Context Navigation

← Previous Changeset
Next Changeset →

Changeset 265036 in webkit

Timestamp:

Jul 29, 2020 3:32:27 AM (4 years ago)

Author:

Paulo Matos

Message:

for..of intrinsics implementation for 32bits
https://bugs.webkit.org/show_bug.cgi?id=214737

Reviewed by Yusuke Suzuki.

Joint work with Caio Lima <Caio Lima>.
JSTests:

Unskip tests previously skipped due to missing for..of intrinsics.

stress/for-of-array-different-globals.js:
stress/for-of-iterator-open-osr-at-inlined-return-non-object.js:
stress/for-of-iterator-open-osr-at-iterator-set-local.js:
stress/for-of-iterator-open-return-non-object.js:

Source/JavaScriptCore:

Implements for..of intrinsics for 32bits.
Adds or8 instruction to ARMv7 and MIPS Macro Assembler.
Adds intrinsic operations to LLInt and Baseline for 32bits.
Fixes DFG OSR Exit bug, where checkpoint temporary value is
incorrectly recreated for Baseline.
Refactors code in DFG OSR Exit to be easier to modify and
maintain by separating the switch cases for 32 and 64bits.

assembler/MacroAssemblerARMv7.h:

(JSC::MacroAssemblerARMv7::or8): Adds or8(TrustedImm, AbsoluteAddress)
(JSC::MacroAssemblerARMv7::or32):
(JSC::MacroAssemblerARMv7::store8):

assembler/MacroAssemblerMIPS.h:

(JSC::MacroAssemblerMIPS::or8): Adds or8(TrustedImm, AbsoluteAddress)
(JSC::MacroAssemblerMIPS::store8):

assembler/testmasm.cpp:

(JSC::testOrImmMem): Tests or8

bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitEnumeration):

dfg/DFGOSRExit.cpp:

(JSC::DFG::OSRExit::compileExit): Fixes DFG OSR Exit bug, where checkpoint temporary value is
incorrectly recreated for Baseline. Refactors code in DFG OSR Exit to be easier to modify and
maintain by separating the switch cases for 32 and 64bits.

jit/JIT.h:
jit/JITCall32_64.cpp:

(JSC::JIT::emitPutCallResult):
(JSC::JIT::compileSetupFrame):
(JSC::JIT::compileOpCall):
(JSC::JIT::emit_op_iterator_open):
(JSC::JIT::emitSlow_op_iterator_open):
(JSC::JIT::emit_op_iterator_next):
(JSC::JIT::emitSlow_op_iterator_next):

jit/JITInlines.h:

(JSC::JIT::emitJumpSlowCaseIfNotJSCell):

llint/LowLevelInterpreter32_64.asm:

Location:

trunk

Files:

: 15 edited

JSTests/ChangeLog (modified) (1 diff)
JSTests/stress/for-of-array-different-globals.js (modified) (1 diff)
JSTests/stress/for-of-iterator-open-osr-at-inlined-return-non-object.js (modified) (1 diff)
JSTests/stress/for-of-iterator-open-osr-at-iterator-set-local.js (modified) (1 diff)
JSTests/stress/for-of-iterator-open-return-non-object.js (modified) (1 diff)
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h (modified) (5 diffs)
Source/JavaScriptCore/assembler/MacroAssemblerMIPS.h (modified) (2 diffs)
Source/JavaScriptCore/assembler/testmasm.cpp (modified) (1 diff)
Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (1 diff)
Source/JavaScriptCore/dfg/DFGOSRExit.cpp (modified) (3 diffs)
Source/JavaScriptCore/jit/JIT.h (modified) (1 diff)
Source/JavaScriptCore/jit/JITCall32_64.cpp (modified) (7 diffs)
Source/JavaScriptCore/jit/JITInlines.h (modified) (2 diffs)
Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/JSTests/ChangeLog

-                      r265034
+                      r265036
+-07-29  Paulo Matos  <pmatos@igalia.com>
+        for..of intrinsics implementation for 32bits
+        https://bugs.webkit.org/show_bug.cgi?id=214737
+        Reviewed by Yusuke Suzuki.
+        Joint work with Caio Lima <ticaiolima@gmail.com>.
+        Unskip tests previously skipped due to missing for..of intrinsics.
+        * stress/for-of-array-different-globals.js:
+        * stress/for-of-iterator-open-osr-at-inlined-return-non-object.js:
+        * stress/for-of-iterator-open-osr-at-iterator-set-local.js:
+        * stress/for-of-iterator-open-return-non-object.js:
 -07-29  Yusuke Suzuki  <ysuzuki@apple.com>

trunk/JSTests/stress/for-of-array-different-globals.js

r260361	r265036
1		~~//@ skip if ["arm", "mips"].include?($architecture)~~
2	1	let count = 0;
3	2

trunk/JSTests/stress/for-of-iterator-open-osr-at-inlined-return-non-object.js

r264873	r265036
1		~~//@ skip if $model == "Apple Watch Series 3" # We are not supporting fast for-of for 32bit architecture.~~
2		~~//@ skip if ["arm", "mips"].include?($architecture)~~
3	1	let shouldVendNull = false;
4	2	function vendIterator() {

trunk/JSTests/stress/for-of-iterator-open-osr-at-iterator-set-local.js

r264873	r265036
1		~~//@ skip if $model == "Apple Watch Series 3" # We are not supporting fast for-of for 32bit architecture.~~
2		~~//@ skip if ["arm", "mips"].include?($architecture)~~
3	1	let shouldVendNull = false;
4	2	function vendIterator() {

trunk/JSTests/stress/for-of-iterator-open-return-non-object.js

r264873	r265036
1		~~//@ skip if $model == "Apple Watch Series 3" # We are not supporting fast for-of for 32bit architecture.~~
2		~~//@ skip if ["arm", "mips"].include?($architecture)~~
3	1	function vendIterator() {
4	2	return 1;

