Changeset 232106 in webkit

Timestamp:

May 22, 2018 10:05:13 PM (6 years ago)

Author:

Yusuke Suzuki

Message:

[JSC] Clean up stringGetByValStubGenerator
​https://bugs.webkit.org/show_bug.cgi?id=185864

Reviewed by Saam Barati.

We clean up stringGetByValStubGenerator.

1. Unify 32bit and 64bit implementations.
2. Rename stringGetByValStubGenerator to stringGetByValGenerator, move it to ThunkGenerators.cpp.
3. Remove string type check since this code is invoked only when we know regT0 is JSString*.
4. Do not tag Cell in stringGetByValGenerator side. 32bit code stores Cell with tag in JITPropertyAccess32_64 side.
5. Fix invalid use of loadPtr for StringImpl::flags. Should use load32.

• jit/JIT.h:
• jit/JITPropertyAccess.cpp:

(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::stringGetByValStubGenerator): Deleted.

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::stringGetByValStubGenerator): Deleted.

• jit/ThunkGenerators.cpp:

(JSC::stringGetByValGenerator):

• jit/ThunkGenerators.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• jit/JIT.h (modified) (1 diff)
• jit/JITPropertyAccess.cpp (modified) (2 diffs)
• jit/JITPropertyAccess32_64.cpp (modified) (3 diffs)
• jit/ThunkGenerators.cpp (modified) (1 diff)
• jit/ThunkGenerators.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2018-05-22  Yusuke Suzuki  <utatane.tea@gmail.com>
+
+        [JSC] Clean up stringGetByValStubGenerator
+        https://bugs.webkit.org/show_bug.cgi?id=185864
+
+        Reviewed by Saam Barati.
+
+        We clean up stringGetByValStubGenerator.
+
+        1. Unify 32bit and 64bit implementations.
+        2. Rename stringGetByValStubGenerator to stringGetByValGenerator, move it to ThunkGenerators.cpp.
+        3. Remove string type check since this code is invoked only when we know regT0 is JSString*.
+        4. Do not tag Cell in stringGetByValGenerator side. 32bit code stores Cell with tag in JITPropertyAccess32_64 side.
+        5. Fix invalid use of loadPtr for StringImpl::flags. Should use load32.
+
+        * jit/JIT.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::stringGetByValStubGenerator): Deleted.
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::emit_op_get_by_val):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        (JSC::JIT::stringGetByValStubGenerator): Deleted.
+        * jit/ThunkGenerators.cpp:
+        (JSC::stringGetByValGenerator):
+        * jit/ThunkGenerators.h:
+
 2018-05-22  Yusuke Suzuki  <utatane.tea@gmail.com>
 

trunk/Source/JavaScriptCore/jit/JIT.h

@@ -891 +891 @@
         std::unique_ptr<JITDisassembler> m_disassembler;
         RefPtr<Profiler::Compilation> m_compilation;
-        static CodeRef<JITThunkPtrTag> stringGetByValStubGenerator(VM*);
 
         PCToCodeOriginMapBuilder m_pcToCodeOriginMapBuilder;

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -51 +51 @@
 #if USE(JSVALUE64)
 
-JIT::CodeRef<JITThunkPtrTag> JIT::stringGetByValStubGenerator(VM* vm)
-{
-    JSInterfaceJIT jit(vm);
-    JumpList failures;
-    jit.tagReturnAddress();
-    failures.append(jit.branchIfNotString(regT0));
-
-    // Load string length to regT2, and start the process of loading the data pointer into regT0
-    jit.load32(Address(regT0, JSString::offsetOfLength()), regT2);
-    jit.loadPtr(Address(regT0, JSString::offsetOfValue()), regT0);
-    failures.append(jit.branchTest32(Zero, regT0));
-
-    // Do an unsigned compare to simultaneously filter negative indices as well as indices that are too large
-    failures.append(jit.branch32(AboveOrEqual, regT1, regT2));
-    
-    // Load the character
-    JumpList is16Bit;
-    JumpList cont8Bit;
-    // Load the string flags
-    jit.loadPtr(Address(regT0, StringImpl::flagsOffset()), regT2);
-    jit.loadPtr(Address(regT0, StringImpl::dataOffset()), regT0);
-    is16Bit.append(jit.branchTest32(Zero, regT2, TrustedImm32(StringImpl::flagIs8Bit())));
-    jit.load8(BaseIndex(regT0, regT1, TimesOne, 0), regT0);
-    cont8Bit.append(jit.jump());
-    is16Bit.link(&jit);
-    jit.load16(BaseIndex(regT0, regT1, TimesTwo, 0), regT0);
-    cont8Bit.link(&jit);
-
-    failures.append(jit.branch32(AboveOrEqual, regT0, TrustedImm32(0x100)));
-    jit.move(TrustedImmPtr(vm->smallStrings.singleCharacterStrings()), regT1);
-    jit.loadPtr(BaseIndex(regT1, regT0, ScalePtr, 0), regT0);
-    jit.ret();
-    
-    failures.link(&jit);
-    jit.move(TrustedImm32(0), regT0);
-    jit.ret();
-    
-    LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "String get_by_val stub");
-}
-
 void JIT::emit_op_get_by_val(Instruction* currentInstruction)
 {
@@ -251 +210 @@
     linkSlowCase(iter); // base array check
     Jump notString = branchIfNotString(regT0);
-    emitNakedCall(CodeLocationLabel<NoPtrTag>(m_vm->getCTIStub(stringGetByValStubGenerator).retaggedCode<NoPtrTag>()));
+    emitNakedCall(CodeLocationLabel<NoPtrTag>(m_vm->getCTIStub(stringGetByValGenerator).retaggedCode<NoPtrTag>()));
     Jump failed = branchTest64(Zero, regT0);
     emitPutVirtualRegister(dst, regT0);

trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

@@ -129 +129 @@
 }
 
-JIT::CodeRef<JITThunkPtrTag> JIT::stringGetByValStubGenerator(VM* vm)
-{
-    JSInterfaceJIT jit(vm);
-    JumpList failures;
-    failures.append(jit.branchIfNotString(regT0));
-    
-    // Load string length to regT1, and start the process of loading the data pointer into regT0
-    jit.load32(Address(regT0, JSString::offsetOfLength()), regT1);
-    jit.loadPtr(Address(regT0, JSString::offsetOfValue()), regT0);
-    failures.append(jit.branchTest32(Zero, regT0));
-    
-    // Do an unsigned compare to simultaneously filter negative indices as well as indices that are too large
-    failures.append(jit.branch32(AboveOrEqual, regT2, regT1));
-    
-    // Load the character
-    JumpList is16Bit;
-    JumpList cont8Bit;
-    // Load the string flags
-    jit.loadPtr(Address(regT0, StringImpl::flagsOffset()), regT1);
-    jit.loadPtr(Address(regT0, StringImpl::dataOffset()), regT0);
-    is16Bit.append(jit.branchTest32(Zero, regT1, TrustedImm32(StringImpl::flagIs8Bit())));
-    jit.load8(BaseIndex(regT0, regT2, TimesOne, 0), regT0);
-    cont8Bit.append(jit.jump());
-    is16Bit.link(&jit);
-    jit.load16(BaseIndex(regT0, regT2, TimesTwo, 0), regT0);
-
-    cont8Bit.link(&jit);
-    
-    failures.append(jit.branch32(AboveOrEqual, regT0, TrustedImm32(0x100)));
-    jit.move(TrustedImmPtr(vm->smallStrings.singleCharacterStrings()), regT1);
-    jit.loadPtr(BaseIndex(regT1, regT0, ScalePtr, 0), regT0);
-    jit.move(TrustedImm32(JSValue::CellTag), regT1); // We null check regT0 on return so this is safe
-    jit.ret();
-
-    failures.link(&jit);
-    jit.move(TrustedImm32(0), regT0);
-    jit.ret();
-    
-    LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID);
-    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "String get_by_val stub");
-}
-
 void JIT::emit_op_get_by_val(Instruction* currentInstruction)
 {
@@ -178 +136 @@
     ArrayProfile* profile = currentInstruction[4].u.arrayProfile;
     ByValInfo* byValInfo = m_codeBlock->addByValInfo();
-    
+
     emitLoad2(base, regT1, regT0, property, regT3, regT2);
     
