Changeset 277929 in webkit

Timestamp:

May 22, 2021, 11:23:48 PM (4 years ago)

Author:

mark.lam@apple.com

Message:

Use singleton thunks for virtual calls.
​https://bugs.webkit.org/show_bug.cgi?id=226149
rdar://problem/78357604

Reviewed by Yusuke Suzuki.

Change virtualThunkFor() to return 1 of 6 possible singleton thunks.
These thunks are cached via vm.jitStubs->ctiStubs().

This change saves us ~16M of executable JIT memory (for the unique thunks) on a
single run of Speedometer2. On an M1 Mac, switching to singleton thunks here also
appears to be a 1.012x speed up on Speedometer2. Performance is neutral on
JetStream2.

• jit/JITThunks.cpp:

(JSC::JITThunks::ctiInternalFunctionCall):
(JSC::JITThunks::ctiInternalFunctionConstruct):

• jit/JITThunks.h:
• jit/ThunkGenerators.cpp:

(JSC::virtualThunkFor):
(JSC::virtualThunkForRegularCall):
(JSC::virtualThunkForRegularConstruct):
(JSC::virtualThunkForTailCall):
(JSC::virtualThunkForTailConstruct):
(JSC::virtualThunkForConstructCall):
(JSC::virtualThunkForConstructConstruct):

• runtime/VM.cpp:

(JSC::VM::getCTIInternalFunctionTrampolineFor):

• runtime/VM.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• jit/JITThunks.cpp (modified) (1 diff)
• jit/JITThunks.h (modified) (1 diff)
• jit/ThunkGenerators.cpp (modified) (7 diffs)
• runtime/VM.cpp (modified) (1 diff)
• runtime/VM.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2021-05-22  Mark Lam  <mark.lam@apple.com>
+
+        Use singleton thunks for virtual calls.
+        https://bugs.webkit.org/show_bug.cgi?id=226149
+        rdar://problem/78357604
+
+        Reviewed by Yusuke Suzuki.
+
+        Change virtualThunkFor() to return 1 of 6 possible singleton thunks.
+        These thunks are cached via vm.jitStubs->ctiStubs().
+
+        This change saves us ~16M of executable JIT memory (for the unique thunks) on a
+        single run of Speedometer2.  On an M1 Mac, switching to singleton thunks here also
+        appears to be a 1.012x speed up on Speedometer2.  Performance is neutral on
+        JetStream2.
+
+        * jit/JITThunks.cpp:
+        (JSC::JITThunks::ctiInternalFunctionCall):
+        (JSC::JITThunks::ctiInternalFunctionConstruct):
+        * jit/JITThunks.h:
+        * jit/ThunkGenerators.cpp:
+        (JSC::virtualThunkFor):
+        (JSC::virtualThunkForRegularCall):
+        (JSC::virtualThunkForRegularConstruct):
+        (JSC::virtualThunkForTailCall):
+        (JSC::virtualThunkForTailConstruct):
+        (JSC::virtualThunkForConstructCall):
+        (JSC::virtualThunkForConstructConstruct):
+        * runtime/VM.cpp:
+        (JSC::VM::getCTIInternalFunctionTrampolineFor):
+        * runtime/VM.h:
+
 2021-05-22  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/jit/JITThunks.cpp

@@ -118 +118 @@
 }
 
-MacroAssemblerCodePtr<JITThunkPtrTag> JITThunks::ctiInternalFunctionCall(VM& vm)
-{
-    ASSERT(Options::useJIT());
+MacroAssemblerCodePtr<JITThunkPtrTag> JITThunks::ctiInternalFunctionCall(VM& vm, Optional<NoLockingNecessaryTag> noLockingNecessary)
+{
+    ASSERT(Options::useJIT());
+    if (noLockingNecessary)
+        return existingCTIStub(internalFunctionCallGenerator, NoLockingNecessary).code();
     return ctiStub(vm, internalFunctionCallGenerator).code();
 }
 
