DFG::SpeculativeJIT::isKnownXYZ methods should use CFA rather than other things
https://bugs.webkit.org/show_bug.cgi?id=110092
Reviewed by Geoffrey Garen.
These methods were previously using GenerationInfo and other things to try to
gain information that the CFA could give away for free, if you asked kindly
enough.
Also fixed CallLinkStatus's dump() method since it was making an invalid
assertion: we most certainly can have a status where the structure is non-null
and the executable is null, like if we're dealing with an InternalFunction.
Also removed calls to isKnownNotXYZ from fillSpeculateABC methods in 32_64. I
don't know why that was there. But it was causing asserts if the value was
empty - i.e. we had already exited unconditionally but we didn't know it. I
could have fixed this by introducing another form of isKnownNotXYZ which was
tolerant of empty values, but I didn't feel like fixing code that I knew to be
unnecessary. (More deeply, isKnownNotCell, for example, really asks: "do you
know that this value can never be a cell?" while some of the previous uses
wanted to ask: "do you know that this is a value that is not a cell?". The
former is "true" if the value is a contradiction [i.e. BOTTOM], while the
latter is "false" for contradictions, since contradictions are not values.)
* bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::dump):
* bytecode/CallLinkStatus.h:
(JSC::CallLinkStatus::CallLinkStatus):
* dfg/DFGSpeculativeJIT.cpp:
(DFG):
* dfg/DFGSpeculativeJIT.h:
(JSC::DFG::SpeculativeJIT::isKnownInteger):
(JSC::DFG::SpeculativeJIT::isKnownCell):
(JSC::DFG::SpeculativeJIT::isKnownNotInteger):
(JSC::DFG::SpeculativeJIT::isKnownNotNumber):
(JSC::DFG::SpeculativeJIT::isKnownNotCell):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
(JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
(JSC::DFG::SpeculativeJIT::fillSpeculateCell):
* dfg/DFGStructureAbstractValue.h:
(JSC::DFG::StructureAbstractValue::dump):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@143242 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
index 1965872..b2ab1e2 100644
--- a/Source/JavaScriptCore/ChangeLog
+++ b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,48 @@
+2013-02-18 Filip Pizlo <fpizlo@apple.com>
+
+ DFG::SpeculativeJIT::isKnownXYZ methods should use CFA rather than other things
+ https://bugs.webkit.org/show_bug.cgi?id=110092
+
+ Reviewed by Geoffrey Garen.
+
+ These methods were previously using GenerationInfo and other things to try to
+ gain information that the CFA could give away for free, if you asked kindly
+ enough.
+
+ Also fixed CallLinkStatus's dump() method since it was making an invalid
+ assertion: we most certainly can have a status where the structure is non-null
+ and the executable is null, like if we're dealing with an InternalFunction.
+
+ Also removed calls to isKnownNotXYZ from fillSpeculateABC methods in 32_64. I
+ don't know why that was there. But it was causing asserts if the value was
+ empty - i.e. we had already exited unconditionally but we didn't know it. I
+ could have fixed this by introducing another form of isKnownNotXYZ which was
+ tolerant of empty values, but I didn't feel like fixing code that I knew to be
+ unnecessary. (More deeply, isKnownNotCell, for example, really asks: "do you
+ know that this value can never be a cell?" while some of the previous uses
+ wanted to ask: "do you know that this is a value that is not a cell?". The
+ former is "true" if the value is a contradiction [i.e. BOTTOM], while the
+ latter is "false" for contradictions, since contradictions are not values.)
+
+ * bytecode/CallLinkStatus.cpp:
+ (JSC::CallLinkStatus::dump):
+ * bytecode/CallLinkStatus.h:
+ (JSC::CallLinkStatus::CallLinkStatus):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (DFG):
+ * dfg/DFGSpeculativeJIT.h:
+ (JSC::DFG::SpeculativeJIT::isKnownInteger):
+ (JSC::DFG::SpeculativeJIT::isKnownCell):
+ (JSC::DFG::SpeculativeJIT::isKnownNotInteger):
+ (JSC::DFG::SpeculativeJIT::isKnownNotNumber):
+ (JSC::DFG::SpeculativeJIT::isKnownNotCell):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
+ (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
+ * dfg/DFGStructureAbstractValue.h:
+ (JSC::DFG::StructureAbstractValue::dump):
+
2013-02-17 Filip Pizlo <fpizlo@apple.com>
Get rid of DFG::DoubleOperand and simplify ValueToInt32
diff --git a/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp b/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp
index 1c1143e..509b15a 100644
--- a/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp
+++ b/Source/JavaScriptCore/bytecode/CallLinkStatus.cpp
@@ -141,9 +141,11 @@
if (m_callTarget)
out.print(comma, "Known target: ", m_callTarget);
- ASSERT(!!m_executable == !!m_structure);
if (m_executable)
- out.print(comma, "Executable/CallHash/Structure: ", RawPointer(m_executable), "/", m_executable->hashFor(CodeForCall), "/", RawPointer(m_structure));
+ out.print(comma, "Executable/CallHash: ", RawPointer(m_executable), "/", m_executable->hashFor(CodeForCall));
+
+ if (m_structure)
+ out.print(comma, "Structure: ", RawPointer(m_structure));
}
} // namespace JSC
diff --git a/Source/JavaScriptCore/bytecode/CallLinkStatus.h b/Source/JavaScriptCore/bytecode/CallLinkStatus.h
index 888e56e..51965fe 100644
--- a/Source/JavaScriptCore/bytecode/CallLinkStatus.h
+++ b/Source/JavaScriptCore/bytecode/CallLinkStatus.h
@@ -63,6 +63,7 @@
, m_couldTakeSlowPath(false)
, m_isProved(false)
{
+ ASSERT(!!executable == !!structure);
}
CallLinkStatus& setIsProved(bool isProved)
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
index f1c48f3..ab8a3ec 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
@@ -931,51 +931,6 @@
}
}
-bool SpeculativeJIT::isKnownInteger(Node* node)
-{
- if (isInt32Constant(node))
- return true;
-
- if (node->hasInt32Result())
- return true;
-
- GenerationInfo& info = m_generationInfo[node->virtualRegister()];
-
- return info.isJSInteger();
-}
-
-bool SpeculativeJIT::isKnownCell(Node* node)
-{
- return m_generationInfo[node->virtualRegister()].isJSCell();
-}
-
-bool SpeculativeJIT::isKnownNotCell(Node* node)
-{
- VirtualRegister virtualRegister = node->virtualRegister();
- GenerationInfo& info = m_generationInfo[virtualRegister];
- if (node->hasConstant() && !valueOfJSConstant(node).isCell())
- return true;
- return !(info.isJSCell() || info.isUnknownJS());
-}
-
-bool SpeculativeJIT::isKnownNotInteger(Node* node)
-{
- VirtualRegister virtualRegister = node->virtualRegister();
- GenerationInfo& info = m_generationInfo[virtualRegister];
-
- return info.isJSDouble() || info.isJSCell() || info.isJSBoolean()
- || (node->hasConstant() && !valueOfJSConstant(node).isInt32());
-}
-
-bool SpeculativeJIT::isKnownNotNumber(Node* node)
-{
- VirtualRegister virtualRegister = node->virtualRegister();
- GenerationInfo& info = m_generationInfo[virtualRegister];
-
- return (!info.isJSDouble() && !info.isJSInteger() && !info.isUnknownJS())
- || (node->hasConstant() && !isNumberConstant(node));
-}
-
void SpeculativeJIT::writeBarrier(MacroAssembler& jit, GPRReg owner, GPRReg scratch1, GPRReg scratch2, WriteBarrierUseKind useKind)
{
UNUSED_PARAM(jit);
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
index 1a1ba7e..ea33f38 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
@@ -523,13 +523,12 @@
}
}
- bool isKnownInteger(Node*);
- bool isKnownCell(Node*);
+ bool isKnownInteger(Node* node) { return !(m_state.forNode(node).m_type & ~SpecInt32); }
+ bool isKnownCell(Node* node) { return !(m_state.forNode(node).m_type & ~SpecCell); }
- bool isKnownNotInteger(Node*);
- bool isKnownNotNumber(Node*);
-
- bool isKnownNotCell(Node*);
+ bool isKnownNotInteger(Node* node) { return !(m_state.forNode(node).m_type & SpecInt32); }
+ bool isKnownNotNumber(Node* node) { return !(m_state.forNode(node).m_type & SpecNumber); }
+ bool isKnownNotCell(Node* node) { return !(m_state.forNode(node).m_type & SpecCell); }
// Checks/accessors for constant values.
bool isConstant(Node* node) { return m_jit.graph().isConstant(node); }
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
index 580af35..f6cc53a 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
@@ -849,12 +849,6 @@
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLogF("SpecInt@%d ", node->index());
#endif
- if (isKnownNotInteger(node)) {
- terminateSpeculativeExecution(Uncountable, JSValueRegs(), 0, direction);
- returnFormat = DataFormatInteger;
- return allocate();
- }
-
SpeculatedType type = m_state.forNode(node).m_type;
VirtualRegister virtualRegister = node->virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -946,11 +940,6 @@
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLogF("SpecDouble@%d ", node->index());
#endif
- if (isKnownNotNumber(node)) {
- terminateSpeculativeExecution(Uncountable, JSValueRegs(), 0, direction);
- return fprAllocate();
- }
-
SpeculatedType type = m_state.forNode(node).m_type;
VirtualRegister virtualRegister = node->virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
@@ -1080,11 +1069,6 @@
#if DFG_ENABLE(DEBUG_VERBOSE)
dataLogF("SpecCell@%d ", node->index());
#endif
- if (isKnownNotCell(node)) {
- terminateSpeculativeExecution(Uncountable, JSValueRegs(), 0, direction);
- return allocate();
- }
-
SpeculatedType type = m_state.forNode(node).m_type;
VirtualRegister virtualRegister = node->virtualRegister();
GenerationInfo& info = m_generationInfo[virtualRegister];
diff --git a/Source/JavaScriptCore/dfg/DFGStructureAbstractValue.h b/Source/JavaScriptCore/dfg/DFGStructureAbstractValue.h
index 528adae..fb5dfda 100644
--- a/Source/JavaScriptCore/dfg/DFGStructureAbstractValue.h
+++ b/Source/JavaScriptCore/dfg/DFGStructureAbstractValue.h
@@ -307,7 +307,7 @@
out.print("[");
if (m_structure)
- out.print(RawPointer(m_structure));
+ out.print(RawPointer(m_structure), "(", m_structure->classInfo()->className, ")");
out.print("]");
}