@@ -310 +268 @@
     linkSlowCase(iter); // base array check
     Jump notString = branchIfNotString(regT0);
-    emitNakedCall(CodeLocationLabel<NoPtrTag>(m_vm->getCTIStub(stringGetByValStubGenerator).retaggedCode<NoPtrTag>()));
+    emitNakedCall(CodeLocationLabel<NoPtrTag>(m_vm->getCTIStub(stringGetByValGenerator).retaggedCode<NoPtrTag>()));
     Jump failed = branchTestPtr(Zero, regT0);
-    emitStore(dst, regT1, regT0);
+    emitStoreCell(dst, regT0);
     emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_get_by_val));
     failed.link(this);

trunk/Source/JavaScriptCore/jit/ThunkGenerators.cpp

@@ -611 +611 @@
     LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID);
     return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "unreachable thunk");
+}
+
+MacroAssemblerCodeRef<JITThunkPtrTag> stringGetByValGenerator(VM* vm)
+{
+    // regT0 is JSString*, and regT1 (64bit) or regT2 (32bit) is int index.
+    // Return regT0 = result JSString* if succeeds. Otherwise, return regT0 = 0.
+#if USE(JSVALUE64)
+    GPRReg stringGPR = GPRInfo::regT0;
+    GPRReg indexGPR = GPRInfo::regT1;
+    GPRReg scratchGPR = GPRInfo::regT2;
+#else
+    GPRReg stringGPR = GPRInfo::regT0;
+    GPRReg indexGPR = GPRInfo::regT2;
+    GPRReg scratchGPR = GPRInfo::regT1;
+#endif
+
+    JSInterfaceJIT jit(vm);
+    JSInterfaceJIT::JumpList failures;
+    jit.tagReturnAddress();
+
+    // Load string length to regT2, and start the process of loading the data pointer into regT0
+    jit.load32(JSInterfaceJIT::Address(stringGPR, JSString::offsetOfLength()), scratchGPR);
+    jit.loadPtr(JSInterfaceJIT::Address(stringGPR, JSString::offsetOfValue()), stringGPR);
+    failures.append(jit.branchTestPtr(JSInterfaceJIT::Zero, stringGPR));
+
+    // Do an unsigned compare to simultaneously filter negative indices as well as indices that are too large
+    failures.append(jit.branch32(JSInterfaceJIT::AboveOrEqual, indexGPR, scratchGPR));
+
+    // Load the character
+    JSInterfaceJIT::JumpList is16Bit;
+    JSInterfaceJIT::JumpList cont8Bit;
+    // Load the string flags
+    jit.load32(JSInterfaceJIT::Address(stringGPR, StringImpl::flagsOffset()), scratchGPR);
+    jit.loadPtr(JSInterfaceJIT::Address(stringGPR, StringImpl::dataOffset()), stringGPR);
+    is16Bit.append(jit.branchTest32(JSInterfaceJIT::Zero, scratchGPR, JSInterfaceJIT::TrustedImm32(StringImpl::flagIs8Bit())));
+    jit.load8(JSInterfaceJIT::BaseIndex(stringGPR, indexGPR, JSInterfaceJIT::TimesOne, 0), stringGPR);
+    cont8Bit.append(jit.jump());
+    is16Bit.link(&jit);
+    jit.load16(JSInterfaceJIT::BaseIndex(stringGPR, indexGPR, JSInterfaceJIT::TimesTwo, 0), stringGPR);
+    cont8Bit.link(&jit);
+
+    failures.append(jit.branch32(JSInterfaceJIT::AboveOrEqual, stringGPR, JSInterfaceJIT::TrustedImm32(0x100)));
+    jit.move(JSInterfaceJIT::TrustedImmPtr(vm->smallStrings.singleCharacterStrings()), indexGPR);
+    jit.loadPtr(JSInterfaceJIT::BaseIndex(indexGPR, stringGPR, JSInterfaceJIT::ScalePtr, 0), stringGPR);
+    jit.ret();
+
+    failures.link(&jit);
+    jit.move(JSInterfaceJIT::TrustedImm32(0), stringGPR);
+    jit.ret();
+
+    LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID);
+    return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "String get_by_val stub");
 }
 

trunk/Source/JavaScriptCore/jit/ThunkGenerators.h

@@ -52 +52 @@
 MacroAssemblerCodeRef<JITThunkPtrTag> arityFixupGenerator(VM*);
 MacroAssemblerCodeRef<JITThunkPtrTag> unreachableGenerator(VM*);
+MacroAssemblerCodeRef<JITThunkPtrTag> stringGetByValGenerator(VM*);
 
 MacroAssemblerCodeRef<JITThunkPtrTag> charCodeAtThunkGenerator(VM*);