Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (131976 => 131977)
--- trunk/Source/_javascript_Core/ChangeLog 2012-10-20 04:52:33 UTC (rev 131976)
+++ trunk/Source/_javascript_Core/ChangeLog 2012-10-20 05:09:15 UTC (rev 131977)
@@ -1,3 +1,24 @@
+2012-10-19 Filip Pizlo <[email protected]>
+
+ Baseline JIT should not inline array allocations, to make them easier to instrument
+ https://bugs.webkit.org/show_bug.cgi?id=99905
+
+ Reviewed by Mark Hahnenberg.
+
+ This will make it easier to instrument array allocations for the purposes of profiling.
+ It also allows us to kill off a bunch of code. And, this doesn't appear to hurt
+ performance at all. That's expected because these days any hot allocation will end up
+ in the DFG JIT, which does inline these allocations.
+
+ * jit/JIT.cpp:
+ (JSC::JIT::privateCompileSlowCases):
+ * jit/JIT.h:
+ (JIT):
+ * jit/JITInlineMethods.h:
+ (JSC):
+ * jit/JITOpcodes.cpp:
+ (JSC::JIT::emit_op_new_array):
+
2012-10-19 Oliver Hunt <[email protected]>
Fix some of the regression cause by the non-local variable reworking
Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (131976 => 131977)
--- trunk/Source/_javascript_Core/jit/JIT.cpp 2012-10-20 04:52:33 UTC (rev 131976)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp 2012-10-20 05:09:15 UTC (rev 131977)
@@ -494,7 +494,6 @@
DEFINE_SLOWCASE_OP(op_mul)
DEFINE_SLOWCASE_OP(op_negate)
DEFINE_SLOWCASE_OP(op_neq)
- DEFINE_SLOWCASE_OP(op_new_array)
DEFINE_SLOWCASE_OP(op_new_object)
DEFINE_SLOWCASE_OP(op_not)
DEFINE_SLOWCASE_OP(op_nstricteq)
Modified: trunk/Source/_javascript_Core/jit/JIT.h (131976 => 131977)
--- trunk/Source/_javascript_Core/jit/JIT.h 2012-10-20 04:52:33 UTC (rev 131976)
+++ trunk/Source/_javascript_Core/jit/JIT.h 2012-10-20 05:09:15 UTC (rev 131977)
@@ -475,9 +475,7 @@
void emitWriteBarrier(JSCell* owner, RegisterID value, RegisterID scratch, WriteBarrierMode, WriteBarrierUseKind);
template<typename ClassType, MarkedBlock::DestructorType, typename StructureType> void emitAllocateBasicJSObject(StructureType, RegisterID result, RegisterID storagePtr);
- void emitAllocateBasicStorage(size_t, ptrdiff_t offsetFromBase, RegisterID result);
template<typename T> void emitAllocateJSFinalObject(T structure, RegisterID result, RegisterID storagePtr);
- void emitAllocateJSArray(unsigned valuesRegister, unsigned length, RegisterID cellResult, RegisterID storageResult, RegisterID storagePtr, RegisterID scratch);
#if ENABLE(VALUE_PROFILER)
// This assumes that the value to profile is in regT0 and that regT3 is available for
@@ -826,7 +824,6 @@
void emitSlow_op_to_jsnumber(Instruction*, Vector<SlowCaseEntry>::iterator&);
void emitSlow_op_to_primitive(Instruction*, Vector<SlowCaseEntry>::iterator&);
void emitSlow_op_urshift(Instruction*, Vector<SlowCaseEntry>::iterator&);
- void emitSlow_op_new_array(Instruction*, Vector<SlowCaseEntry>::iterator&);
void emitSlow_op_resolve(Instruction*, Vector<SlowCaseEntry>::iterator&);
void emitSlow_op_resolve_base(Instruction*, Vector<SlowCaseEntry>::iterator&);
Modified: trunk/Source/_javascript_Core/jit/JITInlineMethods.h (131976 => 131977)
--- trunk/Source/_javascript_Core/jit/JITInlineMethods.h 2012-10-20 04:52:33 UTC (rev 131976)
+++ trunk/Source/_javascript_Core/jit/JITInlineMethods.h 2012-10-20 05:09:15 UTC (rev 131977)
@@ -444,56 +444,6 @@
emitAllocateBasicJSObject<JSFinalObject, MarkedBlock::None, T>(structure, result, scratch);
}
-inline void JIT::emitAllocateBasicStorage(size_t size, ptrdiff_t offsetFromBase, RegisterID result)
-{
- CopiedAllocator* allocator = &m_globalData->heap.storageAllocator();
-
- loadPtr(&allocator->m_currentRemaining, result);
- addSlowCase(branchSubPtr(Signed, TrustedImm32(size), result));
- storePtr(result, &allocator->m_currentRemaining);
- negPtr(result);
- addPtr(AbsoluteAddress(&allocator->m_currentPayloadEnd), result);
- subPtr(TrustedImm32(size - offsetFromBase), result);
-}
-
-inline void JIT::emitAllocateJSArray(unsigned valuesRegister, unsigned length, RegisterID cellResult, RegisterID storageResult, RegisterID storagePtr, RegisterID scratch)
-{
- unsigned initialLength = std::max(length, BASE_VECTOR_LEN);
- size_t initialStorage = Butterfly::totalSize(0, 0, true, initialLength * sizeof(EncodedJSValue));
-
- loadPtr(m_codeBlock->globalObject()->addressOfArrayStructure(), scratch);
- load8(Address(scratch, Structure::indexingTypeOffset()), storagePtr);
- and32(TrustedImm32(IndexingShapeMask), storagePtr);
- addSlowCase(branch32(NotEqual, storagePtr, TrustedImm32(ContiguousShape)));
-
- // We allocate the backing store first to ensure that garbage collection
- // doesn't happen during JSArray initialization.
- emitAllocateBasicStorage(initialStorage, sizeof(IndexingHeader), storageResult);
-
- // Allocate the cell for the array.
- emitAllocateBasicJSObject<JSArray, MarkedBlock::None>(scratch, cellResult, storagePtr);
-
- // Store all the necessary info in the indexing header.
- store32(Imm32(length), Address(storageResult, Butterfly::offsetOfPublicLength()));
- store32(Imm32(initialLength), Address(storageResult, Butterfly::offsetOfVectorLength()));
-
- // Store the newly allocated ArrayStorage.
- storePtr(storageResult, Address(cellResult, JSObject::butterflyOffset()));
-
- // Store the values we have.
- for (unsigned i = 0; i < length; i++) {
-#if USE(JSVALUE64)
- load64(Address(callFrameRegister, (valuesRegister + i) * sizeof(Register)), storagePtr);
- store64(storagePtr, Address(storageResult, sizeof(WriteBarrier<Unknown>) * i));
-#else
- load32(Address(callFrameRegister, (valuesRegister + i) * sizeof(Register)), storagePtr);
- store32(storagePtr, Address(storageResult, sizeof(WriteBarrier<Unknown>) * i));
- load32(Address(callFrameRegister, (valuesRegister + i) * sizeof(Register) + sizeof(uint32_t)), storagePtr);
- store32(storagePtr, Address(storageResult, sizeof(WriteBarrier<Unknown>) * i + sizeof(uint32_t)));
-#endif
- }
-}
-
#if ENABLE(VALUE_PROFILER)
inline void JIT::emitValueProfilingSite(ValueProfile* valueProfile)
{
Modified: trunk/Source/_javascript_Core/jit/JITOpcodes.cpp (131976 => 131977)
--- trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2012-10-20 04:52:33 UTC (rev 131976)
+++ trunk/Source/_javascript_Core/jit/JITOpcodes.cpp 2012-10-20 05:09:15 UTC (rev 131977)
@@ -1948,34 +1948,6 @@
void JIT::emit_op_new_array(Instruction* currentInstruction)
{
- int length = currentInstruction[3].u.operand;
- if (m_codeBlock->globalObject()->isHavingABadTime()
- || CopiedSpace::isOversize(Butterfly::totalSize(0, 0, true, ArrayStorage::sizeFor(length)))) {
- JITStubCall stubCall(this, cti_op_new_array);
- stubCall.addArgument(TrustedImm32(currentInstruction[2].u.operand));
- stubCall.addArgument(TrustedImm32(currentInstruction[3].u.operand));
- stubCall.call(currentInstruction[1].u.operand);
- return;
- }
- int dst = currentInstruction[1].u.operand;
- int values = currentInstruction[2].u.operand;
-
- emitAllocateJSArray(values, length, regT0, regT1, regT2, regT3);
- emitStoreCell(dst, regT0);
-}
-
-void JIT::emitSlow_op_new_array(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
- // If the allocation would be oversize, we will already make the proper stub call above in
- // emit_op_new_array.
- int length = currentInstruction[3].u.operand;
- if (m_codeBlock->globalObject()->isHavingABadTime()
- || CopiedSpace::isOversize(Butterfly::totalSize(0, 0, true, ArrayStorage::sizeFor(length))))
- return;
- linkSlowCase(iter); // We're having a bad time.
- linkSlowCase(iter); // Not enough space in CopiedSpace for storage.
- linkSlowCase(iter); // Not enough space in MarkedSpace for cell.
-
JITStubCall stubCall(this, cti_op_new_array);
stubCall.addArgument(TrustedImm32(currentInstruction[2].u.operand));
stubCall.addArgument(TrustedImm32(currentInstruction[3].u.operand));
