[webkit-changes] [292447] trunk/Source/JavaScriptCore

Tue, 05 Apr 2022 20:41:36 -0700

Title: [292447] trunk/Source/_javascript_Core
Revision
292447
Author
ysuz...@apple.com
Date
2022-04-05 20:41:00 -0700 (Tue, 05 Apr 2022)

Log Message

[JSC] Use inlined assertion for CodeBlock type
https://bugs.webkit.org/show_bug.cgi?id=238849

Reviewed by Michael Saboff.

We introduced probeDebug-based CodeBlock assertion, but it is too slow and causing timeout on Debug JSC tests.
Instead, we use inlined assertion which is much faster to prevent these Debug build timeout.

* assembler/AbortReason.h:
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::compileEntry):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
* dfg/DFGThunks.cpp:
(JSC::DFG::osrEntryThunkGenerator):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::lower):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameWithType):
(JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameIsOptimizingJIT):
* jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameWithType):
(JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameIsOptimizingJIT):
* jit/JIT.cpp:
(JSC::JIT::compileAndLinkWithoutFinalizing):
* jit/JITCode.h:
(JSC::JITCode::offsetOfJITType):

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (292446 => 292447)


--- trunk/Source/_javascript_Core/ChangeLog	2022-04-06 03:27:14 UTC (rev 292446)
+++ trunk/Source/_javascript_Core/ChangeLog	2022-04-06 03:41:00 UTC (rev 292447)
@@ -1,5 +1,35 @@
 2022-04-05  Yusuke Suzuki  <ysuz...@apple.com>
 
+        [JSC] Use inlined assertion for CodeBlock type
+        https://bugs.webkit.org/show_bug.cgi?id=238849
+
+        Reviewed by Michael Saboff.
+
+        We introduced probeDebug-based CodeBlock assertion, but it is too slow and causing timeout on Debug JSC tests.
+        Instead, we use inlined assertion which is much faster to prevent these Debug build timeout.
+
+        * assembler/AbortReason.h:
+        * dfg/DFGJITCompiler.cpp:
+        (JSC::DFG::JITCompiler::compileEntry):
+        * dfg/DFGSpeculativeJIT.cpp:
+        (JSC::DFG::SpeculativeJIT::compileCurrentBlock):
+        * dfg/DFGThunks.cpp:
+        (JSC::DFG::osrEntryThunkGenerator):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::lower):
+        * jit/AssemblyHelpers.cpp:
+        (JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameWithType):
+        (JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameIsOptimizingJIT):
+        * jit/AssemblyHelpers.h:
+        (JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameWithType):
+        (JSC::AssemblyHelpers::jitAssertCodeBlockOnCallFrameIsOptimizingJIT):
+        * jit/JIT.cpp:
+        (JSC::JIT::compileAndLinkWithoutFinalizing):
+        * jit/JITCode.h:
+        (JSC::JITCode::offsetOfJITType):
+
+2022-04-05  Yusuke Suzuki  <ysuz...@apple.com>
+
         [JSC] Strictly annotate pointers with TrustedImmPtr in CCallHelpers
         https://bugs.webkit.org/show_bug.cgi?id=238827

Modified: trunk/Source/_javascript_Core/assembler/AbortReason.h (292446 => 292447)


--- trunk/Source/_javascript_Core/assembler/AbortReason.h	2022-04-06 03:27:14 UTC (rev 292446)
+++ trunk/Source/_javascript_Core/assembler/AbortReason.h	2022-04-06 03:41:00 UTC (rev 292447)
@@ -42,6 +42,7 @@
     AHIsNotJSNumber                                   =  80,
     AHIsNotNull                                       =  90,
     AHStackPointerMisaligned                          = 100,
+    AHInvalidCodeBlock                                = 101,
     AHStructureIDIsValid                              = 110,
     AHNotCellMaskNotInPlace                           = 120,
     AHNumberTagNotInPlace                             = 130,

Modified: trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp (292446 => 292447)


--- trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp	2022-04-06 03:27:14 UTC (rev 292446)
+++ trunk/Source/_javascript_Core/dfg/DFGJITCompiler.cpp	2022-04-06 03:41:00 UTC (rev 292447)
@@ -111,12 +111,7 @@
     // check) which will be dependent on stack layout. (We'd need to account for this in
     // both normal return code and when jumping to an exception handler).
     emitFunctionPrologue();
-#if ASSERT_ENABLED
-    probeDebug([=](Probe::Context& ctx) {
-        CodeBlock* codeBlock = ctx.fp<CallFrame*>()->codeBlock();
-        RELEASE_ASSERT(codeBlock->jitType() == JITType::DFGJIT);
-    });
-#endif
+    jitAssertCodeBlockOnCallFrameWithType(GPRInfo::regT2, JITType::DFGJIT);
 }
 
 void JITCompiler::compileSetupRegistersForEntry()

