Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 8d43611a50f40c6428ec9e3e0dc07b7cdd9fd482
https://github.com/WebKit/WebKit/commit/8d43611a50f40c6428ec9e3e0dc07b7cdd9fd482
Author: Yusuke Suzuki <[email protected]>
Date: 2023-09-08 (Fri, 08 Sep 2023)
Changed paths:
M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
M Source/JavaScriptCore/assembler/MacroAssemblerMIPS.h
M Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h
M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h
M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
M Source/JavaScriptCore/bytecode/Repatch.cpp
M Source/JavaScriptCore/bytecode/Repatch.h
M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
M Source/JavaScriptCore/bytecode/StructureStubInfo.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/interpreter/CallFrame.h
M Source/JavaScriptCore/interpreter/CallFrameInlines.h
M Source/JavaScriptCore/interpreter/FrameTracers.h
M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
M Source/JavaScriptCore/jit/AssemblyHelpers.h
M Source/JavaScriptCore/jit/BaselineJITRegisters.h
M Source/JavaScriptCore/jit/GPRInfo.h
M Source/JavaScriptCore/jit/JIT.cpp
M Source/JavaScriptCore/jit/JIT.h
M Source/JavaScriptCore/jit/JITCall.cpp
M Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp
M Source/JavaScriptCore/jit/JITInlineCacheGenerator.h
M Source/JavaScriptCore/jit/JITInlines.h
M Source/JavaScriptCore/jit/JITOpcodes.cpp
M Source/JavaScriptCore/jit/JITOperations.cpp
M Source/JavaScriptCore/jit/JITOperations.h
M Source/JavaScriptCore/jit/JITPropertyAccess.cpp
M Source/JavaScriptCore/llint/LLIntData.h
Log Message:
-----------
[JSC] Load all necessary registers apriori in IC
https://bugs.webkit.org/show_bug.cgi?id=261189
rdar://115030549
Reviewed by Alexey Shvayka.
This changes IC's calling convention. We stick to slow path function's register
usage,
and strictly align Baseline JIT IC's registers with that. This significantly
simplifies
slow path call, and making that code shareable, which is super important to
make handler IC.
1. All IC slow paths load CallSiteIndex and Identifier from the
StructureStubInfo. So callsite
of this slow path no longer embeds them. This makes calling it freely from
shared thunk,
including handler IC JIT code.
2. Align all BaselineJITRegisters for IC with slow path operations' registers.
We load all
necessary thing first, and jump to the IC. And we no longer load something
additionally for
slow path. This means that we load StructureStubInfo* and ArrayProfile* if
necessary.
2.1. IC's resultJSR should be the same to ABI's result registers to align it to
operations' returned values.
2.2. StructureStubInfo* and JSGlobalObject* should not be the first and second
parameters of slow path
operations since it can be the same to resultJSR. StructureStubInfo* needs
to be accessible
after clobbering resultJSR to return back to the IC site. We change
parameter locations
and we do `static_assert` to ensure that stubInfo register is not in
resultJSR.
2.3. We fixed bunch of terribleness in ARMv7 implementations, to get registers.
3. We align our del_by_id / del_by_val implementations well to the other
put_by_id / put_by_id etc. Adding
DelByKind etc. to make it well aligned and make it easy for this change
which accepts CachedIdentitifier
from StructureStubInfo.
4. Reduced # of scratch registers used in megamorphic IC to alleviate the
register exhaust in x64.
* Source/JavaScriptCore/assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::branch32WithMemory16):
* Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::addUnsignedRightShift32):
(JSC::MacroAssemblerARMv7::branch32WithMemory16):
* Source/JavaScriptCore/assembler/MacroAssemblerMIPS.h:
(JSC::MacroAssemblerMIPS::addUnsignedRightShift32):
(JSC::MacroAssemblerMIPS::branch32WithUnalignedHalfWords):
(JSC::MacroAssemblerMIPS::branch32WithMemory16):
* Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h:
(JSC::MacroAssemblerRISCV64::addUnsignedRightShift32):
(JSC::MacroAssemblerRISCV64::branch32WithMemory16):
* Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::addUnsignedRightShift32):
(JSC::MacroAssemblerX86_64::branch32WithMemory16):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateWithGuard):
* Source/JavaScriptCore/bytecode/Repatch.cpp:
(JSC::tryCacheGetBy):
(JSC::tryCachePutBy):
(JSC::repatchDeleteBy):
(JSC::tryCacheInBy):
(JSC::resetDelBy):
* Source/JavaScriptCore/bytecode/Repatch.h:
* Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::initGetByIdSelf):
(JSC::StructureStubInfo::initPutByIdReplace):
(JSC::StructureStubInfo::initInByIdSelf):
(JSC::StructureStubInfo::addAccessCase):
(JSC::StructureStubInfo::reset):
(JSC::slowOperationFromUnlinkedStructureStubInfo):
(JSC::StructureStubInfo::initializeFromUnlinkedStructureStubInfo):
(JSC::StructureStubInfo::initializeFromDFGUnlinkedStructureStubInfo):
* Source/JavaScriptCore/bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::identifier const):
(JSC::StructureStubInfo::identifier): Deleted.
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileDeleteById):
(JSC::DFG::SpeculativeJIT::compileDeleteByVal):
(JSC::DFG::SpeculativeJIT::compileInById):
(JSC::DFG::SpeculativeJIT::compileInByVal):
(JSC::DFG::SpeculativeJIT::compileHasPrivate):
(JSC::DFG::SpeculativeJIT::compilePutByVal):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compileGetByValWithThis):
(JSC::DFG::SpeculativeJIT::compileGetByIdMegamorphic):
(JSC::DFG::SpeculativeJIT::compileGetByIdWithThisMegamorphic):
(JSC::DFG::SpeculativeJIT::compileGetByValMegamorphic):
(JSC::DFG::SpeculativeJIT::compileGetByValWithThisMegamorphic):
(JSC::DFG::SpeculativeJIT::compileEnumeratorPutByVal):
(JSC::DFG::SpeculativeJIT::compilePutByIdMegamorphic):
(JSC::DFG::SpeculativeJIT::compilePutByValMegamorphic):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileGetByIdMegamorphic):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByValMegamorphic):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByIdWithThisMegamorphic):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByValWithThis):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByValWithThisMegamorphic):
(JSC::FTL::DFG::LowerDFGToB3::getPrivateName):
(JSC::FTL::DFG::LowerDFGToB3::compilePrivateBrandAccess):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByValMegamorphic):
(JSC::FTL::DFG::LowerDFGToB3::compilePutPrivateName):
(JSC::FTL::DFG::LowerDFGToB3::cachedPutById):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByIdMegamorphic):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByValImpl):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileDelBy):
(JSC::FTL::DFG::LowerDFGToB3::compileDeleteById):
(JSC::FTL::DFG::LowerDFGToB3::compileDeleteByVal):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/interpreter/CallFrame.h:
* Source/JavaScriptCore/interpreter/CallFrameInlines.h:
(JSC::CallFrame::setCallSiteIndex):
* Source/JavaScriptCore/interpreter/FrameTracers.h:
(JSC::ICSlowPathCallFrameTracer::~ICSlowPathCallFrameTracer):
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::loadProperty):
(JSC::AssemblyHelpers::storeProperty):
(JSC::AssemblyHelpers::loadMegamorphicProperty):
(JSC::AssemblyHelpers::storeMegamorphicProperty):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
* Source/JavaScriptCore/jit/BaselineJITRegisters.h:
* Source/JavaScriptCore/jit/GPRInfo.h:
(JSC::GPRInfo::toRegister):
(JSC::PreferredArgumentImpl::preferredArgumentJSR):
(JSC::PreferredArgumentImpl::preferredArgumentGPR):
* Source/JavaScriptCore/jit/JIT.h:
* Source/JavaScriptCore/jit/JITCall.cpp:
(JSC::JIT::emit_op_iterator_open):
(JSC::JIT::emitSlow_op_iterator_open):
(JSC::JIT::emit_op_iterator_next):
(JSC::JIT::emitSlow_op_iterator_next):
* Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp:
(JSC::JITInlineCacheGenerator::generateBaselineDataICFastPath):
(JSC::JITGetByIdGenerator::JITGetByIdGenerator):
(JSC::generateGetByIdInlineAccess):
(JSC::JITGetByIdGenerator::generateFastPath):
(JSC::JITGetByIdGenerator::generateBaselineDataICFastPath):
(JSC::JITGetByIdGenerator::generateDFGDataICFastPath):
(JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator):
(JSC::JITGetByIdWithThisGenerator::generateFastPath):
(JSC::JITGetByIdWithThisGenerator::generateBaselineDataICFastPath):
(JSC::JITGetByIdWithThisGenerator::generateDFGDataICFastPath):
(JSC::JITPutByIdGenerator::JITPutByIdGenerator):
(JSC::generatePutByIdInlineAccess):
(JSC::JITPutByIdGenerator::generateBaselineDataICFastPath):
(JSC::JITPutByIdGenerator::generateDFGDataICFastPath):
(JSC::JITPutByIdGenerator::generateFastPath):
(JSC::JITDelByValGenerator::JITDelByValGenerator):
(JSC::JITDelByValGenerator::generateBaselineDataICFastPath):
(JSC::JITDelByIdGenerator::JITDelByIdGenerator):
