Closed
Bug 578290
Opened 15 years ago
Closed 15 years ago
nanojit: fold constant 64-bit integer expressions
Categories
(Core Graveyard :: Nanojit, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: n.nethercote, Assigned: n.nethercote)
References
Details
(Whiteboard: fixed-in-nanojit, fixed-in-tracemonkey, fixed-in-tamarin)
Attachments
(1 file, 1 obsolete file)
|
5.77 KB,
patch
|
stejohns
:
review+
|
Details | Diff | Splinter Review |
ExprFilter::ins2() folds 32-bit integer and 64-bit float expressions. We should do likewise for 64-bit integer expressions.
|
Assignee | |
Comment 1•15 years ago
|
||
Pretty straightforward!
Attachment #457021 -
Flags: review?(stejohns)
|
|
Assignee | |
Comment 2•15 years ago
|
||
This can't land until bug 578292 is fixed because it will break TM, causing lots of "constantly false branch detected" assertions.
Depends on: 578292
|
|
||
Comment 3•15 years ago
|
||
Comment on attachment 457021 [details] [diff] [review]
patch
The folding for 32-bit could be done by promoting to int64_t rather than double -- but I doubt it matters on any hardware we're likely to encounter. (Might even be slower on x86-32 systems?)
The folding for LIR_addq and LIR_subq is suboptimal, since a double will hold only 53 bits worth of integer, so we could miss folding opportunities for very large values. Probably obscure enough to leave as-is, but we could preflight to get the whole range; to crib the approach from SafeInt, we would have something like
const int64_t MIN_INT64 = int64_t(0x8000000000000000LL);
const int64_t MAX_INT64 = int64_t(0x7FFFFFFFFFFFFFFFLL);
...
case LIR_addq:
if ((c1 ^ c2) < 0)
{
// Overflow only possible if both values are positive, or both negative
if (c2 < 0)
{
// Both negative
if (c1 < MIN_INT64 - c2)
break;
}
else
{
// Both positive
if (MAX_INT64 - c1 < c2)
break;
}
}
return insImmQ(c1 + c2);
case LIR_subq:
if ((c1 ^ c2) < 0)
{
// Overflow only possible if both values are positive, or both negative
if (c2 < 0)
{
// Both negative
if (c1 < MIN_INT64 + c2)
break;
}
else
{
// Both positive
if (c1 > MAX_INT64 + c2)
break;
}
}
return insImmQ(c1 - c2);
Attachment #457021 -
Flags: review?(stejohns) → review+
|
|
Assignee | |
Comment 4•15 years ago
|
||
Good catch on the 53-bit limit. 64-bit add/sub will almost certainly never overflow in practice because they're only used for pointers -- where we're likely to be adding/subbing a pointer and a small constant -- but we wouldn't want to miss cases where the pointer is near the end of the address space.
I reworked your code. For subq overflow can only happen if one operand is positive and one negative. And I replaced the xor tests with simpler comparisons. And I added some comments that help make it clear that the reasoning is valid.
Attachment #457021 -
Attachment is obsolete: true
Attachment #457134 -
Flags: review?(stejohns)
|
|
||
Comment 5•15 years ago
|
||
Comment on attachment 457134 [details] [diff] [review]
patch, v2
Sweet -- yeah, my code was untested (obviously, since the subq case was wrong); yours looks more plausible.
Attachment #457134 -
Flags: review?(stejohns) → review+
|
|
Assignee | |
Comment 6•15 years ago
|
||
Whiteboard: fixed-in-nanojit
|
|
Assignee | |
Comment 7•15 years ago
|
||
Whiteboard: fixed-in-nanojit → fixed-in-nanojit, fixed-in-tracemonkey
|
||
Comment 8•15 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
||
Comment 9•15 years ago
|
||
Whiteboard: fixed-in-nanojit, fixed-in-tracemonkey → fixed-in-nanojit, fixed-in-tracemonkey, fixed-in-tamarin
|
||
Updated•11 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•