Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (230625 => 230626)
--- trunk/Source/_javascript_Core/ChangeLog 2018-04-13 08:50:42 UTC (rev 230625)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-04-13 09:05:52 UTC (rev 230626)
@@ -1,3 +1,23 @@
+2018-04-13 Yusuke Suzuki <utatane....@gmail.com>
+
+ [DFG] Remove duplicate 32bit ProfileType implementation
+ https://bugs.webkit.org/show_bug.cgi?id=184536
+
+ Reviewed by Saam Barati.
+
+ This patch removes duplicate 32bit ProfileType implementation by unifying 32/64 implementations.
+
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileProfileType):
+ * dfg/DFGSpeculativeJIT.h:
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::compile):
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::branchIfUndefined):
+ (JSC::AssemblyHelpers::branchIfNull):
+
2018-04-12 Mark Lam <mark....@apple.com>
Consolidate some PtrTags.
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (230625 => 230626)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2018-04-13 08:50:42 UTC (rev 230625)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2018-04-13 09:05:52 UTC (rev 230626)
@@ -61,6 +61,7 @@
#include "ScopedArguments.h"
#include "ScratchRegisterAllocator.h"
#include "SuperSampler.h"
+#include "TypeProfilerLog.h"
#include "WeakMapImpl.h"
#include <wtf/BitVector.h>
#include <wtf/Box.h>
@@ -12796,6 +12797,76 @@
jsValueResult(resultRegs, node);
}
+void SpeculativeJIT::compileProfileType(Node* node)
+{
+ JSValueOperand value(this, node->child1());
+ GPRTemporary scratch1(this);
+ GPRTemporary scratch2(this);
+ GPRTemporary scratch3(this);
+
+ JSValueRegs valueRegs = value.jsValueRegs();
+ GPRReg scratch1GPR = scratch1.gpr();
+ GPRReg scratch2GPR = scratch2.gpr();
+ GPRReg scratch3GPR = scratch3.gpr();
+
+ MacroAssembler::JumpList jumpToEnd;
+
+ jumpToEnd.append(m_jit.branchIfEmpty(valueRegs));
+
+ TypeLocation* cachedTypeLocation = node->typeLocation();
+ // Compile in a predictive type check, if possible, to see if we can skip writing to the log.
+ // These typechecks are inlined to match those of the 64-bit JSValue type checks.
+ if (cachedTypeLocation->m_lastSeenType == TypeUndefined)
+ jumpToEnd.append(m_jit.branchIfUndefined(valueRegs));
+ else if (cachedTypeLocation->m_lastSeenType == TypeNull)
+ jumpToEnd.append(m_jit.branchIfNull(valueRegs));
+ else if (cachedTypeLocation->m_lastSeenType == TypeBoolean)
+ jumpToEnd.append(m_jit.branchIfBoolean(valueRegs, scratch1GPR));
+ else if (cachedTypeLocation->m_lastSeenType == TypeAnyInt)
+ jumpToEnd.append(m_jit.branchIfInt32(valueRegs));
+ else if (cachedTypeLocation->m_lastSeenType == TypeNumber)
+ jumpToEnd.append(m_jit.branchIfNumber(valueRegs, scratch1GPR));
+ else if (cachedTypeLocation->m_lastSeenType == TypeString) {
+ MacroAssembler::Jump isNotCell = m_jit.branchIfNotCell(valueRegs);
+ jumpToEnd.append(m_jit.branchIfString(valueRegs.payloadGPR()));
+ isNotCell.link(&m_jit);
+ }
+
+ // Load the TypeProfilerLog into Scratch2.
+ TypeProfilerLog* cachedTypeProfilerLog = m_jit.vm()->typeProfilerLog();
+ m_jit.move(TrustedImmPtr(cachedTypeProfilerLog), scratch2GPR);
+
+ // Load the next LogEntry into Scratch1.
+ m_jit.loadPtr(MacroAssembler::Address(scratch2GPR, TypeProfilerLog::currentLogEntryOffset()), scratch1GPR);
+
+ // Store the JSValue onto the log entry.
