Changeset 172614 in webkit for trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

Timestamp:

Aug 14, 2014, 4:59:44 PM (11 years ago)

Author:

[email protected]

Message:

Allow high fidelity type profiling to be enabled and disabled.
​https://bugs.webkit.org/show_bug.cgi?id=135423

Patch by Saam Barati <​[email protected]> on 2014-08-14
Reviewed by Geoffrey Garen.

Source/JavaScriptCore:

• Merged op_put_to_scope_with_profile and op_get_from_scope_with_profile into op_profile_types_with_high_fidelity by adding extra arguments to the opcode.
• Altered SymbolTable to use less memory by adding a rare data structure for type profiling.
• Created an interface to turn on and off type profiling from the Web Inspector.
• Refactored how entries are written to HighFidelityLog to make it easier to inline when generating machine code.
• Implemented op_profile_types_with_high_fidelity in the baseline JIT by inlining the process of writing to the log and doing a small amount of type inference optimizations.

• bytecode/BytecodeList.json:
• bytecode/BytecodeUseDef.h:

(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::dumpBytecode):
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::scopeDependentProfile): Deleted.

• bytecode/CodeBlock.h:
• bytecode/TypeLocation.h:

(JSC::TypeLocation::TypeLocation):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::emitMove):
(JSC::BytecodeGenerator::emitProfileTypesWithHighFidelity):
(JSC::BytecodeGenerator::emitGetFromScopeWithProfile): Deleted.
(JSC::BytecodeGenerator::emitPutToScopeWithProfile): Deleted.

• bytecompiler/BytecodeGenerator.h:
• bytecompiler/NodesCodegen.cpp:

(JSC::ThisNode::emitBytecode):
(JSC::ResolveNode::emitBytecode):
(JSC::BracketAccessorNode::emitBytecode):
(JSC::DotAccessorNode::emitBytecode):
(JSC::FunctionCallValueNode::emitBytecode):
(JSC::FunctionCallResolveNode::emitBytecode):
(JSC::FunctionCallBracketNode::emitBytecode):
(JSC::FunctionCallDotNode::emitBytecode):
(JSC::CallFunctionCallDotNode::emitBytecode):
(JSC::ApplyFunctionCallDotNode::emitBytecode):
(JSC::PostfixNode::emitResolve):
(JSC::PostfixNode::emitBracket):
(JSC::PostfixNode::emitDot):
(JSC::PrefixNode::emitResolve):
(JSC::PrefixNode::emitBracket):
(JSC::PrefixNode::emitDot):
(JSC::ReadModifyResolveNode::emitBytecode):
(JSC::AssignResolveNode::emitBytecode):
(JSC::AssignDotNode::emitBytecode):
(JSC::ReadModifyDotNode::emitBytecode):
(JSC::AssignBracketNode::emitBytecode):
(JSC::ReadModifyBracketNode::emitBytecode):
(JSC::ReturnNode::emitBytecode):
(JSC::FunctionBodyNode::emitBytecode):

• inspector/agents/InspectorRuntimeAgent.cpp:

(Inspector::InspectorRuntimeAgent::InspectorRuntimeAgent):
(Inspector::InspectorRuntimeAgent::getRuntimeTypesForVariablesAtOffsets):
(Inspector::TypeRecompiler::operator()):
(Inspector::recompileAllJSFunctionsForTypeProfiling):
(Inspector::InspectorRuntimeAgent::willDestroyFrontendAndBackend):
(Inspector::InspectorRuntimeAgent::enableHighFidelityTypeProfiling):
(Inspector::InspectorRuntimeAgent::disableHighFidelityTypeProfiling):
(Inspector::InspectorRuntimeAgent::setHighFidelityTypeProfilingEnabledState):

• inspector/agents/InspectorRuntimeAgent.h:
• inspector/agents/JSGlobalObjectRuntimeAgent.cpp:

(Inspector::JSGlobalObjectRuntimeAgent::willDestroyFrontendAndBackend):

• inspector/protocol/Runtime.json:
• jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::privateCompile):

• jit/JIT.h:
• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_profile_types_with_high_fidelity):

• jit/JITOpcodes32_64.cpp:

(JSC::JIT::emit_op_profile_types_with_high_fidelity):

• jit/JITOperations.cpp:
• jit/JITOperations.h:
• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::getFromScopeCommon): Deleted.
(JSC::LLInt::putToScopeCommon): Deleted.

• llint/LLIntSlowPaths.h:
• llint/LowLevelInterpreter.asm:
• runtime/CodeCache.cpp:

(JSC::CodeCache::getGlobalCodeBlock):

• runtime/CommonSlowPaths.cpp:

(JSC::SLOW_PATH_DECL):

• runtime/CommonSlowPaths.h:
• runtime/HighFidelityLog.cpp:

(JSC::HighFidelityLog::initializeHighFidelityLog):
(JSC::HighFidelityLog::~HighFidelityLog):
(JSC::HighFidelityLog::processHighFidelityLog):

• runtime/HighFidelityLog.h:

(JSC::HighFidelityLog::LogEntry::structureIDOffset):
(JSC::HighFidelityLog::LogEntry::valueOffset):
(JSC::HighFidelityLog::LogEntry::locationOffset):
(JSC::HighFidelityLog::recordTypeInformationForLocation):
(JSC::HighFidelityLog::logEndPtr):
(JSC::HighFidelityLog::logStartOffset):
(JSC::HighFidelityLog::currentLogEntryOffset):

• runtime/HighFidelityTypeProfiler.cpp:

(JSC::HighFidelityTypeProfiler::logTypesForTypeLocation):
(JSC::descriptorMatchesTypeLocation):

• runtime/HighFidelityTypeProfiler.h:
• runtime/SymbolTable.cpp:

(JSC::SymbolTable::SymbolTable):
(JSC::SymbolTable::cloneCapturedNames):
(JSC::SymbolTable::prepareForHighFidelityTypeProfiling):
(JSC::SymbolTable::uniqueIDForVariable):
(JSC::SymbolTable::uniqueIDForRegister):
(JSC::SymbolTable::globalTypeSetForRegister):
(JSC::SymbolTable::globalTypeSetForVariable):

• runtime/SymbolTable.h:

(JSC::SymbolTable::add):
(JSC::SymbolTable::set):

• runtime/TypeLocationCache.cpp:

(JSC::TypeLocationCache::getTypeLocation):

• runtime/TypeSet.cpp:

(JSC::TypeSet::getRuntimeTypeForValue):
(JSC::TypeSet::addTypeInformation):
(JSC::TypeSet::allPrimitiveTypeNames):
(JSC::TypeSet::addTypeForValue): Deleted.

• runtime/TypeSet.h:
• runtime/VM.cpp:

(JSC::VM::VM):
(JSC::VM::nextTypeLocation):
(JSC::VM::enableHighFidelityTypeProfiling):
(JSC::VM::disableHighFidelityTypeProfiling):
(JSC::VM::dumpHighFidelityProfilingTypes):

• runtime/VM.h:

(JSC::VM::nextLocation): Deleted.

Source/WebCore:

PageRuntimeAgent and WorkerRuntimeAgent now call their super
class's (InspectorRuntimeAgent) implementation of willDestroyFrontendAndBackend
to give InspectorRuntimeAgent a chance to recompile all JavaScript
functions, if necessary, for type profiling.

• inspector/PageRuntimeAgent.cpp:

(WebCore::PageRuntimeAgent::willDestroyFrontendAndBackend):

• inspector/WorkerRuntimeAgent.cpp:

(WebCore::WorkerRuntimeAgent::willDestroyFrontendAndBackend):

File:

• trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp (modified) (6 diffs)

trunk/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp

@@ -539 +539 @@
         LLINT_THROW(createSyntaxError(exec, "Invalid flag supplied to RegExp constructor."));
     LLINT_RETURN(RegExpObject::create(vm, exec->lexicalGlobalObject()->regExpStructure(), regExp));
-}
-
-LLINT_SLOW_PATH_DECL(slow_path_profile_types_with_high_fidelity)
-{
-    LLINT_BEGIN();
-    TypeLocation* location = pc[2].u.location;
-    JSValue val = LLINT_OP_C(1).jsValue();
-    vm.highFidelityLog()->recordTypeInformationForLocation(val, location);
-    LLINT_END_IMPL();
 }
 
@@ -1376 +1367 @@
 }
 
-static JSValue getFromScopeCommon(ExecState* exec, Instruction* pc, VM& vm)
-{
+LLINT_SLOW_PATH_DECL(slow_path_get_from_scope)
+{
+    LLINT_BEGIN();
+
     const Identifier& ident = exec->codeBlock()->identifier(pc[3].u.operand);
     JSObject* scope = jsCast<JSObject*>(LLINT_OP(2).jsValue());
@@ -1385 +1378 @@
     if (!scope->getPropertySlot(exec, ident, slot)) {
         if (modeAndType.mode() == ThrowIfNotFound)
-            return exec->vm().throwException(exec, createUndefinedVariableError(exec, ident));
-        return jsUndefined();
+            LLINT_RETURN(exec->vm().throwException(exec, createUndefinedVariableError(exec, ident)));
+        LLINT_RETURN(jsUndefined());
     }
 
@@ -1403 +1396 @@
     }
 
-    return slot.getValue(exec, ident);
-}
-
-LLINT_SLOW_PATH_DECL(slow_path_get_from_scope)
-{
-    LLINT_BEGIN();
-    JSValue value = getFromScopeCommon(exec, pc, vm);
-    LLINT_RETURN(value);
-}
-
-LLINT_SLOW_PATH_DECL(slow_path_get_from_scope_with_profile)
-{
-    LLINT_BEGIN();
-    JSValue value = getFromScopeCommon(exec, pc, vm);
-    TypeLocation* location = pc[8].u.location;
-    vm.highFidelityLog()->recordTypeInformationForLocation(value, location);
-    LLINT_RETURN(value);
-}
-
-static JSObject* putToScopeCommon(ExecState* exec, Instruction* pc)
-{
+    LLINT_RETURN(slot.getValue(exec, ident));
+}
+
+LLINT_SLOW_PATH_DECL(slow_path_put_to_scope)
+{
+    LLINT_BEGIN();
+
     CodeBlock* codeBlock = exec->codeBlock();
     const Identifier& ident = codeBlock->identifier(pc[2].u.operand);
@@ -1431 +1410 @@
 
     if (modeAndType.mode() == ThrowIfNotFound && !scope->hasProperty(exec, ident))
-        return createUndefinedVariableError(exec, ident);
+        LLINT_THROW(createUndefinedVariableError(exec, ident));
 
     PutPropertySlot slot(scope, codeBlock->isStrictMode());
@@ -1438 +1417 @@
     CommonSlowPaths::tryCachePutToScopeGlobal(exec, codeBlock, pc, scope, modeAndType, slot);
 
-    return nullptr;
-}
-
-LLINT_SLOW_PATH_DECL(slow_path_put_to_scope)
-{
-    LLINT_BEGIN();
-    JSObject* error = putToScopeCommon(exec, pc);
-    if (error)
-        LLINT_THROW(error);
-    LLINT_END();
-}
-
-LLINT_SLOW_PATH_DECL(slow_path_put_to_scope_with_profile)
-{
-    // The format of this instruction is the same as put_to_scope with a TypeLocation appended: put_to_scope_with_profile scope, id, value, ResolveModeAndType, Structure, Operand, TypeLocation*
-    LLINT_BEGIN();
-    JSObject* error = putToScopeCommon(exec, pc);
-    if (error)
-        LLINT_THROW(error);
-    TypeLocation* location = pc[7].u.location;
-    JSValue val = LLINT_OP_C(3).jsValue();
-    vm.highFidelityLog()->recordTypeInformationForLocation(val, location);
     LLINT_END();
 }