<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[192649] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/192649">192649</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2015-11-19 12:03:22 -0800 (Thu, 19 Nov 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>FTL->B3 lowering should support checked int math
https://bugs.webkit.org/show_bug.cgi?id=151451
Reviewed by Saam Barati.
Adds lowering of ArithAdd/Sub/Mul to CheckAdd/Sub/Mul. Includes a nice refactoring of the OSR exit
code that made this a lot easier. Also needed to implement a few other ops in FTL::Output.
I ended up renaming "check" to "speculate" in FTL::Output, because it already had a thing called
"check". The FTL terminology for side-exit is "speculate", so I think that this is appropriate.
* ftl/FTLB3Output.h:
(JSC::FTL::Output::sensibleDoubleToInt):
(JSC::FTL::Output::signExt):
(JSC::FTL::Output::zeroExt):
(JSC::FTL::Output::zeroExtPtr):
(JSC::FTL::Output::fpToInt):
(JSC::FTL::Output::fpToUInt):
(JSC::FTL::Output::unsignedToFP):
(JSC::FTL::Output::unsignedToDouble):
(JSC::FTL::Output::intCast):
(JSC::FTL::Output::castToInt32):
(JSC::FTL::Output::fpCast):
(JSC::FTL::Output::intToPtr):
(JSC::FTL::Output::ptrToInt):
(JSC::FTL::Output::unreachable):
(JSC::FTL::Output::speculate):
(JSC::FTL::Output::speculateAdd):
(JSC::FTL::Output::speculateSub):
(JSC::FTL::Output::speculateMul):
(JSC::FTL::Output::trap):
(JSC::FTL::Output::check): Deleted.
* ftl/FTLJITFinalizer.cpp:
(JSC::FTL::JITFinalizer::finalizeFunction):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
(JSC::FTL::DFG::LowerDFGToLLVM::compileArithMul):
(JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
(JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitArgumentsForPatchpointIfWillCatchException):
(JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
(JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
(JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
(JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLB3Outputh">trunk/Source/JavaScriptCore/ftl/FTLB3Output.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLJITFinalizercpp">trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (192648 => 192649)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-11-19 20:01:16 UTC (rev 192648)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-11-19 20:03:22 UTC (rev 192649)
</span><span class="lines">@@ -1,3 +1,49 @@
</span><ins>+2015-11-19 Filip Pizlo <fpizlo@apple.com>
+
+ FTL->B3 lowering should support checked int math
+ https://bugs.webkit.org/show_bug.cgi?id=151451
+
+ Reviewed by Saam Barati.
+
+ Adds lowering of ArithAdd/Sub/Mul to CheckAdd/Sub/Mul. Includes a nice refactoring of the OSR exit
+ code that made this a lot easier. Also needed to implement a few other ops in FTL::Output.
+
+ I ended up renaming "check" to "speculate" in FTL::Output, because it already had a thing called
+ "check". The FTL terminology for side-exit is "speculate", so I think that this is appropriate.
+
+ * ftl/FTLB3Output.h:
+ (JSC::FTL::Output::sensibleDoubleToInt):
+ (JSC::FTL::Output::signExt):
+ (JSC::FTL::Output::zeroExt):
+ (JSC::FTL::Output::zeroExtPtr):
+ (JSC::FTL::Output::fpToInt):
+ (JSC::FTL::Output::fpToUInt):
+ (JSC::FTL::Output::unsignedToFP):
+ (JSC::FTL::Output::unsignedToDouble):
+ (JSC::FTL::Output::intCast):
+ (JSC::FTL::Output::castToInt32):
+ (JSC::FTL::Output::fpCast):
+ (JSC::FTL::Output::intToPtr):
+ (JSC::FTL::Output::ptrToInt):
+ (JSC::FTL::Output::unreachable):
+ (JSC::FTL::Output::speculate):
+ (JSC::FTL::Output::speculateAdd):
+ (JSC::FTL::Output::speculateSub):
+ (JSC::FTL::Output::speculateMul):
+ (JSC::FTL::Output::trap):
+ (JSC::FTL::Output::check): Deleted.
