Changeset 192836 in webkit

Timestamp:

Nov 30, 2015 3:13:41 PM (8 years ago)

Author:

mark.lam@apple.com

Message:

Snippefy op_div for the baseline JIT.
​https://bugs.webkit.org/show_bug.cgi?id=151607

Reviewed by Geoffrey Garen.

• CMakeLists.txt:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
• JavaScriptCore.xcodeproj/project.pbxproj:

• jit/JIT.h:
• jit/JITArithmetic.cpp:

(JSC::JIT::emit_op_div):
(JSC::JIT::emitSlow_op_div):
(JSC::JIT::compileBinaryArithOpSlowCase): Deleted.

• jit/JITArithmetic32_64.cpp:

(JSC::JIT::emitBinaryDoubleOp):
(JSC::JIT::emit_op_div): Deleted.
(JSC::JIT::emitSlow_op_div): Deleted.

• Removed the 32-bit specific op_div implementation. The 64-bit version with the op_div snippet can now service both 32-bit and 64-bit.

• jit/JITDivGenerator.cpp: Added.

(JSC::JITDivGenerator::loadOperand):
(JSC::JITDivGenerator::generateFastPath):

• jit/JITDivGenerator.h: Added.

(JSC::JITDivGenerator::JITDivGenerator):
(JSC::JITDivGenerator::didEmitFastPath):
(JSC::JITDivGenerator::endJumpList):
(JSC::JITDivGenerator::slowPathJumpList):

• jit/JITInlines.h:

(JSC::JIT::getOperandConstantDouble): Added.

• jit/SnippetOperand.h: Added.

(JSC::SnippetOperand::SnippetOperand):
(JSC::SnippetOperand::mightBeNumber):
(JSC::SnippetOperand::definitelyIsNumber):
(JSC::SnippetOperand::isConst):
(JSC::SnippetOperand::isConstInt32):
(JSC::SnippetOperand::isConstDouble):
(JSC::SnippetOperand::asRawBits):
(JSC::SnippetOperand::asConstInt32):
(JSC::SnippetOperand::asConstDouble):
(JSC::SnippetOperand::setConstInt32):
(JSC::SnippetOperand::setConstDouble):

• The SnippetOperand encapsulates operand constness, const type, and profiling information. As a result:
  1. The argument list to the JITDivGenerator constructor is now more concise.
  2. The logic of the JITDivGenerator is now less verbose and easier to express.

• parser/ResultType.h:

(JSC::ResultType::isInt32):
(JSC::ResultType::definitelyIsNumber):
(JSC::ResultType::definitelyIsString):
(JSC::ResultType::definitelyIsBoolean):
(JSC::ResultType::mightBeNumber):
(JSC::ResultType::isNotNumber):

• Made these functions const because they were always meant to be const. This also allows me to enforce constness in the SnippetOperand.

Location:

trunk/Source/JavaScriptCore

Files:

• CMakeLists.txt (modified) (1 diff)
• ChangeLog (modified) (1 diff)
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj (modified) (3 diffs)
• JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters (modified) (3 diffs)
• JavaScriptCore.xcodeproj/project.pbxproj (modified) (7 diffs)
• jit/JIT.h (modified) (2 diffs)
• jit/JITArithmetic.cpp (modified) (6 diffs)
• jit/JITArithmetic32_64.cpp (modified) (4 diffs)
• jit/JITDivGenerator.cpp (added)
• jit/JITDivGenerator.h (added)
• jit/JITInlines.h (modified) (1 diff)
• jit/SnippetOperand.h (added)
• parser/ResultType.h (modified) (1 diff)

trunk/Source/JavaScriptCore/CMakeLists.txt

@@ -456 +456 @@
     jit/JITCode.cpp
     jit/JITDisassembler.cpp
+    jit/JITDivGenerator.cpp
     jit/JITExceptions.cpp
     jit/JITInlineCacheGenerator.cpp

