Bug 186177

Summary: [BigInt] Add support to BigInt into ValueAdd
Product: WebKit Reporter: Caio Lima <ticaiolima>
Component: JavaScriptCoreAssignee: Caio Lima <ticaiolima>
Status: RESOLVED FIXED    
Severity: Normal CC: caitp, cdumez, commit-queue, dominik.infuehr, ews-watchlist, guijemont, keith_miller, littledan, mark.lam, msaboff, rniwa, saam, webkit-bug-importer, xan.lopez, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 186173, 186176    
Attachments:
Description Flags
WIP - RFC Patch
none
WIP - RFC Patch
none
Patch
none
Benchmarks
none
Patch
none
Patch
none
Patch
none
Benchmarks
none
Patch none

Caio Lima
Reported 2018-05-31 19:12:25 PDT
...
Attachments
WIP - RFC Patch (17.46 KB, patch)
2018-10-02 10:57 PDT, Caio Lima 		no flags
DetailsFormatted DiffDiff
WIP - RFC Patch (18.56 KB, patch)
2018-10-06 06:07 PDT, Caio Lima 		no flags
DetailsFormatted DiffDiff
Patch (18.02 KB, patch)
2018-10-09 13:49 PDT, Caio Lima 		no flags
DetailsFormatted DiffDiff
Benchmarks (93.84 KB, text/plain)
2018-10-09 15:48 PDT, Caio Lima 		no flags
Details
Patch (31.43 KB, patch)
2018-10-17 14:23 PDT, Caio Lima 		no flags
DetailsFormatted DiffDiff
Patch (31.66 KB, patch)
2018-10-17 15:01 PDT, Caio Lima 		no flags
DetailsFormatted DiffDiff
Patch (40.95 KB, patch)
2018-10-21 09:16 PDT, Caio Lima 		no flags
DetailsFormatted DiffDiff
Benchmarks (95.55 KB, text/plain)
2018-10-21 11:58 PDT, Caio Lima 		no flags
Details
Patch (41.06 KB, patch)
2018-11-01 10:47 PDT, Caio Lima 		no flags
DetailsFormatted DiffDiff
Show Obsolete (7) View All Add attachment proposed patch, testcase, etc.
Caio Lima
Comment 1 2018-10-02 10:57:04 PDT
Created attachment 351418 [details] WIP - RFC Patch
Caio Lima
Comment 2 2018-10-02 10:58:02 PDT
Comment on attachment 351418 [details] WIP - RFC Patch Patch not ready yet.
Caio Lima
Comment 3 2018-10-02 11:01:01 PDT
@dinfuehr, @caitp, @xan and @guijemont could you take a look in this Patch before sending to review?
Caio Lima
Comment 4 2018-10-06 06:07:39 PDT
Created attachment 351721 [details] WIP - RFC Patch
Caio Lima
Comment 5 2018-10-09 13:49:13 PDT
Created attachment 351908 [details] Patch
Caio Lima
Comment 6 2018-10-09 15:48:15 PDT
Created attachment 351921 [details] Benchmarks These changes are perf neutral.
Caio Lima
Comment 7 2018-10-12 08:44:23 PDT
Ping Review
Caio Lima
Comment 8 2018-10-15 09:24:08 PDT
Ping Review
Caio Lima
Comment 9 2018-10-17 04:53:36 PDT
Ping Review
Yusuke Suzuki
Comment 10 2018-10-17 05:48:01 PDT
Comment on attachment 351908 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=351908&action=review I think our ArithProfile for `+` needs additional changes. > Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:594 > + ASSERT(node->binaryUseKind() == UntypedUse || node->binaryUseKind() == BigIntUse); Use DFG_ASSERT instead. > Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:203 > changed |= mergePrediction(SpecInt32Only); > if (node->mayHaveDoubleResult()) > changed |= mergePrediction(SpecBytecodeDouble); Let's consider the polymorphic `+` site. It takes Number and BigInt. It can be like, `function add(a, b) { return a + b; }` and it is used in various places as a callback. Some functions pass Number, and some pass BigInt. In this case, ArithProfile says "Result includes non number". And this prediction says "String | Number". But it is not correct in this case. It should say "Number | BigInt". So, at least for `+`, I think ArithProfile needs to record additional result type information.
Caio Lima
Comment 11 2018-10-17 06:21:37 PDT
Comment on attachment 351908 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=351908&action=review Thx for the review! >> Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:203 >> changed |= mergePrediction(SpecBytecodeDouble); > > Let's consider the polymorphic `+` site. It takes Number and BigInt. It can be like, `function add(a, b) { return a + b; }` and it is used in various places as a callback. Some functions pass Number, and some pass BigInt. > In this case, ArithProfile says "Result includes non number". And this prediction says "String | Number". But it is not correct in this case. It should say "Number | BigInt". > So, at least for `+`, I think ArithProfile needs to record additional result type information. Oops. Sorry I missed that. Nice Catch.
Caio Lima
Comment 12 2018-10-17 14:23:25 PDT
Created attachment 352640 [details] Patch
Caio Lima
Comment 13 2018-10-17 15:01:12 PDT
Created attachment 352648 [details] Patch
EWS Watchlist
Comment 14 2018-10-17 18:22:22 PDT
Comment on attachment 352648 [details] Patch Attachment 352648 [details] did not pass jsc-ews (mac): Output: https://webkit-queues.webkit.org/results/9645190 New failing tests: stress/big-int-negate-jit.js.big-int-enabled apiTests
Yusuke Suzuki
Comment 15 2018-10-18 06:38:39 PDT
Comment on attachment 352648 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=352648&action=review Looks nice. But since I have found several issues, I would like to have another round of review. > Source/JavaScriptCore/bytecode/ArithProfile.cpp:41 > CCallHelpers::Jump isInt32 = jit.branchIfInt32(regs, mode); `done.append(jit.branchIfInt32(regs, mode))` seems simple. > Source/JavaScriptCore/bytecode/ArithProfile.cpp:47 > + CCallHelpers::Jump notBigInt = jit.branchIfNotBigInt(regs.payloadGPR()); It assumes the regs are JSCell, but it seems flaky. Putting branchIfNotCell before this is better. At that time, please pass `mode` to branchIfNotCell since we may not have tag register. > Source/JavaScriptCore/bytecode/ArithProfile.h:274 > void emitSetNonNumber(CCallHelpers&) const; I think renaming this term "NonNumber" in ArithProfile, DFG::Node flags etc. to "NonNumeric" is better since Numeric can include BigInt. > Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:926 > + node->mergeFlags(NodeMayHaveBigIntResult); I think ValueNegate and ArithNegate needs this flag too. > Source/JavaScriptCore/dfg/DFGNodeFlags.h:75 > +#define NodeMayHaveBigIntResult 0x100000 I think this flag should not be sparse: this should be cooperating with the other flags like NodeMayHaveNonNumberResult, NodeMayHaveDoubleResult etc. The value of this flag should be close to NodeMayHaveNonNumberResult. And NodeMayHaveNonIntResult should be updated since BigInt is NonInt result. > Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:274 > // FIXME: We should add support to BigInt into speculatio > // https://bugs.webkit.org/show_bug.cgi?id=182470 This can be removed.
Caio Lima
Comment 16 2018-10-21 09:16:09 PDT
Created attachment 352873 [details] Patch
Caio Lima
Comment 17 2018-10-21 09:19:52 PDT
Comment on attachment 352648 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=352648&action=review Thx for the review! >> Source/JavaScriptCore/bytecode/ArithProfile.cpp:47 >> + CCallHelpers::Jump notBigInt = jit.branchIfNotBigInt(regs.payloadGPR()); > > It assumes the regs are JSCell, but it seems flaky. Putting branchIfNotCell before this is better. > At that time, please pass `mode` to branchIfNotCell since we may not have tag register. Done. BTW, I'm trying to create a test for such case, but I'm stuck to find a case where this code is emitted. Do you know when we emit such code? I tried OSR code generated due BadType and Overflow and neither one triggers the generation of this code. >> Source/JavaScriptCore/bytecode/ArithProfile.h:274 >> void emitSetNonNumber(CCallHelpers&) const; > > I think renaming this term "NonNumber" in ArithProfile, DFG::Node flags etc. to "NonNumeric" is better since Numeric can include BigInt. I agree. Done. >> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:926 >> + node->mergeFlags(NodeMayHaveBigIntResult); > > I think ValueNegate and ArithNegate needs this flag too. Done. >> Source/JavaScriptCore/dfg/DFGNodeFlags.h:75 >> +#define NodeMayHaveBigIntResult 0x100000 > > I think this flag should not be sparse: this should be cooperating with the other flags like NodeMayHaveNonNumberResult, NodeMayHaveDoubleResult etc. > The value of this flag should be close to NodeMayHaveNonNumberResult. And NodeMayHaveNonIntResult should be updated since BigInt is NonInt result. Makes sense. I updated it.
Caio Lima
Comment 18 2018-10-21 11:58:36 PDT
Created attachment 352874 [details] Benchmarks The performance is perf neutral according to results.
Caio Lima
Comment 19 2018-11-01 10:47:59 PDT
Created attachment 353619 [details] Patch
Keith Miller
Comment 20 2018-11-07 12:26:02 PST
Comment on attachment 353619 [details] Patch r=me.
Caio Lima
Comment 21 2018-11-07 17:34:49 PST
@Yusuke and @Keith thank you very much for the review!
WebKit Commit Bot
Comment 22 2018-11-07 17:47:34 PST
Comment on attachment 353619 [details] Patch Clearing flags on attachment: 353619 Committed r237972: <https://trac.webkit.org/changeset/237972>
WebKit Commit Bot
Comment 23 2018-11-07 17:47:36 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 24 2018-11-07 17:48:21 PST
<rdar://problem/45896441>
Note You need to log in before you can comment on or make changes to this bug.