trunk/Source/JavaScriptCore/ChangeLog

-                      r265034
+                      r265036
+-07-29  Paulo Matos  <pmatos@igalia.com>
+        for..of intrinsics implementation for 32bits
+        https://bugs.webkit.org/show_bug.cgi?id=214737
+        Reviewed by Yusuke Suzuki.
+        Joint work with Caio Lima <ticaiolima@gmail.com>.
+        Implements for..of intrinsics for 32bits.
+        Adds or8 instruction to ARMv7 and MIPS Macro Assembler.
+        Adds intrinsic operations to LLInt and Baseline for 32bits.
+        Fixes DFG OSR Exit bug, where checkpoint temporary value is
+        incorrectly recreated for Baseline.
+        Refactors code in DFG OSR Exit to be easier to modify and
+        maintain by separating the switch cases for 32 and 64bits.
+        * assembler/MacroAssemblerARMv7.h:
+        (JSC::MacroAssemblerARMv7::or8): Adds or8(TrustedImm, AbsoluteAddress)
+        (JSC::MacroAssemblerARMv7::or32):
+        (JSC::MacroAssemblerARMv7::store8):
+        * assembler/MacroAssemblerMIPS.h:
+        (JSC::MacroAssemblerMIPS::or8): Adds or8(TrustedImm, AbsoluteAddress)
+        (JSC::MacroAssemblerMIPS::store8):
+        * assembler/testmasm.cpp:
+        (JSC::testOrImmMem): Tests or8
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitEnumeration):
+        * dfg/DFGOSRExit.cpp:
+        (JSC::DFG::OSRExit::compileExit): Fixes DFG OSR Exit bug, where checkpoint temporary value is
+        incorrectly recreated for Baseline. Refactors code in DFG OSR Exit to be easier to modify and
+        maintain by separating the switch cases for 32 and 64bits.
+        * jit/JIT.h:
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::emitPutCallResult):
+        (JSC::JIT::compileSetupFrame):
+        (JSC::JIT::compileOpCall):
+        (JSC::JIT::emit_op_iterator_open):
+        (JSC::JIT::emitSlow_op_iterator_open):
+        (JSC::JIT::emit_op_iterator_next):
+        (JSC::JIT::emitSlow_op_iterator_next):
+        * jit/JITInlines.h:
+        (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
+        * llint/LowLevelInterpreter32_64.asm:
 -07-29  Yusuke Suzuki  <ysuzuki@apple.com>

trunk/Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h

r264507	r265036
363	363	}
364	364
365		void or32(RegisterID src, RegisterID dest)
366		{
367		m_assembler.orr(dest, dest, src);
	365	void or8(TrustedImm32 imm, AbsoluteAddress address)
	366	{
	367	ARMThumbImmediate armImm = ARMThumbImmediate::makeEncodedImm(imm.m_value);
	368	if (armImm.isValid()) {
	369	move(TrustedImmPtr(address.m_ptr), addressTempRegister);
	370	load8(addressTempRegister, dataTempRegister);
	371	m_assembler.orr(dataTempRegister, dataTempRegister, armImm);
	372	store8(dataTempRegister, addressTempRegister);
	373	} else {
	374	move(TrustedImmPtr(address.m_ptr), addressTempRegister);
	375	load8(addressTempRegister, dataTempRegister);
	376	move(imm, addressTempRegister);
	377	m_assembler.orr(dataTempRegister, dataTempRegister, addressTempRegister);
	378	move(TrustedImmPtr(address.m_ptr), addressTempRegister);
	379	store8(dataTempRegister, addressTempRegister);
	380	}
368	381	}
369	382
…	…
385	398	}
386	399	}
387
	400
	401	void or32(RegisterID src, RegisterID dest)
	402	{
	403	m_assembler.orr(dest, dest, src);
	404	}
	405
388	406	void or32(RegisterID src, AbsoluteAddress dest)
389	407	{
…	…
898	916	}
899	917
900		void store8(RegisterID src, void* address)
	918	void store8(RegisterID src, const void *address)
901	919	{
902	920	move(TrustedImmPtr(address), addressTempRegister);
…	…
904	922	}
905	923
906		void store8(TrustedImm32 imm, void* address)
	924	void store8(TrustedImm32 imm, const void *address)
907	925	{
908	926	TrustedImm32 imm8(static_cast<int8_t>(imm.m_value));
…	…
918	936	}
919	937
	938	void store8(RegisterID src, RegisterID addrreg)
	939	{
	940	store8(src, ArmAddress(addrreg, 0));
	941	}
	942
920	943	void store16(RegisterID src, ImplicitAddress address)
921	944	{

trunk/Source/JavaScriptCore/assembler/MacroAssemblerMIPS.h

-                      r264507
+                      r265036
+    }
+    void or8(TrustedImm32 imm, AbsoluteAddress dest)
+    {
+        if (!imm.m_value && !m_fixedWidth)
+            return;
+        if (m_fixedWidth) {
+            load8(dest.m_ptr, immTempRegister);
+            or32(imm, immTempRegister);
+            store8(immTempRegister, dest.m_ptr);
+        } else {
+            uintptr_t adr = reinterpret_cast<uintptr_t>(dest.m_ptr);
+            m_assembler.lui(addrTempRegister, (adr + 0x8000) >> 16);
+            m_assembler.lbu(immTempRegister, addrTempRegister, adr & 0xffff);
+            or32(imm, immTempRegister);
+            m_assembler.sb(immTempRegister, addrTempRegister, adr & 0xffff);
+        }
+    }
     void or16(TrustedImm32 imm, AbsoluteAddress dest)
+    {
 …
+    }
     void store8(RegisterID src, void* address)
+    void store8(RegisterID src, const void* address)
+    {
         if (m_fixedWidth) {

