Skip to site navigation (Press enter)

[webkit-changes] [97446] trunk/Source/JavaScriptCore

fpizlo Fri, 14 Oct 2011 00:06:46 -0700

Title: [97446] trunk/Source/_javascript_Core

Revision: 97446
Author: [email protected]
Date: 2011-10-14 00:07:46 -0700 (Fri, 14 Oct 2011)

Log Message

Speculation failures in ValueToInt32 are causing a 2x slow-down
in Kraken/stanford-crypto-pbkdf2
https://bugs.webkit.org/show_bug.cgi?id=70089


Reviewed by Gavin Barraclough.
        
If we can't truncate to Int32 using machine code, then don't fail
speculation. Just call JSC::toInt32.

* dfg/DFGJITCodeGenerator.h:
(JSC::DFG::callOperation):
* dfg/DFGOperations.h:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileValueToInt32):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h
trunk/Source/_javascript_Core/dfg/DFGOperations.h
trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (97445 => 97446)


--- trunk/Source/_javascript_Core/ChangeLog	2011-10-14 06:57:10 UTC (rev 97445)
+++ trunk/Source/_javascript_Core/ChangeLog	2011-10-14 07:07:46 UTC (rev 97446)
@@ -1,3 +1,22 @@
+2011-10-13  Filip Pizlo  <[email protected]>
+
+        Speculation failures in ValueToInt32 are causing a 2x slow-down
+        in Kraken/stanford-crypto-pbkdf2
+        https://bugs.webkit.org/show_bug.cgi?id=70089
+
+        Reviewed by Gavin Barraclough.
+        
+        If we can't truncate to Int32 using machine code, then don't fail
+        speculation. Just call JSC::toInt32.
+
+        * dfg/DFGJITCodeGenerator.h:
+        (JSC::DFG::callOperation):
+        * dfg/DFGOperations.h:
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileValueToInt32):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+
 2011-10-13  Mark Hahnenberg  <[email protected]>
 
         Rename virtual getConstructData to getConstructDataVirtual

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h (97445 => 97446)


--- trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h	2011-10-14 06:57:10 UTC (rev 97445)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCodeGenerator.h	2011-10-14 07:07:46 UTC (rev 97446)
@@ -1045,6 +1045,13 @@
 
         return appendCallWithExceptionCheckSetResult(operation, result);
     }
+    JITCompiler::Call callOperation(Z_DFGOperation_D operation, GPRReg result, FPRReg arg1)
+    {
+        m_jit.moveDouble(arg1, FPRInfo::argumentFPR0);
+        JITCompiler::Call call = m_jit.appendCall(operation);
+        m_jit.zeroExtend32ToPtr(GPRInfo::returnValueGPR, result);
+        return call;
+    }
     JITCompiler::Call callOperation(J_DFGOperation_EGI operation, GPRReg result, GPRReg arg1, void* pointer)
     {
         return callOperation((J_DFGOperation_EPP)operation, result, arg1, pointer);
@@ -1265,6 +1272,14 @@
     }
 
     // These methods add calls to C++ helper functions.
+    JITCompiler::Call callOperation(Z_DFGOperation_D operation, GPRReg result, FPRReg arg1)
+    {
+        resetCallArguments();
+        addCallArgument(arg1);
+        JITCompiler::Call call = m_jit.appendCall(operation);
+        m_jit.move(GPRInfo::returnValueGPR, result);
+        return call;
+    }
     JITCompiler::Call callOperation(J_DFGOperation_EP operation, GPRReg resultTag, GPRReg resultPayload, void* pointer)
     {
         resetCallArguments();

Modified: trunk/Source/_javascript_Core/dfg/DFGOperations.h (97445 => 97446)


--- trunk/Source/_javascript_Core/dfg/DFGOperations.h	2011-10-14 06:57:10 UTC (rev 97445)
+++ trunk/Source/_javascript_Core/dfg/DFGOperations.h	2011-10-14 07:07:46 UTC (rev 97446)
@@ -61,6 +61,7 @@
     I: Identifier*
     G: GlobalResolveInfo*
 */
+typedef int32_t DFG_OPERATION (*Z_DFGOperation_D)(double);
 typedef JSCell* DFG_OPERATION (*C_DFGOperation_E)(ExecState*);
 typedef JSCell* DFG_OPERATION (*C_DFGOperation_EC)(ExecState*, JSCell*);
 typedef EncodedJSValue DFG_OPERATION (*J_DFGOperation_EA)(ExecState*, JSArray*);

Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (97445 => 97446)


--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2011-10-14 06:57:10 UTC (rev 97445)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2011-10-14 07:07:46 UTC (rev 97446)
@@ -617,7 +617,9 @@
             GPRReg gpr = result.gpr();
             JITCompiler::Jump truncatedToInteger = m_jit.branchTruncateDoubleToInt32(fpr, gpr, JITCompiler::BranchIfTruncateSuccessful);
             
-            speculationCheck(m_jit.jump());
+            silentSpillAllRegisters(gpr);
+            callOperation(toInt32, gpr, fpr);
+            silentFillAllRegisters(gpr);
             
             truncatedToInteger.link(&m_jit);
             integerResult(gpr, m_compileIndex);

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes