Changeset 89861 in webkit

Timestamp:

Jun 27, 2011 2:38:09 PM (13 years ago)

Author:

commit-queue@webkit.org

Message:

2011-06-27 Filip Pizlo <​fpizlo@apple.com>

Reviewed by Gavin Barraclough.

DFG JIT does not perform put_by_id caching.
​https://bugs.webkit.org/show_bug.cgi?id=63409

• bytecode/StructureStubInfo.h:
• dfg/DFGJITCodeGenerator.cpp: (JSC::DFG::JITCodeGenerator::cachedPutById):
• dfg/DFGJITCodeGenerator.h:
• dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::compileFunction):
• dfg/DFGJITCompiler.h: (JSC::DFG::JITCompiler::addPropertyAccess): (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
• dfg/DFGNonSpeculativeJIT.cpp: (JSC::DFG::NonSpeculativeJIT::compile):
• dfg/DFGOperations.cpp:
• dfg/DFGOperations.h:
• dfg/DFGRepatch.cpp: (JSC::DFG::dfgRepatchByIdSelfAccess): (JSC::DFG::tryCacheGetByID): (JSC::DFG::appropriatePutByIdFunction): (JSC::DFG::tryCachePutByID): (JSC::DFG::dfgRepatchPutByID):
• dfg/DFGRepatch.h:
• dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compile):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• bytecode/StructureStubInfo.h (modified) (1 diff)
• dfg/DFGJITCodeGenerator.cpp (modified) (1 diff)
• dfg/DFGJITCodeGenerator.h (modified) (1 diff)
• dfg/DFGJITCompiler.cpp (modified) (1 diff)
• dfg/DFGJITCompiler.h (modified) (3 diffs)
• dfg/DFGNonSpeculativeJIT.cpp (modified) (2 diffs)
• dfg/DFGOperations.cpp (modified) (2 diffs)
• dfg/DFGOperations.h (modified) (2 diffs)
• dfg/DFGRepatch.cpp (modified) (4 diffs)
• dfg/DFGRepatch.h (modified) (1 diff)
• dfg/DFGSpeculativeJIT.cpp (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-06-27  Filip Pizlo  <fpizlo@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        DFG JIT does not perform put_by_id caching.
+        https://bugs.webkit.org/show_bug.cgi?id=63409
+
+        * bytecode/StructureStubInfo.h:
+        * dfg/DFGJITCodeGenerator.cpp:
+        (JSC::DFG::JITCodeGenerator::cachedPutById):
+        * dfg/DFGJITCodeGenerator.h:
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::compileFunction):
+        * dfg/DFGJITCompiler.h:
+        (JSC::DFG::JITCompiler::addPropertyAccess):
+        (JSC::DFG::JITCompiler::PropertyAccessRecord::PropertyAccessRecord):
+        * dfg/DFGNonSpeculativeJIT.cpp:
+        (JSC::DFG::NonSpeculativeJIT::compile):
+        * dfg/DFGOperations.cpp:
+        * dfg/DFGOperations.h:
+        * dfg/DFGRepatch.cpp:
+        (JSC::DFG::dfgRepatchByIdSelfAccess):
+        (JSC::DFG::tryCacheGetByID):
+        (JSC::DFG::appropriatePutByIdFunction):
+        (JSC::DFG::tryCachePutByID):
+        (JSC::DFG::dfgRepatchPutByID):
+        * dfg/DFGRepatch.h:
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+
 2011-06-27  Gustavo Noronha Silva  <gns@gnome.org>
 

trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h

@@ -134 +134 @@
             struct {
                 intptr_t deltaCheckToCall;
-                intptr_t deltaCallToLoad;
+                intptr_t deltaCallToLoadOrStore;
             } unset;
             struct {

trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp

@@ -351 +351 @@
 }
 
+void JITCodeGenerator::cachedPutById(GPRReg baseGPR, GPRReg valueGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind putKind, JITCompiler::Jump slowPathTarget)
+{
+    JITCompiler::DataLabelPtr structureToCompare;
+    JITCompiler::Jump structureCheck = m_jit.branchPtrWithPatch(JITCompiler::Equal, JITCompiler::Address(baseGPR, JSCell::structureOffset()), structureToCompare, JITCompiler::TrustedImmPtr(reinterpret_cast<void*>(-1)));
+    
+    if (slowPathTarget.isSet())
+        slowPathTarget.link(&m_jit);
+
+    silentSpillAllRegisters(InvalidGPRReg, baseGPR, valueGPR);
+    setupTwoStubArgs<GPRInfo::argumentGPR1, GPRInfo::argumentGPR2>(valueGPR, baseGPR);
+    m_jit.move(JITCompiler::ImmPtr(identifier(identifierNumber)), GPRInfo::argumentGPR3);
+    m_jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+    V_DFGOperation_EJJI optimizedCall;
+    if (m_jit.codeBlock()->isStrictMode()) {
+        if (putKind == Direct)
+            optimizedCall = operationPutByIdDirectStrictOptimize;
+        else
+            optimizedCall = operationPutByIdStrictOptimize;
+    } else {
+        if (putKind == Direct)
+            optimizedCall = operationPutByIdDirectNonStrictOptimize;
+        else
+            optimizedCall = operationPutByIdNonStrictOptimize;
+    }
+    JITCompiler::Call functionCall = appendCallWithExceptionCheck(optimizedCall);
+    silentFillAllRegisters(InvalidGPRReg);
+
+    JITCompiler::Jump handledByC = m_jit.jump();
+    structureCheck.link(&m_jit);
+
+    m_jit.loadPtr(JITCompiler::Address(baseGPR, JSObject::offsetOfPropertyStorage()), scratchGPR);
+    JITCompiler::DataLabel32 storeWithPatch = m_jit.storePtrWithAddressOffsetPatch(valueGPR, JITCompiler::Address(scratchGPR, 0));
+
+    intptr_t checkToCall = m_jit.differenceBetween(structureToCompare, functionCall);
+    intptr_t callToStore = m_jit.differenceBetween(functionCall, storeWithPatch);
+
+    handledByC.link(&m_jit);
+
+    m_jit.addPropertyAccess(functionCall, checkToCall, callToStore);
+}
+
 #ifndef NDEBUG
 static const char* dataFormatString(DataFormat format)

trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator.h

@@ -502 +502 @@
 
     void cachedGetById(GPRReg baseGPR, GPRReg resultGPR, unsigned identifierNumber, JITCompiler::Jump slowPathTarget = JITCompiler::Jump());
+    void cachedPutById(GPRReg baseGPR, GPRReg valueGPR, GPRReg scratchGPR, unsigned identifierNumber, PutKind, JITCompiler::Jump slowPathTarget = JITCompiler::Jump());
 
     // Called once a node has completed code generation but prior to setting

trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

@@ -389 +389 @@
         info.callReturnLocation = linkBuffer.locationOf(m_propertyAccesses[i].m_functionCall);
         info.u.unset.deltaCheckToCall = m_propertyAccesses[i].m_deltaCheckToCall;
-        info.u.unset.deltaCallToLoad = m_propertyAccesses[i].m_deltaCallToLoad;
+        info.u.unset.deltaCallToLoadOrStore = m_propertyAccesses[i].m_deltaCallToLoadOrStore;
     }
 

trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.h

@@ -233 +233 @@
 #endif
 
-    void addPropertyAccess(JITCompiler::Call functionCall, intptr_t deltaCheckToCall, intptr_t deltaCallToLoad)
-    {
-        m_propertyAccesses.append(PropertyAccessRecord(functionCall, deltaCheckToCall, deltaCallToLoad));
+    void addPropertyAccess(JITCompiler::Call functionCall, intptr_t deltaCheckToCall, intptr_t deltaCallToLoadOrStore)
+    {
+        m_propertyAccesses.append(PropertyAccessRecord(functionCall, deltaCheckToCall, deltaCallToLoadOrStore));
     }
 
@@ -259 +259 @@
 
     struct PropertyAccessRecord {
-        PropertyAccessRecord(JITCompiler::Call functionCall, intptr_t deltaCheckToCall, intptr_t deltaCallToLoad)
+        PropertyAccessRecord(JITCompiler::Call functionCall, intptr_t deltaCheckToCall, intptr_t deltaCallToLoadOrStore)
             : m_functionCall(functionCall)
             , m_deltaCheckToCall(deltaCheckToCall)
-            , m_deltaCallToLoad(deltaCallToLoad)
+            , m_deltaCallToLoadOrStore(deltaCallToLoadOrStore)
         {
         }
@@ -268 +268 @@
         JITCompiler::Call m_functionCall;
         intptr_t m_deltaCheckToCall;
-        intptr_t m_deltaCallToLoad;
+        intptr_t m_deltaCallToLoadOrStore;
     };
 

