Changeset 95447 in webkit

Timestamp:

Sep 19, 2011 11:30:07 AM (13 years ago)

Author:

oliver@apple.com

Message:

Remove direct property slot pointers from the instruction stream
​https://bugs.webkit.org/show_bug.cgi?id=68373

Reviewed by Gavin Barraclough.

Use an indirect load to access prototype properties rather than directly
storing the property address in the instruction stream. This should allow
further optimisations in future, and also provides a 0.5% win to sunspider.

• dfg/DFGRepatch.cpp:

(JSC::DFG::generateProtoChainAccessStub):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::compileGetDirectOffset):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::compileGetDirectOffset):

• runtime/JSObject.h:

(JSC::JSObject::addressOfPropertyStorage):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• dfg/DFGRepatch.cpp (modified) (1 diff)
• jit/JITPropertyAccess.cpp (modified) (1 diff)
• jit/JITPropertyAccess32_64.cpp (modified) (1 diff)
• runtime/JSObject.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-09-19  Oliver Hunt  <oliver@apple.com>
+
+        Remove direct property slot pointers from the instruction stream
+        https://bugs.webkit.org/show_bug.cgi?id=68373
+
+        Reviewed by Gavin Barraclough.
+
+        Use an indirect load to access prototype properties rather than directly
+        storing the property address in the instruction stream.  This should allow
+        further optimisations in future, and also provides a 0.5% win to sunspider.
+
+        * dfg/DFGRepatch.cpp:
+        (JSC::DFG::generateProtoChainAccessStub):
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::compileGetDirectOffset):
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::compileGetDirectOffset):
+        * runtime/JSObject.h:
+        (JSC::JSObject::addressOfPropertyStorage):
+
 2011-09-19  Oliver Hunt  <oliver@apple.com>
 

trunk/Source/JavaScriptCore/dfg/DFGRepatch.cpp

@@ -125 +125 @@
     }
     
-    stubJit.loadPtr(protoObject->addressOfPropertyAtOffset(offset), resultGPR);
-        
+    stubJit.loadPtr(protoObject->addressOfPropertyStorage(), resultGPR);
+    stubJit.loadPtr(MacroAssembler::Address(resultGPR, offset * sizeof(WriteBarrier<Unknown>)), resultGPR);
+
     MacroAssembler::Jump success, fail;
     

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -500 +500 @@
 void JIT::compileGetDirectOffset(JSObject* base, RegisterID result, size_t cachedOffset)
 {
-    loadPtr(static_cast<void*>(&base->m_propertyStorage[cachedOffset]), result);
+    loadPtr(base->addressOfPropertyStorage(), result);
+    loadPtr(Address(result, cachedOffset * sizeof(WriteBarrier<Unknown>)), result);
 }
 

trunk/Source/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

@@ -459 +459 @@
 void JIT::compileGetDirectOffset(JSObject* base, RegisterID resultTag, RegisterID resultPayload, size_t cachedOffset)
 {
-    load32(reinterpret_cast<char*>(&base->m_propertyStorage[cachedOffset]) + OBJECT_OFFSETOF(JSValue, u.asBits.payload), resultPayload);
-    load32(reinterpret_cast<char*>(&base->m_propertyStorage[cachedOffset]) + OBJECT_OFFSETOF(JSValue, u.asBits.tag), resultTag);
+    loadPtr(base->addressOfPropertyStorage(), resultTag);
+    load32(Address(resultTag, cachedOffset * sizeof(WriteBarrier<Unknown>) + OBJECT_OFFSETOF(JSValue, u.asBits.payload)), result);
+    load32(Address(resultTag, cachedOffset * sizeof(WriteBarrier<Unknown>) + OBJECT_OFFSETOF(JSValue, u.asBits.tag)), resultTag);
 }
 

trunk/Source/JavaScriptCore/runtime/JSObject.h

@@ -211 +211 @@
         bool isUsingInlineStorage() const { return static_cast<const void*>(m_propertyStorage.get()) == static_cast<const void*>(this + 1); }
 
-        void* addressOfPropertyAtOffset(size_t offset)
-        {
-            return static_cast<void*>(&m_propertyStorage[offset]);
+        void* addressOfPropertyStorage()
+        {
+            return &m_propertyStorage;
         }