Changeset 232105 in webkit

Timestamp:

May 22, 2018 9:44:44 PM (6 years ago)

Author:

Yusuke Suzuki

Message:

[JSC] Use branchIfString/branchIfNotString instead of structure checkings
​https://bugs.webkit.org/show_bug.cgi?id=185810

Reviewed by Saam Barati.

Let's use branchIfString/branchIfNotString helper functions instead of
checking structure with jsString's structure. It's easy to read. And
it emits less code since we do not need to embed string structure's
raw pointer in 32bit environment.

• jit/JIT.h:
• jit/JITInlines.h:

(JSC::JIT::emitLoadCharacterString):
(JSC::JIT::checkStructure): Deleted.

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emitSlow_op_eq):
(JSC::JIT::compileOpEqJumpSlow):
(JSC::JIT::emitSlow_op_neq):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emitByValIdentifierCheck):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::stringGetByValStubGenerator):
(JSC::JIT::emitSlow_op_get_by_val):

• jit/JSInterfaceJIT.h:

(JSC::ThunkHelpers::jsStringLengthOffset): Deleted.
(JSC::ThunkHelpers::jsStringValueOffset): Deleted.

• jit/SpecializedThunkJIT.h:

(JSC::SpecializedThunkJIT::loadJSStringArgument):

• jit/ThunkGenerators.cpp:

(JSC::stringCharLoad):
(JSC::charCodeAtThunkGenerator):
(JSC::charAtThunkGenerator):

• runtime/JSString.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• jit/JIT.h (modified) (1 diff)
• jit/JITInlines.h (modified) (2 diffs)
• jit/JITOpcodes32_64.cpp (modified) (3 diffs)
• jit/JITPropertyAccess.cpp (modified) (3 diffs)
• jit/JITPropertyAccess32_64.cpp (modified) (2 diffs)
• jit/JSInterfaceJIT.h (modified) (1 diff)
• jit/SpecializedThunkJIT.h (modified) (1 diff)
• jit/ThunkGenerators.cpp (modified) (3 diffs)
• runtime/JSString.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2018-05-22  Yusuke Suzuki  <utatane.tea@gmail.com>
+
+        [JSC] Use branchIfString/branchIfNotString instead of structure checkings
+        https://bugs.webkit.org/show_bug.cgi?id=185810
+
+        Reviewed by Saam Barati.
+
+        Let's use branchIfString/branchIfNotString helper functions instead of
+        checking structure with jsString's structure. It's easy to read. And
+        it emits less code since we do not need to embed string structure's
+        raw pointer in 32bit environment.
+
+        * jit/JIT.h:
+        * jit/JITInlines.h:
+        (JSC::JIT::emitLoadCharacterString):
+        (JSC::JIT::checkStructure): Deleted.
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::emitSlow_op_eq):
+        (JSC::JIT::compileOpEqJumpSlow):
+        (JSC::JIT::emitSlow_op_neq):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::stringGetByValStubGenerator):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::emitByValIdentifierCheck):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::stringGetByValStubGenerator):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        * jit/JSInterfaceJIT.h:
+        (JSC::ThunkHelpers::jsStringLengthOffset): Deleted.
+        (JSC::ThunkHelpers::jsStringValueOffset): Deleted.
+        * jit/SpecializedThunkJIT.h:
+        (JSC::SpecializedThunkJIT::loadJSStringArgument):
+        * jit/ThunkGenerators.cpp:
+        (JSC::stringCharLoad):
+        (JSC::charCodeAtThunkGenerator):
+        (JSC::charAtThunkGenerator):
+        * runtime/JSString.h:
+
 2018-05-22  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/jit/JIT.h

@@ -798 +798 @@
         void emitRightShiftFastPath(Instruction* currentInstruction, OpcodeID);
 
-        Jump checkStructure(RegisterID reg, Structure* structure);
-
         void updateTopCallFrame();
 

trunk/Source/JavaScriptCore/jit/JITInlines.h

@@ -100 +100 @@
 ALWAYS_INLINE void JIT::emitLoadCharacterString(RegisterID src, RegisterID dst, JumpList& failures)
 {
-    failures.append(branchStructure(NotEqual, Address(src, JSCell::structureIDOffset()), m_vm->stringStructure.get()));
-    failures.append(branch32(NotEqual, MacroAssembler::Address(src, ThunkHelpers::jsStringLengthOffset()), TrustedImm32(1)));
-    loadPtr(MacroAssembler::Address(src, ThunkHelpers::jsStringValueOffset()), dst);
+    failures.append(branchIfNotString(src));
+    failures.append(branch32(NotEqual, MacroAssembler::Address(src, JSString::offsetOfLength()), TrustedImm32(1)));
+    loadPtr(MacroAssembler::Address(src, JSString::offsetOfValue()), dst);
     failures.append(branchTest32(Zero, dst));
     loadPtr(MacroAssembler::Address(dst, StringImpl::flagsOffset()), regT1);
@@ -197 +197 @@
 #endif
     return call;
-}
-
-ALWAYS_INLINE JIT::Jump JIT::checkStructure(RegisterID reg, Structure* structure)
-{
-    return branchStructure(NotEqual, Address(reg, JSCell::structureIDOffset()), structure);
 }
 

trunk/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp

@@ -462 +462 @@
 
     linkSlowCase(iter); // tags equal and JSCell
-    genericCase.append(branchPtr(NotEqual, Address(regT0, JSCell::structureIDOffset()), TrustedImmPtr(m_vm->stringStructure.get())));
-    genericCase.append(branchPtr(NotEqual, Address(regT2, JSCell::structureIDOffset()), TrustedImmPtr(m_vm->stringStructure.get())));
+    genericCase.append(branchIfNotString(regT0));
+    genericCase.append(branchIfNotString(regT2));
 
     // String case.
@@ -500 +500 @@
 
     linkSlowCase(iter); // tags equal and JSCell
-    genericCase.append(branchPtr(NotEqual, Address(regT0, JSCell::structureIDOffset()), TrustedImmPtr(m_vm->stringStructure.get())));
-    genericCase.append(branchPtr(NotEqual, Address(regT2, JSCell::structureIDOffset()), TrustedImmPtr(m_vm->stringStructure.get())));
+    genericCase.append(branchIfNotString(regT0));
+    genericCase.append(branchIfNotString(regT2));
 
     // String case.
@@ -548 +548 @@
 
     linkSlowCase(iter); // tags equal and JSCell
-    genericCase.append(branchPtr(NotEqual, Address(regT0, JSCell::structureIDOffset()), TrustedImmPtr(m_vm->stringStructure.get())));
-    genericCase.append(branchPtr(NotEqual, Address(regT2, JSCell::structureIDOffset()), TrustedImmPtr(m_vm->stringStructure.get())));
+    genericCase.append(branchIfNotString(regT0));
+    genericCase.append(branchIfNotString(regT2));
 
     // String case.

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -56 +56 @@
     JumpList failures;
     jit.tagReturnAddress();
-    failures.append(jit.branchStructure(
-        NotEqual, 
-        Address(regT0, JSCell::structureIDOffset()), 
-        vm->stringStructure.get()));
+    failures.append(jit.branchIfNotString(regT0));
 
     // Load string length to regT2, and start the process of loading the data pointer into regT0
-    jit.load32(Address(regT0, ThunkHelpers::jsStringLengthOffset()), regT2);
-    jit.loadPtr(Address(regT0, ThunkHelpers::jsStringValueOffset()), regT0);
+    jit.load32(Address(regT0, JSString::offsetOfLength()), regT2);
+    jit.loadPtr(Address(regT0, JSString::offsetOfValue()), regT0);
     failures.append(jit.branchTest32(Zero, regT0));
 
@@ -253 +250 @@
     Jump nonCell = jump();
     linkSlowCase(iter); // base array check
-    Jump notString = branchStructure(NotEqual, 
-        Address(regT0, JSCell::structureIDOffset()), 
-        m_vm->stringStructure.get());
+    Jump notString = branchIfNotString(regT0);
     emitNakedCall(CodeLocationLabel<NoPtrTag>(m_vm->getCTIStub(stringGetByValStubGenerator).retaggedCode<NoPtrTag>()));
     Jump failed = branchTest64(Zero, regT0);
@@ -1258 +1253 @@
         slowCases.append(branchPtr(NotEqual, cell, TrustedImmPtr(byValInfo->cachedSymbol.get())));
     else {
-        slowCases.append(branchStructure(NotEqual, Address(cell, JSCell::structureIDOffset()), m_vm->stringStructure.get()));
+        slowCases.append(branchIfNotString(cell));
         loadPtr(Address(cell, JSString::offsetOfValue()), scratch);
         slowCases.append(branchPtr(NotEqual, scratch, TrustedImmPtr(propertyName.impl())));

trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

@@ -133 +133 @@
     JSInterfaceJIT jit(vm);
     JumpList failures;
-    failures.append(jit.branchStructure(NotEqual, Address(regT0, JSCell::structureIDOffset()), vm->stringStructure.get()));
+    failures.append(jit.branchIfNotString(regT0));
     
     // Load string length to regT1, and start the process of loading the data pointer into regT0
-    jit.load32(Address(regT0, ThunkHelpers::jsStringLengthOffset()), regT1);
-    jit.loadPtr(Address(regT0, ThunkHelpers::jsStringValueOffset()), regT0);
+    jit.load32(Address(regT0, JSString::offsetOfLength()), regT1);
+    jit.loadPtr(Address(regT0, JSString::offsetOfValue()), regT0);
     failures.append(jit.branchTest32(Zero, regT0));
     
@@ -309 +309 @@
     Jump nonCell = jump();
     linkSlowCase(iter); // base array check
-    Jump notString = branchStructure(NotEqual, Address(regT0, JSCell::structureIDOffset()), m_vm->stringStructure.get());
+    Jump notString = branchIfNotString(regT0);
     emitNakedCall(CodeLocationLabel<NoPtrTag>(m_vm->getCTIStub(stringGetByValStubGenerator).retaggedCode<NoPtrTag>()));
     Jump failed = branchTestPtr(Zero, regT0);

trunk/Source/JavaScriptCore/jit/JSInterfaceJIT.h

@@ -61 +61 @@
 
         VM* m_vm;
-    };
-
-    struct ThunkHelpers {
-        static unsigned jsStringLengthOffset() { return OBJECT_OFFSETOF(JSString, m_length); }
-        static unsigned jsStringValueOffset() { return OBJECT_OFFSETOF(JSString, m_value); }
     };
 

trunk/Source/JavaScriptCore/jit/SpecializedThunkJIT.h

@@ -66 +66 @@
         }
         
-        void loadJSStringArgument(VM& vm, int argument, RegisterID dst)
+        void loadJSStringArgument(int argument, RegisterID dst)
         {
             loadCellArgument(argument, dst);
-            m_failures.append(branchStructure(NotEqual, 
-                Address(dst, JSCell::structureIDOffset()), 
-                vm.stringStructure.get()));
+            m_failures.append(branchIfNotString(dst));
         }
         

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

@@ -613 +613 @@
 }
 
-static void stringCharLoad(SpecializedThunkJIT& jit, VM* vm)
+static void stringCharLoad(SpecializedThunkJIT& jit)
 {
     // load string
-    jit.loadJSStringArgument(*vm, SpecializedThunkJIT::ThisArgument, SpecializedThunkJIT::regT0);
+    jit.loadJSStringArgument(SpecializedThunkJIT::ThisArgument, SpecializedThunkJIT::regT0);
 
     // Load string length to regT2, and start the process of loading the data pointer into regT0
-    jit.load32(MacroAssembler::Address(SpecializedThunkJIT::regT0, ThunkHelpers::jsStringLengthOffset()), SpecializedThunkJIT::regT2);
-    jit.loadPtr(MacroAssembler::Address(SpecializedThunkJIT::regT0, ThunkHelpers::jsStringValueOffset()), SpecializedThunkJIT::regT0);
+    jit.load32(MacroAssembler::Address(SpecializedThunkJIT::regT0, JSString::offsetOfLength()), SpecializedThunkJIT::regT2);
+    jit.loadPtr(MacroAssembler::Address(SpecializedThunkJIT::regT0, JSString::offsetOfValue()), SpecializedThunkJIT::regT0);
     jit.appendFailure(jit.branchTest32(MacroAssembler::Zero, SpecializedThunkJIT::regT0));
 
@@ -654 +654 @@
 {
     SpecializedThunkJIT jit(vm, 1);
-    stringCharLoad(jit, vm);
+    stringCharLoad(jit);
     jit.returnInt32(SpecializedThunkJIT::regT0);
     return jit.finalize(vm->jitStubs->ctiNativeTailCall(vm), "charCodeAt");
@@ -662 +662 @@
 {
     SpecializedThunkJIT jit(vm, 1);
-    stringCharLoad(jit, vm);
+    stringCharLoad(jit);
     charToString(jit, vm, SpecializedThunkJIT::regT0, SpecializedThunkJIT::regT0, SpecializedThunkJIT::regT1);
     jit.returnJSCell(SpecializedThunkJIT::regT0);

trunk/Source/JavaScriptCore/runtime/JSString.h

@@ -81 +81 @@
     friend class MarkStack;
     friend class SlotVisitor;
-    friend struct ThunkHelpers;
 
     typedef JSCell Base;