Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (281453 => 281454)
--- trunk/Source/_javascript_Core/ChangeLog 2021-08-23 17:16:44 UTC (rev 281453)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-08-23 17:36:45 UTC (rev 281454)
@@ -1,3 +1,28 @@
+2021-08-23 Yusuke Suzuki <ysuz...@apple.com>
+
+ [JSC] emitArrayProfilingSiteWithCell should not load indexingType unnecessarily
+ https://bugs.webkit.org/show_bug.cgi?id=229396
+
+ Reviewed by Saam Barati.
+
+ emitArrayProfilingSiteWithCell is always loading indexingType after profiling a cell.
+ But (possibly) this is old code, and there is no reason to do that. This patch removes it.
+
+ * jit/JIT.h:
+ * jit/JITInlines.h:
+ (JSC::JIT::emitArrayProfilingSiteWithCell):
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emit_op_in_by_val):
+ (JSC::JIT::emit_op_enumerator_get_by_val):
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emit_op_put_by_val):
+ (JSC::JIT::emit_op_get_by_id):
+ (JSC::JIT::emit_op_in_by_val):
+
2021-08-22 Yusuke Suzuki <ysuz...@apple.com>
[JSC] Remove already-shipped wasm option flags
Modified: trunk/Source/_javascript_Core/jit/JIT.h (281453 => 281454)
--- trunk/Source/_javascript_Core/jit/JIT.h 2021-08-23 17:16:44 UTC (rev 281453)
+++ trunk/Source/_javascript_Core/jit/JIT.h 2021-08-23 17:36:45 UTC (rev 281454)
@@ -381,7 +381,7 @@
std::enable_if_t<std::is_same<decltype(Op::Metadata::m_profile), ValueProfile>::value, void>
emitValueProfilingSiteIfProfiledOpcode(Op bytecode);
- void emitArrayProfilingSiteWithCell(RegisterID cell, RegisterID indexingType, ArrayProfile*);
+ void emitArrayProfilingSiteWithCell(RegisterID cellGPR, ArrayProfile*, RegisterID scratchGPR);
void emitArrayProfileStoreToHoleSpecialCase(ArrayProfile*);
void emitArrayProfileOutOfBoundsSpecialCase(ArrayProfile*);
Modified: trunk/Source/_javascript_Core/jit/JITInlines.h (281453 => 281454)
--- trunk/Source/_javascript_Core/jit/JITInlines.h 2021-08-23 17:16:44 UTC (rev 281453)
+++ trunk/Source/_javascript_Core/jit/JITInlines.h 2021-08-23 17:36:45 UTC (rev 281454)
@@ -344,14 +344,12 @@
}
#endif
-inline void JIT::emitArrayProfilingSiteWithCell(RegisterID cell, RegisterID indexingType, ArrayProfile* arrayProfile)
+inline void JIT::emitArrayProfilingSiteWithCell(RegisterID cellGPR, ArrayProfile* arrayProfile, RegisterID scratchGPR)
{
if (shouldEmitProfiling()) {
- load32(MacroAssembler::Address(cell, JSCell::structureIDOffset()), indexingType);
- store32(indexingType, arrayProfile->addressOfLastSeenStructureID());
+ load32(MacroAssembler::Address(cellGPR, JSCell::structureIDOffset()), scratchGPR);
+ store32(scratchGPR, arrayProfile->addressOfLastSeenStructureID());
}
-
- load8(Address(cell, JSCell::indexingTypeAndMiscOffset()), indexingType);
}
inline void JIT::emitArrayProfileStoreToHoleSpecialCase(ArrayProfile* arrayProfile)
Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp (281453 => 281454)
--- trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2021-08-23 17:16:44 UTC (rev 281453)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2021-08-23 17:36:45 UTC (rev 281454)
@@ -60,12 +60,12 @@
if (metadata.m_seenIdentifiers.count() > Options::getByValICMaxNumberOfIdentifiers()) {
auto notCell = branchIfNotCell(regT0);
- emitArrayProfilingSiteWithCell(regT0, regT2, profile);
+ emitArrayProfilingSiteWithCell(regT0, profile, regT2);
notCell.link(this);
callOperationWithProfile(bytecode.metadata(m_codeBlock), operationGetByVal, dst, TrustedImmPtr(m_codeBlock->globalObject()), regT0, regT1);
} else {
emitJumpSlowCaseIfNotJSCell(regT0, base);
- emitArrayProfilingSiteWithCell(regT0, regT2, profile);
+ emitArrayProfilingSiteWithCell(regT0, profile, regT2);
JSValueRegs resultRegs = JSValueRegs(regT0);
@@ -462,12 +462,13 @@
// See comment in op_get_by_val.
zeroExtend32ToWord(regT1, regT1);
}
- emitArrayProfilingSiteWithCell(regT0, regT2, profile);
+ emitArrayProfilingSiteWithCell(regT0, profile, regT2);
PatchableJump badType;
JumpList slowCases;
// FIXME: Maybe we should do this inline?