Modified: trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (292446 => 292447)


--- trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2022-04-06 03:27:14 UTC (rev 292446)
+++ trunk/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp	2022-04-06 03:41:00 UTC (rev 292447)
@@ -2216,8 +2216,12 @@
     if (m_block->isCatchEntrypoint) {
         m_jit.addPtr(CCallHelpers::TrustedImm32(-(m_graph.frameRegisterCount() * sizeof(Register))), GPRInfo::callFrameRegister,  CCallHelpers::stackPointerRegister);
         m_jit.emitSaveCalleeSaves();
+        // CodeBlock in the stack is already replaced in OSR entry.
+#if USE(JSVALUE64)
+        // Use numberTagRegister as a scratch since it is recovered after this.
+        m_jit.jitAssertCodeBlockOnCallFrameWithType(GPRInfo::numberTagRegister, JITType::DFGJIT);
+#endif
         m_jit.emitMaterializeTagCheckRegisters();
-        // CodeBlock in the stack is already replaced in OSR entry.
     }
 
     m_stream->appendAndLog(VariableEvent::reset());

Modified: trunk/Source/_javascript_Core/dfg/DFGThunks.cpp (292446 => 292447)


--- trunk/Source/_javascript_Core/dfg/DFGThunks.cpp	2022-04-06 03:27:14 UTC (rev 292446)
+++ trunk/Source/_javascript_Core/dfg/DFGThunks.cpp	2022-04-06 03:41:00 UTC (rev 292447)
@@ -163,12 +163,7 @@
 
     ok.link(&jit);
 
-#if ASSERT_ENABLED
-    jit.probeDebug([](Probe::Context& ctx) {
-        CodeBlock* codeBlock = ctx.fp<CallFrame*>()->codeBlock();
-        RELEASE_ASSERT(JITCode::isOptimizingJIT(codeBlock->jitType()));
-    });
-#endif
+    jit.jitAssertCodeBlockOnCallFrameIsOptimizingJIT(GPRInfo::regT2);
 
     jit.restoreCalleeSavesFromEntryFrameCalleeSavesBuffer(vm.topEntryFrame);
     jit.emitMaterializeTagCheckRegisters();

Modified: trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (292446 => 292447)


--- trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp	2022-04-06 03:27:14 UTC (rev 292446)
+++ trunk/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp	2022-04-06 03:41:00 UTC (rev 292447)
@@ -290,12 +290,7 @@
                 unsigned ftlFrameSize = params.proc().frameSize();
                 unsigned maxFrameSize = std::max(exitFrameSize, ftlFrameSize);
 
-#if ASSERT_ENABLED
-                jit.probeDebug([=](Probe::Context& ctx) {
-                    CodeBlock* codeBlock = ctx.fp<CallFrame*>()->codeBlock();
-                    RELEASE_ASSERT(codeBlock->jitType() == JITType::FTLJIT);
-                });
-#endif
+                jit.jitAssertCodeBlockOnCallFrameWithType(scratch, JITType::FTLJIT);
 
                 jit.addPtr(MacroAssembler::TrustedImm32(-maxFrameSize), fp, scratch);
                 MacroAssembler::JumpList stackOverflow;

Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp (292446 => 292447)


--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp	2022-04-06 03:27:14 UTC (rev 292446)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp	2022-04-06 03:41:00 UTC (rev 292447)
@@ -219,6 +219,28 @@
     ok.link(this);
 }
 
+void AssemblyHelpers::jitAssertCodeBlockOnCallFrameWithType(GPRReg scratchGPR, JITType type)
+{
+    emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, scratchGPR);
+    loadPtr(Address(scratchGPR, CodeBlock::jitCodeOffset()), scratchGPR);
+    load8(Address(scratchGPR, JITCode::offsetOfJITType()), scratchGPR);
+    Jump ok = branch32(Equal, scratchGPR, TrustedImm32(static_cast<unsigned>(type)));
+    abortWithReason(AHInvalidCodeBlock);
+    ok.link(this);
+}
+
+void AssemblyHelpers::jitAssertCodeBlockOnCallFrameIsOptimizingJIT(GPRReg scratchGPR)
+{
+    emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, scratchGPR);
+    loadPtr(Address(scratchGPR, CodeBlock::jitCodeOffset()), scratchGPR);
+    load8(Address(scratchGPR, JITCode::offsetOfJITType()), scratchGPR);
+    JumpList ok;
+    ok.append(branch32(Equal, scratchGPR, TrustedImm32(static_cast<unsigned>(JITType::DFGJIT))));
+    ok.append(branch32(Equal, scratchGPR, TrustedImm32(static_cast<unsigned>(JITType::FTLJIT))));
+    abortWithReason(AHInvalidCodeBlock);
+    ok.link(this);
+}
+
 #endif // ASSERT_ENABLED
 
 void AssemblyHelpers::jitReleaseAssertNoException(VM& vm)

Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (292446 => 292447)


--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h	2022-04-06 03:27:14 UTC (rev 292446)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h	2022-04-06 03:41:00 UTC (rev 292447)
@@ -1332,6 +1332,8 @@
     void jitAssertTagsInPlace();
     void jitAssertArgumentCountSane();
     inline void jitAssertNoException(VM& vm) { jitReleaseAssertNoException(vm); }
+    void jitAssertCodeBlockOnCallFrameWithType(GPRReg scratchGPR, JITType);
+    void jitAssertCodeBlockOnCallFrameIsOptimizingJIT(GPRReg scratchGPR);
 #else
     void jitAssertIsInt32(GPRReg) { }
     void jitAssertIsJSInt32(GPRReg) { }
@@ -1343,6 +1345,8 @@
     void jitAssertTagsInPlace() { }
     void jitAssertArgumentCountSane() { }
     void jitAssertNoException(VM&) { }
+    void jitAssertCodeBlockOnCallFrameWithType(GPRReg, JITType) { }
+    void jitAssertCodeBlockOnCallFrameIsOptimizingJIT(GPRReg) { }
 #endif
 
     void jitReleaseAssertNoException(VM&);

Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (292446 => 292447)


--- trunk/Source/_javascript_Core/jit/JIT.cpp	2022-04-06 03:27:14 UTC (rev 292446)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp	2022-04-06 03:41:00 UTC (rev 292447)
@@ -741,15 +741,7 @@
         nop();
 
     emitFunctionPrologue();
-#if ASSERT_ENABLED
-    probeDebug([=](Probe::Context& ctx) {
-        CodeBlock* codeBlock = ctx.fp<CallFrame*>()->codeBlock();
-        if (codeBlock->jitType() != JITType::BaselineJIT) {
-            dataLogLn("FP ", RawPointer(ctx.fp<CallFrame*>()));
-            RELEASE_ASSERT_NOT_REACHED();
-        }
-    });
-#endif
+    jitAssertCodeBlockOnCallFrameWithType(regT2, JITType::BaselineJIT);
 
     Label beginLabel(this);
 
@@ -813,15 +805,7 @@
 
         emitFunctionPrologue();
         RELEASE_ASSERT(m_unlinkedCodeBlock->codeType() == FunctionCode);
-#if ASSERT_ENABLED
-        probeDebug([=](Probe::Context& ctx) {
-            CodeBlock* codeBlock = ctx.fp<CallFrame*>()->codeBlock();
-            if (codeBlock->jitType() != JITType::BaselineJIT) {
-                dataLogLn("FP ", RawPointer(ctx.fp<CallFrame*>()));
-                RELEASE_ASSERT_NOT_REACHED();
-            }
-        });
-#endif
+        jitAssertCodeBlockOnCallFrameWithType(regT2, JITType::BaselineJIT);
         emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, regT0);
         store8(TrustedImm32(0), Address(regT0, CodeBlock::offsetOfShouldAlwaysBeInlined()));

Modified: trunk/Source/_javascript_Core/jit/JITCode.h (292446 => 292447)


--- trunk/Source/_javascript_Core/jit/JITCode.h	2022-04-06 03:27:14 UTC (rev 292446)
+++ trunk/Source/_javascript_Core/jit/JITCode.h	2022-04-06 03:41:00 UTC (rev 292447)
@@ -233,6 +233,8 @@
 
     const RegisterAtOffsetList* calleeSaveRegisters() const;
 
+    static ptrdiff_t offsetOfJITType() { return OBJECT_OFFSETOF(JITCode, m_jitType); }
+
 private:
     const JITType m_jitType;
     const ShareAttribute m_shareAttribute;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to