Changeset 128146 in webkit


Ignore:
Timestamp:
Sep 10, 2012 10:05:53 PM (12 years ago)
Author:
mhahnenberg@apple.com
Message:

Remove m_classInfo from JSCell
https://bugs.webkit.org/show_bug.cgi?id=96311

Reviewed by Oliver Hunt.

Now that no one is using the ClassInfo in JSCell, we can remove it for the greater good. This is a 1.5% win on v8v7 and
a 1.7% win on kraken, and is an overall performance progression.

  • dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Had to rearrange the order of when we take things off the free list
and when we store the Structure in the object because we would clobber the free list otherwise. This made it not okay for
the structure argument and the scratch register to alias one another. Also removed the store of the ClassInfo pointer in the
object. Yay!
(SpeculativeJIT):

  • dfg/DFGSpeculativeJIT32_64.cpp: Since it's no longer okay for for the scratch register and structure register to alias

one another as stated above, had to add an extra temporary for passing the Structure.
(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp: Ditto.

(JSC::DFG::SpeculativeJIT::compile):

  • jit/JITInlineMethods.h:

(JSC::JIT::emitAllocateBasicJSObject): Similar changes to DFG's inline allocation except that it removed the object from
the free list first, so no changes were necessary there.

  • llint/LowLevelInterpreter.asm: Change the constants for amount of inline storage to match PropertyOffset.h and remove

the store of the ClassInfo pointer during inline allocation.

  • llint/LowLevelInterpreter32_64.asm:
  • llint/LowLevelInterpreter64.asm:
  • runtime/JSCell.h: Remove the m_classInfo field and associated methods.

(JSCell):

  • runtime/JSObject.h:

(JSObject):

  • runtime/PropertyOffset.h: Expand the number of inline storage properties to take up the extra space that we're freeing

with the removal of the ClassInfo pointer.
(JSC):

  • runtime/Structure.h:

(JSC):
(JSC::JSCell::JSCell):
(JSC::JSCell::finishCreation):

Location:
trunk/Source/JavaScriptCore
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r128141 r128146  
     12012-09-10  Mark Hahnenberg  <mhahnenberg@apple.com>
     2
     3        Remove m_classInfo from JSCell
     4        https://bugs.webkit.org/show_bug.cgi?id=96311
     5
     6        Reviewed by Oliver Hunt.
     7
     8        Now that no one is using the ClassInfo in JSCell, we can remove it for the greater good. This is a 1.5% win on v8v7 and
     9        a 1.7% win on kraken, and is an overall performance progression.
     10
     11        * dfg/DFGSpeculativeJIT.h:
     12        (JSC::DFG::SpeculativeJIT::emitAllocateBasicJSObject): Had to rearrange the order of when we take things off the free list
     13        and when we store the Structure in the object because we would clobber the free list otherwise. This made it not okay for
     14        the structure argument and the scratch register to alias one another. Also removed the store of the ClassInfo pointer in the
     15        object. Yay!
     16        (SpeculativeJIT):
     17        * dfg/DFGSpeculativeJIT32_64.cpp: Since it's no longer okay for for the scratch register and structure register to alias
     18        one another as stated above, had to add an extra temporary for passing the Structure.
     19        (JSC::DFG::SpeculativeJIT::compile):
     20        * dfg/DFGSpeculativeJIT64.cpp: Ditto.
     21        (JSC::DFG::SpeculativeJIT::compile):
     22        * jit/JITInlineMethods.h:
     23        (JSC::JIT::emitAllocateBasicJSObject): Similar changes to DFG's inline allocation except that it removed the object from
     24        the free list first, so no changes were necessary there.
     25        * llint/LowLevelInterpreter.asm: Change the constants for amount of inline storage to match PropertyOffset.h and remove
     26        the store of the ClassInfo pointer during inline allocation.
     27        * llint/LowLevelInterpreter32_64.asm:
     28        * llint/LowLevelInterpreter64.asm:
     29        * runtime/JSCell.h: Remove the m_classInfo field and associated methods.
     30        (JSCell):
     31        * runtime/JSObject.h:
     32        (JSObject):
     33        * runtime/PropertyOffset.h: Expand the number of inline storage properties to take up the extra space that we're freeing
     34        with the removal of the ClassInfo pointer.
     35        (JSC):
     36        * runtime/Structure.h:
     37        (JSC):
     38        (JSC::JSCell::JSCell):
     39        (JSC::JSCell::finishCreation):
     40
    1412012-09-10  Geoffrey Garen  <ggaren@apple.com>
    242
  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