-MacroAssemblerCodePtr<JITThunkPtrTag> JITThunks::ctiInternalFunctionConstruct(VM& vm)
-{
-    ASSERT(Options::useJIT());
+MacroAssemblerCodePtr<JITThunkPtrTag> JITThunks::ctiInternalFunctionConstruct(VM& vm, Optional<NoLockingNecessaryTag> noLockingNecessary)
+{
+    ASSERT(Options::useJIT());
+    if (noLockingNecessary)
+        return existingCTIStub(internalFunctionConstructGenerator, NoLockingNecessary).code();
     return ctiStub(vm, internalFunctionConstructGenerator).code();
 }

trunk/Source/JavaScriptCore/jit/JITThunks.h

@@ -60 +60 @@
     MacroAssemblerCodePtr<JITThunkPtrTag> ctiNativeTailCall(VM&);
     MacroAssemblerCodePtr<JITThunkPtrTag> ctiNativeTailCallWithoutSavedTags(VM&);
-    MacroAssemblerCodePtr<JITThunkPtrTag> ctiInternalFunctionCall(VM&);
-    MacroAssemblerCodePtr<JITThunkPtrTag> ctiInternalFunctionConstruct(VM&);
+    MacroAssemblerCodePtr<JITThunkPtrTag> ctiInternalFunctionCall(VM&, Optional<NoLockingNecessaryTag> = WTF::nullopt);
+    MacroAssemblerCodePtr<JITThunkPtrTag> ctiInternalFunctionConstruct(VM&, Optional<NoLockingNecessaryTag> = WTF::nullopt);
 
     MacroAssemblerCodeRef<JITThunkPtrTag> ctiStub(VM&, ThunkGenerator);

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

@@ -264 +264 @@
 // virtual calls by using the shuffler.
 // https://bugs.webkit.org/show_bug.cgi?id=148831
-MacroAssemblerCodeRef<JITStubRoutinePtrTag> virtualThunkFor(VM& vm, CallLinkInfo& callLinkInfo)
+static MacroAssemblerCodeRef<JITThunkPtrTag> virtualThunkFor(VM& vm, CallMode mode, CodeSpecializationKind kind)
 {
     // The callee is in regT0 (for JSVALUE32_64, the tag is in regT1).
@@ -272 +272 @@
 
     CCallHelpers jit;
-    
+
+    bool isTailCall = mode == CallMode::Tail;
+
     CCallHelpers::JumpList slowCase;
     
@@ -285 +287 @@
     
 #if USE(JSVALUE64)
-    if (callLinkInfo.isTailCall()) {
+    if (isTailCall) {
         // Tail calls could have clobbered the GPRInfo::notCellMaskRegister because they
         // restore callee saved registers before getthing here. So, let's materialize
@@ -304 +306 @@
     hasExecutable.link(&jit);
     jit.loadPtr(
-        CCallHelpers::Address(
-            GPRInfo::regT4, ExecutableBase::offsetOfJITCodeWithArityCheckFor(
-                callLinkInfo.specializationKind())),
+        CCallHelpers::Address(GPRInfo::regT4, ExecutableBase::offsetOfJITCodeWithArityCheckFor(kind)),
         GPRInfo::regT4);
     slowCase.append(jit.branchTestPtr(CCallHelpers::Zero, GPRInfo::regT4));
@@ -316 +316 @@
     JSInterfaceJIT::Label callCode(jit.label());
     emitPointerValidation(jit, GPRInfo::regT4, JSEntryPtrTag);
-    if (callLinkInfo.isTailCall()) {
+    if (isTailCall) {
         jit.preserveReturnAddressAfterCall(GPRInfo::regT0);
         jit.prepareForTailCallSlow(GPRInfo::regT4);
@@ -325 +325 @@
     notJSFunction.link(&jit);
     slowCase.append(jit.branchIfNotType(GPRInfo::regT0, InternalFunctionType));
-    void* executableAddress = vm.getCTIInternalFunctionTrampolineFor(callLinkInfo.specializationKind()).executableAddress();
+    void* executableAddress = vm.getCTIInternalFunctionTrampolineFor(kind, NoLockingNecessary).executableAddress();
     jit.move(CCallHelpers::TrustedImmPtr(executableAddress), GPRInfo::regT4);
     jit.jump().linkTo(callCode, &jit);
@@ -336 +336 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID, LinkBuffer::Profile::VirtualThunk);
     return FINALIZE_CODE(
-        patchBuffer, JITStubRoutinePtrTag,
+        patchBuffer, JITThunkPtrTag,
         "Virtual %s slow path thunk",
-        callLinkInfo.callMode() == CallMode::Regular ? "call" : callLinkInfo.callMode() == CallMode::Tail ? "tail call" : "construct");
+        mode == CallMode::Regular ? "call" : mode == CallMode::Tail ? "tail call" : "construct");
+}
+
+static MacroAssemblerCodeRef<JITThunkPtrTag> virtualThunkForRegularCall(VM& vm)
+{
+    return virtualThunkFor(vm, CallMode::Regular, CodeForCall);
+}
+
+static MacroAssemblerCodeRef<JITThunkPtrTag> virtualThunkForRegularConstruct(VM& vm)
+{
+    return virtualThunkFor(vm, CallMode::Regular, CodeForConstruct);
+}
+
+static MacroAssemblerCodeRef<JITThunkPtrTag> virtualThunkForTailCall(VM& vm)
+{
+    return virtualThunkFor(vm, CallMode::Tail, CodeForCall);
+}
+
+static MacroAssemblerCodeRef<JITThunkPtrTag> virtualThunkForTailConstruct(VM& vm)
+{
+    return virtualThunkFor(vm, CallMode::Tail, CodeForConstruct);
+}
+
+static MacroAssemblerCodeRef<JITThunkPtrTag> virtualThunkForConstructCall(VM& vm)
+{
+    return virtualThunkFor(vm, CallMode::Construct, CodeForCall);
+}
+
+static MacroAssemblerCodeRef<JITThunkPtrTag> virtualThunkForConstructConstruct(VM& vm)
+{
+    return virtualThunkFor(vm, CallMode::Construct, CodeForConstruct);
+}
+
+MacroAssemblerCodeRef<JITStubRoutinePtrTag> virtualThunkFor(VM& vm, CallLinkInfo& callLinkInfo)
+{
+    auto mode = callLinkInfo.callMode();
+    auto kind = callLinkInfo.specializationKind();
+    auto generator = [&] () -> ThunkGenerator {
+        switch (mode) {
+        case CallMode::Regular:
+            if (kind == CodeForCall)
+                return virtualThunkForRegularCall;
+            return virtualThunkForRegularConstruct;
+        case CallMode::Tail:
+            if (kind == CodeForCall)
+                return virtualThunkForTailCall;
+            return virtualThunkForTailConstruct;
+        case CallMode::Construct:
+            if (kind == CodeForCall)
+                return virtualThunkForConstructCall;
+            return virtualThunkForConstructConstruct;
+        }
+    };
+    return vm.getCTIStub(generator()).retagged<JITStubRoutinePtrTag>();
 }
 

trunk/Source/JavaScriptCore/runtime/VM.cpp

@@ -889 +889 @@
 }
 
-MacroAssemblerCodePtr<JSEntryPtrTag> VM::getCTIInternalFunctionTrampolineFor(CodeSpecializationKind kind)
-{
+MacroAssemblerCodePtr<JSEntryPtrTag> VM::getCTIInternalFunctionTrampolineFor(CodeSpecializationKind kind, Optional<NoLockingNecessaryTag> noLockingNecessary)
+{
+    UNUSED_PARAM(noLockingNecessary);
 #if ENABLE(JIT)
     if (Options::useJIT()) {
         if (kind == CodeForCall)
-            return jitStubs->ctiInternalFunctionCall(*this).retagged<JSEntryPtrTag>();
-        return jitStubs->ctiInternalFunctionConstruct(*this).retagged<JSEntryPtrTag>();
+            return jitStubs->ctiInternalFunctionCall(*this, noLockingNecessary).retagged<JSEntryPtrTag>();
+        return jitStubs->ctiInternalFunctionConstruct(*this, noLockingNecessary).retagged<JSEntryPtrTag>();
     }
 #endif

trunk/Source/JavaScriptCore/runtime/VM.h

@@ -852 +852 @@
     NativeExecutable* getBoundFunction(bool isJSFunction, bool canConstruct);
 
-    MacroAssemblerCodePtr<JSEntryPtrTag> getCTIInternalFunctionTrampolineFor(CodeSpecializationKind);
+    MacroAssemblerCodePtr<JSEntryPtrTag> getCTIInternalFunctionTrampolineFor(CodeSpecializationKind, Optional<NoLockingNecessaryTag> = WTF::nullopt);
 
     static ptrdiff_t exceptionOffset()