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2015-11-30  Mark Lam  <mark.lam@apple.com>
+
+        Snippefy op_div for the baseline JIT.
+        https://bugs.webkit.org/show_bug.cgi?id=151607
+
+        Reviewed by Geoffrey Garen.
+
+        * CMakeLists.txt:
+        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
+        * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters:
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+
+        * jit/JIT.h:
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_div):
+        (JSC::JIT::emitSlow_op_div):
+        (JSC::JIT::compileBinaryArithOpSlowCase): Deleted.
+
+        * jit/JITArithmetic32_64.cpp:
+        (JSC::JIT::emitBinaryDoubleOp):
+        (JSC::JIT::emit_op_div): Deleted.
+        (JSC::JIT::emitSlow_op_div): Deleted.
+        - Removed the 32-bit specific op_div implementation.  The 64-bit version with the
+          op_div snippet can now service both 32-bit and 64-bit.
+ 
+        * jit/JITDivGenerator.cpp: Added.
+        (JSC::JITDivGenerator::loadOperand):
+        (JSC::JITDivGenerator::generateFastPath):
+        * jit/JITDivGenerator.h: Added.
+        (JSC::JITDivGenerator::JITDivGenerator):
+        (JSC::JITDivGenerator::didEmitFastPath):
+        (JSC::JITDivGenerator::endJumpList):
+        (JSC::JITDivGenerator::slowPathJumpList):
+ 
+        * jit/JITInlines.h:
+        (JSC::JIT::getOperandConstantDouble): Added.
+ 
+        * jit/SnippetOperand.h: Added.
+        (JSC::SnippetOperand::SnippetOperand):
+        (JSC::SnippetOperand::mightBeNumber):
+        (JSC::SnippetOperand::definitelyIsNumber):
+        (JSC::SnippetOperand::isConst):
+        (JSC::SnippetOperand::isConstInt32):
+        (JSC::SnippetOperand::isConstDouble):
+        (JSC::SnippetOperand::asRawBits):
+        (JSC::SnippetOperand::asConstInt32):
+        (JSC::SnippetOperand::asConstDouble):
+        (JSC::SnippetOperand::setConstInt32):
+        (JSC::SnippetOperand::setConstDouble):
+        - The SnippetOperand encapsulates operand constness, const type, and profiling
+          information.  As a result:
+          1. The argument list to the JITDivGenerator constructor is now more concise.
+          2. The logic of the JITDivGenerator is now less verbose and easier to express.
+
+        * parser/ResultType.h:
+        (JSC::ResultType::isInt32):
+        (JSC::ResultType::definitelyIsNumber):
+        (JSC::ResultType::definitelyIsString):
+        (JSC::ResultType::definitelyIsBoolean):
+        (JSC::ResultType::mightBeNumber):
+        (JSC::ResultType::isNotNumber):
+        - Made these functions const because they were always meant to be const.
+          This also allows me to enforce constness in the SnippetOperand.
+
 2015-11-30  Sukolsak Sakshuwong  <sukolsak@gmail.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj

@@ -648 +648 @@
     <ClCompile Include="..\jit\JITCode.cpp" />
     <ClCompile Include="..\jit\JITDisassembler.cpp" />
+    <ClCompile Include="..\jit\JITDivGenerator.cpp" />
     <ClCompile Include="..\jit\JITExceptions.cpp" />
     <ClCompile Include="..\jit\JITInlineCacheGenerator.cpp" />
@@ -1466 +1467 @@
     <ClInclude Include="..\jit\JITCompilationEffort.h" />
     <ClInclude Include="..\jit\JITDisassembler.h" />
+    <ClInclude Include="..\jit\JITDivGenerator.h" />
     <ClInclude Include="..\jit\JITExceptions.h" />
     <ClInclude Include="..\jit\JITInlineCacheGenerator.h" />
@@ -1486 +1488 @@
     <ClInclude Include="..\jit\Repatch.h" />
     <ClInclude Include="..\jit\ScratchRegisterAllocator.h" />
+    <ClInclude Include="..\jit\SnippetOperand.h" />
     <ClInclude Include="..\jit\SpecializedThunkJIT.h" />
     <ClInclude Include="..\jit\TempRegisterSet.h" />

trunk/Source/JavaScriptCore/JavaScriptCore.vcxproj/JavaScriptCore.vcxproj.filters

@@ -442 +442 @@
       <Filter>jit</Filter>
     </ClCompile>
+    <ClCompile Include="..\jit\JITDivGenerator.cpp">
+      <Filter>jit</Filter>
+    </ClCompile>
     <ClCompile Include="..\jit\JITExceptions.cpp">
       <Filter>jit</Filter>
@@ -2517 +2520 @@
       <Filter>jit</Filter>
     </ClInclude>
+    <ClInclude Include="..\jit\JITDivGenerator.h">
+      <Filter>jit</Filter>
+    </ClInclude>
     <ClInclude Include="..\jit\JITExceptions.h">
       <Filter>jit</Filter>
@@ -2542 +2548 @@
     </ClInclude>
     <ClInclude Include="..\jit\SpecializedThunkJIT.h">
+      <Filter>jit</Filter>
+    </ClInclude>
+    <ClInclude Include="..\jit\SnippetOperand.h">
       <Filter>jit</Filter>
     </ClInclude>

trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj

@@ -1973 +1973 @@
                 FE187A011BFBE55E0038BBCA /* JITMulGenerator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE1879FF1BFBC73C0038BBCA /* JITMulGenerator.cpp */; };
                 FE187A021BFBE5610038BBCA /* JITMulGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = FE187A001BFBC73C0038BBCA /* JITMulGenerator.h */; };
+                FE187A0D1C030D5C0038BBCA /* JITDivGenerator.h in Headers */ = {isa = PBXBuildFile; fileRef = FE187A0B1C0229230038BBCA /* JITDivGenerator.h */; settings = {ASSET_TAGS = (); }; };
+                FE187A0E1C030D640038BBCA /* JITDivGenerator.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE187A0A1C0229230038BBCA /* JITDivGenerator.cpp */; settings = {ASSET_TAGS = (); }; };
+                FE187A0F1C030D6C0038BBCA /* SnippetOperand.h in Headers */ = {isa = PBXBuildFile; fileRef = FE187A0C1C02EBA70038BBCA /* SnippetOperand.h */; settings = {ASSET_TAGS = (); }; };
                 FE1C0FFD1B193E9800B53FCA /* Exception.h in Headers */ = {isa = PBXBuildFile; fileRef = FE1C0FFC1B193E9800B53FCA /* Exception.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 FE1C0FFF1B194FD100B53FCA /* Exception.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FE1C0FFE1B194FD100B53FCA /* Exception.cpp */; };
@@ -4113 +4116 @@
                 FE1879FF1BFBC73C0038BBCA /* JITMulGenerator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITMulGenerator.cpp; sourceTree = "<group>"; };
                 FE187A001BFBC73C0038BBCA /* JITMulGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITMulGenerator.h; sourceTree = "<group>"; };
+                FE187A0A1C0229230038BBCA /* JITDivGenerator.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JITDivGenerator.cpp; sourceTree = "<group>"; };
+                FE187A0B1C0229230038BBCA /* JITDivGenerator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JITDivGenerator.h; sourceTree = "<group>"; };
+                FE187A0C1C02EBA70038BBCA /* SnippetOperand.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SnippetOperand.h; sourceTree = "<group>"; };
                 FE1C0FFC1B193E9800B53FCA /* Exception.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Exception.h; sourceTree = "<group>"; };
                 FE1C0FFE1B194FD100B53FCA /* Exception.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Exception.cpp; sourceTree = "<group>"; };
@@ -4792 +4798 @@
                                 0FAF7EFA165BA919000C8455 /* JITDisassembler.cpp */,
                                 0FAF7EFB165BA919000C8455 /* JITDisassembler.h */,
+                                FE187A0A1C0229230038BBCA /* JITDivGenerator.cpp */,
+                                FE187A0B1C0229230038BBCA /* JITDivGenerator.h */,
                                 0F46807F14BA572700BFE272 /* JITExceptions.cpp */,
                                 0F46808014BA572700BFE272 /* JITExceptions.h */,
@@ -4833 +4841 @@
                                 0FEE98401A8865B600754E93 /* SetupVarargsFrame.h */,
                                 A709F2EF17A0AC0400512E98 /* SlowPathCall.h */,
+                                FE187A0C1C02EBA70038BBCA /* SnippetOperand.h */,
                                 A7386551118697B400540279 /* SpecializedThunkJIT.h */,
                                 A7FF647A18C52E8500B55307 /* SpillRegistersMode.h */,
@@ -7198 +7207 @@
                                 0F32BD111BB34F190093A57F /* HeapHelperPool.h in Headers */,
                                 C2DA778318E259990066FCB6 /* HeapInlines.h in Headers */,
+                                FE187A0D1C030D5C0038BBCA /* JITDivGenerator.h in Headers */,
                                 2AD8932B17E3868F00668276 /* HeapIterationScope.h in Headers */,
                                 A5339EC91BB4B4600054F005 /* HeapObserver.h in Headers */,
@@ -7261 +7271 @@
                                 A18193E41B4E0CDB00FC1029 /* IntlCollatorPrototype.lut.h in Headers */,
                                 A1587D6E1B4DC14100D69849 /* IntlDateTimeFormat.h in Headers */,
+                                FE187A0F1C030D6C0038BBCA /* SnippetOperand.h in Headers */,
                                 A1587D701B4DC14100D69849 /* IntlDateTimeFormatConstructor.h in Headers */,
                                 A1587D751B4DC1C600D69849 /* IntlDateTimeFormatConstructor.lut.h in Headers */,
@@ -8599 +8610 @@
                                 0FD120331A8C85BD000F5280 /* FTLJSCallVarargs.cpp in Sources */,
                                 62774DAA1B8D4B190006F05A /* FTLJSTailCall.cpp in Sources */,
+                                FE187A0E1C030D640038BBCA /* JITDivGenerator.cpp in Sources */,
                                 0FB4FB731BC843140025CA5A /* FTLLazySlowPath.cpp in Sources */,
                                 0F8F2B95172E04A0007DBDA5 /* FTLLink.cpp in Sources */,

trunk/Source/JavaScriptCore/jit/JIT.h

@@ -405 +405 @@
 
         int32_t getOperandConstantInt(int src);
+        double getOperandConstantDouble(int src);
 
