Changeset 197688 in webkit


Ignore:
Timestamp:
Mar 7, 2016 10:30:31 AM (8 years ago)
Author:
benjamin@webkit.org
Message:

[JSC] Simplify the overflow check of ArithAbs
https://bugs.webkit.org/show_bug.cgi?id=155063

Reviewed by Geoffrey Garen.

The only integer that overflow abs(int32) is INT_MIN.
For some reason, our code testing for that case
was checking the top bit of the result specifically.

The code required a large immediate on x86 and an extra
register on ARM64.

This patch turns the overflow check into a branch on
the sign of the result.

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileArithAbs):

  • jit/ThunkGenerators.cpp:

(JSC::absThunkGenerator):

  • tests/stress/arith-abs-overflow.js: Added.

(opaqueAbs):

Location:
trunk/Source/JavaScriptCore
Files:
1 added
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r197687 r197688  
     12016-03-07  Benjamin Poulain  <benjamin@webkit.org>
     2
     3        [JSC] Simplify the overflow check of ArithAbs
     4        https://bugs.webkit.org/show_bug.cgi?id=155063
     5
     6        Reviewed by Geoffrey Garen.
     7
     8        The only integer that overflow abs(int32) is INT_MIN.
     9        For some reason, our code testing for that case
     10        was checking the top bit of the result specifically.
     11
     12        The code required a large immediate on x86 and an extra
     13        register on ARM64.
     14
     15        This patch turns the overflow check into a branch on
     16        the sign of the result.
     17
     18        * dfg/DFGSpeculativeJIT32_64.cpp:
     19        (JSC::DFG::SpeculativeJIT::compile):
     20        * dfg/DFGSpeculativeJIT64.cpp:
     21        (JSC::DFG::SpeculativeJIT::compile):
     22        * ftl/FTLLowerDFGToB3.cpp:
     23        (JSC::FTL::DFG::LowerDFGToB3::compileArithAbs):
     24        * jit/ThunkGenerators.cpp:
     25        (JSC::absThunkGenerator):
     26        * tests/stress/arith-abs-overflow.js: Added.
     27        (opaqueAbs):
     28
    1292016-03-07  Benjamin Poulain  <bpoulain@apple.com>
    230

  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

    r197649 r197688  
    21882188            m_jit.add32(scratch.gpr(), result.gpr());
    21892189            m_jit.xor32(scratch.gpr(), result.gpr());
    2190             speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branch32(MacroAssembler::Equal, result.gpr(), MacroAssembler::TrustedImm32(1 << 31)));
     2190            speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchTest32(MacroAssembler::Signed, result.gpr()));
    21912191            int32Result(result.gpr(), node);
    21922192            break;

  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

    r197687 r197688  
    23362336            m_jit.xor32(scratch.gpr(), result.gpr());
    23372337            if (shouldCheckOverflow(node->arithMode()))
    2338                 speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branch32(MacroAssembler::Equal, result.gpr(), MacroAssembler::TrustedImm32(1 << 31)));
     2338                speculationCheck(Overflow, JSValueRegs(), 0, m_jit.branchTest32(MacroAssembler::Signed, result.gpr()));
    23392339            int32Result(result.gpr(), node);
    23402340            break;

  • trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

    r197650 r197688  
    17751775
    17761776            if (shouldCheckOverflow(m_node->arithMode()))
    1777                 speculate(Overflow, noValue(), 0, m_out.equal(result, m_out.constInt32(1 << 31)));
     1777                speculate(Overflow, noValue(), 0, m_out.lessThan(result, m_out.int32Zero));
    17781778
    17791779            setInt32(result);

  • trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

    r197687 r197688  
    911911    jit.add32(SpecializedThunkJIT::regT1, SpecializedThunkJIT::regT0);
    912912    jit.xor32(SpecializedThunkJIT::regT1, SpecializedThunkJIT::regT0);
    913     jit.appendFailure(jit.branch32(MacroAssembler::Equal, SpecializedThunkJIT::regT0, MacroAssembler::TrustedImm32(1 << 31)));
     913    jit.appendFailure(jit.branchTest32(MacroAssembler::Signed, SpecializedThunkJIT::regT0));
    914914    jit.returnInt32(SpecializedThunkJIT::regT0);
    915915    nonIntJump.link(&jit);
Note: See TracChangeset for help on using the changeset viewer.