Profiling should detect when multiplication overflows but does not create negative...
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 5 Jan 2016 23:08:58 +0000 (23:08 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 5 Jan 2016 23:08:58 +0000 (23:08 +0000)
commitb364dce45578eb24f6442822d92d3c2a9a020e48
tree8eb584789181afef9eb65be77dfa0b9020bb2770
parentcd60d4f6687e787863f7859d1c5c2aa1f4545ffd
Profiling should detect when multiplication overflows but does not create negative zero.
https://bugs.webkit.org/show_bug.cgi?id=132470

Reviewed by Geoffrey Garen.

* assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::or32):
* assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::or32):
- New or32 emitter needed by the mul snippet.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::resultProfileForBytecodeOffset):
(JSC::CodeBlock::updateResultProfileForBytecodeOffset): Deleted.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::ensureResultProfile):
(JSC::CodeBlock::addResultProfile): Deleted.
(JSC::CodeBlock::likelyToTakeDeepestSlowCase): Deleted.
- Added a m_bytecodeOffsetToResultProfileIndexMap because we can now add result
  profiles in any order (based on runtime execution), not necessarily in bytecode
  order at baseline compilation time.

* bytecode/ValueProfile.cpp:
(WTF::printInternal):
* bytecode/ValueProfile.h:
(JSC::ResultProfile::didObserveInt52Overflow):
(JSC::ResultProfile::setObservedInt52Overflow):
- Add new Int52Overflow flags.

* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::makeSafe):
- Now with more straightforward mapping of profiling info.

* dfg/DFGCommon.h:
- Fixed a typo in a comment.

* dfg/DFGNode.h:
(JSC::DFG::Node::arithNodeFlags):
(JSC::DFG::Node::mayHaveNonIntResult):
(JSC::DFG::Node::hasConstantBuffer):
* dfg/DFGNodeFlags.cpp:
(JSC::DFG::dumpNodeFlags):
* dfg/DFGNodeFlags.h:
(JSC::DFG::nodeMayOverflowInt52):
(JSC::DFG::nodeCanSpeculateInt52):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
- We now have profiling info for whether the result was ever seen to be a non-Int.
  Use this to make a better prediction.

* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_div):
(JSC::JIT::emit_op_mul):
- Switch to using CodeBlock::ensureResultProfile().  ResultProfiles can now be
  created at any time (including the slow path), not just in bytecode order
  during baseline compilation.

* jit/JITMulGenerator.cpp:
(JSC::JITMulGenerator::generateFastPath):
- Removed the fast path profiling code for NegZero because we'll go to the slow
  path anyway.  Let the slow path do the profiling for us.
- Added profiling for NegZero and potential Int52 overflows in the fast path
  that does double math.

* runtime/CommonSlowPaths.cpp:
(JSC::updateResultProfileForBinaryArithOp):
- Removed the RETURN_WITH_RESULT_PROFILING macro (2 less macros), and just use
  the RETURN_WITH_PROFILING macro instead with a call to
  updateResultProfileForBinaryArithOp().  This makes it clear what we're doing
  to do profiling in each case, and also allows us to do custom profiling for
  each opcode if needed.  However, so far, we always call
  updateResultProfileForBinaryArithOp().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@194613 268f45cc-cd09-0410-ab3c-d52691b4dbfc
16 files changed:
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/CodeBlock.h
Source/JavaScriptCore/bytecode/ValueProfile.cpp
Source/JavaScriptCore/bytecode/ValueProfile.h
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGCommon.h
Source/JavaScriptCore/dfg/DFGNode.h
Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
Source/JavaScriptCore/dfg/DFGNodeFlags.h
Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
Source/JavaScriptCore/jit/JITArithmetic.cpp
Source/JavaScriptCore/jit/JITMulGenerator.cpp
Source/JavaScriptCore/runtime/CommonSlowPaths.cpp