+ load8(Address(regT0, JSCell::indexingTypeAndMiscOffset()), regT2);
addSlowCase(branchTest32(NonZero, regT2, TrustedImm32(CopyOnWrite)));
and32(TrustedImm32(IndexingShapeMask), regT2);
@@ -1307,7 +1308,7 @@
if (*ident == m_vm->propertyNames->length && shouldEmitProfiling()) {
Jump notArrayLengthMode = branch8(NotEqual, AbsoluteAddress(&metadata.m_modeMetadata.mode), TrustedImm32(static_cast<uint8_t>(GetByIdMode::ArrayLength)));
- emitArrayProfilingSiteWithCell(regT0, regT1, &metadata.m_modeMetadata.arrayLengthMode.arrayProfile);
+ emitArrayProfilingSiteWithCell(regT0, &metadata.m_modeMetadata.arrayLengthMode.arrayProfile, regT1);
notArrayLengthMode.link(this);
}
@@ -1713,7 +1714,7 @@
emitGetVirtualRegister(base, regT0);
emitJumpSlowCaseIfNotJSCell(regT0, base);
emitGetVirtualRegister(property, regT1);
- emitArrayProfilingSiteWithCell(regT0, regT2, profile);
+ emitArrayProfilingSiteWithCell(regT0, profile, regT2);
JITInByValGenerator gen(
m_codeBlock, JITType::BaselineJIT, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), AccessType::InByVal, RegisterSet::stubUnavailableRegisters(),
@@ -3101,7 +3102,7 @@
emitGetVirtualRegister(index, regT1);
isNotIndexed.link(this);
- emitArrayProfilingSiteWithCell(regT0, regT2, profile);
+ emitArrayProfilingSiteWithCell(regT0, profile, regT2);
JITGetByValGenerator gen(
m_codeBlock, JITType::BaselineJIT, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), AccessType::GetByVal, RegisterSet::stubUnavailableRegisters(),
Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp (281453 => 281454)
--- trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp 2021-08-23 17:16:44 UTC (rev 281453)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp 2021-08-23 17:36:45 UTC (rev 281454)
@@ -247,12 +247,12 @@
if (metadata.m_seenIdentifiers.count() > Options::getByValICMaxNumberOfIdentifiers()) {
auto notCell = branchIfNotCell(regT1);
- emitArrayProfilingSiteWithCell(regT0, regT4, profile);
+ emitArrayProfilingSiteWithCell(regT0, profile, regT4);
notCell.link(this);
callOperationWithProfile(bytecode.metadata(m_codeBlock), operationGetByVal, dst, TrustedImmPtr(m_codeBlock->globalObject()), JSValueRegs(regT1, regT0), JSValueRegs(regT3, regT2));
} else {
emitJumpSlowCaseIfNotJSCell(base, regT1);
- emitArrayProfilingSiteWithCell(regT0, regT4, profile);
+ emitArrayProfilingSiteWithCell(regT0, profile, regT4);
JSValueRegs resultRegs = JSValueRegs(regT1, regT0);
@@ -474,12 +474,13 @@
emitJumpSlowCaseIfNotJSCell(base, regT1);
PatchableJump notIndex = patchableBranch32(NotEqual, regT3, TrustedImm32(JSValue::Int32Tag));
addSlowCase(notIndex);
- emitArrayProfilingSiteWithCell(regT0, regT1, profile);
+ emitArrayProfilingSiteWithCell(regT0, profile, regT1);
PatchableJump badType;
JumpList slowCases;
// FIXME: Maybe we should do this inline?
+ load8(Address(regT0, JSCell::indexingTypeAndMiscOffset()), regT1);
addSlowCase(branchTest32(NonZero, regT1, TrustedImm32(CopyOnWrite)));
and32(TrustedImm32(IndexingShapeMask), regT1);
@@ -744,7 +745,7 @@
if (*ident == m_vm->propertyNames->length && shouldEmitProfiling()) {
Jump notArrayLengthMode = branch8(NotEqual, AbsoluteAddress(&metadata.m_modeMetadata.mode), TrustedImm32(static_cast<uint8_t>(GetByIdMode::ArrayLength)));
- emitArrayProfilingSiteWithCell(regT0, regT2, &metadata.m_modeMetadata.arrayLengthMode.arrayProfile);
+ emitArrayProfilingSiteWithCell(regT0, &metadata.m_modeMetadata.arrayLengthMode.arrayProfile, regT2);
notArrayLengthMode.link(this);
}
@@ -921,7 +922,7 @@
emitLoad2(base, regT1, regT0, property, regT3, regT2);
emitJumpSlowCaseIfNotJSCell(base, regT1);
- emitArrayProfilingSiteWithCell(regT0, regT4, profile);
+ emitArrayProfilingSiteWithCell(regT0, profile, regT4);
JITInByValGenerator gen(
m_codeBlock, JITType::BaselineJIT, CodeOrigin(m_bytecodeIndex), CallSiteIndex(m_bytecodeIndex), AccessType::InByVal, RegisterSet::stubUnavailableRegisters(),