+ * ftl/FTLJITFinalizer.cpp:
+ (JSC::FTL::JITFinalizer::finalizeFunction):
+ * ftl/FTLLowerDFGToLLVM.cpp:
+ (JSC::FTL::DFG::LowerDFGToLLVM::compileArithAddOrSub):
+ (JSC::FTL::DFG::LowerDFGToLLVM::compileArithMul):
+ (JSC::FTL::DFG::LowerDFGToLLVM::compileInvalidationPoint):
+ (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExitArgumentsForPatchpointIfWillCatchException):
+ (JSC::FTL::DFG::LowerDFGToLLVM::appendOSRExit):
+ (JSC::FTL::DFG::LowerDFGToLLVM::blessSpeculation):
+ (JSC::FTL::DFG::LowerDFGToLLVM::emitOSRExitCall):
+ (JSC::FTL::DFG::LowerDFGToLLVM::buildExitArguments):
+
</ins><span class="cx"> 2015-11-19 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> JIT snippet generator JumpLists should be returned as references.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLB3Outputh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLB3Output.h (192648 => 192649)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLB3Output.h 2015-11-19 20:01:16 UTC (rev 192648)
+++ trunk/Source/JavaScriptCore/ftl/FTLB3Output.h 2015-11-19 20:03:22 UTC (rev 192649)
</span><span class="lines">@@ -174,7 +174,7 @@
</span><span class="cx"> LValue sensibleDoubleToInt(LValue) { CRASH(); }
</span><span class="cx">
</span><span class="cx"> LValue signExt(LValue value, LType type) { CRASH(); }
</span><del>- LValue zeroExt(LValue value, LType type) { CRASH(); }
</del><ins>+ LValue zeroExt(LValue value, LType type) { return m_block->appendNew<B3::Value>(m_proc, B3::ZExt32, type, origin(), value); }
</ins><span class="cx"> LValue zeroExtPtr(LValue value) { CRASH(); }
</span><span class="cx"> LValue fpToInt(LValue value, LType type) { CRASH(); }
</span><span class="cx"> LValue fpToUInt(LValue value, LType type) { CRASH(); }
</span><span class="lines">@@ -185,7 +185,7 @@
</span><span class="cx"> LValue unsignedToFP(LValue value, LType type) { CRASH(); }
</span><span class="cx"> LValue unsignedToDouble(LValue value) { CRASH(); }
</span><span class="cx"> LValue intCast(LValue value, LType type) { CRASH(); }
</span><del>- LValue castToInt32(LValue value) { CRASH(); }
</del><ins>+ LValue castToInt32(LValue value) { return m_block->appendNew<B3::Value>(m_proc, B3::Trunc, origin(), value); }
</ins><span class="cx"> LValue fpCast(LValue value, LType type) { CRASH(); }
</span><span class="cx"> LValue intToPtr(LValue value, LType type) { CRASH(); }
</span><span class="cx"> LValue ptrToInt(LValue value, LType type) { CRASH(); }
</span><span class="lines">@@ -350,14 +350,40 @@
</span><span class="cx"> void unreachable() { m_block->appendNew<B3::ControlValue>(m_proc, B3::Oops, origin()); }
</span><span class="cx">
</span><span class="cx"> template<typename Functor>
</span><del>- void check(LValue value, const StackmapArgumentList& arguments, const Functor& functor)
</del><ins>+ void speculate(LValue value, const StackmapArgumentList& arguments, const Functor& functor)
</ins><span class="cx"> {
</span><del>- B3::CheckValue* check = m_block->appendNew<B3::CheckValue>(m_proc, B3::Check, origin(), value);
</del><ins>+ B3::CheckValue* check = speculate(value, arguments);
+ check->setGenerator(functor);
+ }
+