+ m_jit.storeValue(valueRegs, MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::valueOffset()));
+
+ // Store the structureID of the cell if valueRegs is a cell, otherwise, store 0 on the log entry.
+ MacroAssembler::Jump isNotCell = m_jit.branchIfNotCell(valueRegs);
+ m_jit.load32(MacroAssembler::Address(valueRegs.payloadGPR(), JSCell::structureIDOffset()), scratch3GPR);
+ m_jit.store32(scratch3GPR, MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::structureIDOffset()));
+ MacroAssembler::Jump skipIsCell = m_jit.jump();
+ isNotCell.link(&m_jit);
+ m_jit.store32(TrustedImm32(0), MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::structureIDOffset()));
+ skipIsCell.link(&m_jit);
+
+ // Store the typeLocation on the log entry.
+ m_jit.move(TrustedImmPtr(cachedTypeLocation), scratch3GPR);
+ m_jit.storePtr(scratch3GPR, MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::locationOffset()));
+
+ // Increment the current log entry.
+ m_jit.addPtr(TrustedImm32(sizeof(TypeProfilerLog::LogEntry)), scratch1GPR);
+ m_jit.storePtr(scratch1GPR, MacroAssembler::Address(scratch2GPR, TypeProfilerLog::currentLogEntryOffset()));
+ MacroAssembler::Jump clearLog = m_jit.branchPtr(MacroAssembler::Equal, scratch1GPR, TrustedImmPtr(cachedTypeProfilerLog->logEndPtr()));
+ addSlowPathGenerator(
+ slowPathCall(clearLog, this, operationProcessTypeProfilerLogDFG, NoResult));
+
+ jumpToEnd.link(&m_jit);
+
+ noResult(node);
+}
+
void SpeculativeJIT::cachedPutById(CodeOrigin codeOrigin, GPRReg baseGPR, JSValueRegs valueRegs, GPRReg scratchGPR, unsigned identifierNumber, PutKind putKind, JITCompiler::Jump slowPathTarget, SpillRegistersMode spillMode)
{
RegisterSet usedRegisters = this->usedRegisters();
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h (230625 => 230626)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2018-04-13 08:50:42 UTC (rev 230625)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.h 2018-04-13 09:05:52 UTC (rev 230626)
@@ -1520,6 +1520,7 @@
void compileLogShadowChickenTail(Node*);
void compileHasIndexedProperty(Node*);
void compileExtractCatchLocal(Node*);
+ void compileProfileType(Node*);
void moveTrueTo(GPRReg);
void moveFalseTo(GPRReg);
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (230625 => 230626)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2018-04-13 08:50:42 UTC (rev 230625)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2018-04-13 09:05:52 UTC (rev 230626)
@@ -44,7 +44,6 @@
#include "ObjectPrototype.h"
#include "JSCInlines.h"
#include "SetupVarargsFrame.h"
-#include "TypeProfilerLog.h"
#include "Watchdog.h"
namespace JSC { namespace DFG {
@@ -4023,52 +4022,7 @@
break;
}
case ProfileType: {
- JSValueOperand value(this, node->child1());
- GPRTemporary scratch1(this);
- GPRTemporary scratch2(this);
- GPRTemporary scratch3(this);
-
- GPRReg scratch1GPR = scratch1.gpr();
- GPRReg scratch2GPR = scratch2.gpr();
- GPRReg scratch3GPR = scratch3.gpr();
-
- JITCompiler::Jump isTDZValue = m_jit.branch32(JITCompiler::Equal, value.tagGPR(), TrustedImm32(JSValue::EmptyValueTag));
-
- // Load the TypeProfilerLog into Scratch2.
- TypeProfilerLog* cachedTypeProfilerLog = m_jit.vm()->typeProfilerLog();
- m_jit.move(TrustedImmPtr(cachedTypeProfilerLog), scratch2GPR);
-
- // Load the next LogEntry into Scratch1.
- m_jit.loadPtr(MacroAssembler::Address(scratch2GPR, TypeProfilerLog::currentLogEntryOffset()), scratch1GPR);
-
- // Store the JSValue onto the log entry.
