Changeset 132757 in webkit


Ignore:
Timestamp:
Oct 28, 2012 7:16:27 PM (11 years ago)
Author:
fpizlo@apple.com
Message:

There should not be blind spots in array length array profiling
https://bugs.webkit.org/show_bug.cgi?id=100620

Reviewed by Oliver Hunt.

I don't think this has any performance impact. But it's good to not have random
programs occasionally emit a GetById for array length accesses.

  • jit/JITPropertyAccess.cpp:

(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::privateCompilePatchGetArrayLength):

  • jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::compileGetByIdHotPath):
(JSC::JIT::privateCompilePatchGetArrayLength):

Location:
trunk/Source/JavaScriptCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r132752 r132757  
     12012-10-28  Filip Pizlo  <fpizlo@apple.com>
     2
     3        There should not be blind spots in array length array profiling
     4        https://bugs.webkit.org/show_bug.cgi?id=100620
     5
     6        Reviewed by Oliver Hunt.
     7
     8        I don't think this has any performance impact. But it's good to not have random
     9        programs occasionally emit a GetById for array length accesses.
     10
     11        * jit/JITPropertyAccess.cpp:
     12        (JSC::JIT::compileGetByIdHotPath):
     13        (JSC::JIT::privateCompilePatchGetArrayLength):
     14        * jit/JITPropertyAccess32_64.cpp:
     15        (JSC::JIT::compileGetByIdHotPath):
     16        (JSC::JIT::privateCompilePatchGetArrayLength):
     17
    1182012-10-28  Filip Pizlo  <fpizlo@apple.com>
    219

  • trunk/Source/JavaScriptCore/jit/JIT.h

    r131977 r132757  
    544544        void emitJumpSlowCaseIfNotJSCell(int virtualRegisterIndex, RegisterID tag);
    545545
    546         void compileGetByIdHotPath();
     546        void compileGetByIdHotPath(Identifier*);
    547547        void compileGetByIdSlowCase(int resultVReg, int baseVReg, Identifier* ident, Vector<SlowCaseEntry>::iterator& iter, bool isMethodCheck = false);
    548548        void compileGetDirectOffset(RegisterID base, RegisterID resultTag, RegisterID resultPayload, PropertyOffset cachedOffset);

  • trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

    r131858 r132757  
    518518}
    519519
    520 void JIT::compileGetByIdHotPath(int baseVReg, Identifier*)
     520void JIT::compileGetByIdHotPath(int baseVReg, Identifier* ident)
    521521{
    522522    // As for put_by_id, get_by_id requires the offset of the Structure and the offset of the access to be patched.
     
    526526
    527527    emitJumpSlowCaseIfNotJSCell(regT0, baseVReg);
     528   
     529    if (*ident == m_globalData->propertyNames->length && canBeOptimized()) {
     530        loadPtr(Address(regT0, JSCell::structureOffset()), regT1);
     531        emitArrayProfilingSiteForBytecodeIndex(regT1, regT2, m_bytecodeOffset);
     532    }
    528533
    529534    BEGIN_UNINTERRUPTED_SEQUENCE(sequenceGetByIdHotPath);
     
    789794    // Check eax is an array
    790795    loadPtr(Address(regT0, JSCell::structureOffset()), regT2);
    791     emitArrayProfilingSiteForBytecodeIndex(regT2, regT1, stubInfo->bytecodeIndex);
    792796    Jump failureCases1 = branchTest32(Zero, regT2, TrustedImm32(IsArray));
    793797    Jump failureCases2 = branchTest32(Zero, regT2, TrustedImm32(IndexingShapeMask));

  • trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

    r131822 r132757  
    106106    int dst = currentInstruction[1].u.operand;
    107107    int base = currentInstruction[2].u.operand;
     108    Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
    108109   
    109110    emitLoad(base, regT1, regT0);
     
    130131    // Do a regular(ish) get_by_id (the slow case will be link to
    131132    // cti_op_get_by_id_method_check instead of cti_op_get_by_id.
    132     compileGetByIdHotPath();
     133    compileGetByIdHotPath(ident);
    133134   
    134135    match.link(this);
     
    454455    int dst = currentInstruction[1].u.operand;
    455456    int base = currentInstruction[2].u.operand;
     457    Identifier* ident = &(m_codeBlock->identifier(currentInstruction[3].u.operand));
    456458   
    457459    emitLoad(base, regT1, regT0);
    458460    emitJumpSlowCaseIfNotJSCell(base, regT1);
    459     compileGetByIdHotPath();
     461    compileGetByIdHotPath(ident);
    460462    emitValueProfilingSite();
    461463    emitStore(dst, regT1, regT0);
     
    463465}
    464466
    465 void JIT::compileGetByIdHotPath()
     467void JIT::compileGetByIdHotPath(Identifier* ident)
    466468{
    467469    // As for put_by_id, get_by_id requires the offset of the Structure and the offset of the access to be patched.
     
    470472    // to jump back to if one of these trampolies finds a match.
    471473   
     474    if (*ident == m_globalData->propertyNames->length && canBeOptimized()) {
     475        loadPtr(Address(regT0, JSCell::structureOffset()), regT2);
     476        emitArrayProfilingSiteForBytecodeIndex(regT2, regT3, m_bytecodeOffset);
     477    }
     478
    472479    BEGIN_UNINTERRUPTED_SEQUENCE(sequenceGetByIdHotPath);
    473480   
     
    752759    // Check for array
    753760    loadPtr(Address(regT0, JSCell::structureOffset()), regT2);
    754     emitArrayProfilingSiteForBytecodeIndex(regT2, regT3, stubInfo->bytecodeIndex);
    755761    Jump failureCases1 = branchTest32(Zero, regT2, TrustedImm32(IsArray));
    756762    Jump failureCases2 = branchTest32(Zero, regT2, TrustedImm32(IndexingShapeMask));
Note: See TracChangeset for help on using the changeset viewer.