    r128096 r128146  
    21622162    void compileNewFunctionExpression(Node&);
    21632163    bool compileRegExpExec(Node&);
    2164    
     2164   
     2165    // It is NOT okay for the structure and the scratch register to be the same thing because if they are then the Structure will
     2166    // get clobbered.
    21652167    template <typename ClassType, bool destructor, typename StructureType>
    21662168    void emitAllocateBasicJSObject(StructureType structure, GPRReg resultGPR, GPRReg scratchGPR, MacroAssembler::JumpList& slowPath)
     
    21772179        // The object is half-allocated: we have what we know is a fresh object, but
    21782180        // it's still on the GC's free list.
    2179        
    2180         // Ditch the structure by placing it into the structure slot, so that we can reuse
    2181         // scratchGPR.
    2182         m_jit.storePtr(structure, MacroAssembler::Address(resultGPR, JSObject::structureOffset()));
    2183        
    2184         // Now that we have scratchGPR back, remove the object from the free list
    21852181        m_jit.loadPtr(MacroAssembler::Address(resultGPR), scratchGPR);
    21862182        m_jit.storePtr(scratchGPR, &allocator->m_freeList.head);
    2187        
    2188         // Initialize the object's classInfo pointer
    2189         m_jit.storePtr(MacroAssembler::TrustedImmPtr(&ClassType::s_info), MacroAssembler::Address(resultGPR, JSCell::classInfoOffset()));
     2183
     2184        // Initialize the object's Structure.
     2185        m_jit.storePtr(structure, MacroAssembler::Address(resultGPR, JSCell::structureOffset()));
    21902186       
    21912187        // Initialize the object's property storage pointer.
     
    21932189    }
    21942190
    2195     // It is acceptable to have structure be equal to scratch, so long as you're fine
    2196     // with the structure GPR being clobbered.
    21972191    template<typename T>
    21982192    void emitAllocateJSFinalObject(T structure, GPRReg resultGPR, GPRReg scratchGPR, MacroAssembler::JumpList& slowPath)
  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

    r128096 r128146  
    32973297        SpeculateCellOperand callee(this, node.child1());
    32983298        GPRTemporary result(this);
     3299        GPRTemporary structure(this);
    32993300        GPRTemporary scratch(this);
    33003301       
    33013302        GPRReg calleeGPR = callee.gpr();
    33023303        GPRReg resultGPR = result.gpr();
     3304        GPRReg structureGPR = structure.gpr();
    33033305        GPRReg scratchGPR = scratch.gpr();
    33043306       
    33053307        // Load the inheritorID. If the inheritorID is not set, go to slow path.
    3306         m_jit.loadPtr(MacroAssembler::Address(calleeGPR, JSFunction::offsetOfCachedInheritorID()), scratchGPR);
     3308        m_jit.loadPtr(MacroAssembler::Address(calleeGPR, JSFunction::offsetOfCachedInheritorID()), structureGPR);
    33073309        MacroAssembler::JumpList slowPath;
    3308         slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, scratchGPR));
    3309        
    3310         emitAllocateJSFinalObject(scratchGPR, resultGPR, scratchGPR, slowPath);
     3310        slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, structureGPR));
     3311       
     3312        emitAllocateJSFinalObject(structureGPR, resultGPR, scratchGPR, slowPath);
    33113313       
    33123314        addSlowPathGenerator(slowPathCall(slowPath, this, operationCreateThis, resultGPR, calleeGPR));
  • trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