trunk/Source/JavaScriptCore/assembler/testmasm.cpp

-                      r264507
+                      r265036
     memoryLocation = 0x12341234;
+    auto or8 = compile([&] (CCallHelpers& jit) {
+        emitFunctionPrologue(jit);
+        jit.or8(CCallHelpers::TrustedImm32(42), CCallHelpers::AbsoluteAddress(&memoryLocation));
+        emitFunctionEpilogue(jit);
+        jit.ret();
+    });
+    invoke<void>(or8);
+    CHECK_EQ(memoryLocation, 0x12341234 | 42);
+    memoryLocation = 0x12341234;
     auto or16InvalidLogicalImmInARM64 = compile([&] (CCallHelpers& jit) {
         emitFunctionPrologue(jit);

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

r264809	r265036
4190	4190	void BytecodeGenerator::emitEnumeration(ThrowableExpressionData* node, ExpressionNode* subjectNode, const ScopedLambda<void(BytecodeGenerator&, RegisterID)>& callBack, ForOfNode forLoopNode, RegisterID* forLoopSymbolTable)
4191	4191	{
4192		if (!Options::useIterationIntrinsics() \|\| ~~is32Bit() \|\|~~ (forLoopNode && forLoopNode->isForAwait())) {
	4192	if (!Options::useIterationIntrinsics() \|\| (forLoopNode && forLoopNode->isForAwait())) {
4193	4193	emitGenericEnumeration(node, subjectNode, callBack, forLoopNode, forLoopSymbolTable);
4194	4194	return;

trunk/Source/JavaScriptCore/dfg/DFGOSRExit.cpp

-                      r264929
+                      r265036
                     // FIXME: We should do what the FTL does and materialize all the JSValues into the scratch buffer.
                     switch (recovery.technique()) {
                     case Constant:
                         sideState->tmps[i] = recovery.constant();
                         break;
+#if USE(JSVALUE64)
                     case UnboxedInt32InGPR:
                     case Int32DisplacedInJSStack: {
 …
+                    }
-#if USE(JSVALUE32_64)
-                    case InPair:
-#endif
-                    case InGPR:
                     case BooleanDisplacedInJSStack:
                     case CellDisplacedInJSStack:
+                    case UnboxedCellInGPR:
+                    case InGPR:
                     case DisplacedInJSStack: {
                         sideState->tmps[i] = reinterpret_cast<JSValue*>(tmpScratch)[i + tmpOffset];
 …
+                    }
-                    case UnboxedCellInGPR: {
-#if USE(JSVALUE64)
-                        sideState->tmps[i] = reinterpret_cast<JSValue*>(tmpScratch)[i + tmpOffset];
-#else
-                        EncodedValueDescriptor* valueDescriptor = bitwise_cast<EncodedValueDescriptor*>(tmpScratch + i + tmpOffset);
-                        sideState->tmps[i] = JSValue(JSValue::CellTag, valueDescriptor->asBits.payload);
-#endif
-                        break;
+                    }
                     case UnboxedBooleanInGPR: {
                         sideState->tmps[i] = jsBoolean(static_cast<bool>(tmpScratch[i + tmpOffset]));
                         break;
+                    }
+#else // USE(JSVALUE32_64)
+                    case UnboxedInt32InGPR:
+                    case Int32DisplacedInJSStack: {
+                        sideState->tmps[i] = jsNumber(static_cast<int32_t>(tmpScratch[i + tmpOffset]));
+                        break;
+                    }
+                    case InPair:
+                    case DisplacedInJSStack: {
+                        sideState->tmps[i] = reinterpret_cast<JSValue*>(tmpScratch)[i + tmpOffset];
+                        break;
+                    }
+                    case CellDisplacedInJSStack:
+                    case UnboxedCellInGPR: {
+                        EncodedValueDescriptor* valueDescriptor = bitwise_cast<EncodedValueDescriptor*>(tmpScratch + i + tmpOffset);
+                        sideState->tmps[i] = JSValue(JSValue::CellTag, valueDescriptor->asBits.payload);
+                        break;
+                    }
+                    case BooleanDisplacedInJSStack:
+                    case UnboxedBooleanInGPR: {
+                        sideState->tmps[i] = jsBoolean(static_cast<bool>(tmpScratch[i + tmpOffset]));
+                        break;
+                    }
+#endif // USE(JSVALUE64)
                     default:

trunk/Source/JavaScriptCore/jit/JIT.h

r265000	r265036
444	444	void emitJumpSlowCaseIfNotJSCell(VirtualRegister);
445	445	void emitJumpSlowCaseIfNotJSCell(VirtualRegister, RegisterID tag);
	446	void emitJumpSlowCaseIfNotJSCell(RegisterID);
446	447
447	448	void compileGetByIdHotPath(const Identifier*);

trunk/Source/JavaScriptCore/jit/JITCall32_64.cpp

-                      r260323
+                      r265036
 /*
+ * Copyright (C) 2020 Igalia, S.L. All rights reserved.
+ * Copyright (C) 2020 Metrological Group B.V.
  * Copyright (C) 2008-2019 Apple Inc. All rights reserved.
+ *
 …
 #include "JIT.h"
+#include "CacheableIdentifierInlines.h"
 #include "CodeBlock.h"
 #include "Interpreter.h"
 …
 #include "ResultType.h"
 #include "SetupVarargsFrame.h"
+#include "SlowPathCall.h"
 #include "StackAlignment.h"
 #include "ThunkGenerators.h"
 …
+{
     emitValueProfilingSite(bytecode.metadata(m_codeBlock));
     emitStore(bytecode.m_dst, regT1, regT0);
+    emitStore(destinationFor(bytecode, m_bytecodeIndex.checkpoint()).virtualRegister(), regT1, regT0);
+}
 …
 JIT::compileSetupFrame(const Op& bytecode, CallLinkInfo*)
+{
+    unsigned checkpoint = m_bytecodeIndex.checkpoint();
     auto& metadata = bytecode.metadata(m_codeBlock);
     int argCount = bytecode.m_argc;
     int registerOffset = -static_cast<int>(bytecode.m_argv);
+    int argCount = argumentCountIncludingThisFor(bytecode, checkpoint);
+    int registerOffset = -static_cast<int>(stackOffsetInRegistersForCall(bytecode, checkpoint));
     if (Op::opcodeID == op_call && shouldEmitProfiling()) {
 …
     OpcodeID opcodeID = Op::opcodeID;
     auto bytecode = instruction->as<Op>();
     VirtualRegister callee = bytecode.m_callee;
+    VirtualRegister callee = calleeFor(bytecode, m_bytecodeIndex.checkpoint());
     /* Caller always:
 …
+}
+void JIT::emit_op_iterator_open(const Instruction*)
+{
+    UNREACHABLE_FOR_PLATFORM();
+}
+void JIT::emitSlow_op_iterator_open(const Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    UNREACHABLE_FOR_PLATFORM();
+}
+void JIT::emit_op_iterator_next(const Instruction*)
+{
+    UNREACHABLE_FOR_PLATFORM();
+}
+void JIT::emitSlow_op_iterator_next(const Instruction*, Vector<SlowCaseEntry>::iterator&)
+{
+    UNREACHABLE_FOR_PLATFORM();
+void JIT::emit_op_iterator_open(const Instruction* instruction)
+{
+    auto bytecode = instruction->as<OpIteratorOpen>();
+    auto* tryFastFunction = ([&] () {
+        switch (instruction->width()) {
+        case Narrow: return iterator_open_try_fast_narrow;
+        case Wide16: return iterator_open_try_fast_wide16;
+        case Wide32: return iterator_open_try_fast_wide32;
+        default: RELEASE_ASSERT_NOT_REACHED();
+        }
+    })();
+    JITSlowPathCall slowPathCall(this, instruction, tryFastFunction);
+    slowPathCall.call();
+    Jump fastCase = branch32(NotEqual, GPRInfo::returnValueGPR2, TrustedImm32(static_cast<uint32_t>(IterationMode::Generic)));
+    compileOpCall<OpIteratorOpen>(instruction, m_callLinkInfoIndex++);
+    VirtualRegister vr = destinationFor(bytecode, m_bytecodeIndex.checkpoint()).virtualRegister();
+    advanceToNextCheckpoint();
+    // call result (iterator) is in regT1 (tag)/regT0 (payload)
+    const Identifier* ident = &vm().propertyNames->next;
+    emitJumpSlowCaseIfNotJSCell(vr, regT1);
+    GPRReg tagIteratorGPR = regT1;
+    GPRReg payloadIteratorGPR = regT0;
+    GPRReg tagNextGPR = tagIteratorGPR;
+    GPRReg payloadNextGPR = payloadIteratorGPR;
+    JITGetByIdGenerator gen(
+        m_codeBlock,
+        CodeOrigin(m_bytecodeIndex),
+        CallSiteIndex(BytecodeIndex(m_bytecodeIndex.offset())),
+        RegisterSet::stubUnavailableRegisters(),
+        CacheableIdentifier::createFromImmortalIdentifier(ident->impl()),
+        JSValueRegs(tagIteratorGPR, payloadIteratorGPR),
+        JSValueRegs(tagNextGPR, payloadNextGPR),
+        AccessType::GetById);
+    gen.generateFastPath(*this);
+    addSlowCase(gen.slowPathJump());
+    m_getByIds.append(gen);
+    emitValueProfilingSite(bytecode.metadata(m_codeBlock));
+    emitPutVirtualRegister(bytecode.m_next, JSValueRegs(tagNextGPR, payloadNextGPR));
+    fastCase.link(this);
+}
+void JIT::emitSlow_op_iterator_open(const Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkAllSlowCases(iter);
+    compileOpCallSlowCase<OpIteratorOpen>(instruction, iter, m_callLinkInfoIndex++);
+    emitJumpSlowToHotForCheckpoint(jump());
+    linkAllSlowCases(iter);
+    GPRReg tagIteratorGPR = regT1;
+    GPRReg payloadIteratorGPR = regT0;
+    JumpList notObject;
+    notObject.append(branchIfNotCell(tagIteratorGPR));
+    notObject.append(branchIfNotObject(payloadIteratorGPR));
+    auto bytecode = instruction->as<OpIteratorOpen>();
+    VirtualRegister nextVReg = bytecode.m_next;
+    UniquedStringImpl* ident = vm().propertyNames->next.impl();
+    JITGetByIdGenerator& gen = m_getByIds[m_getByIdIndex++];
+    Label coldPathBegin = label();
+    Call call = callOperationWithProfile(
+        bytecode.metadata(m_codeBlock), // metadata
+        operationGetByIdOptimize, // operation
+        nextVReg, // result
+        TrustedImmPtr(m_codeBlock->globalObject()), // arg1
+        gen.stubInfo(), // arg2
+        JSValueRegs(tagIteratorGPR, payloadIteratorGPR), // arg3
+        CacheableIdentifier::createFromImmortalIdentifier(ident).rawBits()); // arg4
+    gen.reportSlowPathCall(coldPathBegin, call);
+    auto done = jump();
+    notObject.link(this);
+    callOperation(operationThrowIteratorResultIsNotObject, TrustedImmPtr(m_codeBlock->globalObject()));
+    done.link(this);
+}
+void JIT::emit_op_iterator_next(const Instruction* instruction)
+{
+    auto bytecode = instruction->as<OpIteratorNext>();
+    auto& metadata = bytecode.metadata(m_codeBlock);
+    auto* tryFastFunction = ([&] () {
+        switch (instruction->width()) {
+        case Narrow: return iterator_next_try_fast_narrow;
+        case Wide16: return iterator_next_try_fast_wide16;
+        case Wide32: return iterator_next_try_fast_wide32;
+        default: RELEASE_ASSERT_NOT_REACHED();
+        }
+    })();
+    JSValueRegs nextRegs(regT1, regT0);
+    emitGetVirtualRegister(bytecode.m_next, nextRegs);
+    Jump genericCase = branchIfNotEmpty(nextRegs);
+    JITSlowPathCall slowPathCall(this, instruction, tryFastFunction);
+    slowPathCall.call();
+    Jump fastCase = branch32(NotEqual, GPRInfo::returnValueGPR2, TrustedImm32(static_cast<uint32_t>(IterationMode::Generic)));
+    genericCase.link(this);
+    or8(TrustedImm32(static_cast<uint8_t>(IterationMode::Generic)), AbsoluteAddress(&metadata.m_iterationMetadata.seenModes));
+    compileOpCall<OpIteratorNext>(instruction, m_callLinkInfoIndex++);
+    advanceToNextCheckpoint();
+    // call result ({ done, value } JSObject) in regT1, regT0
+    GPRReg tagValueGPR = regT1;
+    GPRReg payloadValueGPR = regT0;
+    GPRReg tagDoneGPR = regT5;
+    GPRReg payloadDoneGPR = regT4;
+    {
+        GPRReg tagIterResultGPR = regT3;
+        GPRReg payloadIterResultGPR = regT2;
+        // iterResultGPR will get trashed by the first get by id below.
+        move(regT1, tagIterResultGPR);
+        move(regT0, payloadIterResultGPR);
+        emitJumpSlowCaseIfNotJSCell(tagIterResultGPR);
+        RegisterSet preservedRegs = RegisterSet::stubUnavailableRegisters();
+        preservedRegs.add(tagValueGPR);
+        preservedRegs.add(payloadValueGPR);
+        JITGetByIdGenerator gen(
+            m_codeBlock,
+            CodeOrigin(m_bytecodeIndex),
+            CallSiteIndex(BytecodeIndex(m_bytecodeIndex.offset())),
+            preservedRegs,
+            CacheableIdentifier::createFromImmortalIdentifier(vm().propertyNames->done.impl()),
+            JSValueRegs(tagIterResultGPR, payloadIterResultGPR),
+            JSValueRegs(tagDoneGPR, payloadDoneGPR),
+            AccessType::GetById);
+        gen.generateFastPath(*this);
+        addSlowCase(gen.slowPathJump());
+        m_getByIds.append(gen);
+        emitValueProfilingSite(metadata);
+        emitPutVirtualRegister(bytecode.m_done, JSValueRegs(tagDoneGPR, payloadDoneGPR));
+        advanceToNextCheckpoint();
+    }
+    {
+        GPRReg tagIterResultGPR = regT1;
+        GPRReg payloadIterResultGPR = regT0;
+        GPRReg scratch1 = regT6;
+        GPRReg scratch2 = regT7;
+        const bool shouldCheckMasqueradesAsUndefined = false;
+        JumpList iterationDone = branchIfTruthy(vm(), JSValueRegs(tagDoneGPR, payloadDoneGPR), scratch1, scratch2, fpRegT0, fpRegT1, shouldCheckMasqueradesAsUndefined, m_codeBlock->globalObject());
+        JITGetByIdGenerator gen(
+            m_codeBlock,
+            CodeOrigin(m_bytecodeIndex),
+            CallSiteIndex(BytecodeIndex(m_bytecodeIndex.offset())),
+            RegisterSet::stubUnavailableRegisters(),
+            CacheableIdentifier::createFromImmortalIdentifier(vm().propertyNames->value.impl()),
+            JSValueRegs(tagIterResultGPR, payloadIterResultGPR),
+            JSValueRegs(tagValueGPR, payloadValueGPR),
+            AccessType::GetById);
+        gen.generateFastPath(*this);
+        addSlowCase(gen.slowPathJump());
+        m_getByIds.append(gen);
+        emitValueProfilingSite(metadata);
+        emitPutVirtualRegister(bytecode.m_value, JSValueRegs(tagValueGPR, payloadValueGPR));
+        iterationDone.link(this);
+    }
+    fastCase.link(this);
+}
+void JIT::emitSlow_op_iterator_next(const Instruction* instruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    linkAllSlowCases(iter);
+    compileOpCallSlowCase<OpIteratorNext>(instruction, iter, m_callLinkInfoIndex++);
+    emitJumpSlowToHotForCheckpoint(jump());
+    auto bytecode = instruction->as<OpIteratorNext>();
+    {
+        VirtualRegister doneVReg = bytecode.m_done;
+        GPRReg tagValueGPR = regT1;
+        GPRReg payloadValueGPR = regT0;
+        GPRReg tagIterResultGPR = regT3;
+        GPRReg payloadIterResultGPR = regT2;
+        GPRReg tagDoneGPR = regT5;
+        GPRReg payloadDoneGPR = regT4;
+        linkAllSlowCases(iter);
+        JumpList notObject;
+        notObject.append(branchIfNotCell(tagIterResultGPR));
+        notObject.append(branchIfNotObject(payloadIterResultGPR));
+        UniquedStringImpl* ident = vm().propertyNames->done.impl();
+        JITGetByIdGenerator& gen = m_getByIds[m_getByIdIndex++];
+        Label coldPathBegin = label();
+        Call call = callOperationWithProfile(
+            bytecode.metadata(m_codeBlock), // metadata
+            operationGetByIdOptimize, // operation
+            doneVReg, // result
+            TrustedImmPtr(m_codeBlock->globalObject()), // arg1
+            gen.stubInfo(), // arg2
+            JSValueRegs(tagIterResultGPR, payloadIterResultGPR), // arg3
+            CacheableIdentifier::createFromImmortalIdentifier(ident).rawBits()); // arg4
+        gen.reportSlowPathCall(coldPathBegin, call);
+        emitGetVirtualRegister(doneVReg, JSValueRegs(tagDoneGPR, payloadDoneGPR));
+        emitGetVirtualRegister(bytecode.m_value, JSValueRegs(tagValueGPR, payloadValueGPR));
+        emitJumpSlowToHotForCheckpoint(jump());
+        notObject.link(this);
+        callOperation(operationThrowIteratorResultIsNotObject, TrustedImmPtr(m_codeBlock->globalObject()));
+    }
+    {
+        GPRReg tagIterResultGPR = regT1;
+        GPRReg payloadIterResultGPR = regT0;
+        linkAllSlowCases(iter);
+        VirtualRegister valueVReg = bytecode.m_value;
+        UniquedStringImpl* ident = vm().propertyNames->value.impl();
+        JITGetByIdGenerator& gen = m_getByIds[m_getByIdIndex++];
+        Label coldPathBegin = label();
+        Call call = callOperationWithProfile(
+            bytecode.metadata(m_codeBlock), // metadata
+            operationGetByIdOptimize, // operation
+            valueVReg, // result
+            TrustedImmPtr(m_codeBlock->globalObject()), // arg1
+            gen.stubInfo(), // arg2
+            JSValueRegs(tagIterResultGPR, payloadIterResultGPR), // arg3
+            CacheableIdentifier::createFromImmortalIdentifier(ident).rawBits()); // arg4
+        gen.reportSlowPathCall(coldPathBegin, call);
+    }
+}

trunk/Source/JavaScriptCore/jit/JITInlines.h

-                      r262613
+                      r265036
+}
-ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg)
+{
-    addSlowCase(branchIfNotCell(reg));
+}
 ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg, VirtualRegister vReg)
+{
 …
 #endif // USE(JSVALUE32_64)
+ALWAYS_INLINE void JIT::emitJumpSlowCaseIfNotJSCell(RegisterID reg)
+{
+    addSlowCase(branchIfNotCell(reg));
+}
 ALWAYS_INLINE int JIT::jumpTarget(const Instruction* instruction, int target)

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm

-                      r264758
+                      r265036
 end
+# loadVariable loads the value of field fieldName using macro get
+# into register tagReg and payloadReg
+# Clobbers: indexReg
 macro loadVariable(get, fieldName, indexReg, tagReg, payloadReg)
     get(fieldName, indexReg)
 …
 macro valueProfile(opcodeStruct, profileName, metadata, tag, payload)
     storei tag, %opcodeStruct%::Metadata::m_profile.m_buckets + TagOffset[metadata]
+    storei tag, %opcodeStruct%::Metadata::%profileName%.m_buckets + TagOffset[metadata]
     storei payload, %opcodeStruct%::Metadata::%profileName%.m_buckets + PayloadOffset[metadata]
 end
 …
 end)
+# Assumption: The base object is in t3
+# FIXME: this is very close to the 64bit version. Consider refactoring.
+macro performGetByIDHelper(opcodeStruct, modeMetadataName, valueProfileName, slowLabel, size, metadata, return)
+    metadata(t2, t1)
+    loadb %opcodeStruct%::Metadata::%modeMetadataName%.mode[t2], t1
+.opGetByIdDefault:
+    bbneq t1, constexpr GetByIdMode::Default, .opGetByIdProtoLoad
+    loadi JSCell::m_structureID[t3], t1 # assumes base object in t3
+    loadi %opcodeStruct%::Metadata::%modeMetadataName%.defaultMode.structureID[t2], t0
+    bineq t0, t1, slowLabel
+    loadis %opcodeStruct%::Metadata::%modeMetadataName%.defaultMode.cachedOffset[t2], t1
+    loadPropertyAtVariableOffset(t1, t3, t0, t1)
+    valueProfile(opcodeStruct, valueProfileName, t2, t0, t1)
+    return(t0, t1)
+.opGetByIdProtoLoad:
+    bbneq t1, constexpr GetByIdMode::ProtoLoad, .opGetByIdArrayLength
+    loadi JSCell::m_structureID[t3], t1
+    loadi %opcodeStruct%::Metadata::%modeMetadataName%.protoLoadMode.structureID[t2], t3
+    bineq t3, t1, slowLabel
+    loadis %opcodeStruct%::Metadata::%modeMetadataName%.protoLoadMode.cachedOffset[t2], t1
+    loadp %opcodeStruct%::Metadata::%modeMetadataName%.protoLoadMode.cachedSlot[t2], t3
+    loadPropertyAtVariableOffset(t1, t3, t0, t1)
+    valueProfile(opcodeStruct, valueProfileName, t2, t0, t1)
+    return(t0, t1)
+.opGetByIdArrayLength:
+    bbneq t1, constexpr GetByIdMode::ArrayLength, .opGetByIdUnset
+    move t3, t0
+    arrayProfile(%opcodeStruct%::Metadata::%modeMetadataName%.arrayLengthMode.arrayProfile, t0, t2, t5)
+    btiz t0, IsArray, slowLabel
+    btiz t0, IndexingShapeMask, slowLabel
+    loadp JSObject::m_butterfly[t3], t0
+    loadi -sizeof IndexingHeader + IndexingHeader::u.lengths.publicLength[t0], t0
+    bilt t0, 0, slowLabel
+    valueProfile(opcodeStruct, valueProfileName, t2, Int32Tag, t0)
+    return(Int32Tag, t0)
+.opGetByIdUnset:
+    loadi JSCell::m_structureID[t3], t1
+    loadi %opcodeStruct%::Metadata::%modeMetadataName%.unsetMode.structureID[t2], t0
+    bineq t0, t1, slowLabel
+    valueProfile(opcodeStruct, valueProfileName, t2, UndefinedTag, 0)
+    return(UndefinedTag, 0)
+end
 llintOpWithMetadata(op_get_by_id, OpGetById, macro (size, get, dispatch, metadata, return)
 …
 end
+macro callHelper(opcodeName, slowPath, opcodeStruct, valueProfileName, dstVirtualRegister, prepareCall, size, dispatch, metadata, getCallee, getArgumentStart, getArgumentCountIncludingThis)
+    metadata(t5, t0)
+    getCallee(t0)
+    loadp %opcodeStruct%::Metadata::m_callLinkInfo.m_calleeOrLastSeenCalleeWithLinkBit[t5], t2
+    loadConstantOrVariablePayload(size, t0, CellTag, t3, .opCallSlow)
+    bineq t3, t2, .opCallSlow
+    getArgumentStart(t3)
+    lshifti 3, t3
+    negi t3
+    addp cfr, t3  # t3 contains the new value of cfr
+    storei t2, Callee + PayloadOffset[t3]
+    getArgumentCountIncludingThis(t2)
+    storei PC, ArgumentCountIncludingThis + TagOffset[cfr]
+    storei t2, ArgumentCountIncludingThis + PayloadOffset[t3]
+    storei CellTag, Callee + TagOffset[t3]
+    move t3, sp
+    prepareCall(%opcodeStruct%::Metadata::m_callLinkInfo.m_machineCodeTarget[t5], t2, t3, t4, JSEntryPtrTag)
+    callTargetFunction(opcodeName, size, opcodeStruct, valueProfileName, dstVirtualRegister, dispatch, %opcodeStruct%::Metadata::m_callLinkInfo.m_machineCodeTarget[t5], JSEntryPtrTag)
+.opCallSlow:
+    slowPathForCall(opcodeName, size, opcodeStruct, valueProfileName, dstVirtualRegister, dispatch, slowPath, prepareCall)
+end
 macro commonCallOp(opcodeName, slowPath, opcodeStruct, prepareCall, prologue)
     llintOpWithMetadata(opcodeName, opcodeStruct, macro (size, get, dispatch, metadata, return)
 …
         end, metadata)
+        get(m_callee, t0)
+        loadp %opcodeStruct%::Metadata::m_callLinkInfo.m_calleeOrLastSeenCalleeWithLinkBit[t5], t2
+        loadConstantOrVariablePayload(size, t0, CellTag, t3, .opCallSlow)
+        bineq t3, t2, .opCallSlow
+        getu(size, opcodeStruct, m_argv, t3)
+        lshifti 3, t3
+        negi t3
+        addp cfr, t3  # t3 contains the new value of cfr
+        storei t2, Callee + PayloadOffset[t3]
+        getu(size, opcodeStruct, m_argc, t2)
+        storei PC, ArgumentCountIncludingThis + TagOffset[cfr]
+        storei t2, ArgumentCountIncludingThis + PayloadOffset[t3]
+        storei CellTag, Callee + TagOffset[t3]
+        move t3, sp
+        prepareCall(%opcodeStruct%::Metadata::m_callLinkInfo.m_machineCodeTarget[t5], t2, t3, t4, JSEntryPtrTag)
+        callTargetFunction(opcodeName, size, opcodeStruct, m_profile, m_dst, dispatch, %opcodeStruct%::Metadata::m_callLinkInfo.m_machineCodeTarget[t5], JSEntryPtrTag)
+    .opCallSlow:
+        slowPathForCall(opcodeName, size, opcodeStruct, m_profile, m_dst, dispatch, slowPath, prepareCall)
+        macro getCallee(dst)
+           get(m_callee, t0)
+        end
+        macro getArgumentStart(dst)
+            getu(size, opcodeStruct, m_argv, dst)
+        end
+        macro getArgumentCount(dst)
+            getu(size, opcodeStruct, m_argc, dst)
+        end
+        callHelper(opcodeName, slowPath, opcodeStruct, m_profile, m_dst, prepareCall, size, dispatch, metadata, getCallee, getArgumentStart, getArgumentCount)
     end)
 end
 …
 end)
+llintOp(op_iterator_open, OpIteratorOpen, macro (size, get, dispatch)
+    defineOSRExitReturnLabel(op_iterator_open, size)
+    break
+    if C_LOOP or C_LOOP_WIN
+        # Insert superflous call return labels for Cloop.
+        cloopCallJSFunction a0 # symbolIterator
+        cloopCallJSFunction a0 # get next
+    end
+end)
+llintOp(op_iterator_next, OpIteratorNext, macro (size, get, dispatch)
+    defineOSRExitReturnLabel(op_iterator_next, size)
+    break
+    if C_LOOP or C_LOOP_WIN
+        # Insert superflous call return labels for Cloop.
+        # FIXME: Not sure why two are only needed...
+        cloopCallJSFunction a0 # next
+        cloopCallJSFunction a0 # get done
+    end
+llintOpWithMetadata(op_iterator_open, OpIteratorOpen, macro (size, get, dispatch, metadata, return)
+    macro fastNarrow()
+        callSlowPath(_iterator_open_try_fast_narrow)
+    end
+    macro fastWide16()
+        callSlowPath(_iterator_open_try_fast_wide16)
+    end
+    macro fastWide32()
+        callSlowPath(_iterator_open_try_fast_wide32)
+    end
+    size(fastNarrow, fastWide16, fastWide32, macro (callOp) callOp() end)
+    # FIXME: We should do this with inline assembly since it's the "fast" case.
+    bbeq r1, constexpr IterationMode::Generic, .iteratorOpenGeneric
+    dispatch()
+.iteratorOpenGeneric:
+    macro gotoGetByIdCheckpoint()
+        jmp .getByIdStart
+    end
+    macro getCallee(dst)
+        get(m_symbolIterator, dst)
+    end
+    macro getArgumentIncludingThisStart(dst)
+        getu(size, OpIteratorOpen, m_stackOffset, dst)
+    end
+    macro getArgumentIncludingThisCount(dst)
+        move 1, dst
+    end
+    callHelper(op_iterator_open, _llint_slow_path_iterator_open_call, OpIteratorOpen, m_iteratorProfile, m_iterator, prepareForRegularCall, size, gotoGetByIdCheckpoint, metadata, getCallee, getArgumentIncludingThisStart, getArgumentIncludingThisCount)
+.getByIdStart:
+    macro storeNextAndDispatch(valueTag, valuePayload)
+        move valueTag, t2
+        move valuePayload, t3
+        get(m_next, t1)
+        storei t2, TagOffset[cfr, t1, 8]
+        storei t3, PayloadOffset[cfr, t1, 8]
+        dispatch()
+    end
+    # We need to load m_iterator into t3 because that's where
+    # performGetByIDHelper expects the base object
+    loadVariable(get, m_iterator, t3, t0, t3)
+    bineq t0, CellTag, .iteratorOpenGenericGetNextSlow
+    performGetByIDHelper(OpIteratorOpen, m_modeMetadata, m_nextProfile, .iteratorOpenGenericGetNextSlow, size, metadata, storeNextAndDispatch)
+.iteratorOpenGenericGetNextSlow:
+    callSlowPath(_llint_slow_path_iterator_open_get_next)
+    dispatch()
+end)
+llintOpWithMetadata(op_iterator_next, OpIteratorNext, macro (size, get, dispatch, metadata, return)
+    loadVariable(get, m_next, t0, t1, t0)
+    bieq t1, UndefinedTag, .iteratorNextGeneric
+    btinz t0, .iteratorNextGeneric
+    macro fastNarrow()
+        callSlowPath(_iterator_next_try_fast_narrow)
+    end
+    macro fastWide16()
+        callSlowPath(_iterator_next_try_fast_wide16)
+    end
+    macro fastWide32()
+        callSlowPath(_iterator_next_try_fast_wide32)
+    end
+    size(fastNarrow, fastWide16, fastWide32, macro (callOp) callOp() end)
+    # FIXME: We should do this with inline assembly since it's the "fast" case.
+    bbeq r1, constexpr IterationMode::Generic, .iteratorNextGeneric
+    dispatch()
+.iteratorNextGeneric:
+    macro gotoGetDoneCheckpoint()
+        jmp .getDoneStart
+    end
+    macro getCallee(dst)
+        get(m_next, dst)
+    end
+    macro getArgumentIncludingThisStart(dst)
+        getu(size, OpIteratorNext, m_stackOffset, dst)
+    end
+    macro getArgumentIncludingThisCount(dst)
+        move 1, dst
+    end
+    # Use m_value slot as a tmp since we are going to write to it later.
+    callHelper(op_iterator_next, _llint_slow_path_iterator_next_call, OpIteratorNext, m_nextResultProfile, m_value, prepareForRegularCall, size, gotoGetDoneCheckpoint, metadata, getCallee, getArgumentIncludingThisStart, getArgumentIncludingThisCount)
+.getDoneStart:
+    macro storeDoneAndJmpToGetValue(doneValueTag, doneValuePayload)
+        move doneValueTag, t0
+        move doneValuePayload, t1
+        get(m_done, t2)
+        storei t0, TagOffset[cfr, t2, 8]
+        storei t1, PayloadOffset[cfr, t2, 8]
+        jmp .getValueStart
+    end
+    loadVariable(get, m_value, t3, t0, t3)
+    bineq t0, CellTag, .getDoneSlow
+    performGetByIDHelper(OpIteratorNext, m_doneModeMetadata, m_doneProfile, .getDoneSlow, size, metadata, storeDoneAndJmpToGetValue)
+.getDoneSlow:
+    callSlowPath(_llint_slow_path_iterator_next_get_done)
+    branchIfException(_llint_throw_from_slow_path_trampoline)
+    loadVariable(get, m_done, t1, t0, t1)
+    # storeDoneAndJmpToGetValue puts the doneValue into t0
+.getValueStart:
+    # In 32 bits, following slow path if tags is not null, undefined, int32, boolean.
+    # These satisfy the mask ~0x3.
+    # Therefore if the mask is _not_ satisfied, we branch to the slow case.
+    btinz t0, ~0x3, .getValueSlow
+    btiz t1, 0x1, .notDone
+    dispatch()
+.notDone:
+    macro storeValueAndDispatch(vTag, vPayload)
+        move vTag, t2
+        move vPayload, t3
+        get(m_value, t1)
+        storei t2, TagOffset[cfr, t1, 8]
+        storei t3, PayloadOffset[cfr, t1, 8]
+        checkStackPointerAlignment(t0, 0xbaddb01e)
+        dispatch()
+    end
+    # Reload the next result tmp since the get_by_id above may have clobbered t3.
+    loadVariable(get, m_value, t3, t0, t3)
+    # We don't need to check if the iterator result is a cell here since we will have thrown an error before.
+    performGetByIDHelper(OpIteratorNext, m_valueModeMetadata, m_valueProfile, .getValueSlow, size, metadata, storeValueAndDispatch)
+.getValueSlow:
+    callSlowPath(_llint_slow_path_iterator_next_get_value)
+    dispatch()
 end)

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 265036 in webkit

Legend:

Download in other formats: