[webkit-changes] [272080] branches/safari-611-branch/Source/JavaScriptCore

Fri, 29 Jan 2021 14:55:53 -0800

Title: [272080] branches/safari-611-branch/Source/_javascript_Core
Revision
272080
Author
[email protected]
Date
2021-01-29 14:55:07 -0800 (Fri, 29 Jan 2021)

Log Message

[JSC] Avoid using DirectCall when executable is wasm function
https://bugs.webkit.org/show_bug.cgi?id=221055

Reviewed by Keith Miller.

This is a partial patch from https://bugs.webkit.org/show_bug.cgi?id=220339, which is reverted because of Facebook crash.
For now, we just avoid using DirectCall to wasm functions so that normal Call will be used, and it is efficient. This
patch avoids JetStream2 regression.

* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* jit/JITOperations.cpp:
(JSC::virtualForWithFunction):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setUpCall):
* runtime/Intrinsic.cpp:
(JSC::intrinsicName):
* runtime/Intrinsic.h:
* wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::create):


Canonical link: https://commits.webkit.org/233420@main

Modified Paths

Diff

Modified: branches/safari-611-branch/Source/_javascript_Core/ChangeLog (272079 => 272080)


--- branches/safari-611-branch/Source/_javascript_Core/ChangeLog	2021-01-29 22:55:04 UTC (rev 272079)
+++ branches/safari-611-branch/Source/_javascript_Core/ChangeLog	2021-01-29 22:55:07 UTC (rev 272080)
@@ -1,3 +1,28 @@
+2021-01-27  Yusuke Suzuki  <[email protected]>
+
+        [JSC] Avoid using DirectCall when executable is wasm function
+        https://bugs.webkit.org/show_bug.cgi?id=221055
+
+        Reviewed by Keith Miller.
+
+        This is a partial patch from https://bugs.webkit.org/show_bug.cgi?id=220339, which is reverted because of Facebook crash.
+        For now, we just avoid using DirectCall to wasm functions so that normal Call will be used, and it is efficient. This
+        patch avoids JetStream2 regression.
+
+        * dfg/DFGOperations.cpp:
+        (JSC::DFG::JSC_DEFINE_JIT_OPERATION):
+        * dfg/DFGStrengthReductionPhase.cpp:
+        (JSC::DFG::StrengthReductionPhase::handleNode):
+        * jit/JITOperations.cpp:
+        (JSC::virtualForWithFunction):
+        * llint/LLIntSlowPaths.cpp:
+        (JSC::LLInt::setUpCall):
+        * runtime/Intrinsic.cpp:
+        (JSC::intrinsicName):
+        * runtime/Intrinsic.h:
+        * wasm/js/WebAssemblyFunction.cpp:
+        (JSC::WebAssemblyFunction::create):
+
 2021-01-28  Alan Coon  <[email protected]>
 
         Cherry-pick r271873. rdar://problem/73722521

Modified: branches/safari-611-branch/Source/_javascript_Core/dfg/DFGOperations.cpp (272079 => 272080)


--- branches/safari-611-branch/Source/_javascript_Core/dfg/DFGOperations.cpp	2021-01-29 22:55:04 UTC (rev 272079)
+++ branches/safari-611-branch/Source/_javascript_Core/dfg/DFGOperations.cpp	2021-01-29 22:55:07 UTC (rev 272080)
@@ -3548,6 +3548,8 @@
 
     JSScope* scope = callee->scopeUnchecked();
 
+    // FIXME: Support wasm IC.
+    // https://bugs.webkit.org/show_bug.cgi?id=220339
     MacroAssemblerCodePtr<JSEntryPtrTag> codePtr;
     CodeBlock* codeBlock = nullptr;
     if (executable->isHostFunction())

Modified: branches/safari-611-branch/Source/_javascript_Core/dfg/DFGStrengthReductionPhase.cpp (272079 => 272080)


--- branches/safari-611-branch/Source/_javascript_Core/dfg/DFGStrengthReductionPhase.cpp	2021-01-29 22:55:04 UTC (rev 272079)
+++ branches/safari-611-branch/Source/_javascript_Core/dfg/DFGStrengthReductionPhase.cpp	2021-01-29 22:55:07 UTC (rev 272080)
@@ -927,6 +927,12 @@
             
             if (!executable)
                 break;
+
+            // FIXME: Support wasm IC.
+            // DirectCall to wasm function has suboptimal implementation. We avoid using DirectCall if we know that function is a wasm function.
+            // https://bugs.webkit.org/show_bug.cgi?id=220339
+            if (executable->intrinsic() == WasmFunctionIntrinsic)
+                break;
             
             if (FunctionExecutable* functionExecutable = jsDynamicCast<FunctionExecutable*>(vm(), executable)) {
                 if (m_node->op() == Construct && functionExecutable->constructAbility() == ConstructAbility::CannotConstruct)