 #if USE(JSVALUE32_64)
@@ -463 +464 @@
 
         void emitTagBool(RegisterID);
-        void compileBinaryArithOpSlowCase(Instruction*, OpcodeID, Vector<SlowCaseEntry>::iterator&, int dst, int src1, int src2, OperandTypes, bool op1HasImmediateIntFastCase, bool op2HasImmediateIntFastCase);
 
         void compileGetByIdHotPath(int baseVReg, const Identifier*);

trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp

@@ -31 +31 @@
 #include "CodeBlock.h"
 #include "JITAddGenerator.h"
+#include "JITDivGenerator.h"
 #include "JITInlines.h"
 #include "JITMulGenerator.h"
@@ -662 +663 @@
 /* ------------------------------ END: OP_MOD ------------------------------ */
 
-/* ------------------------------ BEGIN: USE(JSVALUE64) (OP_ADD, OP_SUB, OP_MUL) ------------------------------ */
-
-void JIT::compileBinaryArithOpSlowCase(Instruction* currentInstruction, OpcodeID opcodeID, Vector<SlowCaseEntry>::iterator& iter, int result, int op1, int op2, OperandTypes types, bool op1HasImmediateIntFastCase, bool op2HasImmediateIntFastCase)
-{
-    // We assume that subtracting TagTypeNumber is equivalent to adding DoubleEncodeOffset.
-    COMPILE_ASSERT(((TagTypeNumber + DoubleEncodeOffset) == 0), TagTypeNumber_PLUS_DoubleEncodeOffset_EQUALS_0);
-
-    Jump notImm1;
-    Jump notImm2;
-    if (op1HasImmediateIntFastCase) {
-        notImm2 = getSlowCase(iter);
-    } else if (op2HasImmediateIntFastCase) {
-        notImm1 = getSlowCase(iter);
-    } else {
-        notImm1 = getSlowCase(iter);
-        notImm2 = getSlowCase(iter);
-    }
-
-    linkSlowCase(iter); // Integer overflow case - we could handle this in JIT code, but this is likely rare.
-
-    Label stubFunctionCall(this);
-
-    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_mul);
-    slowPathCall.call();
-    Jump end = jump();
-
-    if (op1HasImmediateIntFastCase) {
-        notImm2.link(this);
-        if (!types.second().definitelyIsNumber())
-            emitJumpIfNotNumber(regT0).linkTo(stubFunctionCall, this);
-        emitGetVirtualRegister(op1, regT1);
-        convertInt32ToDouble(regT1, fpRegT1);
-        add64(tagTypeNumberRegister, regT0);
-        move64ToDouble(regT0, fpRegT2);
-    } else if (op2HasImmediateIntFastCase) {
-        notImm1.link(this);
-        if (!types.first().definitelyIsNumber())
-            emitJumpIfNotNumber(regT0).linkTo(stubFunctionCall, this);
-        emitGetVirtualRegister(op2, regT1);
-        convertInt32ToDouble(regT1, fpRegT1);
-        add64(tagTypeNumberRegister, regT0);
-        move64ToDouble(regT0, fpRegT2);
-    } else {
-        // if we get here, eax is not an int32, edx not yet checked.
-        notImm1.link(this);
-        if (!types.first().definitelyIsNumber())
-            emitJumpIfNotNumber(regT0).linkTo(stubFunctionCall, this);
-        if (!types.second().definitelyIsNumber())
-            emitJumpIfNotNumber(regT1).linkTo(stubFunctionCall, this);
-        add64(tagTypeNumberRegister, regT0);
-        move64ToDouble(regT0, fpRegT1);
-        Jump op2isDouble = emitJumpIfNotInt(regT1);
-        convertInt32ToDouble(regT1, fpRegT2);
-        Jump op2wasInteger = jump();
-
-        // if we get here, eax IS an int32, edx is not.
-        notImm2.link(this);
-        if (!types.second().definitelyIsNumber())
-            emitJumpIfNotNumber(regT1).linkTo(stubFunctionCall, this);
-        convertInt32ToDouble(regT0, fpRegT1);
-        op2isDouble.link(this);
-        add64(tagTypeNumberRegister, regT1);
-        move64ToDouble(regT1, fpRegT2);
-        op2wasInteger.link(this);
-    }
-
-    ASSERT_UNUSED(opcodeID, opcodeID == op_div);
-    divDouble(fpRegT2, fpRegT1);
-
-    moveDoubleTo64(fpRegT1, regT0);
-    sub64(tagTypeNumberRegister, regT0);
-    emitPutVirtualRegister(result, regT0);
-
-    end.link(this);
-}
-
-void JIT::emit_op_div(Instruction* currentInstruction)
-{
-    int dst = currentInstruction[1].u.operand;
-    int op1 = currentInstruction[2].u.operand;
-    int op2 = currentInstruction[3].u.operand;
-    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
-
-    if (isOperandConstantDouble(op1)) {
