RESOLVED FIXED 151746
Polymorphic operand types for DFG and FTL mul. 
https://bugs.webkit.org/show_bug.cgi?id=151746
Summary Polymorphic operand types for DFG and FTL mul.
Mark Lam
Reported 2015-12-02 09:03:09 PST
Patch coming.
Attachments
proposed patch. (29.98 KB, patch)
2015-12-02 17:18 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
x86_64 benchmark result. (65.28 KB, text/plain)
2015-12-02 17:21 PST, Mark Lam 		no flags
Details
x86 benchmark result. (64.13 KB, text/plain)
2015-12-02 17:21 PST, Mark Lam 		no flags
Details
x86_64 benchmark result without FTL. (64.80 KB, text/plain)
2015-12-02 17:22 PST, Mark Lam 		no flags
Details
patch 2: fixed a value in the test, and a bit more clean up in the DFG mul code. (30.56 KB, patch)
2015-12-02 20:51 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
patch 3: a bit more code clean up in the FTL code. (30.55 KB, patch)
2015-12-02 21:02 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
patch 4: update one more test value in op_mul.js. (30.77 KB, patch)
2015-12-02 21:16 PST, Mark Lam 		fpizlo: review+
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2015-12-02 09:04:57 PST
<rdar://problem/23725093>
Mark Lam
Comment 2 2015-12-02 12:53:10 PST
*** Bug 151748 has been marked as a duplicate of this bug. ***
Mark Lam
Comment 3 2015-12-02 17:18:32 PST
Created attachment 266484 [details] proposed patch.
WebKit Commit Bot
Comment 4 2015-12-02 17:19:56 PST
Attachment 266484 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ftl/FTLInlineCacheDescriptorInlines.h:40: Wrong number of spaces before statement. (expected: 8) [whitespace/indent] [4] ERROR: Source/JavaScriptCore/ftl/FTLInlineCacheDescriptorInlines.h:40: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] Total errors found: 2 in 21 files If any of these errors are false positives, please file a bug against check-webkit-style.
Mark Lam
Comment 5 2015-12-02 17:21:25 PST
Created attachment 266485 [details] x86_64 benchmark result.
Mark Lam
Comment 6 2015-12-02 17:21:48 PST
Created attachment 266486 [details] x86 benchmark result.
Mark Lam
Comment 7 2015-12-02 17:22:12 PST
Created attachment 266487 [details] x86_64 benchmark result without FTL.
Mark Lam
Comment 8 2015-12-02 17:23:30 PST
Benchmark results are neutral. The newly added ftp-object-mul.js test shows the benefit of being able to stay in the DFG and FTL compiled function instead of OSR exiting back to the baseline JIT. This patch has passed the layout tests and JSC tests.
Mark Lam
Comment 9 2015-12-02 20:51:36 PST
Created attachment 266507 [details] patch 2: fixed a value in the test, and a bit more clean up in the DFG mul code.
WebKit Commit Bot
Comment 10 2015-12-02 20:54:22 PST
Attachment 266507 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ftl/FTLInlineCacheDescriptorInlines.h:40: Wrong number of spaces before statement. (expected: 8) [whitespace/indent] [4] ERROR: Source/JavaScriptCore/ftl/FTLInlineCacheDescriptorInlines.h:40: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] Total errors found: 2 in 22 files If any of these errors are false positives, please file a bug against check-webkit-style.
Mark Lam
Comment 11 2015-12-02 21:02:24 PST
Created attachment 266508 [details] patch 3: a bit more code clean up in the FTL code.
WebKit Commit Bot
Comment 12 2015-12-02 21:05:06 PST
Attachment 266508 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ftl/FTLInlineCacheDescriptorInlines.h:40: Wrong number of spaces before statement. (expected: 8) [whitespace/indent] [4] ERROR: Source/JavaScriptCore/ftl/FTLInlineCacheDescriptorInlines.h:40: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] Total errors found: 2 in 22 files If any of these errors are false positives, please file a bug against check-webkit-style.
Mark Lam
Comment 13 2015-12-02 21:16:26 PST
Created attachment 266510 [details] patch 4: update one more test value in op_mul.js.
WebKit Commit Bot
Comment 14 2015-12-02 21:18:30 PST
Attachment 266510 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ftl/FTLInlineCacheDescriptorInlines.h:40: Wrong number of spaces before statement. (expected: 8) [whitespace/indent] [4] ERROR: Source/JavaScriptCore/ftl/FTLInlineCacheDescriptorInlines.h:40: Comma should be at the beginning of the line in a member initialization list. [whitespace/init] [4] Total errors found: 2 in 22 files If any of these errors are false positives, please file a bug against check-webkit-style.
Filip Pizlo
Comment 15 2015-12-02 21:26:16 PST
Comment on attachment 266510 [details] patch 4: update one more test value in op_mul.js. View in context: https://bugs.webkit.org/attachment.cgi?id=266510&action=review > Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:346 > + changed |= mergePrediction(SpecInt32 | SpecBytecodeDouble); Do you have a bug for improving this? I think that this can easily create performance pathologies, since it will cause all downstream math operations on this value to coerce it to double.
Filip Pizlo
Comment 16 2015-12-02 21:27:51 PST
Comment on attachment 266510 [details] patch 4: update one more test value in op_mul.js. View in context: https://bugs.webkit.org/attachment.cgi?id=266510&action=review > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3449 > + auto& leftChild = node->child1(); I think it's more clear to say Edge instead of auto.
Mark Lam
Comment 17 2015-12-02 21:54:28 PST
Thanks for the review. > > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:3449 > > + auto& leftChild = node->child1(); > > I think it's more clear to say Edge instead of auto. I've changed all auto& of type Edge& in my patch to explicitly say Edge& instead. > > Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:346 > > + changed |= mergePrediction(SpecInt32 | SpecBytecodeDouble); > > Do you have a bug for improving this? I think that this can easily create > performance pathologies, since it will cause all downstream math operations > on this value to coerce it to double. I just filed https://bugs.webkit.org/show_bug.cgi?id=151793 to track this. My thinking on this is that this coercion is supposed to only happen if we encounter polymorphic types, which is supposedly rare. Hence, the impact of this coercion should be similarly rare. But we can investigate this some more later. So far, the benchmarks don't seem to be affected by it (as expected). Landed in r192993: <http://trac.webkit.org/r192993>.
Note You need to log in before you can comment on or make changes to this bug.