Changeset 90035 in webkit

Timestamp:

Jun 29, 2011 12:46:28 PM (13 years ago)

Author:

commit-queue@webkit.org

Message:

2011-06-29 Filip Pizlo <​fpizlo@apple.com>

Reviewed by Gavin Barraclough.

DFG JIT does not perform get_by_id self list caching.
​https://bugs.webkit.org/show_bug.cgi?id=63605

• bytecode/StructureStubInfo.h:
• dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::compileFunction):
• dfg/DFGOperations.cpp:
• dfg/DFGOperations.h:
• dfg/DFGRepatch.cpp: (JSC::DFG::tryCacheGetByID): (JSC::DFG::tryBuildGetByIDList): (JSC::DFG::dfgBuildGetByIDList):
• dfg/DFGRepatch.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• bytecode/StructureStubInfo.h (modified) (1 diff)
• dfg/DFGJITCompiler.cpp (modified) (1 diff)
• dfg/DFGOperations.cpp (modified) (1 diff)
• dfg/DFGOperations.h (modified) (1 diff)
• dfg/DFGRepatch.cpp (modified) (5 diffs)
• dfg/DFGRepatch.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-06-29  Filip Pizlo  <fpizlo@apple.com>
+
+        Reviewed by Gavin Barraclough.
+
+        DFG JIT does not perform get_by_id self list caching.
+        https://bugs.webkit.org/show_bug.cgi?id=63605
+
+        * bytecode/StructureStubInfo.h:
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::compileFunction):
+        * dfg/DFGOperations.cpp:
+        * dfg/DFGOperations.h:
+        * dfg/DFGRepatch.cpp:
+        (JSC::DFG::tryCacheGetByID):
+        (JSC::DFG::tryBuildGetByIDList):
+        (JSC::DFG::dfgBuildGetByIDList):
+        * dfg/DFGRepatch.h:
+
 2011-06-28  Filip Pizlo  <fpizlo@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/StructureStubInfo.h

@@ -128 +128 @@
         }
 
-        signed accessType : 31;
-        unsigned seen : 1;
+        int8_t accessType;
+        int8_t seen;
+        
+#if ENABLE(DFG_JIT)
+        int8_t baseGPR;
+        int8_t valueGPR;
+        int8_t deltaCallToDone;
+        int8_t deltaCallToStructCheck;
+        int8_t deltaCallToSlowCase;
+#endif
 
         union {
             struct {
                 int8_t deltaCheckImmToCall;
-                int8_t deltaCallToStructCheck;
                 int8_t deltaCallToLoadOrStore;
-                int8_t deltaCallToSlowCase;
-                int8_t deltaCallToDone;
-                int8_t baseGPR;
-                int8_t valueGPR;
                 int8_t scratchGPR;
             } unset;

trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

@@ -389 +389 @@
         info.callReturnLocation = linkBuffer.locationOf(m_propertyAccesses[i].m_functionCall);
         info.u.unset.deltaCheckImmToCall = m_propertyAccesses[i].m_deltaCheckImmToCall;
-        info.u.unset.deltaCallToStructCheck = m_propertyAccesses[i].m_deltaCallToStructCheck;
+        info.deltaCallToStructCheck = m_propertyAccesses[i].m_deltaCallToStructCheck;
         info.u.unset.deltaCallToLoadOrStore = m_propertyAccesses[i].m_deltaCallToLoadOrStore;
-        info.u.unset.deltaCallToSlowCase = m_propertyAccesses[i].m_deltaCallToSlowCase;
-        info.u.unset.deltaCallToDone = m_propertyAccesses[i].m_deltaCallToDone;
-        info.u.unset.baseGPR = m_propertyAccesses[i].m_baseGPR;
-        info.u.unset.valueGPR = m_propertyAccesses[i].m_valueGPR;
+        info.deltaCallToSlowCase = m_propertyAccesses[i].m_deltaCallToSlowCase;
+        info.deltaCallToDone = m_propertyAccesses[i].m_deltaCallToDone;
+        info.baseGPR = m_propertyAccesses[i].m_baseGPR;
+        info.valueGPR = m_propertyAccesses[i].m_valueGPR;
         info.u.unset.scratchGPR = m_propertyAccesses[i].m_scratchGPR;
     }

trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

@@ -245 +245 @@
 }
 
+EncodedJSValue operationGetByIdBuildListWithReturnAddress(ExecState*, EncodedJSValue, Identifier*, ReturnAddressPtr);
+FUNCTION_WRAPPER_WITH_ARG4_RETURN_ADDRESS(operationGetByIdBuildList);
+EncodedJSValue operationGetByIdBuildListWithReturnAddress(ExecState* exec, EncodedJSValue encodedBase, Identifier* propertyName, ReturnAddressPtr returnAddress)
+{
+    JSValue baseValue = JSValue::decode(encodedBase);
+    PropertySlot slot(baseValue);
+    JSValue result = baseValue.get(exec, *propertyName, slot);
+
+    StructureStubInfo& stubInfo = exec->codeBlock()->getStubInfo(returnAddress);
+    dfgBuildGetByIDList(exec, baseValue, *propertyName, slot, stubInfo);
+
+    return JSValue::encode(result);
+}
+
 void operationPutByValStrict(ExecState* exec, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue)
 {

trunk/Source/JavaScriptCore/dfg/DFGOperations.h

@@ -60 +60 @@
 EncodedJSValue operationGetByVal(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedProperty);
 EncodedJSValue operationGetById(ExecState*, EncodedJSValue encodedBase, Identifier*);
+EncodedJSValue operationGetByIdBuildList(ExecState*, EncodedJSValue encodedBase, Identifier*);
 EncodedJSValue operationGetByIdOptimize(ExecState*, EncodedJSValue encodedBase, Identifier*);
 void operationPutByValStrict(ExecState*, EncodedJSValue encodedBase, EncodedJSValue encodedProperty, EncodedJSValue encodedValue);

trunk/Source/JavaScriptCore/dfg/DFGRepatch.cpp

@@ -65 +65 @@
     
     if (isJSArray(globalData, baseValue) && propertyName == exec->propertyNames().length) {
-        GPRReg baseGPR = static_cast<GPRReg>(stubInfo.u.unset.baseGPR);
-        GPRReg resultGPR = static_cast<GPRReg>(stubInfo.u.unset.valueGPR);
+        GPRReg baseGPR = static_cast<GPRReg>(stubInfo.baseGPR);
+        GPRReg resultGPR = static_cast<GPRReg>(stubInfo.valueGPR);
         GPRReg scratchGPR = static_cast<GPRReg>(stubInfo.u.unset.scratchGPR);
         bool needToRestoreScratch = false;
@@ -105 +105 @@
         LinkBuffer patchBuffer(*globalData, &stubJit, codeBlock->executablePool());
         
-        CodeLocationLabel slowCaseBegin = stubInfo.callReturnLocation.labelAtOffset(stubInfo.u.unset.deltaCallToSlowCase);
-        
-        patchBuffer.link(success, stubInfo.callReturnLocation.labelAtOffset(stubInfo.u.unset.deltaCallToDone));
+        CodeLocationLabel slowCaseBegin = stubInfo.callReturnLocation.labelAtOffset(stubInfo.deltaCallToSlowCase);
+        
+        patchBuffer.link(success, stubInfo.callReturnLocation.labelAtOffset(stubInfo.deltaCallToDone));
         
         if (needToRestoreScratch)
@@ -122 +122 @@
         CodeLocationLabel hotPathBegin = stubInfo.hotPathBegin;
         RepatchBuffer repatchBuffer(codeBlock);
-        repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.u.unset.deltaCallToStructCheck), entryLabel);
+        repatchBuffer.relink(stubInfo.callReturnLocation.jumpAtOffset(stubInfo.deltaCallToStructCheck), entryLabel);
         repatchBuffer.relink(stubInfo.callReturnLocation, operationGetById);
         
@@ -145 +145 @@
             return false;
 
-        dfgRepatchByIdSelfAccess(codeBlock, stubInfo, structure, slot.cachedOffset(), operationGetById, true);
+        dfgRepatchByIdSelfAccess(codeBlock, stubInfo, structure, slot.cachedOffset(), operationGetByIdBuildList, true);
         stubInfo.initGetByIdSelf(*globalData, codeBlock->ownerExecutable(), structure);
         return true;
     }
-
+    
     // FIXME: should support prototype & chain accesses!
     return false;
@@ -158 +158 @@
     bool cached = tryCacheGetByID(exec, baseValue, propertyName, slot, stubInfo);
     if (!cached)
+        dfgRepatchCall(exec->codeBlock(), stubInfo.callReturnLocation, operationGetById);
+}
+
+static bool tryBuildGetByIDList(ExecState* exec, JSValue baseValue, const Identifier&, const PropertySlot& slot, StructureStubInfo& stubInfo)
+{
+    if (!baseValue.isCell()
+        || !slot.isCacheable()
+        || baseValue.asCell()->structure()->isUncacheableDictionary()
+        || slot.slotBase() != baseValue
+        || slot.cachedPropertyType() != PropertySlot::Value
+        || (slot.cachedOffset() * sizeof(JSValue)) > (unsigned)MacroAssembler::MaximumCompactPtrAlignedAddressOffset)
+        return false;
+    
+    CodeBlock* codeBlock = exec->codeBlock();
+    JSCell* baseCell = baseValue.asCell();
+    Structure* structure = baseCell->structure();
+    JSGlobalData* globalData = &exec->globalData();
+    
+    ASSERT(slot.slotBase().isObject());
+    
+    PolymorphicAccessStructureList* polymorphicStructureList;
+    int listIndex = 1;
+    
+    if (stubInfo.accessType == access_get_by_id_self) {
+        ASSERT(!stubInfo.stubRoutine);
+        polymorphicStructureList = new PolymorphicAccessStructureList(*globalData, codeBlock->ownerExecutable(), stubInfo.callReturnLocation.labelAtOffset(stubInfo.deltaCallToSlowCase), stubInfo.u.getByIdSelf.baseObjectStructure.get());
+        stubInfo.initGetByIdSelfList(polymorphicStructureList, 1);
+    } else {
+        polymorphicStructureList = stubInfo.u.getByIdSelfList.structureList;
+        listIndex = stubInfo.u.getByIdSelfList.listSize;
+    }
+    
+    if (listIndex < POLYMORPHIC_LIST_CACHE_SIZE) {
+        stubInfo.u.getByIdSelfList.listSize++;
+        
+        GPRReg baseGPR = static_cast<GPRReg>(stubInfo.baseGPR);
+        GPRReg resultGPR = static_cast<GPRReg>(stubInfo.valueGPR);
+        
+        MacroAssembler stubJit;
+        
+        MacroAssembler::Jump wrongStruct = stubJit.branchPtr(MacroAssembler::NotEqual, MacroAssembler::Address(baseGPR, JSCell::structureOffset()), MacroAssembler::TrustedImmPtr(structure));
+        
+        if (structure->isUsingInlineStorage())
+            stubJit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::offsetOfInlineStorage() + slot.cachedOffset() * sizeof(JSValue)), resultGPR);
+        else {
+            stubJit.loadPtr(MacroAssembler::Address(baseGPR, JSObject::offsetOfPropertyStorage()), resultGPR);
+            stubJit.loadPtr(MacroAssembler::Address(resultGPR, slot.cachedOffset() * sizeof(JSValue)), resultGPR);
+        }
+        
+        MacroAssembler::Jump success = stubJit.jump();
+        
+        LinkBuffer patchBuffer(*globalData, &stubJit, codeBlock->executablePool());
+        
+        CodeLocationLabel lastProtoBegin = polymorphicStructureList->list[listIndex - 1].stubRoutine;
+        ASSERT(!!lastProtoBegin);
+        
+        patchBuffer.link(wrongStruct, lastProtoBegin);
+        patchBuffer.link(success, stubInfo.callReturnLocation.labelAtOffset(stubInfo.deltaCallToDone));
+        
+        CodeLocationLabel entryLabel = patchBuffer.finalizeCodeAddendum();
+        
+        polymorphicStructureList->list[listIndex].set(*globalData, codeBlock->ownerExecutable(), entryLabel, structure);
+        
+        CodeLocationJump jumpLocation = stubInfo.callReturnLocation.jumpAtOffset(stubInfo.deltaCallToStructCheck);
+        RepatchBuffer repatchBuffer(codeBlock);
+        repatchBuffer.relink(jumpLocation, entryLabel);
+        
+        if (listIndex < (POLYMORPHIC_LIST_CACHE_SIZE - 1))
+            return true;
+    }
+    
+    return false;
+}
+
+void dfgBuildGetByIDList(ExecState* exec, JSValue baseValue, const Identifier& propertyName, const PropertySlot& slot, StructureStubInfo& stubInfo)
+{
+    bool dontChangeCall = tryBuildGetByIDList(exec, baseValue, propertyName, slot, stubInfo);
+    if (!dontChangeCall)
         dfgRepatchCall(exec->codeBlock(), stubInfo.callReturnLocation, operationGetById);
 }

trunk/Source/JavaScriptCore/dfg/DFGRepatch.h

@@ -35 +35 @@
 
 void dfgRepatchGetByID(ExecState*, JSValue, const Identifier&, const PropertySlot&, StructureStubInfo&);
+void dfgBuildGetByIDList(ExecState*, JSValue, const Identifier&, const PropertySlot&, StructureStubInfo&);
 void dfgRepatchPutByID(ExecState*, JSValue, const Identifier&, const PutPropertySlot&, StructureStubInfo&, PutKind);