+ B3::CheckValue* speculate(LValue value, const StackmapArgumentList& arguments)
+ {
+ B3::CheckValue* check = speculate(value);
</ins><span class="cx"> for (LValue value : arguments)
</span><span class="cx"> check->append(B3::ConstrainedValue(value));
</span><del>- check->setGenerator(functor);
</del><ins>+ return check;
</ins><span class="cx"> }
</span><span class="cx">
</span><ins>+ B3::CheckValue* speculate(LValue value)
+ {
+ return m_block->appendNew<B3::CheckValue>(m_proc, B3::Check, origin(), value);
+ }
+
+ B3::CheckValue* speculateAdd(LValue left, LValue right)
+ {
+ return m_block->appendNew<B3::CheckValue>(m_proc, B3::CheckAdd, origin(), left, right);
+ }
+
+ B3::CheckValue* speculateSub(LValue left, LValue right)
+ {
+ return m_block->appendNew<B3::CheckValue>(m_proc, B3::CheckSub, origin(), left, right);
+ }
+
+ B3::CheckValue* speculateMul(LValue left, LValue right)
+ {
+ return m_block->appendNew<B3::CheckValue>(m_proc, B3::CheckMul, origin(), left, right);
+ }
+
</ins><span class="cx"> void trap() { CRASH(); }
</span><span class="cx">
</span><span class="cx"> ValueFromBlock anchor(LValue value)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLJITFinalizercpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp (192648 => 192649)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp 2015-11-19 20:01:16 UTC (rev 192648)
+++ trunk/Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp 2015-11-19 20:03:22 UTC (rev 192649)
</span><span class="lines">@@ -30,6 +30,7 @@
</span><span class="cx">
</span><span class="cx"> #include "CodeBlockWithJITType.h"
</span><span class="cx"> #include "DFGPlan.h"
</span><ins>+#include "FTLState.h"
</ins><span class="cx"> #include "FTLThunks.h"
</span><span class="cx"> #include "ProfilerDatabase.h"
</span><span class="cx">
</span><span class="lines">@@ -78,6 +79,8 @@
</span><span class="cx">
</span><span class="cx"> bool JITFinalizer::finalizeFunction()
</span><span class="cx"> {
</span><ins>+ bool dumpDisassembly = shouldDumpDisassembly() || Options::asyncDisassembly();
+
</ins><span class="cx"> #if FTL_USES_B3
</span><span class="cx"> for (OSRExitCompilationInfo& info : osrExit) {
</span><span class="cx"> b3CodeLinkBuffer->link(
</span><span class="lines">@@ -87,8 +90,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> jitCode->initializeB3Code(
</span><del>- FINALIZE_DFG_CODE(
- *b3CodeLinkBuffer,
</del><ins>+ FINALIZE_CODE_IF(
+ dumpDisassembly, *b3CodeLinkBuffer,
</ins><span class="cx"> ("FTL B3 code for %s", toCString(CodeBlockWithJITType(m_plan.codeBlock, JITCode::FTLJIT)).data())));
</span><span class="cx">
</span><span class="cx"> #else // FTL_USES_B3
</span><span class="lines">@@ -107,8 +110,8 @@
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> jitCode->initializeExitThunks(
</span><del>- FINALIZE_DFG_CODE(
- *exitThunksLinkBuffer,
</del><ins>+ FINALIZE_CODE_IF(
+ dumpDisassembly, *exitThunksLinkBuffer,
</ins><span class="cx"> ("FTL exit thunks for %s", toCString(CodeBlockWithJITType(m_plan.codeBlock, JITCode::FTLJIT)).data())));
</span><span class="cx"> } // else this function had no OSR exits, so no exit thunks.
</span><span class="cx">
</span><span class="lines">@@ -123,31 +126,31 @@
</span><span class="cx"> m_plan.vm.getCTIStub(lazySlowPathGenerationThunkGenerator).code()));
</span><span class="cx"> }
</span><span class="cx">
</span><del>- jitCode->addHandle(FINALIZE_DFG_CODE(
- *sideCodeLinkBuffer,
</del><ins>+ jitCode->addHandle(FINALIZE_CODE_IF(
+ dumpDisassembly, *sideCodeLinkBuffer,
</ins><span class="cx"> ("FTL side code for %s",
</span><span class="cx"> toCString(CodeBlockWithJITType(m_plan.codeBlock, JITCode::FTLJIT)).data()))
</span><span class="cx"> .executableMemory());
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (handleExceptionsLinkBuffer) {
</span><del>- jitCode->addHandle(FINALIZE_DFG_CODE(
- *handleExceptionsLinkBuffer,
</del><ins>+ jitCode->addHandle(FINALIZE_CODE_IF(
+ dumpDisassembly, *handleExceptionsLinkBuffer,
</ins><span class="cx"> ("FTL exception handler for %s",
</span><span class="cx"> toCString(CodeBlockWithJITType(m_plan.codeBlock, JITCode::FTLJIT)).data()))
</span><span class="cx"> .executableMemory());
</span><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> for (unsigned i = 0; i < outOfLineCodeInfos.size(); ++i) {
</span><del>- jitCode->addHandle(FINALIZE_DFG_CODE(
- *outOfLineCodeInfos[i].m_linkBuffer,
</del><ins>+ jitCode->addHandle(FINALIZE_CODE_IF(
+ dumpDisassembly, *outOfLineCodeInfos[i].m_linkBuffer,
</ins><span class="cx"> ("FTL out of line code for %s", outOfLineCodeInfos[i].m_codeDescription)).executableMemory());
</span><span class="cx"> }
</span><span class="cx"> #endif // FTL_USES_B3
</span><span class="cx">
</span><span class="cx"> jitCode->initializeArityCheckEntrypoint(
</span><del>- FINALIZE_DFG_CODE(
- *entrypointLinkBuffer,
</del><ins>+ FINALIZE_CODE_IF(
+ dumpDisassembly, *entrypointLinkBuffer,
</ins><span class="cx"> ("FTL entrypoint thunk for %s with LLVM generated code at %p", toCString(CodeBlockWithJITType(m_plan.codeBlock, JITCode::FTLJIT)).data(), function)));
</span><span class="cx">
</span><span class="cx"> m_plan.codeBlock->setJITCode(jitCode);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToLLVMcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp (192648 => 192649)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp 2015-11-19 20:01:16 UTC (rev 192648)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToLLVM.cpp 2015-11-19 20:03:22 UTC (rev 192649)
</span><span class="lines">@@ -1496,6 +1496,12 @@
</span><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+#if FTL_USES_B3
+ B3::CheckValue* result =
+ isSub ? m_out.speculateSub(left, right) : m_out.speculateAdd(left, right);
+ blessSpeculation(result, Overflow, noValue(), nullptr, m_origin);
+ setInt32(result);
+#else // FTL_USES_B3
</ins><span class="cx"> LValue result;
</span><span class="cx"> if (!isSub) {
</span><span class="cx"> result = m_out.addWithOverflow32(left, right);
</span><span class="lines">@@ -1530,6 +1536,7 @@
</span><span class="cx">
</span><span class="cx"> speculate(Overflow, noValue(), 0, m_out.extractValue(result, 1));
</span><span class="cx"> setInt32(m_out.extractValue(result, 0));
</span><ins>+#endif // FTL_USES_B3
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1542,9 +1549,15 @@
</span><span class="cx"> setInt52(isSub ? m_out.sub(left, right) : m_out.add(left, right), kind);
</span><span class="cx"> break;
</span><span class="cx"> }
</span><del>-
</del><ins>+
</ins><span class="cx"> LValue left = lowInt52(m_node->child1());
</span><span class="cx"> LValue right = lowInt52(m_node->child2());
</span><ins>+#if FTL_USES_B3
+ B3::CheckValue* result =
+ isSub ? m_out.speculateSub(left, right) : m_out.speculateAdd(left, right);
+ blessSpeculation(result, Overflow, noValue(), nullptr, m_origin);
+ setInt52(result);
+#else // FTL_USES_B3
</ins><span class="cx">
</span><span class="cx"> LValue result;
</span><span class="cx"> if (!isSub) {
</span><span class="lines">@@ -1580,6 +1593,7 @@
</span><span class="cx">
</span><span class="cx"> speculate(Int52Overflow, noValue(), 0, m_out.extractValue(result, 1));
</span><span class="cx"> setInt52(m_out.extractValue(result, 0));
</span><ins>+#endif // FTL_USES_B3
</ins><span class="cx"> break;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1656,9 +1670,15 @@
</span><span class="cx"> if (!shouldCheckOverflow(m_node->arithMode()))
</span><span class="cx"> result = m_out.mul(left, right);
</span><span class="cx"> else {
</span><ins>+#if FTL_USES_B3
+ B3::CheckValue* speculation = m_out.speculateMul(left, right);
+ blessSpeculation(speculation, Overflow, noValue(), nullptr, m_origin);
+ result = speculation;
+#else // FTL_USES_B3
</ins><span class="cx"> LValue overflowResult = m_out.mulWithOverflow32(left, right);
</span><span class="cx"> speculate(Overflow, noValue(), 0, m_out.extractValue(overflowResult, 1));
</span><span class="cx"> result = m_out.extractValue(overflowResult, 0);
</span><ins>+#endif // FTL_USES_B3
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if (shouldCheckNegativeZero(m_node->arithMode())) {
</span><span class="lines">@@ -1684,9 +1704,14 @@
</span><span class="cx"> LValue left = lowWhicheverInt52(m_node->child1(), kind);
</span><span class="cx"> LValue right = lowInt52(m_node->child2(), opposite(kind));
</span><span class="cx">
</span><ins>+#if FTL_USES_B3
+ B3::CheckValue* result = m_out.speculateMul(left, right);
+ blessSpeculation(result, Overflow, noValue(), nullptr, m_origin);
+#else // FTL_USES_B3
</ins><span class="cx"> LValue overflowResult = m_out.mulWithOverflow64(left, right);
</span><span class="cx"> speculate(Int52Overflow, noValue(), 0, m_out.extractValue(overflowResult, 1));
</span><span class="cx"> LValue result = m_out.extractValue(overflowResult, 0);
</span><ins>+#endif // FTL_USES_B3
</ins><span class="cx">
</span><span class="cx"> if (shouldCheckNegativeZero(m_node->arithMode())) {
</span><span class="cx"> LBasicBlock slowCase = FTL_NEW_BLOCK(m_out, ("ArithMul slow case"));
</span><span class="lines">@@ -5153,9 +5178,8 @@
</span><span class="cx">
</span><span class="cx"> OSRExitDescriptor& exitDescriptor = m_ftlState.jitCode->osrExitDescriptors.last();
</span><span class="cx">
</span><del>- StackmapArgumentList arguments;
-
- buildExitArguments(exitDescriptor, arguments, FormattedValue(), exitDescriptor.m_codeOrigin);
</del><ins>+ StackmapArgumentList arguments =
+ buildExitArguments(exitDescriptor, FormattedValue(), exitDescriptor.m_codeOrigin);
</ins><span class="cx"> callStackmap(exitDescriptor, arguments);
</span><span class="cx">
</span><span class="cx"> exitDescriptor.m_isInvalidationPoint = true;
</span><span class="lines">@@ -8981,8 +9005,8 @@
</span><span class="cx"> exitDescriptor.m_baselineExceptionHandler = *exceptionHandler;
</span><span class="cx"> exitDescriptor.m_stackmapID = m_stackmapIDs - 1;
</span><span class="cx">
</span><del>- StackmapArgumentList freshList;
- buildExitArguments(exitDescriptor, freshList, noValue(), exitDescriptor.m_codeOrigin, offsetOfExitArguments);
</del><ins>+ StackmapArgumentList freshList =
+ buildExitArguments(exitDescriptor, noValue(), exitDescriptor.m_codeOrigin, offsetOfExitArguments);
</ins><span class="cx"> arguments.appendVector(freshList);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -9046,22 +9070,13 @@
</span><span class="cx"> if (failCondition == m_out.booleanFalse)
</span><span class="cx"> return;
</span><span class="cx">
</span><ins>+#if FTL_USES_B3
+ blessSpeculation(
+ m_out.speculate(failCondition), kind, lowValue, highValue, origin, isExceptionHandler);
+#else // FTL_USES_B3
</ins><span class="cx"> appendOSRExitDescriptor(kind, isExceptionHandler ? ExceptionType::CCallException : ExceptionType::None, lowValue, highValue, origin);
</span><span class="cx"> OSRExitDescriptor& exitDescriptor = m_ftlState.jitCode->osrExitDescriptors.last();
</span><span class="cx">
</span><del>-#if FTL_USES_B3
- StackmapArgumentList arguments;
-
- CodeOrigin codeOrigin = exitDescriptor.m_codeOrigin;
-
- buildExitArguments(exitDescriptor, arguments, lowValue, codeOrigin);
-
- m_out.check(
- failCondition, arguments,
- [&] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
- jit.oops();
- });
-#else // FTL_USES_B3
</del><span class="cx"> if (failCondition == m_out.booleanTrue) {
</span><span class="cx"> emitOSRExitCall(exitDescriptor, lowValue);
</span><span class="cx"> return;
</span><span class="lines">@@ -9085,6 +9100,22 @@
</span><span class="cx"> #endif // FTL_USES_B3
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+#if FTL_USES_B3
+ void blessSpeculation(B3::StackmapValue* value, ExitKind kind, FormattedValue lowValue, Node* highValue, NodeOrigin origin, bool isExceptionHandler = false)
+ {
+ appendOSRExitDescriptor(kind, isExceptionHandler ? ExceptionType::CCallException : ExceptionType::None, lowValue, highValue, origin);
+ OSRExitDescriptor& exitDescriptor = m_ftlState.jitCode->osrExitDescriptors.last();
+ CodeOrigin codeOrigin = exitDescriptor.m_codeOrigin;
+ StackmapArgumentList arguments = buildExitArguments(exitDescriptor, lowValue, codeOrigin);
+ for (LValue child : arguments)
+ value->append(child);
+ value->setGenerator(
+ [&] (CCallHelpers& jit, const B3::StackmapGenerationParams&) {
+ jit.oops();
+ });
+ }
+#endif
+
</ins><span class="cx"> #if !FTL_USES_B3
</span><span class="cx"> void emitOSRExitCall(OSRExitDescriptor& exitDescriptor, FormattedValue lowValue)
</span><span class="cx"> {
</span><span class="lines">@@ -9097,6 +9128,16 @@
</span><span class="cx"> callStackmap(exitDescriptor, arguments);
</span><span class="cx"> }
</span><span class="cx"> #endif
</span><ins>+
+ StackmapArgumentList buildExitArguments(
+ OSRExitDescriptor& exitDescriptor, FormattedValue lowValue, CodeOrigin codeOrigin,
+ unsigned offsetOfExitArgumentsInStackmapLocations = 0)
+ {
+ StackmapArgumentList result;
+ buildExitArguments(
+ exitDescriptor, result, lowValue, codeOrigin, offsetOfExitArgumentsInStackmapLocations);
+ return result;
+ }
</ins><span class="cx">
</span><span class="cx"> void buildExitArguments(
</span><span class="cx"> OSRExitDescriptor& exitDescriptor, StackmapArgumentList& arguments, FormattedValue lowValue,
</span></span></pre>
</div>
</div>
</body>
</html>