Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (277116 => 277117)
--- trunk/Source/_javascript_Core/ChangeLog 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-05-06 20:54:16 UTC (rev 277117)
@@ -1,5 +1,49 @@
2021-05-06 Filip Pizlo <fpi...@apple.com>
+ Reduce use of dmb ish on ARM64
+ https://bugs.webkit.org/show_bug.cgi?id=225465
+
+ Reviewed by Keith Miller.
+
+ We use loadLoadFence a lot, often in situations like:
+
+ Foo* ptr = loadStuff;
+ loadLoadFence();
+ use ptr
+
+ On ARM64, we don't need a dmb ish here. This introduces a dependentLoadLoadFence() for these
+ cases; it's just a compiler fence on ARM64 and Intel.
+
+ We also used loadLoadFence in some places where I couldn't think of any good reason for the
+ fence other than paranoia. I got rid of those.
+
+ * bytecode/CallLinkStatus.cpp:
+ (JSC::CallLinkStatus::computeFromCallLinkInfo):
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::jitType const):
+ * bytecode/ObjectAllocationProfile.h:
+ (JSC::ObjectAllocationProfileBase::structure):
+ (JSC::ObjectAllocationProfileWithPrototype::prototype):
+ * bytecode/Watchpoint.h:
+ (JSC::WatchpointSet::state const):
+ (JSC::InlineWatchpointSet::state const):
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+ (JSC::DFG::ByteCodeParser::handlePutByVal):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileGetByValOnString):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::compileStringCharAt):
+ * runtime/GetterSetter.h:
+ * runtime/InferredValue.h:
+ (JSC::InferredValue::state const):
+ * runtime/Structure.h:
+ (JSC::Structure::tryRareData):
+ * runtime/StructureInlines.h:
+ (JSC::Structure::propertyReplacementWatchpointSet):
+
+2021-05-06 Filip Pizlo <fpi...@apple.com>
+
It should be possible to --logJIT=true
https://bugs.webkit.org/show_bug.cgi?id=225464
Modified: trunk/Source/_javascript_Core/bytecode/CallLinkStatus.cpp (277116 => 277117)
--- trunk/Source/_javascript_Core/bytecode/CallLinkStatus.cpp 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/bytecode/CallLinkStatus.cpp 2021-05-06 20:54:16 UTC (rev 277117)
@@ -193,7 +193,7 @@
// never mutated after the PolymorphicCallStubRoutine is instantiated. We have some conservative
// fencing in place to make sure that we see the variants list after construction.
if (PolymorphicCallStubRoutine* stub = callLinkInfo.stub()) {
- WTF::loadLoadFence();
+ WTF::dependentLoadLoadFence();
if (!stub->hasEdges()) {
// This means we have an FTL profile, which has incomplete information.
Modified: trunk/Source/_javascript_Core/bytecode/CodeBlock.h (277116 => 277117)
--- trunk/Source/_javascript_Core/bytecode/CodeBlock.h 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/bytecode/CodeBlock.h 2021-05-06 20:54:16 UTC (rev 277117)
@@ -434,9 +434,7 @@
JITType jitType() const
{
JITCode* jitCode = m_jitCode.get();
- WTF::loadLoadFence();
JITType result = JITCode::jitTypeFor(jitCode);
- WTF::loadLoadFence(); // This probably isn't needed. Oh well, paranoia is good.
return result;
}
Modified: trunk/Source/_javascript_Core/bytecode/ObjectAllocationProfile.h (277116 => 277117)
--- trunk/Source/_javascript_Core/bytecode/ObjectAllocationProfile.h 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/bytecode/ObjectAllocationProfile.h 2021-05-06 20:54:16 UTC (rev 277117)
@@ -52,7 +52,7 @@
{
Structure* structure = m_structure.get();
// Ensure that if we see the structure, it has been properly created
- WTF::loadLoadFence();
+ WTF::dependentLoadLoadFence();
return structure;
}
@@ -100,7 +100,7 @@
JSObject* prototype()
{
JSObject* prototype = m_prototype.get();
- WTF::loadLoadFence();
+ WTF::dependentLoadLoadFence();
return prototype;
}
Modified: trunk/Source/_javascript_Core/bytecode/Watchpoint.h (277116 => 277117)
--- trunk/Source/_javascript_Core/bytecode/Watchpoint.h 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/bytecode/Watchpoint.h 2021-05-06 20:54:16 UTC (rev 277117)
@@ -208,9 +208,7 @@
// then also the watchpoint state() will change to IsInvalidated.
WatchpointState state() const
{
- WTF::loadLoadFence();
WatchpointState result = static_cast<WatchpointState>(m_state);
- WTF::loadLoadFence();
return result;
}
@@ -361,9 +359,7 @@
// state if you also add a watchpoint.
WatchpointState state() const
{
- WTF::loadLoadFence();
uintptr_t data = ""
- WTF::loadLoadFence();
if (isFat(data))
return fat(data)->state();
return decodeState(data);
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (277116 => 277117)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2021-05-06 20:54:16 UTC (rev 277117)
@@ -5655,9 +5655,8 @@
auto bytecode = currentInstruction->as<OpNewArrayBuffer>();
// Unfortunately, we can't allocate a new JSImmutableButterfly if the profile tells us new information because we
// cannot allocate from compilation threads.
- WTF::loadLoadFence();
FrozenValue* frozen = get(VirtualRegister(bytecode.m_immutableButterfly))->constant();
- WTF::loadLoadFence();
+ WTF::dependentLoadLoadFence();
JSImmutableButterfly* immutableButterfly = frozen->cast<JSImmutableButterfly*>();
NewArrayBufferData data { };
data.indexingMode = immutableButterfly->indexingMode();
Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (277116 => 277117)
--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2021-05-06 20:54:16 UTC (rev 277117)
@@ -2404,7 +2404,7 @@
JSGlobalObject* globalObject = m_jit.globalObjectFor(node->origin.semantic);
Structure* stringPrototypeStructure = globalObject->stringPrototype()->structure(vm);
Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(vm);
- WTF::loadLoadFence();
+ WTF::dependentLoadLoadFence();
if (globalObject->stringPrototypeChainIsSane()) {
// FIXME: This could be captured using a Speculation mode that means "out-of-bounds
Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (277116 => 277117)
--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2021-05-06 20:54:16 UTC (rev 277117)
@@ -8493,7 +8493,7 @@
JSGlobalObject* globalObject = m_graph.globalObjectFor(m_origin.semantic);
Structure* stringPrototypeStructure = globalObject->stringPrototype()->structure(vm());
Structure* objectPrototypeStructure = globalObject->objectPrototype()->structure(vm());
- WTF::loadLoadFence();
+ WTF::dependentLoadLoadFence();
if (globalObject->stringPrototypeChainIsSane()) {
// FIXME: This could be captured using a Speculation mode that means
Modified: trunk/Source/_javascript_Core/runtime/GetterSetter.h (277116 => 277117)
--- trunk/Source/_javascript_Core/runtime/GetterSetter.h 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/runtime/GetterSetter.h 2021-05-06 20:54:16 UTC (rev 277117)
@@ -89,7 +89,7 @@
JSObject* getterConcurrently() const
{
JSObject* result = getter();
- WTF::loadLoadFence();
+ WTF::dependentLoadLoadFence();
return result;
}
Modified: trunk/Source/_javascript_Core/runtime/InferredValue.h (277116 => 277117)
--- trunk/Source/_javascript_Core/runtime/InferredValue.h 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/runtime/InferredValue.h 2021-05-06 20:54:16 UTC (rev 277117)
@@ -81,9 +81,7 @@
// state if you also add a watchpoint.
WatchpointState state() const
{
- WTF::loadLoadFence();
uintptr_t data = ""
- WTF::loadLoadFence();
if (isFat(data))
return fat(data)->state();
return decodeState(data);
Modified: trunk/Source/_javascript_Core/runtime/Structure.h (277116 => 277117)
--- trunk/Source/_javascript_Core/runtime/Structure.h 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/runtime/Structure.h 2021-05-06 20:54:16 UTC (rev 277117)
@@ -43,6 +43,7 @@
#include "TinyBloomFilter.h"
#include "Watchpoint.h"
#include "WriteBarrierInlines.h"
+#include <wtf/Atomics.h>
#include <wtf/PrintStream.h>
namespace WTF {
@@ -338,6 +339,15 @@
return static_cast<StructureRareData*>(m_previousOrRareData.get());
}
+ StructureRareData* tryRareData()
+ {
+ JSCell* value = m_previousOrRareData.get();
+ WTF::dependentLoadLoadFence();
+ if (isRareData(value))
+ return static_cast<StructureRareData*>(value);
+ return nullptr;
+ }
+
const StructureRareData* rareData() const
{
ASSERT(hasRareData());
Modified: trunk/Source/_javascript_Core/runtime/StructureInlines.h (277116 => 277117)
--- trunk/Source/_javascript_Core/runtime/StructureInlines.h 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/_javascript_Core/runtime/StructureInlines.h 2021-05-06 20:54:16 UTC (rev 277117)
@@ -367,10 +367,10 @@
inline WatchpointSet* Structure::propertyReplacementWatchpointSet(PropertyOffset offset)
{
ConcurrentJSLocker locker(m_lock);
- if (!hasRareData())
+ StructureRareData* rareData = tryRareData();
+ if (!rareData)
return nullptr;
- WTF::loadLoadFence();
- StructureRareData::PropertyWatchpointMap* map = rareData()->m_replacementWatchpointSets.get();
+ StructureRareData::PropertyWatchpointMap* map = rareData->m_replacementWatchpointSets.get();
if (!map)
return nullptr;
return map->get(offset);
Modified: trunk/Source/WTF/ChangeLog (277116 => 277117)
--- trunk/Source/WTF/ChangeLog 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/WTF/ChangeLog 2021-05-06 20:54:16 UTC (rev 277117)
@@ -1,3 +1,13 @@
+2021-05-06 Filip Pizlo <fpi...@apple.com>
+
+ Reduce use of dmb ish on ARM64
+ https://bugs.webkit.org/show_bug.cgi?id=225465
+
+ Reviewed by Keith Miller.
+
+ * wtf/Atomics.h:
+ (WTF::dependentLoadLoadFence):
+
2021-05-06 Per Arne Vollan <pvol...@apple.com>
Add sandbox extension flag to specify that path contains no symlinks
Modified: trunk/Source/WTF/wtf/Atomics.h (277116 => 277117)
--- trunk/Source/WTF/wtf/Atomics.h 2021-05-06 20:49:28 UTC (rev 277116)
+++ trunk/Source/WTF/wtf/Atomics.h 2021-05-06 20:54:16 UTC (rev 277117)
@@ -328,6 +328,13 @@
#endif
+#if CPU(ARM64) || CPU(X86) || CPU(X86_64)
+// Use this fence if you want a fence between loads that are already depdendent.
+inline void dependentLoadLoadFence() { compilerFence(); }
+#else
+inline void dependentLoadLoadFence() { loadLoadFence(); }
+#endif
+
typedef unsigned InternalDependencyType;
inline InternalDependencyType opaqueMixture()