Bug 210892

Summary: [JSC] DFG compare should speculate BigInt well
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, keith_miller, mark.lam, msaboff, saam, tzagallo, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch
none
Patch saam: review+

Yusuke Suzuki
Reported 2020-04-22 19:28:09 PDT
We are emitting DoubleRep(BigInt32) in FixupPhase and exiting.
Attachments
Patch (11.88 KB, patch)
2020-04-22 20:06 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (31.81 KB, patch)
2020-04-22 23:25 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (32.47 KB, patch)
2020-04-23 10:25 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (35.86 KB, patch)
2020-04-23 14:47 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (64.71 KB, patch)
2020-04-24 00:47 PDT, Yusuke Suzuki 		saam: review+
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2020-04-22 20:06:06 PDT
Created attachment 397308 [details] Patch
Yusuke Suzuki
Comment 2 2020-04-22 23:25:23 PDT
Created attachment 397323 [details] Patch WIP
Yusuke Suzuki
Comment 3 2020-04-23 10:25:21 PDT
Created attachment 397357 [details] Patch
Yusuke Suzuki
Comment 4 2020-04-23 14:47:33 PDT
Created attachment 397387 [details] Patch WIP
Yusuke Suzuki
Comment 5 2020-04-24 00:47:43 PDT
Created attachment 397433 [details] Patch
Saam Barati
Comment 6 2020-04-24 11:30:56 PDT
Comment on attachment 397433 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=397433&action=review nice. r=me > Source/JavaScriptCore/runtime/JSBigInt.cpp:2033 > + return ComparisonResult::LessThan; nit: I know this is proven given all other things, but maybe before this, add an "ASSERT(!ySign);" > Source/JavaScriptCore/runtime/JSBigInt.h:293 > +ALWAYS_INLINE JSBigInt::ComparisonResult swapBigIntCompareResult(JSBigInt::ComparisonResult comparisonResult) name nit: swap => invert > Source/JavaScriptCore/runtime/JSBigInt.h:301 > + default: > + return comparisonResult; nit: can we define all cases here, just so we get a compile error in the future? > Source/JavaScriptCore/runtime/Operations.h:314 > + JSValue bigIntValue = JSBigInt::stringToBigInt(globalObject, asString(primValue)->value(globalObject)); don't we need an exception check after ->value() on string?
Yusuke Suzuki
Comment 7 2020-04-24 12:09:24 PDT
Comment on attachment 397433 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=397433&action=review >> Source/JavaScriptCore/runtime/JSBigInt.cpp:2033 >> + return ComparisonResult::LessThan; > > nit: I know this is proven given all other things, but maybe before this, add an > "ASSERT(!ySign);" Sounds nice. Added. >> Source/JavaScriptCore/runtime/JSBigInt.h:293 >> +ALWAYS_INLINE JSBigInt::ComparisonResult swapBigIntCompareResult(JSBigInt::ComparisonResult comparisonResult) > > name nit: > swap => invert Fixed. >> Source/JavaScriptCore/runtime/JSBigInt.h:301 >> + return comparisonResult; > > nit: > > can we define all cases here, just so we get a compile error in the future? Sounds good. Fixed.
Yusuke Suzuki
Comment 8 2020-04-24 12:19:28 PDT
Committed r260660: <https://trac.webkit.org/changeset/260660>
Radar WebKit Bug Importer
Comment 9 2020-04-24 12:20:19 PDT
<rdar://problem/62330722>
Yusuke Suzuki
Comment 10 2020-04-24 13:11:13 PDT
Committed r260664: <https://trac.webkit.org/changeset/260664>
Note You need to log in before you can comment on or make changes to this bug.