- m_jit.store32(value.tagGPR(), MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::valueOffset() + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
- m_jit.store32(value.payloadGPR(), MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::valueOffset() + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
-
- // Store the structureID of the cell if valueGPR is a cell, otherwise, store 0 on the log entry.
- MacroAssembler::Jump isNotCell = m_jit.branchIfNotCell(value.jsValueRegs());
- m_jit.load32(MacroAssembler::Address(value.payloadGPR(), JSCell::structureIDOffset()), scratch3GPR);
- m_jit.store32(scratch3GPR, MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::structureIDOffset()));
- MacroAssembler::Jump skipIsCell = m_jit.jump();
- isNotCell.link(&m_jit);
- m_jit.store32(TrustedImm32(0), MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::structureIDOffset()));
- skipIsCell.link(&m_jit);
-
- // Store the typeLocation on the log entry.
- TypeLocation* cachedTypeLocation = node->typeLocation();
- m_jit.move(TrustedImmPtr(cachedTypeLocation), scratch3GPR);
- m_jit.storePtr(scratch3GPR, MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::locationOffset()));
-
- // Increment the current log entry.
- m_jit.addPtr(TrustedImm32(sizeof(TypeProfilerLog::LogEntry)), scratch1GPR);
- m_jit.storePtr(scratch1GPR, MacroAssembler::Address(scratch2GPR, TypeProfilerLog::currentLogEntryOffset()));
- MacroAssembler::Jump clearLog = m_jit.branchPtr(MacroAssembler::Equal, scratch1GPR, TrustedImmPtr(cachedTypeProfilerLog->logEndPtr()));
- addSlowPathGenerator(
- slowPathCall(clearLog, this, operationProcessTypeProfilerLogDFG, NoResult));
-
- isTDZValue.link(&m_jit);
-
- noResult(node);
+ compileProfileType(node);
break;
}
case ProfileControlFlow: {
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (230625 => 230626)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2018-04-13 08:50:42 UTC (rev 230625)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2018-04-13 09:05:52 UTC (rev 230626)
@@ -47,7 +47,6 @@
#include "SetupVarargsFrame.h"
#include "SpillRegistersMode.h"
#include "StringPrototype.h"
-#include "TypeProfilerLog.h"
#include "Watchdog.h"
namespace JSC { namespace DFG {
@@ -4575,74 +4574,7 @@
break;
}
case ProfileType: {
- JSValueOperand value(this, node->child1());
- GPRTemporary scratch1(this);
- GPRTemporary scratch2(this);
- GPRTemporary scratch3(this);
-
- GPRReg scratch1GPR = scratch1.gpr();
- GPRReg scratch2GPR = scratch2.gpr();
- GPRReg scratch3GPR = scratch3.gpr();
- GPRReg valueGPR = value.gpr();
-
- MacroAssembler::JumpList jumpToEnd;
-
- jumpToEnd.append(m_jit.branchTest64(JITCompiler::Zero, valueGPR));
-
- TypeLocation* cachedTypeLocation = node->typeLocation();
- // Compile in a predictive type check, if possible, to see if we can skip writing to the log.
- // These typechecks are inlined to match those of the 64-bit JSValue type checks.
- if (cachedTypeLocation->m_lastSeenType == TypeUndefined)
- jumpToEnd.append(m_jit.branch64(MacroAssembler::Equal, valueGPR, MacroAssembler::TrustedImm64(JSValue::encode(jsUndefined()))));
- else if (cachedTypeLocation->m_lastSeenType == TypeNull)
- jumpToEnd.append(m_jit.branch64(MacroAssembler::Equal, valueGPR, MacroAssembler::TrustedImm64(JSValue::encode(jsNull()))));
- else if (cachedTypeLocation->m_lastSeenType == TypeBoolean) {
- m_jit.move(valueGPR, scratch2GPR);
- m_jit.and64(TrustedImm32(~1), scratch2GPR);
- jumpToEnd.append(m_jit.branch64(MacroAssembler::Equal, scratch2GPR, MacroAssembler::TrustedImm64(ValueFalse)));
- } else if (cachedTypeLocation->m_lastSeenType == TypeAnyInt)
- jumpToEnd.append(m_jit.branch64(MacroAssembler::AboveOrEqual, valueGPR, GPRInfo::tagTypeNumberRegister));
- else if (cachedTypeLocation->m_lastSeenType == TypeNumber)
- jumpToEnd.append(m_jit.branchTest64(MacroAssembler::NonZero, valueGPR, GPRInfo::tagTypeNumberRegister));
- else if (cachedTypeLocation->m_lastSeenType == TypeString) {
- MacroAssembler::Jump isNotCell = m_jit.branchIfNotCell(JSValueRegs(valueGPR));
- jumpToEnd.append(m_jit.branchIfString(valueGPR));
- isNotCell.link(&m_jit);
- }
-
- // Load the TypeProfilerLog into Scratch2.
