Changeset 96661 in webkit

Timestamp:

Oct 4, 2011 4:02:25 PM (13 years ago)

Author:

fpizlo@apple.com

Message:

JITCodeGenerator should no longer have code that tries too hard
to be both speculative and non-speculative
​https://bugs.webkit.org/show_bug.cgi?id=69321

Reviewed by Gavin Barraclough.

Removed m_isSpeculative and speculationCheck() from JITCodeGenerator.
This required moving emitBranch() to SpeculativeJIT, since it was
the main user of that field and method. Other than trvial clean-ups
in emitBranch(), the code is unchanged (and still has some disparity
between 64 and 32_64, and still lacks some obvious optimizations).

• dfg/DFGJITCodeGenerator.cpp:
• dfg/DFGJITCodeGenerator.h:

(JSC::DFG::JITCodeGenerator::JITCodeGenerator):

• dfg/DFGJITCodeGenerator32_64.cpp:

(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):

• dfg/DFGJITCodeGenerator64.cpp:

(JSC::DFG::JITCodeGenerator::fillDouble):
(JSC::DFG::JITCodeGenerator::fillJSValue):

• dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::SpeculativeJIT):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::emitBranch):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::emitBranch):

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• dfg/DFGJITCodeGenerator.cpp (modified) (1 diff)
• dfg/DFGJITCodeGenerator.h (modified) (4 diffs)
• dfg/DFGJITCodeGenerator32_64.cpp (modified) (3 diffs)
• dfg/DFGJITCodeGenerator64.cpp (modified) (3 diffs)
• dfg/DFGSpeculativeJIT.h (modified) (2 diffs)
• dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
• dfg/DFGSpeculativeJIT64.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-10-03  Filip Pizlo  <fpizlo@apple.com>
+
+        JITCodeGenerator should no longer have code that tries too hard
+        to be both speculative and non-speculative
+        https://bugs.webkit.org/show_bug.cgi?id=69321
+
+        Reviewed by Gavin Barraclough.
+        
+        Removed m_isSpeculative and speculationCheck() from JITCodeGenerator.
+        This required moving emitBranch() to SpeculativeJIT, since it was
+        the main user of that field and method. Other than trvial clean-ups
+        in emitBranch(), the code is unchanged (and still has some disparity
+        between 64 and 32_64, and still lacks some obvious optimizations).
+
+        * dfg/DFGJITCodeGenerator.cpp:
+        * dfg/DFGJITCodeGenerator.h:
+        (JSC::DFG::JITCodeGenerator::JITCodeGenerator):
+        * dfg/DFGJITCodeGenerator32_64.cpp:
+        (JSC::DFG::JITCodeGenerator::fillDouble):
+        (JSC::DFG::JITCodeGenerator::fillJSValue):
+        * dfg/DFGJITCodeGenerator64.cpp:
+        (JSC::DFG::JITCodeGenerator::fillDouble):
+        (JSC::DFG::JITCodeGenerator::fillJSValue):
+        * dfg/DFGSpeculativeJIT.h:
+        (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::emitBranch):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::emitBranch):
+
 2011-10-04  David Hyatt  <hyatt@apple.com>
 

trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp

@@ -378 +378 @@
 }
 
-void JITCodeGenerator::speculationCheck(MacroAssembler::Jump jumpToFail)
-{
-    ASSERT(m_isSpeculative);
-    static_cast<SpeculativeJIT*>(this)->speculationCheck(jumpToFail);
-}
-
 #ifndef NDEBUG
 static const char* dataFormatString(DataFormat format)

trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator.h

@@ -233 +233 @@
 
 protected:
-    JITCodeGenerator(JITCompiler& jit, bool isSpeculative)
+    JITCodeGenerator(JITCompiler& jit)
         : m_jit(jit)
-        , m_isSpeculative(isSpeculative)
         , m_compileIndex(0)
         , m_generationInfo(m_jit.codeBlock()->m_numCalleeRegisters)
@@ -779 +778 @@
     bool nonSpeculativeStrictEq(Node&, bool invert = false);
     
-    void emitBranch(Node&);
-    
     MacroAssembler::Address addressOfCallData(int idx)
     {
@@ -800 +797 @@
     void emitCall(Node&);
     
-    void speculationCheck(MacroAssembler::Jump jumpToFail);
-
     // Called once a node has completed code generation but prior to setting
     // its result, to free up its children. (This must happen prior to setting
@@ -1384 +1379 @@
     // The JIT, while also provides MacroAssembler functionality.
     JITCompiler& m_jit;
-    // This flag is used to distinguish speculative and non-speculative
-    // code generation. This is significant when filling spilled values
-    // from the RegisterFile. When spilling we attempt to store information
-    // as to the type of boxed value being stored (int32, double, cell), and
-    // when filling on the speculative path we will retrieve this type info
-    // where available. On the non-speculative path, however, we cannot rely
-    // on the spill format info, since the a value being loaded might have
-    // been spilled by either the speculative or non-speculative paths (where
-    // we entered the non-speculative path on an intervening bail-out), and
-    // the value may have been boxed differently on the two paths.
-    bool m_isSpeculative;
     // The current node being generated.
     BlockIndex m_block;

trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator32_64.cpp

@@ -137 +137 @@
             m_gprs.retain(tag, virtualRegister, SpillOrderSpilled);
             m_gprs.retain(payload, virtualRegister, SpillOrderSpilled);
-            info.fillJSValue(tag, payload, m_isSpeculative ? spillFormat : DataFormatJS);
+            info.fillJSValue(tag, payload, spillFormat);
             unlock(tag);
             unlock(payload);
@@ -243 +243 @@
             m_gprs.retain(tagGPR, virtualRegister, SpillOrderSpilled);
             m_gprs.retain(payloadGPR, virtualRegister, SpillOrderSpilled);
-            info.fillJSValue(tagGPR, payloadGPR, m_isSpeculative ? spillFormat : DataFormatJS);
+            info.fillJSValue(tagGPR, payloadGPR, spillFormat);
         }
 
@@ -1518 +1518 @@
 }
 
-void JITCodeGenerator::emitBranch(Node& node)
-{
-    // FIXME: Add fast cases for known Boolean!
-    JSValueOperand value(this, node.child1());
-    value.fill();
-    GPRReg valueTagGPR = value.tagGPR();
-    GPRReg valuePayloadGPR = value.payloadGPR();
-
-    GPRTemporary result(this);
-    GPRReg resultGPR = result.gpr();
-    
-    use(node.child1());
-    
-    BlockIndex taken = m_jit.graph().blockIndexForBytecodeOffset(node.takenBytecodeOffset());
-    BlockIndex notTaken = m_jit.graph().blockIndexForBytecodeOffset(node.notTakenBytecodeOffset());
-
-    JITCompiler::Jump fastPath = m_jit.branch32(JITCompiler::Equal, valueTagGPR, JITCompiler::TrustedImm32(JSValue::Int32Tag));
-    JITCompiler::Jump slowPath = m_jit.branch32(JITCompiler::NotEqual, valueTagGPR, JITCompiler::TrustedImm32(JSValue::BooleanTag));
-
-    fastPath.link(&m_jit);
-    addBranch(m_jit.branchTest32(JITCompiler::Zero, valuePayloadGPR), notTaken);
-    addBranch(m_jit.jump(), taken);
-
-    slowPath.link(&m_jit);
-    silentSpillAllRegisters(resultGPR);
-    m_jit.push(valueTagGPR);
-    m_jit.push(valuePayloadGPR);
-    m_jit.push(GPRInfo::callFrameRegister);
-    appendCallWithExceptionCheck(dfgConvertJSValueToBoolean);
-    m_jit.move(GPRInfo::returnValueGPR, resultGPR);
-    silentFillAllRegisters(resultGPR);
-    
-    addBranch(m_jit.branchTest8(JITCompiler::NonZero, resultGPR), taken);
-    if (notTaken != (m_block + 1))
-        addBranch(m_jit.jump(), notTaken);
-    
-    noResult(m_compileIndex, UseChildrenCalledExplicitly);
-}
-
 void JITCodeGenerator::emitCall(Node& node)
 {

trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator64.cpp

@@ -149 +149 @@
             m_gprs.retain(gpr, virtualRegister, SpillOrderSpilled);
             m_jit.loadPtr(JITCompiler::addressFor(virtualRegister), gpr);
-            info.fillJSValue(gpr, m_isSpeculative ? spillFormat : DataFormatJS);
+            info.fillJSValue(gpr, spillFormat);
             unlock(gpr);
         }
@@ -267 +267 @@
             m_gprs.retain(gpr, virtualRegister, SpillOrderSpilled);
             m_jit.loadPtr(JITCompiler::addressFor(virtualRegister), gpr);
-            info.fillJSValue(gpr, m_isSpeculative ? spillFormat : DataFormatJS);
+            info.fillJSValue(gpr, spillFormat);
         }
         return gpr;
@@ -1462 +1462 @@
 }
 
-void JITCodeGenerator::emitBranch(Node& node)
-{
-    JSValueOperand value(this, node.child1());
-    GPRReg valueGPR = value.gpr();
-    
-    BlockIndex taken = m_jit.graph().blockIndexForBytecodeOffset(node.takenBytecodeOffset());
-    BlockIndex notTaken = m_jit.graph().blockIndexForBytecodeOffset(node.notTakenBytecodeOffset());
-    
-    if (isKnownBoolean(node.child1())) {
-        MacroAssembler::ResultCondition condition = MacroAssembler::NonZero;
-        
-        if (taken == (m_block + 1)) {
-            condition = MacroAssembler::Zero;
-            BlockIndex tmp = taken;
-            taken = notTaken;
-            notTaken = tmp;
-        }
-        
-        addBranch(m_jit.branchTest32(condition, valueGPR, TrustedImm32(true)), taken);
-        if (notTaken != (m_block + 1))
-            addBranch(m_jit.jump(), notTaken);
-        
-        noResult(m_compileIndex);
-    } else {
-        GPRTemporary result(this);
-        GPRReg resultGPR = result.gpr();
-        
-        bool predictBoolean = isBooleanPrediction(m_jit.getPrediction(node.child1()));
-    
-        if (predictBoolean) {
-            addBranch(m_jit.branchPtr(MacroAssembler::Equal, valueGPR, MacroAssembler::ImmPtr(JSValue::encode(jsBoolean(false)))), notTaken);
-            addBranch(m_jit.branchPtr(MacroAssembler::Equal, valueGPR, MacroAssembler::ImmPtr(JSValue::encode(jsBoolean(true)))), taken);
-        }
-        
-        if (m_isSpeculative && predictBoolean) {
-            speculationCheck(m_jit.jump());
-            value.use();
-        } else {
-            addBranch(m_jit.branchPtr(MacroAssembler::Equal, valueGPR, MacroAssembler::ImmPtr(JSValue::encode(jsNumber(0)))), notTaken);
-            addBranch(m_jit.branchPtr(MacroAssembler::AboveOrEqual, valueGPR, GPRInfo::tagTypeNumberRegister), taken);
-    
-            if (!predictBoolean) {
-                addBranch(m_jit.branchPtr(MacroAssembler::Equal, valueGPR, MacroAssembler::ImmPtr(JSValue::encode(jsBoolean(false)))), notTaken);
-                addBranch(m_jit.branchPtr(MacroAssembler::Equal, valueGPR, MacroAssembler::ImmPtr(JSValue::encode(jsBoolean(true)))), taken);
-            }
-    
-            value.use();
-    
-            silentSpillAllRegisters(resultGPR);
-            m_jit.move(valueGPR, GPRInfo::argumentGPR1);
-            m_jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
-            appendCallWithExceptionCheck(dfgConvertJSValueToBoolean);
-            m_jit.move(GPRInfo::returnValueGPR, resultGPR);
-            silentFillAllRegisters(resultGPR);
-    
-            addBranch(m_jit.branchTest8(MacroAssembler::NonZero, resultGPR), taken);
-            if (notTaken != (m_block + 1))
-                addBranch(m_jit.jump(), notTaken);
-        }
-        
-        noResult(m_compileIndex, UseChildrenCalledExplicitly);
-    }
-}
-
 void JITCodeGenerator::emitCall(Node& node)
 {

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h

@@ -601 +601 @@
     void compileValueAdd(Node&);
     void compileLogicalNot(Node&);
+    void emitBranch(Node&);
     
     // It is acceptable to have structure be equal to scratch, so long as you're fine
@@ -944 +945 @@
 
 inline SpeculativeJIT::SpeculativeJIT(JITCompiler& jit)
-    : JITCodeGenerator(jit, true)
+    : JITCodeGenerator(jit)
     , m_compileOkay(true)
     , m_arguments(jit.codeBlock()->m_numParameters)

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

@@ -483 +483 @@
 }
 
+void SpeculativeJIT::emitBranch(Node& node)
+{
+    // FIXME: Add fast cases for known Boolean!
+    JSValueOperand value(this, node.child1());
+    value.fill();
+    GPRReg valueTagGPR = value.tagGPR();
+    GPRReg valuePayloadGPR = value.payloadGPR();
+
+    GPRTemporary result(this);
+    GPRReg resultGPR = result.gpr();
+    
+    use(node.child1());
+    
+    BlockIndex taken = m_jit.graph().blockIndexForBytecodeOffset(node.takenBytecodeOffset());
+    BlockIndex notTaken = m_jit.graph().blockIndexForBytecodeOffset(node.notTakenBytecodeOffset());
+
+    JITCompiler::Jump fastPath = m_jit.branch32(JITCompiler::Equal, valueTagGPR, JITCompiler::TrustedImm32(JSValue::Int32Tag));
+    JITCompiler::Jump slowPath = m_jit.branch32(JITCompiler::NotEqual, valueTagGPR, JITCompiler::TrustedImm32(JSValue::BooleanTag));
+
+    fastPath.link(&m_jit);
+    addBranch(m_jit.branchTest32(JITCompiler::Zero, valuePayloadGPR), notTaken);
+    addBranch(m_jit.jump(), taken);
+
+    slowPath.link(&m_jit);
+    silentSpillAllRegisters(resultGPR);
+    m_jit.push(valueTagGPR);
+    m_jit.push(valuePayloadGPR);
+    m_jit.push(GPRInfo::callFrameRegister);
+    appendCallWithExceptionCheck(dfgConvertJSValueToBoolean);
+    m_jit.move(GPRInfo::returnValueGPR, resultGPR);
+    silentFillAllRegisters(resultGPR);
+    
+    addBranch(m_jit.branchTest8(JITCompiler::NonZero, resultGPR), taken);
+    if (notTaken != (m_block + 1))
+        addBranch(m_jit.jump(), notTaken);
+    
+    noResult(m_compileIndex, UseChildrenCalledExplicitly);
+}
+
 void SpeculativeJIT::compile(Node& node)
 {

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

@@ -583 +583 @@
 }
 
+void SpeculativeJIT::emitBranch(Node& node)
+{
+    JSValueOperand value(this, node.child1());
+    GPRReg valueGPR = value.gpr();
+    
+    BlockIndex taken = m_jit.graph().blockIndexForBytecodeOffset(node.takenBytecodeOffset());
+    BlockIndex notTaken = m_jit.graph().blockIndexForBytecodeOffset(node.notTakenBytecodeOffset());
+    
+    if (isKnownBoolean(node.child1())) {
+        MacroAssembler::ResultCondition condition = MacroAssembler::NonZero;
+        
+        if (taken == (m_block + 1)) {
+            condition = MacroAssembler::Zero;
+            BlockIndex tmp = taken;
+            taken = notTaken;
+            notTaken = tmp;
+        }
+        
+        addBranch(m_jit.branchTest32(condition, valueGPR, TrustedImm32(true)), taken);
+        if (notTaken != (m_block + 1))
+            addBranch(m_jit.jump(), notTaken);
+        
+        noResult(m_compileIndex);
+    } else {
+        GPRTemporary result(this);
+        GPRReg resultGPR = result.gpr();
+        
+        bool predictBoolean = isBooleanPrediction(m_jit.getPrediction(node.child1()));
+    
+        if (predictBoolean) {
+            addBranch(m_jit.branchPtr(MacroAssembler::Equal, valueGPR, MacroAssembler::ImmPtr(JSValue::encode(jsBoolean(false)))), notTaken);
+            addBranch(m_jit.branchPtr(MacroAssembler::Equal, valueGPR, MacroAssembler::ImmPtr(JSValue::encode(jsBoolean(true)))), taken);
+
+            speculationCheck(m_jit.jump());
+            value.use();
+        } else {
+            addBranch(m_jit.branchPtr(MacroAssembler::Equal, valueGPR, MacroAssembler::ImmPtr(JSValue::encode(jsNumber(0)))), notTaken);
+            addBranch(m_jit.branchPtr(MacroAssembler::AboveOrEqual, valueGPR, GPRInfo::tagTypeNumberRegister), taken);
+    
+            addBranch(m_jit.branchPtr(MacroAssembler::Equal, valueGPR, MacroAssembler::ImmPtr(JSValue::encode(jsBoolean(false)))), notTaken);
+            addBranch(m_jit.branchPtr(MacroAssembler::Equal, valueGPR, MacroAssembler::ImmPtr(JSValue::encode(jsBoolean(true)))), taken);
+    
+            value.use();
+    
+            silentSpillAllRegisters(resultGPR);
+            m_jit.move(valueGPR, GPRInfo::argumentGPR1);
+            m_jit.move(GPRInfo::callFrameRegister, GPRInfo::argumentGPR0);
+            appendCallWithExceptionCheck(dfgConvertJSValueToBoolean);
+            m_jit.move(GPRInfo::returnValueGPR, resultGPR);
+            silentFillAllRegisters(resultGPR);
+    
+            addBranch(m_jit.branchTest8(MacroAssembler::NonZero, resultGPR), taken);
+            if (notTaken != (m_block + 1))
+                addBranch(m_jit.jump(), notTaken);
+        }
+        
+        noResult(m_compileIndex, UseChildrenCalledExplicitly);
+    }
+}
+
 void SpeculativeJIT::compile(Node& node)
 {