Changeset 248426 in webkit

Timestamp:

Aug 8, 2019 11:23:18 AM (5 years ago)

Author:

Ross Kirsling

Message:

[JSC] Add "jump if (not) undefined or null" bytecode ops
​https://bugs.webkit.org/show_bug.cgi?id=200480

Reviewed by Saam Barati.

JSTests:

• stress/destructuring-assignment-require-object-coercible.js:
• stress/nullish-coalescing.js:

Source/JavaScriptCore:

This patch introduces fused jumps for op_is_undefined_or_null, which ignores "masquerade as undefined" behavior.

This lets us fix a edge-case bug in RequireObjectCoercible (where ({ length } = document.all) was a TypeError)
and moreover provides a very useful optimization for the new ?. and ?? operators, which have semantics centered
around op_jundefined_or_null and op_jnundefined_or_null, respectively.

• bytecode/BytecodeList.rb:
• bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

• bytecode/Opcode.h:

(JSC::isBranch):

• bytecode/PreciseJumpTargetsInlines.h:
• bytecompiler/BytecodeGenerator.cpp:

(JSC::Label::setLocation):
(JSC::BytecodeGenerator::emitJumpIfTrue):
(JSC::BytecodeGenerator::emitJumpIfFalse):
(JSC::BytecodeGenerator::emitRequireObjectCoercible):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

• dfg/DFGCapabilities.cpp:

(JSC::DFG::capabilityLevel):

• jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):

• jit/JIT.h:
• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_jundefined_or_null): Added.
(JSC::JIT::emit_op_jnundefined_or_null): Added.

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_jundefined_or_null): Added.
(JSC::JIT::emit_op_jnundefined_or_null): Added.

• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/stress/destructuring-assignment-require-object-coercible.js (modified) (1 diff)
• JSTests/stress/nullish-coalescing.js (modified) (1 diff)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/bytecode/BytecodeList.rb (modified) (1 diff)
• Source/JavaScriptCore/bytecode/BytecodeUseDef.h (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/Opcode.h (modified) (1 diff)
• Source/JavaScriptCore/bytecode/PreciseJumpTargetsInlines.h (modified) (1 diff)
• Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (4 diffs)
• Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (modified) (1 diff)
• Source/JavaScriptCore/dfg/DFGCapabilities.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/JIT.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/JIT.h (modified) (1 diff)
• Source/JavaScriptCore/jit/JITOpcodes.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/JITOpcodes32_64.cpp (modified) (1 diff)
• Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (modified) (1 diff)
• Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (1 diff)

trunk/JSTests/ChangeLog

@@ +1 @@
+2019-08-08  Ross Kirsling  <ross.kirsling@sony.com>
+
+        [JSC] Add "jump if (not) undefined or null" bytecode ops
+        https://bugs.webkit.org/show_bug.cgi?id=200480
+
+        Reviewed by Saam Barati.
+
+        * stress/destructuring-assignment-require-object-coercible.js:
+        * stress/nullish-coalescing.js:
+
 2019-08-05  Michael Saboff  <msaboff@apple.com>
 

trunk/JSTests/stress/destructuring-assignment-require-object-coercible.js

@@ -67 +67 @@
 testOK(`({ a: { b } = /1/ } = { })`);
 testOK(`({ a: { b } } = { a: /1/ })`);
+
+testOK(`({ } = makeMasquerader())`);
+testOK(`({ a } = makeMasquerader())`);
+testOK(`({ a: { b } = makeMasquerader() } = { })`);
+testOK(`({ a: { b } } = { a: makeMasquerader() })`);

trunk/JSTests/stress/nullish-coalescing.js

@@ -22 +22 @@
 }
 
-shouldBe(undefined ?? 3, 3);
-shouldBe(null ?? 3, 3);
-shouldBe(true ?? 3, true);
-shouldBe(false ?? 3, false);
-shouldBe(0 ?? 3, 0);
-shouldBe(1 ?? 3, 1);
-shouldBe('' ?? 3, '');
-shouldBe('hi' ?? 3, 'hi');
-shouldBe(({} ?? 3) instanceof Object, true);
-shouldBe(({ x: 'hi' } ?? 3).x, 'hi');
-shouldBe(([] ?? 3) instanceof Array, true);
-shouldBe((['hi'] ?? 3)[0], 'hi');
-shouldBe((makeMasquerader() ?? 3) == null, true);
+function testBasicCases() {
+    shouldBe(undefined ?? 3, 3);
+    shouldBe(null ?? 3, 3);
+    shouldBe(true ?? 3, true);
+    shouldBe(false ?? 3, false);
+    shouldBe(0 ?? 3, 0);
+    shouldBe(1 ?? 3, 1);
+    shouldBe('' ?? 3, '');
+    shouldBe('hi' ?? 3, 'hi');
+    shouldBe(({} ?? 3) instanceof Object, true);
+    shouldBe(({ x: 'hi' } ?? 3).x, 'hi');
+    shouldBe(([] ?? 3) instanceof Array, true);
+    shouldBe((['hi'] ?? 3)[0], 'hi');
+    shouldBe((makeMasquerader() ?? 3) == null, true);
+}
+noInline(testBasicCases);
+
+for (let i = 0; i < 1e5; i++)
+    testBasicCases();
 
 shouldBe(1 | null ?? 3, 1);

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2019-08-08  Ross Kirsling  <ross.kirsling@sony.com>
+
+        [JSC] Add "jump if (not) undefined or null" bytecode ops
+        https://bugs.webkit.org/show_bug.cgi?id=200480
+
+        Reviewed by Saam Barati.
+
+        This patch introduces fused jumps for op_is_undefined_or_null, which ignores "masquerade as undefined" behavior.
+
+        This lets us fix a edge-case bug in RequireObjectCoercible (where `({ length } = document.all)` was a TypeError)
+        and moreover provides a very useful optimization for the new ?. and ?? operators, which have semantics centered
+        around op_jundefined_or_null and op_jnundefined_or_null, respectively.
+
+        * bytecode/BytecodeList.rb:
+        * bytecode/BytecodeUseDef.h:
+        (JSC::computeUsesForBytecodeOffset):
+        (JSC::computeDefsForBytecodeOffset):
+        * bytecode/Opcode.h:
+        (JSC::isBranch):
+        * bytecode/PreciseJumpTargetsInlines.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::Label::setLocation):
+        (JSC::BytecodeGenerator::emitJumpIfTrue):
+        (JSC::BytecodeGenerator::emitJumpIfFalse):
+        (JSC::BytecodeGenerator::emitRequireObjectCoercible):
+        * dfg/DFGByteCodeParser.cpp:
+        (JSC::DFG::ByteCodeParser::parseBlock):
+        * dfg/DFGCapabilities.cpp:
+        (JSC::DFG::capabilityLevel):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * jit/JIT.h:
+        * jit/JITOpcodes.cpp:
+        (JSC::JIT::emit_op_jundefined_or_null): Added.
+        (JSC::JIT::emit_op_jnundefined_or_null): Added.
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::emit_op_jundefined_or_null): Added.
+        (JSC::JIT::emit_op_jnundefined_or_null): Added.
+        * llint/LowLevelInterpreter32_64.asm:
+        * llint/LowLevelInterpreter64.asm:
+
 2019-08-07  Devin Rousso  <drousso@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/BytecodeList.rb

@@ -621 +621 @@
 
 op :jneq_null,
+    args: {
+        value: VirtualRegister,
+        targetLabel: BoundLabel,
+    }
+
+op :jundefined_or_null,
+    args: {
+        value: VirtualRegister,
+        targetLabel: BoundLabel,
+    }
+
+op :jnundefined_or_null,
     args: {
         value: VirtualRegister,

trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.h

@@ -108 +108 @@
     USES(OpJeqNull, value)
     USES(OpJneqNull, value)
+    USES(OpJundefinedOrNull, value)
+    USES(OpJnundefinedOrNull, value)
     USES(OpDec, srcDst)
     USES(OpInc, srcDst)
@@ -308 +310 @@
     case op_jeq_null:
     case op_jneq_null:
+    case op_jundefined_or_null:
+    case op_jnundefined_or_null:
     case op_jneq_ptr:
     case op_jless:

trunk/Source/JavaScriptCore/bytecode/Opcode.h

@@ -174 +174 @@
     case op_jeq_null:
     case op_jneq_null:
+    case op_jundefined_or_null:
+    case op_jnundefined_or_null:
     case op_jneq_ptr:
     case op_jless:

trunk/Source/JavaScriptCore/bytecode/PreciseJumpTargetsInlines.h

@@ -41 +41 @@
     CASE_OP(OpJeqNull) \
     CASE_OP(OpJneqNull) \
+    CASE_OP(OpJundefinedOrNull) \
+    CASE_OP(OpJnundefinedOrNull) \
     CASE_OP(OpJneqPtr) \
     \

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -116 +116 @@
         CASE(OpJeqNull)
         CASE(OpJneqNull)
+        CASE(OpJundefinedOrNull)
+        CASE(OpJnundefinedOrNull)
         CASE(OpJeq)
         CASE(OpJstricteq)
@@ -1482 +1484 @@
             if (fuseTestAndJmp<OpNeqNull, OpJneqNull>(cond, target))
                 return;
+        } else if (m_lastOpcodeID == op_is_undefined_or_null && target.isForward()) {
+            if (fuseTestAndJmp<OpIsUndefinedOrNull, OpJundefinedOrNull>(cond, target))
+                return;
         }
     }
@@ -1529 +1534 @@
         } else if (m_lastOpcodeID == op_neq_null && target.isForward()) {
             if (fuseTestAndJmp<OpNeqNull, OpJeqNull>(cond, target))
+                return;
+        } else if (m_lastOpcodeID == op_is_undefined_or_null && target.isForward()) {
+            if (fuseTestAndJmp<OpIsUndefinedOrNull, OpJnundefinedOrNull>(cond, target))
                 return;
         }
@@ -4458 +4466 @@
 void BytecodeGenerator::emitRequireObjectCoercible(RegisterID* value, const String& error)
 {
-    // FIXME: op_jneq_null treats "undetectable" objects as null/undefined. RequireObjectCoercible
-    // thus incorrectly throws a TypeError for interfaces like HTMLAllCollection.
     Ref<Label> target = newLabel();
-    OpJneqNull::emit(this, value, target->bind(this));
+    OpJnundefinedOrNull::emit(this, value, target->bind(this));
     emitThrowTypeError(error);
     emitLabel(target.get());

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

@@ -5734 +5734 @@
             addToGraph(Branch, OpInfo(branchData(m_currentIndex + currentInstruction->size(), m_currentIndex + relativeOffset)), condition);
             LAST_OPCODE(op_jneq_null);
+        }
+
+        case op_jundefined_or_null: {
+            auto bytecode = currentInstruction->as<OpJundefinedOrNull>();
+            unsigned relativeOffset = jumpTarget(bytecode.m_targetLabel);
+            Node* value = get(bytecode.m_value);
+            Node* condition = addToGraph(IsUndefinedOrNull, value);
+            addToGraph(Branch, OpInfo(branchData(m_currentIndex + relativeOffset, m_currentIndex + currentInstruction->size())), condition);
+            LAST_OPCODE(op_jundefined_or_null);
+        }
+
+        case op_jnundefined_or_null: {
+            auto bytecode = currentInstruction->as<OpJnundefinedOrNull>();
+            unsigned relativeOffset = jumpTarget(bytecode.m_targetLabel);
+            Node* value = get(bytecode.m_value);
+            Node* condition = addToGraph(IsUndefinedOrNull, value);
+            addToGraph(Branch, OpInfo(branchData(m_currentIndex + currentInstruction->size(), m_currentIndex + relativeOffset)), condition);
+            LAST_OPCODE(op_jnundefined_or_null);
         }
 

trunk/Source/JavaScriptCore/dfg/DFGCapabilities.cpp

@@ -189 +189 @@
     case op_jeq_null:
     case op_jneq_null:
+    case op_jundefined_or_null:
+    case op_jnundefined_or_null:
     case op_jless:
     case op_jlesseq:

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -365 +365 @@
         DEFINE_OP(op_jmp)
         DEFINE_OP(op_jneq_null)
+        DEFINE_OP(op_jundefined_or_null)
+        DEFINE_OP(op_jnundefined_or_null)
         DEFINE_OP(op_jneq_ptr)
         DEFINE_OP(op_jless)

trunk/Source/JavaScriptCore/jit/JIT.h

@@ -555 +555 @@
         void emit_op_jmp(const Instruction*);
         void emit_op_jneq_null(const Instruction*);
+        void emit_op_jundefined_or_null(const Instruction*);
+        void emit_op_jnundefined_or_null(const Instruction*);
         void emit_op_jneq_ptr(const Instruction*);
         void emit_op_jless(const Instruction*);

trunk/Source/JavaScriptCore/jit/JITOpcodes.cpp

@@ -443 +443 @@
 }
 
+void JIT::emit_op_jundefined_or_null(const Instruction* currentInstruction)
+{
+    auto bytecode = currentInstruction->as<OpJundefinedOrNull>();
+    int value = bytecode.m_value.offset();
+    unsigned target = jumpTarget(currentInstruction, bytecode.m_targetLabel);
+
+    emitGetVirtualRegister(value, regT0);
+
+    and64(TrustedImm32(~TagBitUndefined), regT0);
+    addJump(branch64(Equal, regT0, TrustedImm64(JSValue::encode(jsNull()))), target);
+}
+
+void JIT::emit_op_jnundefined_or_null(const Instruction* currentInstruction)
+{
+    auto bytecode = currentInstruction->as<OpJnundefinedOrNull>();
+    int value = bytecode.m_value.offset();
+    unsigned target = jumpTarget(currentInstruction, bytecode.m_targetLabel);
+
+    emitGetVirtualRegister(value, regT0);
+
+    and64(TrustedImm32(~TagBitUndefined), regT0);
+    addJump(branch64(NotEqual, regT0, TrustedImm64(JSValue::encode(jsNull()))), target);
+}
+
 void JIT::emit_op_jneq_ptr(const Instruction* currentInstruction)
 {

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

@@ -450 +450 @@
 }
 
+void JIT::emit_op_jundefined_or_null(const Instruction* currentInstruction)
+{
+    auto bytecode = currentInstruction->as<OpJundefinedOrNull>();
+    int value = bytecode.m_value.offset();
+    unsigned target = jumpTarget(currentInstruction, bytecode.m_targetLabel);
+
+    emitLoadTag(value, regT0);
+    static_assert((JSValue::UndefinedTag + 1 == JSValue::NullTag) && (JSValue::NullTag & 0x1), "");
+    or32(TrustedImm32(1), regT0);
+    addJump(branchIfNull(regT0), target);
+}
+
+void JIT::emit_op_jnundefined_or_null(const Instruction* currentInstruction)
+{
+    auto bytecode = currentInstruction->as<OpJnundefinedOrNull>();
+    int value = bytecode.m_value.offset();
+    unsigned target = jumpTarget(currentInstruction, bytecode.m_targetLabel);
+
+    emitLoadTag(value, regT0);
+    static_assert((JSValue::UndefinedTag + 1 == JSValue::NullTag) && (JSValue::NullTag & 0x1), "");
+    or32(TrustedImm32(1), regT0);
+    addJump(branchIfNotNull(regT0), target);
+}
+
 void JIT::emit_op_jneq_ptr(const Instruction* currentInstruction)
 {

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

@@ -1677 +1677 @@
     macro (value, target) bineq value, NullTag, target end)
 
+macro undefinedOrNullJumpOp(opcodeName, opcodeStruct, fn)
+    llintOpWithJump(op_%opcodeName%, opcodeStruct, macro (size, get, jump, dispatch)
+        get(m_value, t1)
+        loadConstantOrVariableTag(size, t1, t0)
+        ori 1, t0
+        fn(t0, .target)
+        dispatch()
+
+    .target:
+        jump(m_targetLabel)
+    end)
+end
+
+undefinedOrNullJumpOp(jundefined_or_null, OpJundefinedOrNull,
+    macro (value, target) bieq value, NullTag, target end)
+
+undefinedOrNullJumpOp(jnundefined_or_null, OpJnundefinedOrNull,
+    macro (value, target) bineq value, NullTag, target end)
 
 llintOpWithMetadata(op_jneq_ptr, OpJneqPtr, macro (size, get, dispatch, metadata, return)

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -1770 +1770 @@
     macro (value, target) bqneq value, ValueNull, target end)
 
+macro undefinedOrNullJumpOp(opcodeName, opcodeStruct, fn)
+    llintOpWithJump(op_%opcodeName%, opcodeStruct, macro (size, get, jump, dispatch)
+        get(m_value, t1)
+        loadConstantOrVariable(size, t1, t0)
+        andq ~TagBitUndefined, t0
+        fn(t0, .target)
+        dispatch()
+
+    .target:
+        jump(m_targetLabel)
+    end)
+end
+
+undefinedOrNullJumpOp(jundefined_or_null, OpJundefinedOrNull,
+    macro (value, target) bqeq value, ValueNull, target end)
+
+undefinedOrNullJumpOp(jnundefined_or_null, OpJnundefinedOrNull,
+    macro (value, target) bqneq value, ValueNull, target end)
 
 llintOpWithMetadata(op_jneq_ptr, OpJneqPtr, macro (size, get, dispatch, metadata, return)