Context Navigation

← Previous Changeset
Next Changeset →

Changeset 100095 in webkit

Timestamp:

Nov 13, 2011 2:44:16 PM (12 years ago)

Author:

yuqiang.xian@intel.com

Message:

Fix silent spilling/filling GPRs in DFG 32_64
https://bugs.webkit.org/show_bug.cgi?id=72201

Reviewed by Gavin Barraclough.

Current silentSpillGPR/silentFillGPR may not work as expected for some
cases in 32_64. If there's a JSValue which was retained by two GPRs,
we may end up failing to spill/fill some GPRs or redundantly
spilling/filling some GPRs. For example, if we tend to exclude "eax"
from spilling while a JSValue is retained by both "eax" and "edx",
then "edx" won't be spilled as well (wrong). And if another JSValue is
retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled
twice. The similar problem applies to silentFillGPR.
The fix is to make silentSpillGPR/silentFillGPR more straightforward,
i.e., spilling/filling based on the GPR instead of the virtual
register. FPR spilling/filling is also modified accordingly to make it
consistent with GPR spilling/filling.

dfg/DFGJITCodeGenerator.h:

(JSC::DFG::JITCodeGenerator::silentSpillGPR):
(JSC::DFG::JITCodeGenerator::silentSpillFPR):
(JSC::DFG::JITCodeGenerator::silentFillGPR):
(JSC::DFG::JITCodeGenerator::silentFillFPR):
(JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
(JSC::DFG::JITCodeGenerator::silentFillAllRegisters):

Location:

trunk/Source/JavaScriptCore

Files:

: 2 edited

ChangeLog (modified) (1 diff)
dfg/DFGJITCodeGenerator.h (modified) (12 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/JavaScriptCore/ChangeLog

-                      r100086
+                      r100095
+-11-13  Yuqiang Xian  <yuqiang.xian@intel.com>
+        Fix silent spilling/filling GPRs in DFG 32_64
+        https://bugs.webkit.org/show_bug.cgi?id=72201
+        Reviewed by Gavin Barraclough.
+        Current silentSpillGPR/silentFillGPR may not work as expected for some
+        cases in 32_64. If there's a JSValue which was retained by two GPRs,
+        we may end up failing to spill/fill some GPRs or redundantly
+        spilling/filling some GPRs. For example, if we tend to exclude "eax"
+        from spilling while a JSValue is retained by both "eax" and "edx",
+        then "edx" won't be spilled as well (wrong). And if another JSValue is
+        retained by "ecx" and "ebx", both "ecx" and "ebx" will be spilled
+        twice. The similar problem applies to silentFillGPR.
+        The fix is to make silentSpillGPR/silentFillGPR more straightforward,
+        i.e., spilling/filling based on the GPR instead of the virtual
+        register. FPR spilling/filling is also modified accordingly to make it
+        consistent with GPR spilling/filling.
+        * dfg/DFGJITCodeGenerator.h:
+        (JSC::DFG::JITCodeGenerator::silentSpillGPR):
+        (JSC::DFG::JITCodeGenerator::silentSpillFPR):
+        (JSC::DFG::JITCodeGenerator::silentFillGPR):
+        (JSC::DFG::JITCodeGenerator::silentFillFPR):
+        (JSC::DFG::JITCodeGenerator::silentSpillAllRegisters):
+        (JSC::DFG::JITCodeGenerator::silentFillAllRegisters):
 -11-12  Laszlo Gombos  <laszlo.1.gombos@nokia.com>

trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator.h

-                      r99904
+                      r100095
     void clearGenerationInfo();
-#if USE(JSVALUE32_64)
-    bool registersMatched(GenerationInfo& info, GPRReg exclude, GPRReg exclude2)
+    {
-        ASSERT(info.registerFormat() != DataFormatNone);
-        ASSERT(info.registerFormat() != DataFormatDouble);
-        ASSERT(info.registerFormat() != DataFormatJSDouble);
-        if (exclude == InvalidGPRReg && exclude2 == InvalidGPRReg)
-            return false;
-        bool matched = false;
-        if (exclude2 == InvalidGPRReg)
-            matched = (!(info.registerFormat() & DataFormatJS)) ? (info.gpr() == exclude) :  (info.tagGPR() == exclude || info.payloadGPR() == exclude);
-        else if (exclude == InvalidGPRReg)
-            matched = (!(info.registerFormat() & DataFormatJS)) ? (info.gpr() == exclude2) :  (info.tagGPR() == exclude2 || info.payloadGPR() == exclude2);
-        else
-            matched = (!(info.registerFormat() & DataFormatJS)) ? (info.gpr() == exclude || info.gpr() == exclude2) :  (info.tagGPR() == exclude || info.tagGPR() == exclude2 || info.payloadGPR() == exclude || info.payloadGPR() == exclude2);
-        return matched;
+    }
-#endif
     // These methods are used when generating 'unexpected'
     // calls out from JIT code to C++ helper routines -
 …
     // slots in the RegisterFile without changing any state
     // in the GenerationInfo.
     void silentSpillGPR(VirtualRegister spillMe, GPRReg exclude = InvalidGPRReg, GPRReg exclude2 = InvalidGPRReg)
+    void silentSpillGPR(VirtualRegister spillMe, GPRReg source)
+    {
         GenerationInfo& info = m_generationInfo[spillMe];
 …
         ASSERT(info.registerFormat() != DataFormatDouble);
+        if (!info.needsSpill())
+            return;
+        DataFormat registerFormat = info.registerFormat();
 #if USE(JSVALUE64)
+        UNUSED_PARAM(exclude2);
+        if (!info.needsSpill() || (info.gpr() == exclude))
+#elif USE(JSVALUE32_64)
+        if (!info.needsSpill() || registersMatched(info, exclude, exclude2))
+#endif
+            return;
+        DataFormat registerFormat = info.registerFormat();
+#if USE(JSVALUE64)
+        ASSERT(info.gpr() == source);
         if (registerFormat == DataFormatInteger)
             m_jit.store32(info.gpr(), JITCompiler::addressFor(spillMe));
+            m_jit.store32(source, JITCompiler::addressFor(spillMe));
         else {
             ASSERT(registerFormat & DataFormatJS || registerFormat == DataFormatCell || registerFormat == DataFormatStorage);
             m_jit.storePtr(info.gpr(), JITCompiler::addressFor(spillMe));
+            m_jit.storePtr(source, JITCompiler::addressFor(spillMe));
+        }
 #elif USE(JSVALUE32_64)
+        if (registerFormat == DataFormatInteger || registerFormat == DataFormatBoolean)
+            m_jit.store32(info.gpr(), JITCompiler::payloadFor(spillMe));
+        else if (registerFormat == DataFormatCell)
+            m_jit.storePtr(info.gpr(), JITCompiler::payloadFor(spillMe));
+        else if (registerFormat == DataFormatStorage)
+            m_jit.storePtr(info.gpr(), JITCompiler::addressFor(spillMe));
+        else {
+            ASSERT(registerFormat & DataFormatJS);
+            m_jit.store32(info.tagGPR(), JITCompiler::tagFor(spillMe));
+            m_jit.store32(info.payloadGPR(), JITCompiler::payloadFor(spillMe));
+        }
+#endif
+    }
+    void silentSpillFPR(VirtualRegister spillMe, FPRReg exclude = InvalidFPRReg)
+        if (registerFormat & DataFormatJS) {