- TypeProfilerLog* cachedTypeProfilerLog = m_jit.vm()->typeProfilerLog();
- m_jit.move(TrustedImmPtr(cachedTypeProfilerLog), scratch2GPR);
-
- // Load the next LogEntry into Scratch1.
- m_jit.loadPtr(MacroAssembler::Address(scratch2GPR, TypeProfilerLog::currentLogEntryOffset()), scratch1GPR);
-
- // Store the JSValue onto the log entry.
- m_jit.store64(valueGPR, MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::valueOffset()));
-
- // Store the structureID of the cell if valueGPR is a cell, otherwise, store 0 on the log entry.
- MacroAssembler::Jump isNotCell = m_jit.branchIfNotCell(JSValueRegs(valueGPR));
- m_jit.load32(MacroAssembler::Address(valueGPR, JSCell::structureIDOffset()), scratch3GPR);
- m_jit.store32(scratch3GPR, MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::structureIDOffset()));
- MacroAssembler::Jump skipIsCell = m_jit.jump();
- isNotCell.link(&m_jit);
- m_jit.store32(TrustedImm32(0), MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::structureIDOffset()));
- skipIsCell.link(&m_jit);
-
- // Store the typeLocation on the log entry.
- m_jit.move(TrustedImmPtr(cachedTypeLocation), scratch3GPR);
- m_jit.storePtr(scratch3GPR, MacroAssembler::Address(scratch1GPR, TypeProfilerLog::LogEntry::locationOffset()));
-
- // Increment the current log entry.
- m_jit.addPtr(TrustedImm32(sizeof(TypeProfilerLog::LogEntry)), scratch1GPR);
- m_jit.storePtr(scratch1GPR, MacroAssembler::Address(scratch2GPR, TypeProfilerLog::currentLogEntryOffset()));
- MacroAssembler::Jump clearLog = m_jit.branchPtr(MacroAssembler::Equal, scratch1GPR, TrustedImmPtr(cachedTypeProfilerLog->logEndPtr()));
- addSlowPathGenerator(
- slowPathCall(clearLog, this, operationProcessTypeProfilerLogDFG, NoResult));
-
- jumpToEnd.link(&m_jit);
-
- noResult(node);
+ compileProfileType(node);
break;
}
case ProfileControlFlow: {
Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (230625 => 230626)
--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2018-04-13 08:50:42 UTC (rev 230625)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h 2018-04-13 09:05:52 UTC (rev 230626)
@@ -913,6 +913,25 @@
#endif
}
+ // Note that this function does not respect MasqueradesAsUndefined.
+ Jump branchIfUndefined(JSValueRegs regs)
+ {
+#if USE(JSVALUE64)
+ return branch64(Equal, regs.gpr(), TrustedImm64(JSValue::encode(jsUndefined())));
+#else
+ return branch32(Equal, regs.tagGPR(), TrustedImm32(JSValue::UndefinedTag));
+#endif
+ }
+
+ Jump branchIfNull(JSValueRegs regs)
+ {
+#if USE(JSVALUE64)
+ return branch64(Equal, regs.gpr(), TrustedImm64(JSValue::encode(jsNull())));
+#else
+ return branch32(Equal, regs.tagGPR(), TrustedImm32(JSValue::NullTag));
+#endif
+ }
+
JumpList branchIfNotType(
JSValueRegs, GPRReg tempGPR, const InferredType::Descriptor&,
TagRegistersMode = HaveTagRegisters);
