Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 9406e8ac287abb90fa86509ef0519cbdf4d71ed5
https://github.com/WebKit/WebKit/commit/9406e8ac287abb90fa86509ef0519cbdf4d71ed5
Author: Yusuke Suzuki <[email protected]>
Date: 2023-09-21 (Thu, 21 Sep 2023)
Changed paths:
M Source/JavaScriptCore/bytecode/CodeBlock.cpp
M Source/JavaScriptCore/bytecode/InlineAccess.cpp
M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h
M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
M Source/JavaScriptCore/bytecode/StructureStubInfo.h
M Source/JavaScriptCore/dfg/DFGInlineCacheWrapperInlines.h
M Source/JavaScriptCore/dfg/DFGJITCode.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/jit/BaselineJITRegisters.h
M Source/JavaScriptCore/jit/JIT.cpp
M Source/JavaScriptCore/jit/JIT.h
M Source/JavaScriptCore/jit/JITCall.cpp
M Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp
M Source/JavaScriptCore/jit/JITInlineCacheGenerator.h
M Source/JavaScriptCore/jit/JITOpcodes.cpp
M Source/JavaScriptCore/jit/JITPropertyAccess.cpp
M Source/JavaScriptCore/jit/RegisterSet.h
Log Message:
-----------
[JSC] Use Call-Ret for DataIC
https://bugs.webkit.org/show_bug.cgi?id=261595
rdar://115542885
Reviewed by Keith Miller.
This patch converts Baseline DataIC from farJump-based to call-ret based.
Because we get rid of dependency on CodeBlock and make sp-adjustment work with
JITData, now
we can appropriately adjust sp without embedding CodeBlock's information. This
makes each Data IC
code independent from CodeBlock, and allowing us to use call-ret to jump to IC:
this is the basis of
handler IC. Now we see this Data IC as a large handler. We will split them and
chain them with jumps
so that we can minimize compilations and share code in Baseline.
Baseline calls the IC code, and IC returns when it finds a result. And we jump
to the slow path code finally,
and slow path invokes operation, then return.
[ baseline code ]
call | ^ ^
v ret | ret |
[ IC code ] -> [ slow path ]
call | ^
v ret |
[ operation ]
In this way, we can exercise return address predictor well, and sharing slow
path code.
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::setupWithUnlinkedBaselineCode):
* Source/JavaScriptCore/bytecode/InlineAccess.cpp:
(JSC::InlineAccess::resetStubAsJumpInAccess):
(JSC::InlineAccess::resetStubAsJumpInAccessNotUsingInlineAccess):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::succeed):
(JSC::getByIdSlowPathCodeGenerator):
(JSC::getByIdWithThisSlowPathCodeGenerator):
(JSC::getByValSlowPathCodeGenerator):
(JSC::getPrivateNameSlowPathCodeGenerator):
(JSC::getByValWithThisSlowPathCodeGenerator):
(JSC::putByIdSlowPathCodeGenerator):
(JSC::putByValSlowPathCodeGenerator):
(JSC::instanceOfSlowPathCodeGenerator):
(JSC::delByIdSlowPathCodeGenerator):
(JSC::delByValSlowPathCodeGenerator):
(JSC::InlineCacheCompiler::generateSlowPathCode):
(JSC::InlineCacheCompiler::generateImpl):
(JSC::InlineCacheCompiler::emitProxyObjectAccess):
(JSC::InlineCacheCompiler::regenerate):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.h:
* Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::initializeFromUnlinkedStructureStubInfo):
* Source/JavaScriptCore/bytecode/StructureStubInfo.h:
* Source/JavaScriptCore/dfg/DFGInlineCacheWrapperInlines.h:
(JSC::DFG::InlineCacheWrapper<GeneratorType>::finalize):
* Source/JavaScriptCore/dfg/DFGJITCode.h:
* Source/JavaScriptCore/jit/BaselineJITRegisters.h:
* Source/JavaScriptCore/jit/JIT.cpp:
(JSC::JIT::link):
* Source/JavaScriptCore/jit/JIT.h:
* Source/JavaScriptCore/jit/JITCall.cpp:
(JSC::JIT::emitSlow_op_iterator_open):
(JSC::JIT::emit_op_iterator_next):
(JSC::JIT::emitSlow_op_iterator_next):
* Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp:
(JSC::JITInlineCacheGenerator::finalize):
(JSC::JITInlineCacheGenerator::generateBaselineDataICFastPath):
(JSC::JITByIdGenerator::finalize):
(JSC::generateGetByIdInlineAccess):
(JSC::generatePutByIdInlineAccess):
(JSC::JITDelByValGenerator::generateFastPath):
(JSC::JITDelByValGenerator::finalize):
(JSC::JITDelByIdGenerator::generateFastPath):
(JSC::JITDelByIdGenerator::finalize):
(JSC::JITInByValGenerator::generateFastPath):
(JSC::JITInByValGenerator::finalize):
(JSC::generateInByIdInlineAccess):
(JSC::JITInstanceOfGenerator::generateFastPath):
(JSC::JITInstanceOfGenerator::finalize):
(JSC::JITGetByValGenerator::generateFastPath):
(JSC::JITGetByValGenerator::finalize):
(JSC::JITGetByValWithThisGenerator::generateFastPath):
(JSC::JITGetByValWithThisGenerator::finalize):
(JSC::JITPutByValGenerator::generateFastPath):
(JSC::JITPutByValGenerator::finalize):
(JSC::JITPrivateBrandAccessGenerator::generateFastPath):
(JSC::JITPrivateBrandAccessGenerator::finalize):
* Source/JavaScriptCore/jit/JITInlineCacheGenerator.h:
(JSC::JITInlineCacheGenerator::accessType const):
* Source/JavaScriptCore/jit/JITOpcodes.cpp:
(JSC::JIT::emitSlow_op_instanceof):
(JSC::JIT::slow_op_instanceof_callSlowOperationThenCheckExceptionGenerator):
Deleted.
* Source/JavaScriptCore/jit/JITPropertyAccess.cpp:
(JSC::JIT::generateGetByValSlowCase):
(JSC::JIT::emitSlow_op_get_private_name):
(JSC::JIT::emitSlow_op_set_private_brand):
(JSC::JIT::emitSlow_op_check_private_brand):
(JSC::JIT::generatePutByValSlowCase):
(JSC::JIT::emitSlow_op_put_private_name):
(JSC::JIT::emitSlow_op_del_by_id):
(JSC::JIT::emitSlow_op_del_by_val):
(JSC::JIT::emitSlow_op_try_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id_direct):
(JSC::JIT::emitSlow_op_get_by_id):
(JSC::JIT::emitSlow_op_get_by_id_with_this):
(JSC::JIT::emitSlow_op_put_by_id):
(JSC::JIT::emitSlow_op_in_by_id):
(JSC::JIT::emitSlow_op_in_by_val):
(JSC::JIT::emitHasPrivateSlow):
(JSC::JIT::emitSlow_op_has_private_name):
(JSC::JIT::emitSlow_op_has_private_brand):
(JSC::JIT::emitSlow_op_get_by_val_with_this):
(JSC::JIT::slow_op_get_by_val_callSlowOperationThenCheckExceptionGenerator):
Deleted.
(JSC::JIT::slow_op_get_private_name_callSlowOperationThenCheckExceptionGenerator):
Deleted.
(JSC::JIT::slow_op_put_by_val_callSlowOperationThenCheckExceptionGenerator):
Deleted.
(JSC::JIT::slow_op_put_private_name_callSlowOperationThenCheckExceptionGenerator):
Deleted.
(JSC::JIT::slow_op_del_by_id_callSlowOperationThenCheckExceptionGenerator):
Deleted.
(JSC::JIT::slow_op_del_by_val_callSlowOperationThenCheckExceptionGenerator):
Deleted.
(JSC::JIT::slow_op_get_by_id_callSlowOperationThenCheckExceptionGenerator):
Deleted.
(JSC::JIT::slow_op_get_by_id_with_this_callSlowOperationThenCheckExceptionGenerator):
Deleted.
(JSC::JIT::slow_op_put_by_id_callSlowOperationThenCheckExceptionGenerator):
Deleted.
(JSC::JIT::slow_op_get_by_val_with_this_callSlowOperationThenCheckExceptionGenerator):
Deleted.
* Source/JavaScriptCore/jit/RegisterSet.h:
(JSC::RegisterSetBuilder::buildAndValidate const):
Canonical link: https://commits.webkit.org/268259@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