-        emitGetVirtualRegister(op1, regT0);
-        add64(tagTypeNumberRegister, regT0);
-        move64ToDouble(regT0, fpRegT0);
-    } else if (isOperandConstantInt(op1)) {
-        emitLoadInt32ToDouble(op1, fpRegT0);
-    } else {
-        emitGetVirtualRegister(op1, regT0);
-        if (!types.first().definitelyIsNumber())
-            emitJumpSlowCaseIfNotNumber(regT0);
-        Jump notInt = emitJumpIfNotInt(regT0);
-        convertInt32ToDouble(regT0, fpRegT0);
-        Jump skipDoubleLoad = jump();
-        notInt.link(this);
-        add64(tagTypeNumberRegister, regT0);
-        move64ToDouble(regT0, fpRegT0);
-        skipDoubleLoad.link(this);
-    }
-
-    if (isOperandConstantDouble(op2)) {
-        emitGetVirtualRegister(op2, regT1);
-        add64(tagTypeNumberRegister, regT1);
-        move64ToDouble(regT1, fpRegT1);
-    } else if (isOperandConstantInt(op2)) {
-        emitLoadInt32ToDouble(op2, fpRegT1);
-    } else {
-        emitGetVirtualRegister(op2, regT1);
-        if (!types.second().definitelyIsNumber())
-            emitJumpSlowCaseIfNotNumber(regT1);
-        Jump notInt = emitJumpIfNotInt(regT1);
-        convertInt32ToDouble(regT1, fpRegT1);
-        Jump skipDoubleLoad = jump();
-        notInt.link(this);
-        add64(tagTypeNumberRegister, regT1);
-        move64ToDouble(regT1, fpRegT1);
-        skipDoubleLoad.link(this);
-    }
-    divDouble(fpRegT1, fpRegT0);
-    
-    // Is the result actually an integer? The DFG JIT would really like to know. If it's
-    // not an integer, we increment a count. If this together with the slow case counter
-    // are below threshold then the DFG JIT will compile this division with a specualtion
-    // that the remainder is zero.
-    
-    // As well, there are cases where a double result here would cause an important field
-    // in the heap to sometimes have doubles in it, resulting in double predictions getting
-    // propagated to a use site where it might cause damage (such as the index to an array
-    // access). So if we are DFG compiling anything in the program, we want this code to
-    // ensure that it produces integers whenever possible.
-    
-    JumpList notInteger;
-    branchConvertDoubleToInt32(fpRegT0, regT0, notInteger, fpRegT1);
-    // If we've got an integer, we might as well make that the result of the division.
-    emitTagInt(regT0, regT0);
-    Jump isInteger = jump();
-    notInteger.link(this);
-    moveDoubleTo64(fpRegT0, regT0);
-    Jump doubleZero = branchTest64(Zero, regT0);
-    add32(TrustedImm32(1), AbsoluteAddress(&m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset)->m_counter));
-    sub64(tagTypeNumberRegister, regT0);
-    Jump trueDouble = jump();
-    doubleZero.link(this);
-    move(tagTypeNumberRegister, regT0);
-    trueDouble.link(this);
-    isInteger.link(this);
-
-    emitPutVirtualRegister(dst, regT0);
-}
-
-void JIT::emitSlow_op_div(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    int op1 = currentInstruction[2].u.operand;
-    int op2 = currentInstruction[3].u.operand;
-    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
-    if (types.first().definitelyIsNumber() && types.second().definitelyIsNumber()) {
-        if (!ASSERT_DISABLED)
-            abortWithReason(JITDivOperandsAreNotNumbers);
-        return;
-    }
-    if (!isOperandConstantDouble(op1) && !isOperandConstantInt(op1)) {
-        if (!types.first().definitelyIsNumber())
-            linkSlowCase(iter);
-    }
-    if (!isOperandConstantDouble(op2) && !isOperandConstantInt(op2)) {
-        if (!types.second().definitelyIsNumber())
-            linkSlowCase(iter);
-    }
-    // There is an extra slow case for (op1 * -N) or (-N * op2), to check for 0 since this should produce a result of -0.
-    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_div);
-    slowPathCall.call();
-}
-
 #endif // USE(JSVALUE64)
 
@@ -907 +733 @@
 }
 
-void JIT::emit_op_mul(Instruction* currentInstruction)
+void JIT::emit_op_div(Instruction* currentInstruction)
 {
     int result = currentInstruction[1].u.operand;
@@ -928 +754 @@
 #endif
 
-    bool leftIsConstInt32 = isOperandConstantInt(op1);
-    bool rightIsConstInt32 = isOperandConstantInt(op2);
-    ResultType leftType = types.first();
-    ResultType rightType = types.second();
-    int32_t leftConstInt32 = 0;
-    int32_t rightConstInt32 = 0;
-
-    uint32_t* profilingCounter = nullptr;
-    if (shouldEmitProfiling())
-        profilingCounter = &m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset)->m_counter;
-
-    ASSERT(!leftIsConstInt32 || !rightIsConstInt32);
-
-    if (leftIsConstInt32)
-        leftConstInt32 = getOperandConstantInt(op1);
-    if (rightIsConstInt32)
-        rightConstInt32 = getOperandConstantInt(op2);
-
-    bool leftIsPositiveConstInt32 = leftIsConstInt32 && (leftConstInt32 > 0);
-    bool rightIsPositiveConstInt32 = rightIsConstInt32 && (rightConstInt32 > 0);
-
-    if (leftIsPositiveConstInt32)
+    uint32_t* profilingCounter = &m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset)->m_counter;
+
+    SnippetOperand leftOperand(types.first());
+    SnippetOperand rightOperand(types.second());
+
+    if (isOperandConstantInt(op1))
+        leftOperand.setConstInt32(getOperandConstantInt(op1));
+#if USE(JSVALUE64)
+    else if (isOperandConstantDouble(op1))
+        leftOperand.setConstDouble(getOperandConstantDouble(op1));
+#endif
+
+    if (isOperandConstantInt(op2))
+        rightOperand.setConstInt32(getOperandConstantInt(op2));
+#if USE(JSVALUE64)
+    else if (isOperandConstantDouble(op2))
+        rightOperand.setConstDouble(getOperandConstantDouble(op2));
+#endif
+
+    ASSERT(!leftOperand.isConst() || !rightOperand.isConst());
+
+    if (!leftOperand.isConst())
+        emitGetVirtualRegister(op1, leftRegs);
+    if (!rightOperand.isConst())
         emitGetVirtualRegister(op2, rightRegs);
-    else if (rightIsPositiveConstInt32)
-        emitGetVirtualRegister(op1, leftRegs);
-    else {
-        emitGetVirtualRegister(op1, leftRegs);
-        emitGetVirtualRegister(op2, rightRegs);
-    }
-
-    JITMulGenerator gen(resultRegs, leftRegs, rightRegs, leftType, rightType,
-        leftIsPositiveConstInt32, rightIsPositiveConstInt32, leftConstInt32, rightConstInt32,
+
+    JITDivGenerator gen(leftOperand, rightOperand, resultRegs, leftRegs, rightRegs,
         fpRegT0, fpRegT1, scratchGPR, scratchFPR, profilingCounter);
 
@@ -972 +793 @@
         ASSERT(gen.endJumpList().empty());
         ASSERT(gen.slowPathJumpList().empty());
-        JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_mul);
+        JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_div);
         slowPathCall.call();
     }
 }
 
-void JIT::emitSlow_op_mul(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+void JIT::emitSlow_op_div(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {
     linkAllSlowCasesForBytecodeOffset(m_slowCases, iter, m_bytecodeOffset);
-    
-    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_mul);
-    slowPathCall.call();
-}
-
-void JIT::emit_op_sub(Instruction* currentInstruction)
+
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_div);
+    slowPathCall.call();
+}
+
+void JIT::emit_op_mul(Instruction* currentInstruction)
 {
     int result = currentInstruction[1].u.operand;
@@ -1006 +827 @@
 #endif
 
+    bool leftIsConstInt32 = isOperandConstantInt(op1);
+    bool rightIsConstInt32 = isOperandConstantInt(op2);
+    ResultType leftType = types.first();
+    ResultType rightType = types.second();
+    int32_t leftConstInt32 = 0;
+    int32_t rightConstInt32 = 0;
+
+    uint32_t* profilingCounter = nullptr;
+    if (shouldEmitProfiling())
+        profilingCounter = &m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset)->m_counter;
+
+    ASSERT(!leftIsConstInt32 || !rightIsConstInt32);
+
+    if (leftIsConstInt32)
+        leftConstInt32 = getOperandConstantInt(op1);
+    if (rightIsConstInt32)
+        rightConstInt32 = getOperandConstantInt(op2);
+
+    bool leftIsPositiveConstInt32 = leftIsConstInt32 && (leftConstInt32 > 0);
+    bool rightIsPositiveConstInt32 = rightIsConstInt32 && (rightConstInt32 > 0);
+
+    if (leftIsPositiveConstInt32)
+        emitGetVirtualRegister(op2, rightRegs);
+    else if (rightIsPositiveConstInt32)
+        emitGetVirtualRegister(op1, leftRegs);
+    else {
+        emitGetVirtualRegister(op1, leftRegs);
+        emitGetVirtualRegister(op2, rightRegs);
+    }
+
+    JITMulGenerator gen(resultRegs, leftRegs, rightRegs, leftType, rightType,
+        leftIsPositiveConstInt32, rightIsPositiveConstInt32, leftConstInt32, rightConstInt32,
+        fpRegT0, fpRegT1, scratchGPR, scratchFPR, profilingCounter);
+
+    gen.generateFastPath(*this);
+
+    if (gen.didEmitFastPath()) {
+        gen.endJumpList().link(this);
+        emitPutVirtualRegister(result, resultRegs);
+
+        addSlowCase(gen.slowPathJumpList());
+    } else {
+        ASSERT(gen.endJumpList().empty());
+        ASSERT(gen.slowPathJumpList().empty());
+        JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_mul);
+        slowPathCall.call();
+    }
+}
+
+void JIT::emitSlow_op_mul(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkAllSlowCasesForBytecodeOffset(m_slowCases, iter, m_bytecodeOffset);
+    
+    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_mul);
+    slowPathCall.call();
+}
+
+void JIT::emit_op_sub(Instruction* currentInstruction)
+{
+    int result = currentInstruction[1].u.operand;
+    int op1 = currentInstruction[2].u.operand;
+    int op2 = currentInstruction[3].u.operand;
+    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
+
+#if USE(JSVALUE64)
+    JSValueRegs leftRegs = JSValueRegs(regT0);
+    JSValueRegs rightRegs = JSValueRegs(regT1);
+    JSValueRegs resultRegs = leftRegs;
+    GPRReg scratchGPR = regT2;
+    FPRReg scratchFPR = InvalidFPRReg;
+#else
+    JSValueRegs leftRegs = JSValueRegs(regT1, regT0);
+    JSValueRegs rightRegs = JSValueRegs(regT3, regT2);
+    JSValueRegs resultRegs = leftRegs;
+    GPRReg scratchGPR = regT4;
+    FPRReg scratchFPR = fpRegT2;
+#endif
+
     emitGetVirtualRegister(op1, leftRegs);
     emitGetVirtualRegister(op2, rightRegs);

trunk/Source/JavaScriptCore/jit/JITArithmetic32_64.cpp

@@ -479 +479 @@
 }
 
-// Addition (+)
-
 void JIT::emitBinaryDoubleOp(OpcodeID opcodeID, int dst, int op1, int op2, OperandTypes types, JumpList& notInt32Op1, JumpList& notInt32Op2, bool op1IsInRegisters, bool op2IsInRegisters)
 {
@@ -513 +511 @@
         doTheMath.link(this);
         switch (opcodeID) {
-            case op_div: {
-                emitLoadDouble(op1, fpRegT1);
-                divDouble(fpRegT0, fpRegT1);
-
-                // Is the result actually an integer? The DFG JIT would really like to know. If it's
-                // not an integer, we increment a count. If this together with the slow case counter
-                // are below threshold then the DFG JIT will compile this division with a specualtion
-                // that the remainder is zero.
-                
-                // As well, there are cases where a double result here would cause an important field
-                // in the heap to sometimes have doubles in it, resulting in double predictions getting
-                // propagated to a use site where it might cause damage (such as the index to an array
-                // access). So if we are DFG compiling anything in the program, we want this code to
-                // ensure that it produces integers whenever possible.
-                
-                // FIXME: This will fail to convert to integer if the result is zero. We should
-                // distinguish between positive zero and negative zero here.
-                
-                JumpList notInteger;
-                branchConvertDoubleToInt32(fpRegT1, regT2, notInteger, fpRegT0);
-                // If we've got an integer, we might as well make that the result of the division.
-                emitStoreInt32(dst, regT2);
-                Jump isInteger = jump();
-                notInteger.link(this);
-                add32(TrustedImm32(1), AbsoluteAddress(&m_codeBlock->specialFastCaseProfileForBytecodeOffset(m_bytecodeOffset)->m_counter));
-                emitStoreDouble(dst, fpRegT1);
-                isInteger.link(this);
-                break;
-            }
             case op_jless:
                 emitLoadDouble(op1, fpRegT2);
@@ -599 +568 @@
         // Do the math.
         switch (opcodeID) {
-            case op_div: {
-                emitLoadDouble(op2, fpRegT2);
-                divDouble(fpRegT2, fpRegT0);
-                // Is the result actually an integer? The DFG JIT would really like to know. If it's
-                // not an integer, we increment a count. If this together with the slow case counter
-                // are below threshold then the DFG JIT will compile this division with a specualtion
-                // that the remainder is zero.
-                
-                // As well, there are cases where a double result here would cause an important field
-                // in the heap to sometimes have doubles in it, resulting in double predictions getting
-                // propagated to a use site where it might cause damage (such as the index to an array
-                // access). So if we are DFG compiling anything in the program, we want this code to
-                // ensure that it produces integers whenever possible.
-                
-                // FIXME: This will fail to convert to integer if the result is zero. We should
-                // distinguish between positive zero and negative zero here.
-                
-                JumpList notInteger;
-                branchConvertDoubleToInt32(fpRegT0, regT2, notInteger, fpRegT1);
-                // If we've got an integer, we might as well make that the result of the division.
-                emitStoreInt32(dst, regT2);
-                Jump isInteger = jump();
-                notInteger.link(this);
-                add32(TrustedImm32(1), AbsoluteAddress(&m_codeBlock->specialFastCaseProfileForBytecodeOffset(m_bytecodeOffset)->m_counter));
-                emitStoreDouble(dst, fpRegT0);
-                isInteger.link(this);
-                break;
-            }
             case op_jless:
                 emitLoadDouble(op2, fpRegT1);
@@ -665 +606 @@
 
