[webkit-changes] [270423] trunk/Source/JavaScriptCore

Thu, 03 Dec 2020 20:09:00 -0800

Title: [270423] trunk/Source/_javascript_Core
Revision
270423
Author
[email protected]
Date
2020-12-03 20:08:46 -0800 (Thu, 03 Dec 2020)

Log Message

"done" checkpoint of iterator_next stores the wrong register in the value profile in baseline JIT
https://bugs.webkit.org/show_bug.cgi?id=219501

Reviewed by Keith Miller.

* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::emit_op_iterator_next):
* jit/JITInlines.h:
(JSC::JIT::emitValueProfilingSite):
(JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (270422 => 270423)


--- trunk/Source/_javascript_Core/ChangeLog	2020-12-04 03:30:34 UTC (rev 270422)
+++ trunk/Source/_javascript_Core/ChangeLog	2020-12-04 04:08:46 UTC (rev 270423)
@@ -1,3 +1,17 @@
+2020-12-03  Saam Barati  <[email protected]>
+
+        "done" checkpoint of iterator_next stores the wrong register in the value profile in baseline JIT
+        https://bugs.webkit.org/show_bug.cgi?id=219501
+
+        Reviewed by Keith Miller.
+
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::emit_op_iterator_next):
+        * jit/JITInlines.h:
+        (JSC::JIT::emitValueProfilingSite):
+        (JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):
+
 2020-12-03  Adam Roben  <[email protected]>
 
         Adopt FALLBACK_PLATFORM

Modified: trunk/Source/_javascript_Core/jit/JIT.h (270422 => 270423)


--- trunk/Source/_javascript_Core/jit/JIT.h	2020-12-04 03:30:34 UTC (rev 270422)
+++ trunk/Source/_javascript_Core/jit/JIT.h	2020-12-04 04:08:46 UTC (rev 270423)
@@ -373,8 +373,14 @@
 
         // This assumes that the value to profile is in regT0 and that regT3 is available for
         // scratch.
-        void emitValueProfilingSite(ValueProfile&);
-        template<typename Metadata> void emitValueProfilingSite(Metadata&);
+#if USE(JSVALUE64)
+        void emitValueProfilingSite(ValueProfile&, JSValueRegs value = JSValueRegs { regT0 });
+        template<typename Metadata> void emitValueProfilingSite(Metadata&, JSValueRegs value = JSValueRegs { regT0 });
+#else
+        void emitValueProfilingSite(ValueProfile&, JSValueRegs value = JSValueRegs { regT1, regT0 });
+        template<typename Metadata> void emitValueProfilingSite(Metadata&, JSValueRegs value = JSValueRegs { regT1, regT0 });
+#endif
+
         void emitValueProfilingSiteIfProfiledOpcode(...);
         template<typename Op>
         std::enable_if_t<std::is_same<decltype(Op::Metadata::m_profile), ValueProfile>::value, void>

Modified: trunk/Source/_javascript_Core/jit/JITCall.cpp (270422 => 270423)


--- trunk/Source/_javascript_Core/jit/JITCall.cpp	2020-12-04 03:30:34 UTC (rev 270422)
+++ trunk/Source/_javascript_Core/jit/JITCall.cpp	2020-12-04 04:08:46 UTC (rev 270423)
@@ -487,7 +487,7 @@
         addSlowCase(gen.slowPathJump());
         m_getByIds.append(gen);
 
-        emitValueProfilingSite(metadata);
+        emitValueProfilingSite(metadata, JSValueRegs { doneGPR });
         emitPutVirtualRegister(bytecode.m_done, doneGPR);
         advanceToNextCheckpoint();
     }
@@ -506,7 +506,7 @@
         addSlowCase(gen.slowPathJump());
         m_getByIds.append(gen);
 
-        emitValueProfilingSite(metadata);
+        emitValueProfilingSite(metadata, JSValueRegs { valueGPR });
         emitPutVirtualRegister(bytecode.m_value, valueGPR);
 
         iterationDone.link(this);

Modified: trunk/Source/_javascript_Core/jit/JITInlines.h (270422 => 270423)


--- trunk/Source/_javascript_Core/jit/JITInlines.h	2020-12-04 03:30:34 UTC (rev 270422)
+++ trunk/Source/_javascript_Core/jit/JITInlines.h	2020-12-04 04:08:46 UTC (rev 270423)
@@ -309,23 +309,18 @@
     return src.isConstant() && getConstantOperand(src).isString() && asString(getConstantOperand(src).asCell())->length() == 1;
 }
 
-inline void JIT::emitValueProfilingSite(ValueProfile& valueProfile)
+inline void JIT::emitValueProfilingSite(ValueProfile& valueProfile, JSValueRegs value)
 {
     ASSERT(shouldEmitProfiling());
 
-    const RegisterID value = regT0;
-#if USE(JSVALUE32_64)
-    const RegisterID valueTag = regT1;
-#endif
-    
     // We're in a simple configuration: only one bucket, so we can just do a direct
     // store.
 #if USE(JSVALUE64)
-    store64(value, valueProfile.m_buckets);
+    store64(value.gpr(), valueProfile.m_buckets);
 #else
     EncodedValueDescriptor* descriptor = bitwise_cast<EncodedValueDescriptor*>(valueProfile.m_buckets);
-    store32(value, &descriptor->asBits.payload);
-    store32(valueTag, &descriptor->asBits.tag);
+    store32(value.payloadGPR(), &descriptor->asBits.payload);
+    store32(value.tagGPR(), &descriptor->asBits.tag);
 #endif
 }
 
@@ -338,11 +333,11 @@
 inline void JIT::emitValueProfilingSiteIfProfiledOpcode(...) { }
 
 template<typename Metadata>
-inline void JIT::emitValueProfilingSite(Metadata& metadata)
+inline void JIT::emitValueProfilingSite(Metadata& metadata, JSValueRegs value)
 {
     if (!shouldEmitProfiling())
         return;
-    emitValueProfilingSite(valueProfileFor(metadata, m_bytecodeIndex.checkpoint()));
+    emitValueProfilingSite(valueProfileFor(metadata, m_bytecodeIndex.checkpoint()), value);
 }
 
 inline void JIT::emitArrayProfilingSiteWithCell(RegisterID cell, RegisterID indexingType, ArrayProfile* arrayProfile)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to