    r128096 r128146  
    32903290        SpeculateCellOperand callee(this, node.child1());
    32913291        GPRTemporary result(this);
     3292        GPRTemporary structure(this);
    32923293        GPRTemporary scratch(this);
    32933294       
    32943295        GPRReg calleeGPR = callee.gpr();
    32953296        GPRReg resultGPR = result.gpr();
     3297        GPRReg structureGPR = structure.gpr();
    32963298        GPRReg scratchGPR = scratch.gpr();
    32973299       
    32983300        // Load the inheritorID. If the inheritorID is not set, go to slow path.
    3299         m_jit.loadPtr(MacroAssembler::Address(calleeGPR, JSFunction::offsetOfCachedInheritorID()), scratchGPR);
     3301        m_jit.loadPtr(MacroAssembler::Address(calleeGPR, JSFunction::offsetOfCachedInheritorID()), structureGPR);
    33003302        MacroAssembler::JumpList slowPath;
    3301         slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, scratchGPR));
    3302        
    3303         emitAllocateJSFinalObject(scratchGPR, resultGPR, scratchGPR, slowPath);
     3303        slowPath.append(m_jit.branchTestPtr(MacroAssembler::Zero, structureGPR));
     3304       
     3305        emitAllocateJSFinalObject(structureGPR, resultGPR, scratchGPR, slowPath);
    33043306       
    33053307        addSlowPathGenerator(slowPathCall(slowPath, this, operationCreateThis, resultGPR, calleeGPR));
  • trunk/Source/JavaScriptCore/jit/JITInlineMethods.h

    r124476 r128146  
    423423    storePtr(structure, Address(result, JSCell::structureOffset()));
    424424
    425     // initialize the object's classInfo pointer
    426     storePtr(TrustedImmPtr(&ClassType::s_info), Address(result, JSCell::classInfoOffset()));
    427 
    428425    // initialize the object's property storage pointer
    429426    storePtr(TrustedImmPtr(0), Address(result, ClassType::offsetOfOutOfLineStorage()));
  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter.asm

    r128015 r128146  
    8787# Property storage constants
    8888if JSVALUE64
    89     const InlineStorageCapacity = 5
     89    const InlineStorageCapacity = 6
    9090else
    91     const InlineStorageCapacity = 6
     91    const InlineStorageCapacity = 7
    9292end
    9393
     
    311311end
    312312
    313 macro allocateBasicJSObject(sizeClassIndex, classInfoOffset, structure, result, scratch1, scratch2, slowCase)
     313macro allocateBasicJSObject(sizeClassIndex, structure, result, scratch1, scratch2, slowCase)
    314314    if ALWAYS_ALLOCATE_SLOW
    315315        jmp slowCase
     
    339339   
    340340        # Initialize the object.
    341         loadp classInfoOffset[scratch1], scratch2
    342         storep scratch2, [result]
    343341        storep structure, JSCell::m_structure[result]
    344342        storep 0, JSObject::m_outOfLineStorage[result]
  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

    r128096 r128146  
    353353    loadp JSFunction::m_cachedInheritorID[t0], t2
    354354    btpz t2, .opCreateThisSlow
    355     allocateBasicJSObject(JSFinalObjectSizeClassIndex, JSGlobalData::jsFinalObjectClassInfo, t2, t0, t1, t3, .opCreateThisSlow)
     355    allocateBasicJSObject(JSFinalObjectSizeClassIndex, t2, t0, t1, t3, .opCreateThisSlow)
    356356    loadi 4[PC], t1
    357357    storei CellTag, TagOffset[cfr, t1, 8]
     
    385385    loadp CodeBlock::m_globalObject[t0], t0
    386386    loadp JSGlobalObject::m_emptyObjectStructure[t0], t1
    387     allocateBasicJSObject(JSFinalObjectSizeClassIndex, JSGlobalData::jsFinalObjectClassInfo, t1, t0, t2, t3, .opNewObjectSlow)
     387    allocateBasicJSObject(JSFinalObjectSizeClassIndex, t1, t0, t2, t3, .opNewObjectSlow)
    388388    loadi 4[PC], t1
    389389    storei CellTag, TagOffset[cfr, t1, 8]
  • trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

    r128096 r128146  
    237237    loadp JSFunction::m_cachedInheritorID[t0], t2
    238238    btpz t2, .opCreateThisSlow
    239     allocateBasicJSObject(JSFinalObjectSizeClassIndex, JSGlobalData::jsFinalObjectClassInfo, t2, t0, t1, t3, .opCreateThisSlow)
     239    allocateBasicJSObject(JSFinalObjectSizeClassIndex, t2, t0, t1, t3, .opCreateThisSlow)
    240240    loadis 8[PB, PC, 8], t1
    241241    storep t0, [cfr, t1, 8]
     
    268268    loadp CodeBlock::m_globalObject[t0], t0
    269269    loadp JSGlobalObject::m_emptyObjectStructure[t0], t1
    270     allocateBasicJSObject(JSFinalObjectSizeClassIndex, JSGlobalData::jsFinalObjectClassInfo, t1, t0, t2, t3, .opNewObjectSlow)
     270    allocateBasicJSObject(JSFinalObjectSizeClassIndex, t1, t0, t2, t3, .opNewObjectSlow)
    271271    loadis 8[PB, PC, 8], t1
    272272    storep t0, [cfr, t1, 8]
  • trunk/Source/JavaScriptCore/runtime/JSCell.h

    r128084 r128146  
    110110        // Object operations, with the toObject operation included.
    111111        const ClassInfo* classInfo() const;
    112         const ClassInfo* validatedClassInfo() const;
    113112        const MethodTable* methodTable() const;
    114113        static void put(JSCell*, ExecState*, PropertyName, JSValue, PutPropertySlot&);
     
    135134        }
    136135
    137         static ptrdiff_t classInfoOffset()
    138         {
    139             return OBJECT_OFFSETOF(JSCell, m_classInfo);
    140         }
    141        
    142136        void* structureAddress()
    143137        {
     
    172166        friend class LLIntOffsetsExtractor;
    173167       
    174         const ClassInfo* m_classInfo;
    175168        WriteBarrier<Structure> m_structure;
    176169    };
  • trunk/Source/JavaScriptCore/runtime/JSObject.h

    r127202 r128146  
    347347
    348348        StorageBarrier m_outOfLineStorage;
    349 #if USE(JSVALUE32_64)
    350         void* m_padding;
    351 #endif
    352349    };
    353350
  • trunk/Source/JavaScriptCore/runtime/PropertyOffset.h

    r123905 r128146  
    3535
    3636#if USE(JSVALUE32_64)
     37#define INLINE_STORAGE_CAPACITY 7
     38#else
    3739#define INLINE_STORAGE_CAPACITY 6
    38 #else
    39 #define INLINE_STORAGE_CAPACITY 5
    4040#endif
    4141
  • trunk/Source/JavaScriptCore/runtime/Structure.h

    r128141 r128146  
    555555    }
    556556
    557     inline const ClassInfo* JSCell::validatedClassInfo() const
    558     {
    559 #if ENABLE(GC_VALIDATION)
    560         ASSERT(m_structure.unvalidatedGet()->classInfo() == m_classInfo);
    561 #else
    562         ASSERT(m_structure->classInfo() == m_classInfo);
    563 #endif
    564         return m_classInfo;
    565     }
    566 
    567557    ALWAYS_INLINE void SlotVisitor::internalAppend(JSCell* cell)
    568558    {
     
    604594
    605595    inline JSCell::JSCell(JSGlobalData& globalData, Structure* structure)
    606         : m_classInfo(structure->classInfo())
    607         , m_structure(globalData, this, structure)
     596        : m_structure(globalData, this, structure)
    608597    {
    609598    }
     
    617606#endif
    618607            m_structure.setEarlyValue(globalData, this, structure);
    619         m_classInfo = structure->classInfo();
    620608        // Very first set of allocations won't have a real structure.
    621609        ASSERT(m_structure || !globalData.structureStructure);
Note: See TracChangeset for help on using the changeset viewer.