+            ASSERT(info.tagGPR() == source || info.payloadGPR() == source);
+            m_jit.store32(source, source == info.tagGPR() ? JITCompiler::tagFor(spillMe) : JITCompiler::payloadFor(spillMe));
+        } else {
+            ASSERT(info.gpr() == source);
+            m_jit.store32(source, JITCompiler::payloadFor(spillMe));
+        }
+#endif
+    }
+    void silentSpillFPR(VirtualRegister spillMe, FPRReg source)
+    {
         GenerationInfo& info = m_generationInfo[spillMe];
         ASSERT(info.registerFormat() == DataFormatDouble);
-        if (info.fpr() == exclude)
-            return;
         if (!info.needsSpill()) {
             // it's either a constant or it's already been spilled
 …
         ASSERT(!at(info.nodeIndex()).hasConstant());
         ASSERT(info.spillFormat() == DataFormatNone);
+        m_jit.storeDouble(info.fpr(), JITCompiler::addressFor(spillMe));
+    }
+    void silentFillGPR(VirtualRegister spillMe, GPRReg exclude = InvalidGPRReg, GPRReg exclude2 = InvalidGPRReg)
+        ASSERT(info.fpr() == source);
+        m_jit.storeDouble(source, JITCompiler::addressFor(spillMe));
+    }
+    void silentFillGPR(VirtualRegister spillMe, GPRReg target)
+    {
         GenerationInfo& info = m_generationInfo[spillMe];
-#if USE(JSVALUE64)
-        UNUSED_PARAM(exclude2);
-        if (info.gpr() == exclude)
-#elif USE(JSVALUE32_64)
-        if (registersMatched(info, exclude, exclude2))
-#endif
-            return;
         NodeIndex nodeIndex = info.nodeIndex();
 …
         if (registerFormat == DataFormatInteger) {
+            ASSERT(info.gpr() == target);
             ASSERT(isJSInteger(info.registerFormat()));
             if (node.hasConstant()) {
                 ASSERT(isInt32Constant(nodeIndex));
                 m_jit.move(Imm32(valueOfInt32Constant(nodeIndex)), info.gpr());
+                m_jit.move(Imm32(valueOfInt32Constant(nodeIndex)), target);
             } else
                 m_jit.load32(JITCompiler::payloadFor(spillMe), info.gpr());
+                m_jit.load32(JITCompiler::payloadFor(spillMe), target);
             return;
+        }
 …
             ASSERT_NOT_REACHED();
 #elif USE(JSVALUE32_64)
+            ASSERT(info.gpr() == target);
             if (node.hasConstant()) {
                 ASSERT(isBooleanConstant(nodeIndex));
                 m_jit.move(Imm32(valueOfBooleanConstant(nodeIndex)), info.gpr());
+                m_jit.move(Imm32(valueOfBooleanConstant(nodeIndex)), target);
             } else
                 m_jit.load32(JITCompiler::payloadFor(spillMe), info.gpr());
+                m_jit.load32(JITCompiler::payloadFor(spillMe), target);
 #endif
             return;
 …
         if (registerFormat == DataFormatCell) {
+            ASSERT(info.gpr() == target);
             if (node.isConstant()) {
                 JSValue value = valueOfJSConstant(nodeIndex);
                 ASSERT(value.isCell());
                 m_jit.move(ImmPtr(value.asCell()), info.gpr());
+                m_jit.move(ImmPtr(value.asCell()), target);
             } else
                 m_jit.loadPtr(JITCompiler::payloadFor(spillMe), info.gpr());
+                m_jit.loadPtr(JITCompiler::payloadFor(spillMe), target);
             return;
+        }
         if (registerFormat == DataFormatStorage) {
+            m_jit.loadPtr(JITCompiler::addressFor(spillMe), info.gpr());
+            ASSERT(info.gpr() == target);
+            m_jit.loadPtr(JITCompiler::addressFor(spillMe), target);
             return;
+        }
 …
         ASSERT(registerFormat & DataFormatJS);
 #if USE(JSVALUE64)
+        ASSERT(info.gpr() == target);
         if (node.hasConstant())
             m_jit.move(valueOfJSConstantAsImmPtr(nodeIndex), info.gpr());
+            m_jit.move(valueOfJSConstantAsImmPtr(nodeIndex), target);
         else if (info.spillFormat() == DataFormatInteger) {
             ASSERT(registerFormat == DataFormatJSInteger);
             m_jit.load32(JITCompiler::payloadFor(spillMe), info.gpr());
             m_jit.orPtr(GPRInfo::tagTypeNumberRegister, info.gpr());
+            m_jit.load32(JITCompiler::payloadFor(spillMe), target);
+            m_jit.orPtr(GPRInfo::tagTypeNumberRegister, target);
         } else if (info.spillFormat() == DataFormatDouble) {
             ASSERT(registerFormat == DataFormatJSDouble);
             m_jit.loadPtr(JITCompiler::addressFor(spillMe), info.gpr());
             m_jit.subPtr(GPRInfo::tagTypeNumberRegister, info.gpr());
+            m_jit.loadPtr(JITCompiler::addressFor(spillMe), target);
+            m_jit.subPtr(GPRInfo::tagTypeNumberRegister, target);
         } else
             m_jit.loadPtr(JITCompiler::addressFor(spillMe), info.gpr());
+            m_jit.loadPtr(JITCompiler::addressFor(spillMe), target);
 #else
+        if (node.hasConstant())
+            m_jit.emitLoad(valueOfJSConstant(nodeIndex), info.tagGPR(), info.payloadGPR());
+        else if (info.spillFormat() == DataFormatInteger) {
+        ASSERT(info.tagGPR() == target || info.payloadGPR() == target);
+        if (node.hasConstant()) {
+            JSValue v = valueOfJSConstant(nodeIndex);
+            m_jit.move(info.tagGPR() == target ? Imm32(v.tag()) : Imm32(v.payload()), target);
+        } else if (info.spillFormat() == DataFormatInteger) {
             ASSERT(registerFormat == DataFormatJSInteger);
+            m_jit.load32(JITCompiler::payloadFor(spillMe), info.payloadGPR());
+            m_jit.move(TrustedImm32(JSValue::Int32Tag), info.tagGPR());
+            if (info.payloadGPR() == target)
+                m_jit.load32(JITCompiler::payloadFor(spillMe), target);
+            else
+                m_jit.move(TrustedImm32(JSValue::Int32Tag), target);
         } else
             m_jit.emitLoad(nodeIndex, info.tagGPR(), info.payloadGPR());
 #endif
+    }
     void silentFillFPR(VirtualRegister spillMe, GPRReg canTrample, FPRReg exclude = InvalidFPRReg)
+            m_jit.load32(info.tagGPR() == target ? JITCompiler::tagFor(spillMe) : JITCompiler::payloadFor(spillMe), target);
+#endif
+    }
+    void silentFillFPR(VirtualRegister spillMe, GPRReg canTrample, FPRReg target)
+    {
         GenerationInfo& info = m_generationInfo[spillMe];
+        if (info.fpr() == exclude)
+            return;
+        ASSERT(info.fpr() == target);
         NodeIndex nodeIndex = info.nodeIndex();
 …
             ASSERT(isNumberConstant(nodeIndex));
             m_jit.move(ImmPtr(bitwise_cast<void*>(valueOfNumberConstant(nodeIndex))), canTrample);
             m_jit.movePtrToDouble(canTrample, info.fpr());
+            m_jit.movePtrToDouble(canTrample, target);
             return;
+        }
 …
             ASSERT(info.spillFormat() & DataFormatJS);
             m_jit.loadPtr(JITCompiler::addressFor(spillMe), canTrample);
             unboxDouble(canTrample, info.fpr());
             return;
+        }
         m_jit.loadDouble(JITCompiler::addressFor(spillMe), info.fpr());
+            unboxDouble(canTrample, target);
+            return;
+        }
+        m_jit.loadDouble(JITCompiler::addressFor(spillMe), target);
 #elif USE(JSVALUE32_64)
         UNUSED_PARAM(canTrample);
         ASSERT(info.registerFormat() == DataFormatDouble || info.registerFormat() == DataFormatJSDouble);
         m_jit.emitLoadDouble(nodeIndex, info.fpr());
+        m_jit.emitLoadDouble(nodeIndex, target);
 #endif
+    }
     void silentSpillAllRegisters(GPRReg exclude, GPRReg exclude2 = InvalidGPRReg)
+    {
+        for (gpr_iterator iter = m_gprs.begin(); iter != m_gprs.end(); ++iter) {
+            GPRReg gpr = iter.regID();
+            if (iter.name() != InvalidVirtualRegister && gpr != exclude && gpr != exclude2)
+                silentSpillGPR(iter.name(), gpr);
+        }
+        for (fpr_iterator iter = m_fprs.begin(); iter != m_fprs.end(); ++iter) {
+            if (iter.name() != InvalidVirtualRegister)
+                silentSpillFPR(iter.name(), iter.regID());
+        }
+    }
+    void silentSpillAllRegisters(FPRReg exclude)
+    {
         for (gpr_iterator iter = m_gprs.begin(); iter != m_gprs.end(); ++iter) {
             if (iter.name() != InvalidVirtualRegister)
                 silentSpillGPR(iter.name(), exclude, exclude2);
+                silentSpillGPR(iter.name(), iter.regID());
+        }
         for (fpr_iterator iter = m_fprs.begin(); iter != m_fprs.end(); ++iter) {
+            if (iter.name() != InvalidVirtualRegister)
+                silentSpillFPR(iter.name());
+        }
+    }
+    void silentSpillAllRegisters(FPRReg exclude)
+    {
+        for (gpr_iterator iter = m_gprs.begin(); iter != m_gprs.end(); ++iter) {
+            if (iter.name() != InvalidVirtualRegister)
+                silentSpillGPR(iter.name());
+        }
+        for (fpr_iterator iter = m_fprs.begin(); iter != m_fprs.end(); ++iter) {
+            if (iter.name() != InvalidVirtualRegister)
+                silentSpillFPR(iter.name(), exclude);
+            FPRReg fpr = iter.regID();
+            if (iter.name() != InvalidVirtualRegister && fpr != exclude)
+                silentSpillFPR(iter.name(), fpr);
+        }
+    }
 …
         for (fpr_iterator iter = m_fprs.begin(); iter != m_fprs.end(); ++iter) {
             if (iter.name() != InvalidVirtualRegister)
                 silentFillFPR(iter.name(), canTrample);
+                silentFillFPR(iter.name(), canTrample, iter.regID());
+        }
         for (gpr_iterator iter = m_gprs.begin(); iter != m_gprs.end(); ++iter) {
+            if (iter.name() != InvalidVirtualRegister)
+                silentFillGPR(iter.name(), exclude, exclude2);
+            GPRReg gpr = iter.regID();
+            if (iter.name() != InvalidVirtualRegister && gpr != exclude && gpr != exclude2)
+                silentFillGPR(iter.name(), gpr);
+        }
+    }
 …
         for (fpr_iterator iter = m_fprs.begin(); iter != m_fprs.end(); ++iter) {
+            if (iter.name() != InvalidVirtualRegister) {
+                ASSERT_UNUSED(exclude, iter.regID() != exclude);
+                silentFillFPR(iter.name(), canTrample, exclude);
+            }
+            FPRReg fpr = iter.regID();
+            if (iter.name() != InvalidVirtualRegister && fpr != exclude)
+                silentFillFPR(iter.name(), canTrample, fpr);
+        }
         for (gpr_iterator iter = m_gprs.begin(); iter != m_gprs.end(); ++iter) {
             if (iter.name() != InvalidVirtualRegister)
                 silentFillGPR(iter.name());
+                silentFillGPR(iter.name(), iter.regID());
+        }
+    }

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 100095 in webkit

Legend:

trunk/Source/JavaScriptCore/ChangeLog

trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator.h

Download in other formats: