::bitNot):
(JSC::FTL::Output::logicalNot):
(JSC::FTL::Output::insertElement):
* ftl/FTLState.cpp:
(JSC::FTL::State::State):

Source/WTF:

This change introduces yet another use of SharedTask in JSC. While doing this, I noticed that
SharedTask::run() always demands that whatever arguments the callback takes, they must be
passed as rvalue references. This was a clear misuse of perfect forwarding. This change makes
SharedTask's approach to forwarding match what we were already doing in ScopedLambda.

* wtf/SharedTask.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@194372 268f45cc-cd09-0410-ab3c-d52691b4dbfc
18 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/b3/B3BasicBlock.cpp
Source/JavaScriptCore/b3/B3BasicBlock.h
Source/JavaScriptCore/b3/B3LowerToAir.cpp
Source/JavaScriptCore/b3/B3Origin.h
Source/JavaScriptCore/b3/B3OriginDump.h [new file with mode: 0644]
Source/JavaScriptCore/b3/B3Procedure.cpp
Source/JavaScriptCore/b3/B3Procedure.h
Source/JavaScriptCore/b3/B3Value.cpp
Source/JavaScriptCore/b3/B3Value.h
Source/JavaScriptCore/ftl/FTLB3Output.cpp
Source/JavaScriptCore/ftl/FTLB3Output.h
Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp
Source/JavaScriptCore/ftl/FTLOutput.h
Source/JavaScriptCore/ftl/FTLState.cpp
Source/WTF/ChangeLog
Source/WTF/wtf/SharedTask.h