Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (232105 => 232106)
--- trunk/Source/_javascript_Core/ChangeLog 2018-05-23 04:44:44 UTC (rev 232105)
+++ trunk/Source/_javascript_Core/ChangeLog 2018-05-23 05:05:13 UTC (rev 232106)
@@ -1,5 +1,32 @@
2018-05-22 Yusuke Suzuki <[email protected]>
+ [JSC] Clean up stringGetByValStubGenerator
+ https://bugs.webkit.org/show_bug.cgi?id=185864
+
+ Reviewed by Saam Barati.
+
+ We clean up stringGetByValStubGenerator.
+
+ 1. Unify 32bit and 64bit implementations.
+ 2. Rename stringGetByValStubGenerator to stringGetByValGenerator, move it to ThunkGenerators.cpp.
+ 3. Remove string type check since this code is invoked only when we know regT0 is JSString*.
+ 4. Do not tag Cell in stringGetByValGenerator side. 32bit code stores Cell with tag in JITPropertyAccess32_64 side.
+ 5. Fix invalid use of loadPtr for StringImpl::flags. Should use load32.
+
+ * jit/JIT.h:
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::stringGetByValStubGenerator): Deleted.
+ * jit/JITPropertyAccess32_64.cpp:
+ (JSC::JIT::emit_op_get_by_val):
+ (JSC::JIT::emitSlow_op_get_by_val):
+ (JSC::JIT::stringGetByValStubGenerator): Deleted.
+ * jit/ThunkGenerators.cpp:
+ (JSC::stringGetByValGenerator):
+ * jit/ThunkGenerators.h:
+
+2018-05-22 Yusuke Suzuki <[email protected]>
+
[JSC] Use branchIfString/branchIfNotString instead of structure checkings
https://bugs.webkit.org/show_bug.cgi?id=185810
Modified: trunk/Source/_javascript_Core/jit/JIT.h (232105 => 232106)
--- trunk/Source/_javascript_Core/jit/JIT.h 2018-05-23 04:44:44 UTC (rev 232105)
+++ trunk/Source/_javascript_Core/jit/JIT.h 2018-05-23 05:05:13 UTC (rev 232106)
@@ -890,7 +890,6 @@
std::unique_ptr<JITDisassembler> m_disassembler;
RefPtr<Profiler::Compilation> m_compilation;
- static CodeRef<JITThunkPtrTag> stringGetByValStubGenerator(VM*);
PCToCodeOriginMapBuilder m_pcToCodeOriginMapBuilder;
Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp (232105 => 232106)
--- trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2018-05-23 04:44:44 UTC (rev 232105)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2018-05-23 05:05:13 UTC (rev 232106)
@@ -50,47 +50,6 @@
namespace JSC {
#if USE(JSVALUE64)
-JIT::CodeRef<JITThunkPtrTag> JIT::stringGetByValStubGenerator(VM* vm)
-{
- JSInterfaceJIT jit(vm);
- JumpList failures;
- jit.tagReturnAddress();
- failures.append(jit.branchIfNotString(regT0));
-
- // Load string length to regT2, and start the process of loading the data pointer into regT0
- jit.load32(Address(regT0, JSString::offsetOfLength()), regT2);
- jit.loadPtr(Address(regT0, JSString::offsetOfValue()), regT0);
- failures.append(jit.branchTest32(Zero, regT0));
-
- // Do an unsigned compare to simultaneously filter negative indices as well as indices that are too large
- failures.append(jit.branch32(AboveOrEqual, regT1, regT2));
-
- // Load the character
- JumpList is16Bit;
- JumpList cont8Bit;
- // Load the string flags
- jit.loadPtr(Address(regT0, StringImpl::flagsOffset()), regT2);
- jit.loadPtr(Address(regT0, StringImpl::dataOffset()), regT0);
- is16Bit.append(jit.branchTest32(Zero, regT2, TrustedImm32(StringImpl::flagIs8Bit())));
- jit.load8(BaseIndex(regT0, regT1, TimesOne, 0), regT0);
- cont8Bit.append(jit.jump());
- is16Bit.link(&jit);
- jit.load16(BaseIndex(regT0, regT1, TimesTwo, 0), regT0);
- cont8Bit.link(&jit);
-
- failures.append(jit.branch32(AboveOrEqual, regT0, TrustedImm32(0x100)));
- jit.move(TrustedImmPtr(vm->smallStrings.singleCharacterStrings()), regT1);
- jit.loadPtr(BaseIndex(regT1, regT0, ScalePtr, 0), regT0);
- jit.ret();
-
- failures.link(&jit);
- jit.move(TrustedImm32(0), regT0);
- jit.ret();
-
- LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID);
- return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "String get_by_val stub");
-}
-
void JIT::emit_op_get_by_val(Instruction* currentInstruction)
{
int dst = currentInstruction[1].u.operand;
@@ -250,7 +209,7 @@
Jump nonCell = jump();
linkSlowCase(iter); // base array check
Jump notString = branchIfNotString(regT0);
- emitNakedCall(CodeLocationLabel<NoPtrTag>(m_vm->getCTIStub(stringGetByValStubGenerator).retaggedCode<NoPtrTag>()));
+ emitNakedCall(CodeLocationLabel<NoPtrTag>(m_vm->getCTIStub(stringGetByValGenerator).retaggedCode<NoPtrTag>()));
Jump failed = branchTest64(Zero, regT0);
emitPutVirtualRegister(dst, regT0);
emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_get_by_val));
Modified: trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp (232105 => 232106)
--- trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp 2018-05-23 04:44:44 UTC (rev 232105)
+++ trunk/Source/_javascript_Core/jit/JITPropertyAccess32_64.cpp 2018-05-23 05:05:13 UTC (rev 232106)
@@ -128,48 +128,6 @@
callOperation(operationDeleteByValJSResult, dst, JSValueRegs(regT1, regT0), JSValueRegs(regT3, regT2));
}
-JIT::CodeRef<JITThunkPtrTag> JIT::stringGetByValStubGenerator(VM* vm)
-{
- JSInterfaceJIT jit(vm);
- JumpList failures;
- failures.append(jit.branchIfNotString(regT0));
-
- // Load string length to regT1, and start the process of loading the data pointer into regT0
- jit.load32(Address(regT0, JSString::offsetOfLength()), regT1);
- jit.loadPtr(Address(regT0, JSString::offsetOfValue()), regT0);
- failures.append(jit.branchTest32(Zero, regT0));
-
- // Do an unsigned compare to simultaneously filter negative indices as well as indices that are too large
- failures.append(jit.branch32(AboveOrEqual, regT2, regT1));
-
- // Load the character
- JumpList is16Bit;
- JumpList cont8Bit;
- // Load the string flags
- jit.loadPtr(Address(regT0, StringImpl::flagsOffset()), regT1);
- jit.loadPtr(Address(regT0, StringImpl::dataOffset()), regT0);
- is16Bit.append(jit.branchTest32(Zero, regT1, TrustedImm32(StringImpl::flagIs8Bit())));
- jit.load8(BaseIndex(regT0, regT2, TimesOne, 0), regT0);
- cont8Bit.append(jit.jump());
- is16Bit.link(&jit);
- jit.load16(BaseIndex(regT0, regT2, TimesTwo, 0), regT0);
-
- cont8Bit.link(&jit);
-
- failures.append(jit.branch32(AboveOrEqual, regT0, TrustedImm32(0x100)));
- jit.move(TrustedImmPtr(vm->smallStrings.singleCharacterStrings()), regT1);
- jit.loadPtr(BaseIndex(regT1, regT0, ScalePtr, 0), regT0);
- jit.move(TrustedImm32(JSValue::CellTag), regT1); // We null check regT0 on return so this is safe
- jit.ret();
-
- failures.link(&jit);
- jit.move(TrustedImm32(0), regT0);
- jit.ret();
-
- LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID);
- return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "String get_by_val stub");
-}
-
void JIT::emit_op_get_by_val(Instruction* currentInstruction)
{
int dst = currentInstruction[1].u.operand;
@@ -177,7 +135,7 @@
int property = currentInstruction[3].u.operand;
ArrayProfile* profile = ""
ByValInfo* byValInfo = m_codeBlock->addByValInfo();
-
+
emitLoad2(base, regT1, regT0, property, regT3, regT2);
emitJumpSlowCaseIfNotJSCell(base, regT1);
@@ -309,9 +267,9 @@
Jump nonCell = jump();
linkSlowCase(iter); // base array check
Jump notString = branchIfNotString(regT0);
- emitNakedCall(CodeLocationLabel<NoPtrTag>(m_vm->getCTIStub(stringGetByValStubGenerator).retaggedCode<NoPtrTag>()));
+ emitNakedCall(CodeLocationLabel<NoPtrTag>(m_vm->getCTIStub(stringGetByValGenerator).retaggedCode<NoPtrTag>()));
Jump failed = branchTestPtr(Zero, regT0);
- emitStore(dst, regT1, regT0);
+ emitStoreCell(dst, regT0);
emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_get_by_val));
failed.link(this);
notString.link(this);
Modified: trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp (232105 => 232106)
--- trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp 2018-05-23 04:44:44 UTC (rev 232105)
+++ trunk/Source/_javascript_Core/jit/ThunkGenerators.cpp 2018-05-23 05:05:13 UTC (rev 232106)
@@ -612,6 +612,58 @@
return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "unreachable thunk");
}
+MacroAssemblerCodeRef<JITThunkPtrTag> stringGetByValGenerator(VM* vm)
+{
+ // regT0 is JSString*, and regT1 (64bit) or regT2 (32bit) is int index.
