Changeset 172614 in webkit for trunk/Source/JavaScriptCore/bytecode

Timestamp:

Aug 14, 2014, 4:59:44 PM (11 years ago)

Author:

[email protected]

Message:

Allow high fidelity type profiling to be enabled and disabled.
​https://bugs.webkit.org/show_bug.cgi?id=135423

Patch by Saam Barati <​[email protected]> on 2014-08-14
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

• Merged op_put_to_scope_with_profile and op_get_from_scope_with_profile into op_profile_types_with_high_fidelity by adding extra arguments to the opcode.
• Altered SymbolTable to use less memory by adding a rare data structure for type profiling.
• Created an interface to turn on and off type profiling from the Web Inspector.
• Refactored how entries are written to HighFidelityLog to make it easier to inline when generating machine code.
• Implemented op_profile_types_with_high_fidelity in the baseline JIT by inlining the process of writing to the log and doing a small amount of type inference optimizations.

• bytecode/BytecodeList.json:
• bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::scopeDependentProfile): Deleted.

• bytecode/CodeBlock.h:
• bytecode/TypeLocation.h:

(JSC::TypeLocation::TypeLocation):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::emitMove):
(JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity):
(JSC::BytecodeGenerator::emitGetFromScopeWithProfile): Deleted.
(JSC::BytecodeGenerator::emitPutToScopeWithProfile): Deleted.

• bytecompiler/BytecodeGenerator.h:
• bytecompiler/NodesCodegen.cpp:

(JSC::ThisNode::emitBytecode):
(JSC::ResolveNode::emitBytecode):
(JSC::BracketAccessorNode::emitBytecode):
(JSC::DotAccessorNode::emitBytecode):
(JSC::FunctionCallValueNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::FunctionCallBracketNode::emitBytecode):
(JSC::FunctionCallDotNode::emitBytecode):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::PostfixNode::emitBracket):
(JSC::PostfixNode::emitDot):
(JSC::PrefixNode::emitResolve):
(JSC::PrefixNode::emitBracket):
(JSC::PrefixNode::emitDot):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::AssignDotNode::emitBytecode):
(JSC::ReadModifyDotNode::emitBytecode):
(JSC::AssignBracketNode::emitBytecode):
(JSC::ReadModifyBracketNode::emitBytecode):
(JSC::ReturnNode::emitBytecode):
(JSC::FunctionBodyNode::emitBytecode):

• inspector/agents/InspectorRuntimeAgent.cpp:

(Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
(Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
(Inspector::TypeRecompiler::operator()):
(Inspector::recompileAllJSFunctionsForTypeProfiling):
(Inspector::InspectorRuntimeAgent::willDestroyFrontendAndBackend):
(Inspector::InspectorRuntimeAgent::enableHighFidelityTypeProfiling):
(Inspector::InspectorRuntimeAgent::disableHighFidelityTypeProfiling):
(Inspector::InspectorRuntimeAgent::setHighFidelityTypeProfilingEnabledState):

• inspector/agents/InspectorRuntimeAgent.h:
• inspector/agents/JSGlobalObjectRuntimeAgent.cpp:

(Inspector::JSGlobalObjectRuntimeAgent::willDestroyFrontendAndBackend):

• inspector/protocol/Runtime.json:
• jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompile):

• jit/JIT.h:
• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_profile_types_with_high_fidelity):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_profile_types_with_high_fidelity):

• jit/JITOperations.cpp:
• jit/JITOperations.h:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::getFromScopeCommon): Deleted.
(JSC::LLInt::putToScopeCommon): Deleted.

• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter.asm:
• runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):

• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/CommonSlowPaths.h:
• runtime/HighFidelityLog.cpp:

(JSC::HighFidelityLog::initializeHighFidelityLog):
(JSC::HighFidelityLog::~HighFidelityLog):
(JSC::HighFidelityLog::processHighFidelityLog):

• runtime/HighFidelityLog.h:

(JSC::HighFidelityLog::LogEntry::structureIDOffset):
(JSC::HighFidelityLog::LogEntry::valueOffset):
(JSC::HighFidelityLog::LogEntry::locationOffset):
(JSC::HighFidelityLog::recordTypeInformationForLocation):
(JSC::HighFidelityLog::logEndPtr):
(JSC::HighFidelityLog::logStartOffset):
(JSC::HighFidelityLog::currentLogEntryOffset):

• runtime/HighFidelityTypeProfiler.cpp:

(JSC::HighFidelityTypeProfiler::logTypesForTypeLocation):
(JSC::descriptorMatchesTypeLocation):

• runtime/HighFidelityTypeProfiler.h:
• runtime/SymbolTable.cpp:

(JSC::SymbolTable::SymbolTable):
(JSC::SymbolTable::cloneCapturedNames):
(JSC::SymbolTable::prepareForHighFidelityTypeProfiling):
(JSC::SymbolTable::uniqueIDForVariable):
(JSC::SymbolTable::uniqueIDForRegister):
(JSC::SymbolTable::globalTypeSetForRegister):
(JSC::SymbolTable::globalTypeSetForVariable):

• runtime/SymbolTable.h:

(JSC::SymbolTable::add):
(JSC::SymbolTable::set):

• runtime/TypeLocationCache.cpp:

(JSC::TypeLocationCache::getTypeLocation):

• runtime/TypeSet.cpp:

(JSC::TypeSet::getRuntimeTypeForValue):
(JSC::TypeSet::addTypeInformation):
(JSC::TypeSet::allPrimitiveTypeNames):
(JSC::TypeSet::addTypeForValue): Deleted.

• runtime/TypeSet.h:
• runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::nextTypeLocation):
(JSC::VM::enableHighFidelityTypeProfiling):
(JSC::VM::disableHighFidelityTypeProfiling):
(JSC::VM::dumpHighFidelityProfilingTypes):

• runtime/VM.h:

(JSC::VM::nextLocation): Deleted.

Source/WebCore:

PageRuntimeAgent and WorkerRuntimeAgent now call their super
class's (InspectorRuntimeAgent) implementation of willDestroyFrontendAndBackend
to give InspectorRuntimeAgent a chance to recompile all JavaScript
functions, if necessary, for type profiling.

• inspector/PageRuntimeAgent.cpp:

(WebCore::PageRuntimeAgent::willDestroyFrontendAndBackend):

• inspector/WorkerRuntimeAgent.cpp:

(WebCore::WorkerRuntimeAgent::willDestroyFrontendAndBackend):

Location:

trunk/Source/JavaScriptCore/bytecode

Files:

• BytecodeList.json (modified) (2 diffs)
• BytecodeUseDef.h (modified) (4 diffs)
• CodeBlock.cpp (modified) (11 diffs)
• CodeBlock.h (modified) (1 diff)
• TypeLocation.h (modified) (3 diffs)

trunk/Source/JavaScriptCore/bytecode/BytecodeList.json

@@ -110 +110 @@
             { "name" : "op_resolve_scope", "length" : 6 },
             { "name" : "op_get_from_scope", "length" : 8 },
-            { "name" : "op_get_from_scope_with_profile", "length" : 9 },
             { "name" : "op_put_to_scope", "length" : 7 },
-            { "name" : "op_put_to_scope_with_profile", "length" : 8 },
             { "name" : "op_push_with_scope", "length" : 2 },
             { "name" : "op_pop_scope", "length" : 1 },
@@ -123 +121 @@
             { "name" : "op_profile_did_call", "length" : 2 },
             { "name" : "op_end", "length" : 2 },
-            { "name" : "op_profile_types_with_high_fidelity", "length" : 4 },
+            { "name" : "op_profile_types_with_high_fidelity", "length" : 6 },
             { "name" : "op_get_enumerable_length", "length" : 3 },
             { "name" : "op_has_indexed_property", "length" : 5 },

trunk/Source/JavaScriptCore/bytecode/BytecodeUseDef.h

@@ -107 +107 @@
     case op_put_by_id_out_of_line:
     case op_put_by_id:
-    case op_put_to_scope_with_profile:
     case op_put_to_scope: {
         functor(codeBlock, instruction, opcodeID, instruction[1].u.operand);
@@ -124 +123 @@
     case op_init_global_const:
     case op_push_name_scope:
-    case op_get_from_scope_with_profile:
     case op_get_from_scope:
     case op_to_primitive:
@@ -252 +250 @@
     case op_push_with_scope:
     case op_put_to_scope:
-    case op_put_to_scope_with_profile:
     case op_pop_scope:
     case op_end:
@@ -322 +319 @@
     case op_call_varargs:
     case op_construct_varargs:
-    case op_get_from_scope_with_profile:
     case op_get_from_scope:
     case op_call:

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -1524 +1524 @@
             break;
         }
-        case op_put_to_scope_with_profile:
         case op_put_to_scope: {
             int r0 = (++it)->u.operand;
@@ -1533 +1532 @@
             int operand = (++it)->u.operand; // Operand
             printLocationAndOp(out, exec, location, it, "put_to_scope");
-            if (opcode == op_put_to_scope_with_profile)
-                ++it;
             out.printf("%s, %s, %s, %u<%s|%s>, <structure>, %d",
                 registerName(r0).data(), idName(id0, identifier(id0)).data(), registerName(r1).data(),
@@ -1717 +1714 @@
     
     if (SymbolTable* symbolTable = unlinkedCodeBlock->symbolTable()) {
+        if (m_vm->isProfilingTypesWithHighFidelity()) {
+            ConcurrentJITLocker locker(symbolTable->m_lock);
+            symbolTable->prepareForHighFidelityTypeProfiling(locker);
+        }
+
         if (codeType() == FunctionCode && symbolTable->captureCount()) {
             m_symbolTable.set(*m_vm, m_ownerExecutable.get(), symbolTable->cloneCapturedNames(*m_vm));
@@ -1950 +1952 @@
         }
 
-        case op_get_from_scope_with_profile:
         case op_get_from_scope: {
-            int offset = (pc[0].u.opcode == op_get_from_scope_with_profile ? 2 : 1);
-            ValueProfile* profile = &m_valueProfiles[pc[opLength - offset].u.operand];
+            ValueProfile* profile = &m_valueProfiles[pc[opLength - 1].u.operand];
             ASSERT(profile->m_bytecodeOffset == -1);
             profile->m_bytecodeOffset = i;
-            instructions[i + opLength - offset] = profile;
+            instructions[i + opLength - 1] = profile;
 
             // get_from_scope dst, scope, id, ResolveModeAndType, Structure, Operand
@@ -1970 +1970 @@
             instructions[i + 6].u.pointer = reinterpret_cast<void*>(op.operand);
 
-            if (pc[0].u.opcode == op_get_from_scope_with_profile) {
-                // The format of this instruction is: get_from_scope_with_profile dst, scope, id, ResolveModeAndType, Structure, Operand, ..., TypeLocation
-                size_t instructionOffset = i + opLength - 1;
-                TypeLocation* location = scopeDependentProfile(op, ident, instructionOffset);
-                instructions[i + 8].u.location = location;
-            }
-            break;
-        }
-
-        case op_put_to_scope_with_profile:
+            break;
+        }
+
         case op_put_to_scope: {
             // put_to_scope scope, id, value, ResolveModeAndType, Structure, Operand
@@ -1996 +1989 @@
             instructions[i + 6].u.pointer = reinterpret_cast<void*>(op.operand);
 
-            if (pc[0].u.opcode == op_put_to_scope_with_profile) {
-                // The format of this instruction is: put_to_scope_with_profile scope, id, value, ResolveModeAndType, Structure, Operand, TypeLocation*
-                size_t instructionOffset = i + opLength - 1;
-                TypeLocation* location = scopeDependentProfile(op, ident, instructionOffset);
-                instructions[i + 7].u.location = location;
-            }
             break;
         }
 
         case op_profile_types_with_high_fidelity: {
+            // The format of this instruction is: op_profile_types_with_high_fidelity regToProfile, TypeLocation*, flag, identifier?, resolveType?
             size_t instructionOffset = i + opLength - 1;
             unsigned divotStart, divotEnd;
@@ -2011 +1999 @@
             RefPtr<TypeSet> globalTypeSet;
             bool shouldAnalyze = m_unlinkedCode->highFidelityTypeProfileExpressionInfoForBytecodeOffset(instructionOffset, divotStart, divotEnd);
-            VirtualRegister virtualRegister(pc[1].u.operand);
-            SymbolTable* symbolTable = m_symbolTable.get();
-
+            VirtualRegister profileRegister(pc[1].u.operand);
             ProfileTypesWithHighFidelityBytecodeFlag flag = static_cast<ProfileTypesWithHighFidelityBytecodeFlag>(pc[3].u.operand);
+            SymbolTable* symbolTable = nullptr;
+
             switch (flag) {
+            case ProfileTypesBytecodePutToScope:
+            case ProfileTypesBytecodeGetFromScope: {
+                const Identifier& ident = identifier(pc[4].u.operand);
+                ResolveType type = static_cast<ResolveType>(pc[5].u.operand);
+                ResolveOp op = JSScope::abstractResolve(m_globalObject->globalExec(), scope, ident, (flag == ProfileTypesBytecodeGetFromScope ? Get : Put), type);
+
+                // FIXME: handle other values for op.type here, and also consider what to do when we can't statically determine the globalID
+                // https://bugs.webkit.org/show_bug.cgi?id=135184
+                if (op.type == ClosureVar)
+                    symbolTable = op.activation->symbolTable();
+                else if (op.type == GlobalVar)
+                    symbolTable = m_globalObject.get()->symbolTable();
+                
+                if (symbolTable) {
+                    ConcurrentJITLocker locker(symbolTable->m_lock);
+                    // If our parent scope was created while profiling was disabled, it will not have prepared for profiling yet.
+                    symbolTable->prepareForHighFidelityTypeProfiling(locker);
+                    globalVariableID = symbolTable->uniqueIDForVariable(locker, ident.impl(), *vm());
+                    globalTypeSet = symbolTable->globalTypeSetForVariable(locker, ident.impl(), *vm());
+                } else
+                    globalVariableID = HighFidelityNoGlobalIDExists;
+
+                break;
+            }
             case ProfileTypesBytecodeHasGlobalID: {
+                symbolTable = m_symbolTable.get();
                 ConcurrentJITLocker locker(symbolTable->m_lock);
-                globalVariableID = symbolTable->uniqueIDForRegister(locker, virtualRegister.offset(), *vm());
-                globalTypeSet = symbolTable->globalTypeSetForRegister(locker, virtualRegister.offset(), *vm());
+                globalVariableID = symbolTable->uniqueIDForRegister(locker, profileRegister.offset(), *vm());
+                globalTypeSet = symbolTable->globalTypeSetForRegister(locker, profileRegister.offset(), *vm());
                 break;
             }
@@ -2025 +2038 @@
             case ProfileTypesBytecodeFunctionArgument: {
                 globalVariableID = HighFidelityNoGlobalIDExists;
-                break;
-            }
-            case ProfileTypesBytecodeFunctionThisObject: {
-                globalVariableID = HighFidelityThisStatement;
                 break;
             }
@@ -2044 +2053 @@
             }
 
-            std::pair<TypeLocation*, bool> locationPair = vm()->highFidelityTypeProfiler()->typeLocationCache()->getTypeLocation(globalVariableID, m_ownerExecutable->sourceID(), divotStart, divotEnd, globalTypeSet, vm());
+            std::pair<TypeLocation*, bool> locationPair = vm()->highFidelityTypeProfiler()->typeLocationCache()->getTypeLocation(globalVariableID,
+                m_ownerExecutable->sourceID(), divotStart, divotEnd, globalTypeSet, vm());
             TypeLocation* location = locationPair.first;
             bool isNewLocation = locationPair.second;
@@ -2525 +2535 @@
                 break;
             }
-            case op_get_from_scope_with_profile:
             case op_get_from_scope:
-            case op_put_to_scope_with_profile:
             case op_put_to_scope: {
                 ResolveModeAndType modeAndType =
@@ -3936 +3944 @@
 #endif
 
-TypeLocation* CodeBlock::scopeDependentProfile(ResolveOp op, const Identifier& ident, size_t instructionOffset)
-{
-    unsigned divotStart, divotEnd;
-    bool shouldAnalyze = m_unlinkedCode->highFidelityTypeProfileExpressionInfoForBytecodeOffset(instructionOffset, divotStart, divotEnd);
-    GlobalVariableID globalVariableID;
-    RefPtr<TypeSet> globalTypeSet;
-
-    // FIXME: handle other values for op.type here, and also consider what to do when we can't statically determine the globalID
-    SymbolTable* symbolTable = nullptr;
-    if (op.type == ClosureVar) 
-        symbolTable = op.activation->symbolTable();
-    else if (op.type == GlobalVar)
-        symbolTable = m_globalObject.get()->symbolTable();
-    
-    if (symbolTable) {
-        ConcurrentJITLocker locker(symbolTable->m_lock);
-        globalVariableID = symbolTable->uniqueIDForVariable(locker, ident.impl(), *vm());
-        globalTypeSet = symbolTable->globalTypeSetForVariable(locker, ident.impl(), *vm());
-    } else
-        globalVariableID = HighFidelityNoGlobalIDExists;
-
-    std::pair<TypeLocation*, bool> locationPair = vm()->highFidelityTypeProfiler()->typeLocationCache()->getTypeLocation(globalVariableID, m_ownerExecutable->sourceID(), divotStart, divotEnd, globalTypeSet, vm());
-    TypeLocation* location = locationPair.first;
-    bool isNewLocation = locationPair.second;
-
-    if (shouldAnalyze & isNewLocation)
-        vm()->highFidelityTypeProfiler()->insertNewLocation(location);
-
-    return location;
-}
-
 } // namespace JSC

trunk/Source/JavaScriptCore/bytecode/CodeBlock.h

@@ -1021 +1021 @@
     }
 
-    TypeLocation* scopeDependentProfile(ResolveOp, const Identifier&, size_t);
-    
 #if ENABLE(JIT)
     void resetStubInternal(RepatchBuffer&, StructureStubInfo&);

trunk/Source/JavaScriptCore/bytecode/TypeLocation.h

@@ -34 +34 @@
     HighFidelityNeedsUniqueIDGeneration = -1,
     HighFidelityNoGlobalIDExists = -2,
-    HighFidelityReturnStatement = -3,
-    HighFidelityThisStatement = -4
+    HighFidelityReturnStatement = -3
 };
 
@@ -42 +41 @@
 class TypeLocation {
 public:
-    TypeLocation() 
-        : m_divotForFunctionOffsetIfReturnStatement(UINT_MAX)
+    TypeLocation()
+        : m_lastSeenType(TypeNothing)
+        , m_divotForFunctionOffsetIfReturnStatement(UINT_MAX)
         , m_instructionTypeSet(TypeSet::create())
         , m_globalTypeSet(nullptr)
@@ -50 +50 @@
 
     GlobalVariableID m_globalVariableID;
+    RuntimeType m_lastSeenType;
     intptr_t m_sourceID;
     unsigned m_divotStart;