Changeset 158820 in webkit

Timestamp:

Nov 6, 2013 9:05:03 PM (10 years ago)

Author:

fpizlo@apple.com

Message:

IC code should handle the call frame register not being the callFrameRegister
​https://bugs.webkit.org/show_bug.cgi?id=123865

Reviewed by Geoffrey Garen.

For now, in the FTL, the call frame may be something other than our frame pointer,
since it's an argument passed in according to whatever convention LLVM picks.

This is temporary in two ways - pretty soon the callFrameRegister will be the actual
frame pointer and not some other register, and LLVM will not pass the frame pointer
as an argument to IC's.

• bytecode/StructureStubInfo.h:
• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedPutById):

• ftl/FTLCompile.cpp:

(JSC::FTL::fixFunctionBasedOnStackMaps):

• ftl/FTLInlineCacheSize.cpp:

(JSC::FTL::sizeOfGetById):
(JSC::FTL::sizeOfPutById):

• jit/CCallHelpers.h:

(JSC::CCallHelpers::setupArguments):

• jit/JITInlineCacheGenerator.cpp:

(JSC::JITByIdGenerator::JITByIdGenerator):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):

• jit/JITInlineCacheGenerator.h:

(JSC::JITGetByIdGenerator::JITGetByIdGenerator):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_put_by_id):

• jit/Repatch.cpp:

(JSC::tryBuildGetByIDList):
(JSC::emitPutTransitionStub):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• bytecode/StructureStubInfo.h (modified) (1 diff)
• dfg/DFGSpeculativeJIT32_64.cpp (modified) (2 diffs)
• dfg/DFGSpeculativeJIT64.cpp (modified) (2 diffs)
• ftl/FTLCompile.cpp (modified) (2 diffs)
• ftl/FTLInlineCacheSize.cpp (modified) (2 diffs)
• jit/CCallHelpers.h (modified) (2 diffs)
• jit/JITInlineCacheGenerator.cpp (modified) (3 diffs)
• jit/JITInlineCacheGenerator.h (modified) (3 diffs)
• jit/JITPropertyAccess.cpp (modified) (2 diffs)
• jit/JITPropertyAccess32_64.cpp (modified) (2 diffs)
• jit/Repatch.cpp (modified) (5 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2013-11-06  Filip Pizlo  <fpizlo@apple.com>
+
+        IC code should handle the call frame register not being the callFrameRegister
+        https://bugs.webkit.org/show_bug.cgi?id=123865
+
+        Reviewed by Geoffrey Garen.
+        
+        For now, in the FTL, the call frame may be something other than our frame pointer,
+        since it's an argument passed in according to whatever convention LLVM picks.
+        
+        This is temporary in two ways - pretty soon the callFrameRegister will be the actual
+        frame pointer and not some other register, and LLVM will not pass the frame pointer
+        as an argument to IC's.
+
+        * bytecode/StructureStubInfo.h:
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::cachedGetById):
+        (JSC::DFG::SpeculativeJIT::cachedPutById):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::cachedGetById):
+        (JSC::DFG::SpeculativeJIT::cachedPutById):
+        * ftl/FTLCompile.cpp:
+        (JSC::FTL::fixFunctionBasedOnStackMaps):
+        * ftl/FTLInlineCacheSize.cpp:
+        (JSC::FTL::sizeOfGetById):
+        (JSC::FTL::sizeOfPutById):
+        * jit/CCallHelpers.h:
+        (JSC::CCallHelpers::setupArguments):
+        * jit/JITInlineCacheGenerator.cpp:
+        (JSC::JITByIdGenerator::JITByIdGenerator):
+        (JSC::JITPutByIdGenerator::JITPutByIdGenerator):
+        * jit/JITInlineCacheGenerator.h:
+        (JSC::JITGetByIdGenerator::JITGetByIdGenerator):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::emit_op_get_by_id):
+        (JSC::JIT::emit_op_put_by_id):
+        * jit/Repatch.cpp:
+        (JSC::tryBuildGetByIDList):
+        (JSC::emitPutTransitionStub):
+
 2013-11-06  Daniel Bates  <dabates@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h

@@ -226 +226 @@
     struct {
         int8_t registersFlushed;
+        int8_t callFrameRegister;
         int8_t baseGPR;
 #if USE(JSVALUE32_64)

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

@@ -199 +199 @@
 {
     JITGetByIdGenerator gen(
-        m_jit.codeBlock(), codeOrigin, usedRegisters(),
+        m_jit.codeBlock(), codeOrigin, usedRegisters(), GPRInfo::callFrameRegister,
         JSValueRegs(baseTagGPROrNone, basePayloadGPR),
         JSValueRegs(resultTagGPR, resultPayloadGPR), spillMode != NeedToSpill);
@@ -233 +233 @@
     
     JITPutByIdGenerator gen(
-        m_jit.codeBlock(), codeOrigin, usedRegisters(), JSValueRegs::payloadOnly(basePayloadGPR),
-        JSValueRegs(valueTagGPR, valuePayloadGPR), scratchGPR, false,
-        m_jit.ecmaModeFor(codeOrigin), putKind);
+        m_jit.codeBlock(), codeOrigin, usedRegisters(), GPRInfo::callFrameRegister,
+        JSValueRegs::payloadOnly(basePayloadGPR), JSValueRegs(valueTagGPR, valuePayloadGPR),
+        scratchGPR, false, m_jit.ecmaModeFor(codeOrigin), putKind);
     
     gen.generateFastPath(m_jit);

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

@@ -211 +211 @@
 {
     JITGetByIdGenerator gen(
-        m_jit.codeBlock(), codeOrigin, usedRegisters(), JSValueRegs(baseGPR),
-        JSValueRegs(resultGPR), spillMode != NeedToSpill);
+        m_jit.codeBlock(), codeOrigin, usedRegisters(), GPRInfo::callFrameRegister,
+        JSValueRegs(baseGPR), JSValueRegs(resultGPR), spillMode != NeedToSpill);
     gen.generateFastPath(m_jit);
     
@@ -233 +233 @@
 
     JITPutByIdGenerator gen(
-        m_jit.codeBlock(), codeOrigin, usedRegisters(), JSValueRegs(baseGPR),
-        JSValueRegs(valueGPR), scratchGPR, false, m_jit.ecmaModeFor(codeOrigin), putKind);
+        m_jit.codeBlock(), codeOrigin, usedRegisters(), GPRInfo::callFrameRegister,
+        JSValueRegs(baseGPR), JSValueRegs(valueGPR), scratchGPR, false,
+        m_jit.ecmaModeFor(codeOrigin), putKind);
     gen.generateFastPath(m_jit);
     

trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp

@@ -199 +199 @@
             
             JITGetByIdGenerator gen(
-                codeBlock, getById.codeOrigin(), usedRegisters, JSValueRegs(base),
-                JSValueRegs(result), false);
+                codeBlock, getById.codeOrigin(), usedRegisters, callFrameRegister,
+                JSValueRegs(base), JSValueRegs(result), false);
             
             MacroAssembler::Label begin = slowPathJIT.label();
@@ -235 +235 @@
             
             JITPutByIdGenerator gen(
-                codeBlock, putById.codeOrigin(), usedRegisters, JSValueRegs(base),
-                JSValueRegs(value), GPRInfo::argumentGPR3, false, putById.ecmaMode(),
-                putById.putKind());
+                codeBlock, putById.codeOrigin(), usedRegisters, callFrameRegister,
+                JSValueRegs(base), JSValueRegs(value), GPRInfo::argumentGPR3, false,
+                putById.ecmaMode(), putById.putKind());
             
             MacroAssembler::Label begin = slowPathJIT.label();

trunk/Source/JavaScriptCore/ftl/FTLInlineCacheSize.cpp

@@ -45 +45 @@
     
     JITGetByIdGenerator generator(
-        0, CodeOrigin(), RegisterSet(), JSValueRegs(GPRInfo::regT6), JSValueRegs(GPRInfo::regT7),
-        false);
+        0, CodeOrigin(), RegisterSet(), GPRInfo::callFrameRegister,
+        JSValueRegs(GPRInfo::regT6), JSValueRegs(GPRInfo::regT7), false);
     generator.generateFastPath(jit);
     
@@ -60 +60 @@
     
     JITPutByIdGenerator generator(
-        0, CodeOrigin(), RegisterSet(), JSValueRegs(GPRInfo::regT6), JSValueRegs(GPRInfo::regT7),
-        GPRInfo::regT8, false, NotStrictMode, NotDirect);
+        0, CodeOrigin(), RegisterSet(), GPRInfo::callFrameRegister,
+        JSValueRegs(GPRInfo::regT6), JSValueRegs(GPRInfo::regT7), GPRInfo::regT8, false,
+        NotStrictMode, NotDirect);
     generator.generateFastPath(jit);
     

trunk/Source/JavaScriptCore/jit/CCallHelpers.h

@@ -94 +94 @@
         addCallArgument(arg1);
         addCallArgument(arg2);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, GPRReg arg3)
+    {
+        resetCallArguments();
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImmPtr arg4)
+    {
+        resetCallArguments();
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+        addCallArgument(arg4);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4, GPRReg arg5)
+    {
+        resetCallArguments();
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+        addCallArgument(arg4);
+        addCallArgument(arg5);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4, GPRReg arg5, GPRReg arg6)
+    {
+        resetCallArguments();
+        addCallArgument(arg1);
+        addCallArgument(arg2);
+        addCallArgument(arg3);
+        addCallArgument(arg4);
+        addCallArgument(arg5);
+        addCallArgument(arg6);
     }
     
@@ -907 +945 @@
     }
     
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, GPRReg arg3)
+    {
+        setupThreeStubArgsGPR<GPRInfo::argumentGPR0, GPRInfo::argumentGPR1, GPRInfo::argumentGPR2>(arg1, arg2, arg3);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImmPtr arg4)
+    {
+        setupTwoStubArgsGPR<GPRInfo::argumentGPR0, GPRInfo::argumentGPR1>(arg1, arg2);
+        move(arg3, GPRInfo::argumentGPR2);
+        move(arg4, GPRInfo::argumentGPR3);
+    }
+    
+    ALWAYS_INLINE void setupArguments(GPRReg arg1, GPRReg arg2, TrustedImmPtr arg3, TrustedImm32 arg4, GPRReg arg5)
+    {
+        setupThreeStubArgsGPR<GPRInfo::argumentGPR0, GPRInfo::argumentGPR1, GPRInfo::argumentGPR4>(arg1, arg2, arg5);
+        move(arg3, GPRInfo::argumentGPR2);
+        move(arg4, GPRInfo::argumentGPR3);
+    }
+    
     ALWAYS_INLINE void setupArguments(GPRReg arg1, TrustedImmPtr arg2, GPRReg arg3, TrustedImmPtr arg4)
     {

trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp

@@ -50 +50 @@
 JITByIdGenerator::JITByIdGenerator(
     CodeBlock* codeBlock, CodeOrigin codeOrigin, const RegisterSet& usedRegisters,
-    JSValueRegs base, JSValueRegs value, bool registersFlushed)
+    GPRReg callFrameRegister, JSValueRegs base, JSValueRegs value, bool registersFlushed)
     : JITInlineCacheGenerator(codeBlock, codeOrigin)
     , m_base(base)
@@ -63 +63 @@
     m_stubInfo->patch.usedRegisters.set(value);
     
+    m_stubInfo->patch.callFrameRegister = static_cast<int8_t>(callFrameRegister);
     m_stubInfo->patch.baseGPR = static_cast<int8_t>(base.payloadGPR());
     m_stubInfo->patch.valueGPR = static_cast<int8_t>(value.payloadGPR());
@@ -130 +131 @@
 JITPutByIdGenerator::JITPutByIdGenerator(
     CodeBlock* codeBlock, CodeOrigin codeOrigin, const RegisterSet& usedRegisters,
-    JSValueRegs base, JSValueRegs value, GPRReg scratch, bool registersFlushed,
-    ECMAMode ecmaMode, PutKind putKind)
-    : JITByIdGenerator(codeBlock, codeOrigin, usedRegisters, base, value, registersFlushed)
+    GPRReg callFrameRegister, JSValueRegs base, JSValueRegs value, GPRReg scratch,
+    bool registersFlushed, ECMAMode ecmaMode, PutKind putKind)
+    : JITByIdGenerator(
+        codeBlock, codeOrigin, usedRegisters, callFrameRegister, base, value,
+        registersFlushed)
     , m_scratch(scratch)
     , m_ecmaMode(ecmaMode)

trunk/Source/JavaScriptCore/jit/JITInlineCacheGenerator.h

@@ -57 +57 @@
 
     JITByIdGenerator(
-        CodeBlock*, CodeOrigin, const RegisterSet&, JSValueRegs base, JSValueRegs value,
-        bool registersFlushed);
+        CodeBlock*, CodeOrigin, const RegisterSet&, GPRReg callFrameRegister,
+        JSValueRegs base, JSValueRegs value, bool registersFlushed);
     
 public:
@@ -97 +97 @@
     JITGetByIdGenerator(
         CodeBlock* codeBlock, CodeOrigin codeOrigin, const RegisterSet& usedRegisters,
-        JSValueRegs base, JSValueRegs value, bool registersFlushed)
-        : JITByIdGenerator(codeBlock, codeOrigin, usedRegisters, base, value, registersFlushed)
+        GPRReg callFrameRegister, JSValueRegs base, JSValueRegs value,
+        bool registersFlushed)
+        : JITByIdGenerator(
+            codeBlock, codeOrigin, usedRegisters, callFrameRegister, base, value,
+            registersFlushed)
     {
     }
@@ -110 +113 @@
 
     JITPutByIdGenerator(
-        CodeBlock*, CodeOrigin, const RegisterSet& usedRegisters, JSValueRegs base,
-        JSValueRegs value, GPRReg scratch, bool registersFlushed, ECMAMode, PutKind);
+        CodeBlock*, CodeOrigin, const RegisterSet& usedRegisters, GPRReg callFrameRegister,
+        JSValueRegs base, JSValueRegs value, GPRReg scratch, bool registersFlushed,
+        ECMAMode, PutKind);
     
     void generateFastPath(MacroAssembler&);

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -525 +525 @@
     JITGetByIdGenerator gen(
         m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
-        JSValueRegs(regT0), JSValueRegs(regT0), true);
+        callFrameRegister, JSValueRegs(regT0), JSValueRegs(regT0), true);
     gen.generateFastPath(*this);
     addSlowCase(gen.slowPathJump());
@@ -571 +571 @@
     JITPutByIdGenerator gen(
         m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
-        JSValueRegs(regT0), JSValueRegs(regT1), regT2, true, m_codeBlock->ecmaMode(),
-        direct ? Direct : NotDirect);
+        callFrameRegister, JSValueRegs(regT0), JSValueRegs(regT1), regT2, true,
+        m_codeBlock->ecmaMode(), direct ? Direct : NotDirect);
     
     gen.generateFastPath(*this);

trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

@@ -485 +485 @@
     JITGetByIdGenerator gen(
         m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
-        JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0), true);
+        callFrameRegister, JSValueRegs::payloadOnly(regT0), JSValueRegs(regT1, regT0), true);
     gen.generateFastPath(*this);
     addSlowCase(gen.slowPathJump());
@@ -531 +531 @@
     JITPutByIdGenerator gen(
         m_codeBlock, CodeOrigin(m_bytecodeOffset), RegisterSet::specialRegisters(),
-        JSValueRegs::payloadOnly(regT0), JSValueRegs(regT3, regT2), regT1, true,
-        m_codeBlock->ecmaMode(), direct ? Direct : NotDirect);
+        callFrameRegister, JSValueRegs::payloadOnly(regT0), JSValueRegs(regT3, regT2),
+        regT1, true, m_codeBlock->ecmaMode(), direct ? Direct : NotDirect);
     
     gen.generateFastPath(*this);

trunk/Source/JavaScriptCore/jit/Repatch.cpp

@@ -461 +461 @@
         stubInfo.u.getByIdSelfList.listSize++;
         
+        GPRReg callFrameRegister = static_cast<GPRReg>(stubInfo.patch.callFrameRegister);
         GPRReg baseGPR = static_cast<GPRReg>(stubInfo.patch.baseGPR);
 #if USE(JSVALUE32_64)
@@ -501 +502 @@
 #endif
                 }
-                stubJit.setupArgumentsWithExecState(baseGPR, scratchGPR);
+                stubJit.setupArguments(callFrameRegister, baseGPR, scratchGPR);
                 operationFunction = operationCallGetter;
             } else {
-                stubJit.setupArgumentsWithExecState(
-                    baseGPR,
+                stubJit.setupArguments(
+                    callFrameRegister, baseGPR,
                     MacroAssembler::TrustedImmPtr(FunctionPtr(slot.customGetter()).executableAddress()),
                     MacroAssembler::TrustedImmPtr(ident.impl()));
@@ -758 +759 @@
     VM* vm = &exec->vm();
 
+    GPRReg callFrameRegister = static_cast<GPRReg>(stubInfo.patch.callFrameRegister);
     GPRReg baseGPR = static_cast<GPRReg>(stubInfo.patch.baseGPR);
 #if USE(JSVALUE32_64)
@@ -772 +774 @@
     
     CCallHelpers stubJit(vm);
-            
+    
     GPRReg scratchGPR1 = allocator.allocateScratchGPR();
     ASSERT(scratchGPR1 != baseGPR);
@@ -914 +916 @@
         allocator.preserveUsedRegistersToScratchBuffer(stubJit, scratchBuffer, scratchGPR1);
 #if USE(JSVALUE64)
-        stubJit.setupArgumentsWithExecState(baseGPR, MacroAssembler::TrustedImmPtr(structure), MacroAssembler::TrustedImm32(slot.cachedOffset()), valueGPR);
-#else
-        stubJit.setupArgumentsWithExecState(baseGPR, MacroAssembler::TrustedImmPtr(structure), MacroAssembler::TrustedImm32(slot.cachedOffset()), valueGPR, valueTagGPR);
+        stubJit.setupArguments(callFrameRegister, baseGPR, MacroAssembler::TrustedImmPtr(structure), MacroAssembler::TrustedImm32(slot.cachedOffset()), valueGPR);
+#else
+        stubJit.setupArguments(callFrameRegister, baseGPR, MacroAssembler::TrustedImmPtr(structure), MacroAssembler::TrustedImm32(slot.cachedOffset()), valueGPR, valueTagGPR);
 #endif
         operationCall = stubJit.call();