(JSC::JITDelByIdGenerator::generateBaselineDataICFastPath):
(JSC::JITInByValGenerator::JITInByValGenerator):
(JSC::JITInByValGenerator::generateBaselineDataICFastPath):
(JSC::JITInByIdGenerator::JITInByIdGenerator):
(JSC::generateInByIdInlineAccess):
(JSC::JITInByIdGenerator::generateFastPath):
(JSC::JITInByIdGenerator::generateBaselineDataICFastPath):
(JSC::JITInByIdGenerator::generateDFGDataICFastPath):
(JSC::JITInstanceOfGenerator::generateBaselineDataICFastPath):
(JSC::JITGetByValGenerator::JITGetByValGenerator):
(JSC::JITGetByValGenerator::generateBaselineDataICFastPath):
(JSC::JITGetByValWithThisGenerator::JITGetByValWithThisGenerator):
(JSC::JITGetByValWithThisGenerator::generateBaselineDataICFastPath):
(JSC::JITPutByValGenerator::generateBaselineDataICFastPath):
(JSC::JITPrivateBrandAccessGenerator::generateBaselineDataICFastPath):
* Source/JavaScriptCore/jit/JITInlineCacheGenerator.h:
(JSC::JITByIdGenerator::setUpStubInfoImpl):
(JSC::JITInByValGenerator::setUpStubInfo):
* Source/JavaScriptCore/jit/JITInlines.h:
(JSC::JIT::emitArrayProfilingSiteWithCellAndProfile):
* Source/JavaScriptCore/jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_instanceof):
(JSC::JIT::emitSlow_op_instanceof):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::ICSlowPathCallFrameTracer::ICSlowPathCallFrameTracer):
(JSC::JSC_DEFINE_JIT_OPERATION):
(JSC::deleteByIdOptimize):
(JSC::deleteByValOptimize):
* Source/JavaScriptCore/jit/JITOperations.h:
* Source/JavaScriptCore/jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::generateGetByValSlowCase):
(JSC::JIT::slow_op_get_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_get_private_name):
(JSC::JIT::emitSlow_op_get_private_name):
(JSC::JIT::slow_op_get_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_set_private_brand):
(JSC::JIT::emitSlow_op_set_private_brand):
(JSC::JIT::emit_op_check_private_brand):
(JSC::JIT::emitSlow_op_check_private_brand):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::generatePutByValSlowCase):
(JSC::JIT::slow_op_put_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_put_private_name):
(JSC::JIT::emitSlow_op_put_private_name):
(JSC::JIT::slow_op_put_private_name_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_del_by_id):
(JSC::JIT::emitSlow_op_del_by_id):
(JSC::JIT::slow_op_del_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_del_by_val):
(JSC::JIT::emitSlow_op_del_by_val):
(JSC::JIT::slow_op_del_by_val_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id_direct):
(JSC::JIT::emitSlow_op_get_by_id_direct):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::slow_op_get_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_get_by_id_with_this):
(JSC::JIT::emitSlow_op_get_by_id_with_this):
(JSC::JIT::slow_op_get_by_id_with_this_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::slow_op_put_by_id_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_in_by_id):
(JSC::JIT::emitSlow_op_in_by_id):
(JSC::JIT::emit_op_in_by_val):
(JSC::JIT::emitSlow_op_in_by_val):
(JSC::JIT::emitHasPrivate):
(JSC::JIT::emitHasPrivateSlow):
(JSC::JIT::emit_op_resolve_scope):
(JSC::JIT::generateOpResolveScopeThunk):
(JSC::JIT::slow_op_resolve_scopeGenerator):
(JSC::JIT::emit_op_get_from_scope):
(JSC::JIT::generateOpGetFromScopeThunk):
(JSC::JIT::emit_op_put_to_scope):
(JSC::JIT::emitSlow_op_put_to_scope):
(JSC::JIT::emit_op_get_by_val_with_this):
(JSC::JIT::emitSlow_op_get_by_val_with_this):
(JSC::JIT::slow_op_get_by_val_with_this_callSlowOperationThenCheckExceptionGenerator):
(JSC::JIT::emit_op_enumerator_next):
(JSC::JIT::emit_op_enumerator_get_by_val):
(JSC::JIT::emit_op_enumerator_put_by_val):
(JSC::JIT::emitVarInjectionCheck):
Canonical link: https://commits.webkit.org/267825@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
