Fold typedArray.length if typedArray is constant
https://bugs.webkit.org/show_bug.cgi?id=125252
Source/JavaScriptCore:
Reviewed by Sam Weinig.
This was meant to be easy. The problem is that there was no good place for putting
the folding of typedArray.length to a constant. You can't quite do it in the
bytecode parser because at that point you don't yet know if typedArray is really
a typed array. You can't do it as part of constant folding because the folder
assumes that it can opportunistically forward-flow a constant value without changing
the IR; this doesn't work since we need to first change the IR to register a
desired watchpoint and only after that can we introduce that constant. We could have
done it in Fixup but that would have been awkward since Fixup's code for turning a
GetById of "length" into GetArrayLength is already somewhat complex. We could have
done it in CSE but CSE is already fairly gnarly and will probably get rewritten.
So I introduced a new phase, called StrengthReduction. This phase should have any
transformations that don't requite CFA or CSE and that it would be weird to put into
those other phases.
I also took the opportunity to refactor some of the other folding code.
This also adds a test, but the test couldn't quite be a LayoutTests/js/regress so I
introduced the notion of JavaScriptCore/tests/stress.
The goal of this patch isn't really to improve performance or anything like that.
It adds an optimization for completeness, and in doing so it unlocks a bunch of new
possibilities. The one that I'm most excited about is revealing array length checks
in DFG IR, which will allow for array bounds check hoisting and elimination.
* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::::executeEffects):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetFoldableView):
(JSC::DFG::Graph::tryGetFoldableViewForChild1):
* dfg/DFGGraph.h:
* dfg/DFGNode.h:
(JSC::DFG::Node::hasTypedArray):
(JSC::DFG::Node::typedArray):
* dfg/DFGNodeType.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGPredictionPropagationPhase.cpp:
(JSC::DFG::PredictionPropagationPhase::propagate):
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::jumpForTypedArrayOutOfBounds):
(JSC::DFG::SpeculativeJIT::compileConstantIndexedPropertyStorage):
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGStrengthReductionPhase.cpp: Added.
(JSC::DFG::StrengthReductionPhase::StrengthReductionPhase):
(JSC::DFG::StrengthReductionPhase::run):
(JSC::DFG::StrengthReductionPhase::handleNode):
(JSC::DFG::StrengthReductionPhase::foldTypedArrayPropertyToConstant):
(JSC::DFG::performStrengthReduction):
* dfg/DFGStrengthReductionPhase.h: Added.
* dfg/DFGWatchpointCollectionPhase.cpp:
(JSC::DFG::WatchpointCollectionPhase::handle):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileGetIndexedPropertyStorage):
(JSC::FTL::LowerDFGToLLVM::compilePutByVal):
(JSC::FTL::LowerDFGToLLVM::typedArrayLength):
* jsc.cpp:
(GlobalObject::finishCreation):
(functionTransferArrayBuffer):
* runtime/ArrayBufferView.h:
* tests/stress: Added.
* tests/stress/fold-typed-array-properties.js: Added.
(foo):
Tools:
Reviewed by Sam Weinig.
Add Source/JavaScriptCore/tests/stress to the set of JS tests. This is where you
should put tests that run just like JSRegress but don't run as part of LayoutTests.
Currently I'm using it for tests that require some surgical support from jsc.cpp.
* Scripts/run-javascriptcore-tests:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@160292 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp b/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
new file mode 100644
index 0000000..8475487
--- /dev/null
+++ b/Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "DFGStrengthReductionPhase.h"
+
+#if ENABLE(DFG_JIT)
+
+#include "DFGGraph.h"
+#include "DFGInsertionSet.h"
+#include "DFGPhase.h"
+#include "DFGPredictionPropagationPhase.h"
+#include "DFGVariableAccessDataDump.h"
+#include "Operations.h"
+
+namespace JSC { namespace DFG {
+
+class StrengthReductionPhase : public Phase {
+public:
+ StrengthReductionPhase(Graph& graph)
+ : Phase(graph, "strength reduction")
+ , m_insertionSet(graph)
+ {
+ }
+
+ bool run()
+ {
+ ASSERT(m_graph.m_fixpointState == FixpointNotConverged);
+
+ m_changed = false;
+
+ for (BlockIndex blockIndex = m_graph.numBlocks(); blockIndex--;) {
+ m_block = m_graph.block(blockIndex);
+ if (!m_block)
+ continue;
+ for (m_nodeIndex = 0; m_nodeIndex < m_block->size(); ++m_nodeIndex) {
+ m_node = m_block->at(m_nodeIndex);
+ handleNode();
+ }
+ m_insertionSet.execute(m_block);
+ }
+
+ return m_changed;
+ }
+
+private:
+ void handleNode()
+ {
+ switch (m_node->op()) {
+ case BitOr:
+ // Optimize X|0 -> X.
+ if (m_node->child2()->isConstant()) {
+ JSValue C2 = m_graph.valueOfJSConstant(m_node->child2().node());
+ if (C2.isInt32() && !C2.asInt32()) {
+ m_insertionSet.insertNode(
+ m_nodeIndex, SpecNone, Phantom, m_node->codeOrigin,
+ m_node->child2());
+ m_node->children.removeEdge(1);
+ m_node->convertToIdentity();
+ m_changed = true;
+ break;
+ }
+ }
+ break;
+
+ case GetArrayLength:
+ if (JSArrayBufferView* view = m_graph.tryGetFoldableViewForChild1(m_node))
+ foldTypedArrayPropertyToConstant(view, jsNumber(view->length()));
+ break;
+
+ case GetTypedArrayByteOffset:
+ if (JSArrayBufferView* view = m_graph.tryGetFoldableView(m_node->child1().node()))
+ foldTypedArrayPropertyToConstant(view, jsNumber(view->byteOffset()));
+ break;
+
+ // FIXME: The constant-folding of GetIndexedPropertyStorage should be expressed
+ // as an IR transformation in this phase.
+ // https://bugs.webkit.org/show_bug.cgi?id=125395
+
+ default:
+ break;
+ }
+ }
+
+ void foldTypedArrayPropertyToConstant(JSArrayBufferView* view, JSValue constant)
+ {
+ m_insertionSet.insertNode(
+ m_nodeIndex, SpecNone, TypedArrayWatchpoint, m_node->codeOrigin,
+ OpInfo(view));
+ m_graph.convertToConstant(m_node, constant);
+ m_changed = true;
+ }
+
+ InsertionSet m_insertionSet;
+ BasicBlock* m_block;
+ unsigned m_nodeIndex;
+ Node* m_node;
+ bool m_changed;
+};
+
+bool performStrengthReduction(Graph& graph)
+{
+ SamplingRegion samplingRegion("DFG Strength Reduction Phase");
+ return runPhase<StrengthReductionPhase>(graph);
+}
+
+} } // namespace JSC::DFG
+
+#endif // ENABLE(DFG_JIT)
+
