Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (126691 => 126692)
--- trunk/Source/_javascript_Core/ChangeLog 2012-08-25 23:45:55 UTC (rev 126691)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-08-25 23:58:48 UTC (rev 126692)
@@ -1,5 +1,28 @@
2012-08-25 Filip Pizlo <[email protected]>
+ op_call should have ArrayProfiling for the benefit of array intrinsics
+ https://bugs.webkit.org/show_bug.cgi?id=95014
+
+ Reviewed by Sam Weinig.
+
+ This is a performance-neutral change that just adds the profiling but does not
+ use it, yet. If in the future we wanted to make this kind of profiling cheaper
+ we could move it into specialized thunks for the relevant array intrinsics, but
+ I figure that if this much simpler change gives us what we need without any
+ discernable performance penalty then that's for the best.
+
+ * bytecompiler/BytecodeGenerator.cpp:
+ (JSC::BytecodeGenerator::emitCall):
+ * jit/JITCall.cpp:
+ (JSC::JIT::compileOpCall):
+ * jit/JITCall32_64.cpp:
+ (JSC::JIT::compileOpCall):
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+
+2012-08-25 Filip Pizlo <[email protected]>
+
The redundant phi elimination phase is not used and should be removed
https://bugs.webkit.org/show_bug.cgi?id=95006
Modified: trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp (126691 => 126692)
--- trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2012-08-25 23:45:55 UTC (rev 126691)
+++ trunk/Source/_javascript_Core/bytecompiler/BytecodeGenerator.cpp 2012-08-25 23:58:48 UTC (rev 126692)
@@ -1925,6 +1925,7 @@
emitExpressionInfo(divot, startOffset, endOffset);
// Emit call.
+ ArrayProfile* arrayProfile = newArrayProfile();
emitOpcode(opcodeID);
instructions().append(func->index()); // func
instructions().append(callArguments.argumentCountIncludingThis()); // argCount
@@ -1934,7 +1935,7 @@
#else
instructions().append(0);
#endif
- instructions().append(0);
+ instructions().append(arrayProfile);
if (dst != ignoredResult()) {
ValueProfile* profile = ""
instructions().append(dst->index()); // dst
Modified: trunk/Source/_javascript_Core/jit/JITCall.cpp (126691 => 126692)
--- trunk/Source/_javascript_Core/jit/JITCall.cpp 2012-08-25 23:45:55 UTC (rev 126691)
+++ trunk/Source/_javascript_Core/jit/JITCall.cpp 2012-08-25 23:58:48 UTC (rev 126692)
@@ -160,6 +160,14 @@
int argCount = instruction[2].u.operand;
int registerOffset = instruction[3].u.operand;
+ if (opcodeID == op_call && shouldEmitProfiling()) {
+ emitGetVirtualRegister(registerOffset + CallFrame::argumentOffsetIncludingThis(0), regT0);
+ Jump done = emitJumpIfNotJSCell(regT0);
+ loadPtr(Address(regT0, JSCell::structureOffset()), regT0);
+ storePtr(regT0, instruction[5].u.arrayProfile->addressOfLastSeenStructure());
+ done.link(this);
+ }
+
addPtr(TrustedImm32(registerOffset * sizeof(Register)), callFrameRegister, regT1);
store32(TrustedImm32(argCount), Address(regT1, RegisterFile::ArgumentCount * static_cast<int>(sizeof(Register)) + OBJECT_OFFSETOF(EncodedValueDescriptor, asBits.payload)));
} // regT1 holds newCallFrame with ArgumentCount initialized.
Modified: trunk/Source/_javascript_Core/jit/JITCall32_64.cpp (126691 => 126692)
--- trunk/Source/_javascript_Core/jit/JITCall32_64.cpp 2012-08-25 23:45:55 UTC (rev 126691)
+++ trunk/Source/_javascript_Core/jit/JITCall32_64.cpp 2012-08-25 23:58:48 UTC (rev 126692)
@@ -236,7 +236,15 @@
else {
int argCount = instruction[2].u.operand;
int registerOffset = instruction[3].u.operand;
-
+
+ if (opcodeID == op_call && shouldEmitProfiling()) {
+ emitLoad(registerOffset + CallFrame::argumentOffsetIncludingThis(0), regT0, regT1);
+ Jump done = branch32(NotEqual, regT0, TrustedImm32(JSValue::CellTag));
+ loadPtr(Address(regT1, JSCell::structureOffset()), regT1);
+ storePtr(regT1, instruction[5].u.arrayProfile->addressOfLastSeenStructure());
+ done.link(this);
+ }
+
addPtr(TrustedImm32(registerOffset * sizeof(Register)), callFrameRegister, regT3);
store32(TrustedImm32(argCount), payloadFor(RegisterFile::ArgumentCount, regT3));
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm (126691 => 126692)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2012-08-25 23:45:55 UTC (rev 126691)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2012-08-25 23:58:48 UTC (rev 126692)
@@ -641,6 +641,7 @@
_llint_op_call:
traceExecution()
+ arrayProfileForCall()
doCall(_llint_slow_path_call)
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (126691 => 126692)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2012-08-25 23:45:55 UTC (rev 126691)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2012-08-25 23:58:48 UTC (rev 126692)
@@ -1590,6 +1590,18 @@
dispatch(4)
+macro arrayProfileForCall()
+ if VALUE_PROFILER
+ loadi 12[PC], t3
+ bineq ThisArgumentOffset + TagOffset[cfr, t3, 8], CellTag, .done
+ loadi ThisArgumentOffset + PayloadOffset[cfr, t3, 8], t0
+ loadp JSCell::m_structure[t0], t0
+ loadp 20[PC], t1
+ storep t0, ArrayProfile::m_lastSeenStructure[t1]
+ .done:
+ end
+end
+
macro doCall(slowPath)
loadi 4[PC], t0
loadi 16[PC], t1
Modified: trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (126691 => 126692)
--- trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2012-08-25 23:45:55 UTC (rev 126691)
+++ trunk/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2012-08-25 23:58:48 UTC (rev 126692)
@@ -1430,6 +1430,18 @@
dispatch(4)
+macro arrayProfileForCall()
+ if VALUE_PROFILER
+ loadis 24[PB, PC, 8], t3
+ loadp ThisArgumentOffset[cfr, t3, 8], t0
+ btpnz t0, tagMask, .done
+ loadp JSCell::m_structure[t0], t0
+ loadp 40[PB, PC, 8], t1
+ storep t0, ArrayProfile::m_lastSeenStructure[t1]
+ .done:
+ end
+end
+
macro doCall(slowPath)
loadis 8[PB, PC, 8], t0
loadp 32[PB, PC, 8], t1