+ // Return regT0 = result JSString* if succeeds. Otherwise, return regT0 = 0.
+#if USE(JSVALUE64)
+ GPRReg stringGPR = GPRInfo::regT0;
+ GPRReg indexGPR = GPRInfo::regT1;
+ GPRReg scratchGPR = GPRInfo::regT2;
+#else
+ GPRReg stringGPR = GPRInfo::regT0;
+ GPRReg indexGPR = GPRInfo::regT2;
+ GPRReg scratchGPR = GPRInfo::regT1;
+#endif
+
+ JSInterfaceJIT jit(vm);
+ JSInterfaceJIT::JumpList failures;
+ jit.tagReturnAddress();
+
+ // Load string length to regT2, and start the process of loading the data pointer into regT0
+ jit.load32(JSInterfaceJIT::Address(stringGPR, JSString::offsetOfLength()), scratchGPR);
+ jit.loadPtr(JSInterfaceJIT::Address(stringGPR, JSString::offsetOfValue()), stringGPR);
+ failures.append(jit.branchTestPtr(JSInterfaceJIT::Zero, stringGPR));
+
+ // Do an unsigned compare to simultaneously filter negative indices as well as indices that are too large
+ failures.append(jit.branch32(JSInterfaceJIT::AboveOrEqual, indexGPR, scratchGPR));
+
+ // Load the character
+ JSInterfaceJIT::JumpList is16Bit;
+ JSInterfaceJIT::JumpList cont8Bit;
+ // Load the string flags
+ jit.load32(JSInterfaceJIT::Address(stringGPR, StringImpl::flagsOffset()), scratchGPR);
+ jit.loadPtr(JSInterfaceJIT::Address(stringGPR, StringImpl::dataOffset()), stringGPR);
+ is16Bit.append(jit.branchTest32(JSInterfaceJIT::Zero, scratchGPR, JSInterfaceJIT::TrustedImm32(StringImpl::flagIs8Bit())));
+ jit.load8(JSInterfaceJIT::BaseIndex(stringGPR, indexGPR, JSInterfaceJIT::TimesOne, 0), stringGPR);
+ cont8Bit.append(jit.jump());
+ is16Bit.link(&jit);
+ jit.load16(JSInterfaceJIT::BaseIndex(stringGPR, indexGPR, JSInterfaceJIT::TimesTwo, 0), stringGPR);
+ cont8Bit.link(&jit);
+
+ failures.append(jit.branch32(JSInterfaceJIT::AboveOrEqual, stringGPR, JSInterfaceJIT::TrustedImm32(0x100)));
+ jit.move(JSInterfaceJIT::TrustedImmPtr(vm->smallStrings.singleCharacterStrings()), indexGPR);
+ jit.loadPtr(JSInterfaceJIT::BaseIndex(indexGPR, stringGPR, JSInterfaceJIT::ScalePtr, 0), stringGPR);
+ jit.ret();
+
+ failures.link(&jit);
+ jit.move(JSInterfaceJIT::TrustedImm32(0), stringGPR);
+ jit.ret();
+
+ LinkBuffer patchBuffer(jit, GLOBAL_THUNK_ID);
+ return FINALIZE_CODE(patchBuffer, JITThunkPtrTag, "String get_by_val stub");
+}
+
static void stringCharLoad(SpecializedThunkJIT& jit)
{
// load string
Modified: trunk/Source/_javascript_Core/jit/ThunkGenerators.h (232105 => 232106)
--- trunk/Source/_javascript_Core/jit/ThunkGenerators.h 2018-05-23 04:44:44 UTC (rev 232105)
+++ trunk/Source/_javascript_Core/jit/ThunkGenerators.h 2018-05-23 05:05:13 UTC (rev 232106)
@@ -51,6 +51,7 @@
MacroAssemblerCodeRef<JITThunkPtrTag> internalFunctionConstructGenerator(VM*);
MacroAssemblerCodeRef<JITThunkPtrTag> arityFixupGenerator(VM*);
MacroAssemblerCodeRef<JITThunkPtrTag> unreachableGenerator(VM*);
+MacroAssemblerCodeRef<JITThunkPtrTag> stringGetByValGenerator(VM*);
MacroAssemblerCodeRef<JITThunkPtrTag> charCodeAtThunkGenerator(VM*);
MacroAssemblerCodeRef<JITThunkPtrTag> charAtThunkGenerator(VM*);