trunk/Source/JavaScriptCore/dfg/DFGNonSpeculativeJIT.cpp

@@ -771 +771 @@
         JSValueOperand base(this, node.child1);
         JSValueOperand value(this, node.child2);
+        GPRTemporary scratch(this, base);
         GPRReg valueGPR = value.gpr();
         GPRReg baseGPR = base.gpr();
-        flushRegisters();
-
-        callOperation(m_jit.codeBlock()->isStrictMode() ? operationPutByIdStrict : operationPutByIdNonStrict, valueGPR, baseGPR, identifier(node.identifierNumber()));
+        
+        JITCompiler::Jump notCell = m_jit.branchTestPtr(MacroAssembler::NonZero, baseGPR, GPRInfo::tagMaskRegister);
+
+        cachedPutById(baseGPR, valueGPR, scratch.gpr(), node.identifierNumber(), NotDirect, notCell);
+
         noResult(m_compileIndex);
         break;
@@ -783 +786 @@
         JSValueOperand base(this, node.child1);
         JSValueOperand value(this, node.child2);
+        GPRTemporary scratch(this, base);
         GPRReg valueGPR = value.gpr();
         GPRReg baseGPR = base.gpr();
-        flushRegisters();
-
-        callOperation(m_jit.codeBlock()->isStrictMode() ? operationPutByIdDirectStrict : operationPutByIdDirectNonStrict, valueGPR, baseGPR, identifier(node.identifierNumber()));
+        
+        JITCompiler::Jump notCell = m_jit.branchTestPtr(MacroAssembler::NonZero, baseGPR, GPRInfo::tagMaskRegister);
+
+        cachedPutById(baseGPR, valueGPR, scratch.gpr(), node.identifierNumber(), Direct, notCell);
+
         noResult(m_compileIndex);
         break;

trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

@@ -44 +44 @@
     );
 #define FUNCTION_WRAPPER_WITH_ARG4_RETURN_ADDRESS(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, rcx)
+#define FUNCTION_WRAPPER_WITH_ARG5_RETURN_ADDRESS(function) FUNCTION_WRAPPER_WITH_RETURN_ADDRESS(function, r8)
 
 namespace JSC { namespace DFG {
@@ -285 +286 @@
 }
 
+void operationPutByIdStrictOptimizeWithReturnAddress(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier* propertyName, ReturnAddressPtr);
+FUNCTION_WRAPPER_WITH_ARG5_RETURN_ADDRESS(operationPutByIdStrictOptimize);
+void operationPutByIdStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier* propertyName, ReturnAddressPtr returnAddress)
+{
+    JSValue value = JSValue::decode(encodedValue);
+    JSValue base = JSValue::decode(encodedBase);
+    PutPropertySlot slot(true);
+    
+    base.put(exec, *propertyName, value, slot);
+    
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    if (stubInfo.seen)
+        dfgRepatchPutByID(exec, base, *propertyName, slot, stubInfo, NotDirect);
+    else
+        stubInfo.seen = true;
+}
+
+void operationPutByIdNonStrictOptimizeWithReturnAddress(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier* propertyName, ReturnAddressPtr);
+FUNCTION_WRAPPER_WITH_ARG5_RETURN_ADDRESS(operationPutByIdNonStrictOptimize);
+void operationPutByIdNonStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier* propertyName, ReturnAddressPtr returnAddress)
+{
+    JSValue value = JSValue::decode(encodedValue);
+    JSValue base = JSValue::decode(encodedBase);
+    PutPropertySlot slot(false);
+    
+    base.put(exec, *propertyName, value, slot);
+    
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    if (stubInfo.seen)
+        dfgRepatchPutByID(exec, base, *propertyName, slot, stubInfo, NotDirect);
+    else
+        stubInfo.seen = true;
+}
+
+void operationPutByIdDirectStrictOptimizeWithReturnAddress(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier* propertyName, ReturnAddressPtr);
+FUNCTION_WRAPPER_WITH_ARG5_RETURN_ADDRESS(operationPutByIdDirectStrictOptimize);
+void operationPutByIdDirectStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier* propertyName, ReturnAddressPtr returnAddress)
+{
+    JSValue value = JSValue::decode(encodedValue);
+    JSValue base = JSValue::decode(encodedBase);
+    PutPropertySlot slot(true);
+    
+    base.putDirect(exec, *propertyName, value, slot);
+    
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    if (stubInfo.seen)
+        dfgRepatchPutByID(exec, base, *propertyName, slot, stubInfo, Direct);
+    else
+        stubInfo.seen = true;
+}
+
+void operationPutByIdDirectNonStrictOptimizeWithReturnAddress(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier* propertyName, ReturnAddressPtr);
+FUNCTION_WRAPPER_WITH_ARG5_RETURN_ADDRESS(operationPutByIdDirectNonStrictOptimize);
+void operationPutByIdDirectNonStrictOptimizeWithReturnAddress(ExecState* exec, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier* propertyName, ReturnAddressPtr returnAddress)
+{
+    JSValue value = JSValue::decode(encodedValue);
+    JSValue base = JSValue::decode(encodedBase);
+    PutPropertySlot slot(false);
+    
+    base.putDirect(exec, *propertyName, value, slot);
+    
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    if (stubInfo.seen)
+        dfgRepatchPutByID(exec, base, *propertyName, slot, stubInfo, Direct);
+    else
+        stubInfo.seen = true;
+}
+
 bool operationCompareLess(ExecState* exec, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2)
 {

trunk/Source/JavaScriptCore/dfg/DFGOperations.h

@@ -32 +32 @@
 
 namespace JSC { namespace DFG {
+
+enum PutKind { Direct, NotDirect };
+
 extern "C" {
 
@@ -65 +68 @@
 void operationPutByIdDirectStrict(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier*);
 void operationPutByIdDirectNonStrict(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier*);
+void operationPutByIdStrictOptimize(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier*);
+void operationPutByIdNonStrictOptimize(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier*);
+void operationPutByIdDirectStrictOptimize(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier*);
+void operationPutByIdDirectNonStrictOptimize(ExecState*, EncodedJSValue encodedValue, EncodedJSValue encodedBase, Identifier*);
 bool operationCompareLess(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2);
 bool operationCompareLessEq(ExecState*, EncodedJSValue encodedOp1, EncodedJSValue encodedOp2);

trunk/Source/JavaScriptCore/dfg/DFGRepatch.cpp

@@ -29 +29 @@
 #if ENABLE(DFG_JIT)
 
-#include "DFGOperations.h"
 #include "RepatchBuffer.h"
 
@@ -40 +39 @@
 }
 
-static void dfgRepatchGetByIdSelf(CodeBlock* codeBlock, StructureStubInfo& stubInfo, Structure* structure, size_t offset)
+static void dfgRepatchByIdSelfAccess(CodeBlock* codeBlock, StructureStubInfo& stubInfo, Structure* structure, size_t offset, const FunctionPtr &slowPathFunction, bool compact)
 {
     RepatchBuffer repatchBuffer(codeBlock);
 
     // Only optimize once!
-    repatchBuffer.relink(stubInfo.callReturnLocation, operationGetById);
+    repatchBuffer.relink(stubInfo.callReturnLocation, slowPathFunction);
 
     // Patch the structure check & the offset of the load.
     repatchBuffer.repatch(stubInfo.callReturnLocation.dataLabelPtrAtOffset(-(intptr_t)stubInfo.u.unset.deltaCheckToCall), structure);
-    repatchBuffer.repatch(stubInfo.callReturnLocation.dataLabelCompactAtOffset(stubInfo.u.unset.deltaCallToLoad), sizeof(JSValue) * offset);
+    if (compact)
+        repatchBuffer.repatch(stubInfo.callReturnLocation.dataLabelCompactAtOffset(stubInfo.u.unset.deltaCallToLoadOrStore), sizeof(JSValue) * offset);
+    else
+        repatchBuffer.repatch(stubInfo.callReturnLocation.dataLabel32AtOffset(stubInfo.u.unset.deltaCallToLoadOrStore), sizeof(JSValue) * offset);
 }
 
@@ -77 +79 @@
             return false;
 
-        dfgRepatchGetByIdSelf(codeBlock, stubInfo, structure, slot.cachedOffset());
+        dfgRepatchByIdSelfAccess(codeBlock, stubInfo, structure, slot.cachedOffset(), operationGetById, true);
         stubInfo.initGetByIdSelf(*globalData, codeBlock->ownerExecutable(), structure);
         return true;
@@ -93 +95 @@
 }
 
+static V_DFGOperation_EJJI appropriatePutByIdFunction(const PutPropertySlot &slot, PutKind putKind)
+{
+    if (slot.isStrictMode()) {
+        if (putKind == Direct)
+            return operationPutByIdDirectStrict;
+        return operationPutByIdStrict;
+    }
+    if (putKind == Direct)
+        return operationPutByIdDirectNonStrict;
+    return operationPutByIdNonStrict;
+}
+
+static bool tryCachePutByID(ExecState* exec, JSValue baseValue, const Identifier&, const PutPropertySlot& slot, StructureStubInfo& stubInfo, PutKind putKind)
+{
+    CodeBlock* codeBlock = exec->codeBlock();
+    JSGlobalData* globalData = &exec->globalData();
+
+    if (!baseValue.isCell())
+        return false;
+    JSCell* baseCell = baseValue.asCell();
+    Structure* structure = baseCell->structure();
+    if (!slot.isCacheable())
+        return false;
+    if (structure->isUncacheableDictionary())
+        return false;
+
+    // Optimize self access.
+    if (slot.base() == baseValue) {
+        if (slot.type() == PutPropertySlot::NewProperty)
+            return false;
+
+        dfgRepatchByIdSelfAccess(codeBlock, stubInfo, structure, slot.cachedOffset(), appropriatePutByIdFunction(slot, putKind), false);
+        stubInfo.initPutByIdReplace(*globalData, codeBlock->ownerExecutable(), structure);
+        return true;
+    }
+
+    // FIXME: should support the transition case!
+    return false;
+}
+
+void dfgRepatchPutByID(ExecState* exec, JSValue baseValue, const Identifier& propertyName, const PutPropertySlot& slot, StructureStubInfo& stubInfo, PutKind putKind)
+{
+    bool cached = tryCachePutByID(exec, baseValue, propertyName, slot, stubInfo, putKind);
+    if (!cached)
+        dfgRepatchCall(exec->codeBlock(), stubInfo.callReturnLocation, appropriatePutByIdFunction(slot, putKind));
+}
+
 } } // namespace JSC::DFG
 

trunk/Source/JavaScriptCore/dfg/DFGRepatch.h

@@ -30 +30 @@
 
 #include <dfg/DFGJITCompiler.h>
+#include <dfg/DFGOperations.h>
 
 namespace JSC { namespace DFG {
 
 void dfgRepatchGetByID(ExecState*, JSValue, const Identifier&, const PropertySlot&, StructureStubInfo&);
+void dfgRepatchPutByID(ExecState*, JSValue, const Identifier&, const PutPropertySlot&, StructureStubInfo&, PutKind);
 
 } } // namespace JSC::DFG

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

@@ -864 +864 @@
 
     case PutById: {
-        JSValueOperand base(this, node.child1);
+        SpeculateCellOperand base(this, node.child1);
         JSValueOperand value(this, node.child2);
-        GPRReg valueGPR = value.gpr();
-        GPRReg baseGPR = base.gpr();
-        flushRegisters();
-
-        callOperation(m_jit.codeBlock()->isStrictMode() ? operationPutByIdStrict : operationPutByIdNonStrict, valueGPR, baseGPR, identifier(node.identifierNumber()));
+        GPRTemporary scratch(this, base);
+
+        cachedPutById(base.gpr(), value.gpr(), scratch.gpr(), node.identifierNumber(), NotDirect);
+        
         noResult(m_compileIndex);
         break;
@@ -876 +875 @@
 
     case PutByIdDirect: {
-        JSValueOperand base(this, node.child1);
+        SpeculateCellOperand base(this, node.child1);
         JSValueOperand value(this, node.child2);
-        GPRReg valueGPR = value.gpr();
-        GPRReg baseGPR = base.gpr();
-        flushRegisters();
-
-        callOperation(m_jit.codeBlock()->isStrictMode() ? operationPutByIdDirectStrict : operationPutByIdDirectNonStrict, valueGPR, baseGPR, identifier(node.identifierNumber()));
+        GPRTemporary scratch(this, base);
+
+        cachedPutById(base.gpr(), value.gpr(), scratch.gpr(), node.identifierNumber(), Direct);
+
         noResult(m_compileIndex);
         break;