Modified: branches/safari-611-branch/Source/_javascript_Core/jit/JITOperations.cpp (272079 => 272080)


--- branches/safari-611-branch/Source/_javascript_Core/jit/JITOperations.cpp	2021-01-29 22:55:04 UTC (rev 272079)
+++ branches/safari-611-branch/Source/_javascript_Core/jit/JITOperations.cpp	2021-01-29 22:55:07 UTC (rev 272080)
@@ -1391,6 +1391,8 @@
                 reinterpret_cast<void*>(KeepTheFrame));
         }
     }
+    // FIXME: Support wasm IC.
+    // https://bugs.webkit.org/show_bug.cgi?id=220339
     return encodeResult(executable->entrypointFor(
         kind, MustCheckArity).executableAddress(),
         reinterpret_cast<void*>(callLinkInfo->callMode() == CallMode::Tail ? ReuseTheFrame : KeepTheFrame));

Modified: branches/safari-611-branch/Source/_javascript_Core/llint/LLIntSlowPaths.cpp (272079 => 272080)


--- branches/safari-611-branch/Source/_javascript_Core/llint/LLIntSlowPaths.cpp	2021-01-29 22:55:04 UTC (rev 272079)
+++ branches/safari-611-branch/Source/_javascript_Core/llint/LLIntSlowPaths.cpp	2021-01-29 22:55:07 UTC (rev 272080)
@@ -1736,6 +1736,8 @@
 
     MacroAssemblerCodePtr<JSEntryPtrTag> codePtr;
     CodeBlock* codeBlock = nullptr;
+    // FIXME: Support wasm IC.
+    // https://bugs.webkit.org/show_bug.cgi?id=220339
     if (executable->isHostFunction())
         codePtr = executable->entrypointFor(kind, MustCheckArity);
     else {

Modified: branches/safari-611-branch/Source/_javascript_Core/runtime/Intrinsic.cpp (272079 => 272080)


--- branches/safari-611-branch/Source/_javascript_Core/runtime/Intrinsic.cpp	2021-01-29 22:55:04 UTC (rev 272079)
+++ branches/safari-611-branch/Source/_javascript_Core/runtime/Intrinsic.cpp	2021-01-29 22:55:07 UTC (rev 272080)
@@ -337,6 +337,8 @@
         return "DataViewSetFloat32";
     case DataViewSetFloat64:
         return "DataViewSetFloat64";
+    case WasmFunctionIntrinsic:
+        return "WasmFunctionIntrinsic";
     }
     RELEASE_ASSERT_NOT_REACHED();
     return nullptr;

Modified: branches/safari-611-branch/Source/_javascript_Core/runtime/Intrinsic.h (272079 => 272080)


--- branches/safari-611-branch/Source/_javascript_Core/runtime/Intrinsic.h	2021-01-29 22:55:04 UTC (rev 272079)
+++ branches/safari-611-branch/Source/_javascript_Core/runtime/Intrinsic.h	2021-01-29 22:55:07 UTC (rev 272080)
@@ -192,6 +192,8 @@
     DataViewSetUint32,
     DataViewSetFloat32,
     DataViewSetFloat64,
+
+    WasmFunctionIntrinsic,
 };
 
 Optional<IterationKind> interationKindForIntrinsic(Intrinsic);

Modified: branches/safari-611-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp (272079 => 272080)


--- branches/safari-611-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp	2021-01-29 22:55:04 UTC (rev 272079)
+++ branches/safari-611-branch/Source/_javascript_Core/wasm/js/WebAssemblyFunction.cpp	2021-01-29 22:55:07 UTC (rev 272080)
@@ -434,7 +434,7 @@
 
 WebAssemblyFunction* WebAssemblyFunction::create(VM& vm, JSGlobalObject* globalObject, Structure* structure, unsigned length, const String& name, JSWebAssemblyInstance* instance, Wasm::Callee& jsEntrypoint, Wasm::WasmToWasmImportableFunction::LoadLocation wasmToWasmEntrypointLoadLocation, Wasm::SignatureIndex signatureIndex)
 {
-    NativeExecutable* executable = vm.getHostFunction(callWebAssemblyFunction, NoIntrinsic, callHostFunctionAsConstructor, nullptr, name);
+    NativeExecutable* executable = vm.getHostFunction(callWebAssemblyFunction, WasmFunctionIntrinsic, callHostFunctionAsConstructor, nullptr, name);
     WebAssemblyFunction* function = new (NotNull, allocateCell<WebAssemblyFunction>(vm.heap)) WebAssemblyFunction(vm, executable, globalObject, structure, jsEntrypoint, wasmToWasmEntrypointLoadLocation, signatureIndex);
     function->finishCreation(vm, executable, length, name, instance);
     return function;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to