     end.link(this);
-}
-
-// Division (/)
-
-void JIT::emit_op_div(Instruction* currentInstruction)
-{
-    int dst = currentInstruction[1].u.operand;
-    int op1 = currentInstruction[2].u.operand;
-    int op2 = currentInstruction[3].u.operand;
-    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
-
-    m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset);
-
-    if (!supportsFloatingPoint()) {
-        addSlowCase(jump());
-        return;
-    }
-
-    // Int32 divide.
-    JumpList notInt32Op1;
-    JumpList notInt32Op2;
-
-    JumpList end;
-
-    emitLoad2(op1, regT1, regT0, op2, regT3, regT2);
-
-    notInt32Op1.append(branch32(NotEqual, regT1, TrustedImm32(JSValue::Int32Tag)));
-    notInt32Op2.append(branch32(NotEqual, regT3, TrustedImm32(JSValue::Int32Tag)));
-
-    convertInt32ToDouble(regT0, fpRegT0);
-    convertInt32ToDouble(regT2, fpRegT1);
-    divDouble(fpRegT1, fpRegT0);
-    // Is the result actually an integer? The DFG JIT would really like to know. If it's
-    // not an integer, we increment a count. If this together with the slow case counter
-    // are below threshold then the DFG JIT will compile this division with a specualtion
-    // that the remainder is zero.
-    
-    // As well, there are cases where a double result here would cause an important field
-    // in the heap to sometimes have doubles in it, resulting in double predictions getting
-    // propagated to a use site where it might cause damage (such as the index to an array
-    // access). So if we are DFG compiling anything in the program, we want this code to
-    // ensure that it produces integers whenever possible.
-    
-    // FIXME: This will fail to convert to integer if the result is zero. We should
-    // distinguish between positive zero and negative zero here.
-    
-    JumpList notInteger;
-    branchConvertDoubleToInt32(fpRegT0, regT2, notInteger, fpRegT1);
-    // If we've got an integer, we might as well make that the result of the division.
-    emitStoreInt32(dst, regT2);
-    end.append(jump());
-    notInteger.link(this);
-    add32(TrustedImm32(1), AbsoluteAddress(&m_codeBlock->specialFastCaseProfileForBytecodeOffset(m_bytecodeOffset)->m_counter));
-    emitStoreDouble(dst, fpRegT0);
-    end.append(jump());
-
-    // Double divide.
-    emitBinaryDoubleOp(op_div, dst, op1, op2, types, notInt32Op1, notInt32Op2);
-    end.link(this);
-}
-
-void JIT::emitSlow_op_div(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
-
-    if (!supportsFloatingPoint())
-        linkSlowCase(iter);
-    else {
-        if (!types.first().definitelyIsNumber())
-            linkSlowCase(iter); // double check
-
-        if (!types.second().definitelyIsNumber()) {
-            linkSlowCase(iter); // int32 check
-            linkSlowCase(iter); // double check
-        }
-    }
-
-    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_div);
-    slowPathCall.call();
 }
 

trunk/Source/JavaScriptCore/jit/JITInlines.h

@@ -981 +981 @@
 }
 
+ALWAYS_INLINE double JIT::getOperandConstantDouble(int src)
+{
+    return getConstantOperand(src).asDouble();
+}
+
 #if USE(JSVALUE32_64)
 

trunk/Source/JavaScriptCore/parser/ResultType.h

@@ -50 +50 @@
 
     public:
-        bool isInt32()
+        bool isInt32() const
         {
             return m_type & TypeInt32;
         }
 
-        bool definitelyIsNumber()
+        bool definitelyIsNumber() const
         {
             return (m_type & TypeBits) == TypeMaybeNumber;
         }
         
-        bool definitelyIsString()
+        bool definitelyIsString() const
         {
             return (m_type & TypeBits) == TypeMaybeString;
         }
 
-        bool definitelyIsBoolean()
+        bool definitelyIsBoolean() const
         {
             return (m_type & TypeBits) == TypeMaybeBool;
         }
 
-        bool mightBeNumber()
+        bool mightBeNumber() const
         {
             return m_type & TypeMaybeNumber;
         }
 
-        bool isNotNumber()
+        bool isNotNumber() const
         {
             return !mightBeNumber();