Changeset 209678 in webkit for trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

Timestamp:

Dec 10, 2016, 5:14:37 PM (9 years ago)

Author:

[email protected]

Message:

Unreviewed, rolling out r209653, r209654, r209663, and
r209673.
​https://bugs.webkit.org/show_bug.cgi?id=165739

speedometer crashes (Requested by pizlo on #webkit).

Reverted changesets:

"JSVALUE64: Pass arguments in platform argument registers when
making JavaScript calls"
​https://bugs.webkit.org/show_bug.cgi?id=160355
​http://trac.webkit.org/changeset/209653

"Unreviewed build fix for 32 bit builds."
​http://trac.webkit.org/changeset/209654

"Unreviewed build fix for the CLOOP after r209653"
​http://trac.webkit.org/changeset/209663

"REGRESSION(r209653) Crash in CallFrameShuffler::snapshot()"
​https://bugs.webkit.org/show_bug.cgi?id=165728
​http://trac.webkit.org/changeset/209673

File:

• trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp (modified) (19 diffs)

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

@@ -81 +81 @@
 }
 
-GPRReg SpeculativeJIT::fillJSValue(Edge edge, GPRReg gprToUse)
+GPRReg SpeculativeJIT::fillJSValue(Edge edge)
 {
     VirtualRegister virtualRegister = edge->virtualRegister();
@@ -88 +88 @@
     switch (info.registerFormat()) {
     case DataFormatNone: {
-        GPRReg gpr = allocate(gprToUse);
+        GPRReg gpr = allocate();
 
         if (edge->hasConstant()) {
@@ -121 +121 @@
         // If not, we'll zero extend in place, so mark on the info that this is now type DataFormatInt32, not DataFormatJSInt32.
         if (m_gprs.isLocked(gpr)) {
-            GPRReg result = allocate(gprToUse);
-            m_jit.or64(GPRInfo::tagTypeNumberRegister, gpr, result);
-            return result;
-        }
-        if (gprToUse != InvalidGPRReg && gpr != gprToUse) {
-            GPRReg result = allocate(gprToUse);
+            GPRReg result = allocate();
             m_jit.or64(GPRInfo::tagTypeNumberRegister, gpr, result);
             return result;
@@ -144 +139 @@
     case DataFormatJSBoolean: {
         GPRReg gpr = info.gpr();
-        if (gprToUse != InvalidGPRReg && gpr != gprToUse) {
-            GPRReg result = allocate(gprToUse);
-            m_jit.move(gpr, result);
-            return result;
-        }
         m_gprs.lock(gpr);
         return gpr;
@@ -643 +633 @@
 {
     CallLinkInfo::CallType callType;
-    ArgumentsLocation argumentsLocation = StackArgs;
     bool isVarargs = false;
     bool isForwardVarargs = false;
@@ -726 +715 @@
     GPRReg calleeGPR = InvalidGPRReg;
     CallFrameShuffleData shuffleData;
-    std::optional<JSValueOperand> tailCallee;
-    std::optional<GPRTemporary> calleeGPRTemporary;
-
-    incrementCounter(&m_jit, VM::DFGCaller);
-
+    
     ExecutableBase* executable = nullptr;
     FunctionExecutable* functionExecutable = nullptr;
@@ -749 +734 @@
         unsigned numUsedStackSlots = m_jit.graph().m_nextMachineLocal;
         
-        incrementCounter(&m_jit, VM::CallVarargs);
         if (isForwardVarargs) {
             flushRegisters();
@@ -858 +842 @@
 
         if (isTail) {
-            incrementCounter(&m_jit, VM::TailCall);
             Edge calleeEdge = m_jit.graph().child(node, 0);
-            // We can't get the a specific register for the callee, since that will just move
-            // from any current register.  When we silent fill in the slow path we'll fill
-            // the original register and won't have the callee in the right register.
-            // Therefore we allocate a temp register for the callee and move ourselves.
-            tailCallee.emplace(this, calleeEdge);
-            GPRReg tailCalleeGPR = tailCallee->gpr();
-            calleeGPR = argumentRegisterForCallee();
-            if (tailCalleeGPR != calleeGPR)
-                calleeGPRTemporary = GPRTemporary(this, calleeGPR);
+            JSValueOperand callee(this, calleeEdge);
+            calleeGPR = callee.gpr();
             if (!isDirect)
-                tailCallee->use();
-
-            argumentsLocation = argumentsLocationFor(numAllocatedArgs);
-            shuffleData.argumentsInRegisters = argumentsLocation != StackArgs;
+                callee.use();
+
             shuffleData.tagTypeNumber = GPRInfo::tagTypeNumberRegister;
             shuffleData.numLocals = m_jit.graph().frameRegisterCount();
-            shuffleData.callee = ValueRecovery::inGPR(tailCalleeGPR, DataFormatJS);
+            shuffleData.callee = ValueRecovery::inGPR(calleeGPR, DataFormatJS);
             shuffleData.args.resize(numAllocatedArgs);
 
@@ -891 +865 @@
 
             shuffleData.setupCalleeSaveRegisters(m_jit.codeBlock());
-        } else if (node->op() == CallEval) {
-            // CallEval is handled with the arguments in the stack
+        } else {
             m_jit.store32(MacroAssembler::TrustedImm32(numPassedArgs), JITCompiler::calleeFramePayloadSlot(CallFrameSlot::argumentCount));
 
@@ -906 +879 @@
             for (unsigned i = numPassedArgs; i < numAllocatedArgs; ++i)
                 m_jit.storeTrustedValue(jsUndefined(), JITCompiler::calleeArgumentSlot(i));
-
-            incrementCounter(&m_jit, VM::CallEval);
-        } else {
-            for (unsigned i = numPassedArgs; i-- > 0;) {
-                GPRReg platformArgGPR = argumentRegisterForFunctionArgument(i);
-                Edge argEdge = m_jit.graph().m_varArgChildren[node->firstChild() + 1 + i];
-                JSValueOperand arg(this, argEdge, platformArgGPR);
-                GPRReg argGPR = arg.gpr();
-                ASSERT(argGPR == platformArgGPR || platformArgGPR == InvalidGPRReg);
-
-                // Only free the non-argument registers at this point.
-                if (platformArgGPR == InvalidGPRReg) {
-                    use(argEdge);
-                    m_jit.store64(argGPR, JITCompiler::calleeArgumentSlot(i));
-                }
-            }
-
-            // Use the argument edges for arguments passed in registers.
-            for (unsigned i = numPassedArgs; i-- > 0;) {
-                GPRReg argGPR = argumentRegisterForFunctionArgument(i);
-                if (argGPR != InvalidGPRReg) {
-                    Edge argEdge = m_jit.graph().m_varArgChildren[node->firstChild() + 1 + i];
-                    use(argEdge);
-                }
-            }
-
-            GPRTemporary argCount(this, argumentRegisterForArgumentCount());
-            GPRReg argCountGPR = argCount.gpr();
-            m_jit.move(TrustedImm32(numPassedArgs), argCountGPR);
-            argumentsLocation = argumentsLocationFor(numAllocatedArgs);
-
-            for (unsigned i = numPassedArgs; i < numAllocatedArgs; ++i) {
-                GPRReg platformArgGPR = argumentRegisterForFunctionArgument(i);
-
-                if (platformArgGPR == InvalidGPRReg)
-                    m_jit.storeTrustedValue(jsUndefined(), JITCompiler::calleeArgumentSlot(i));
-                else {
-                    GPRTemporary argumentTemp(this, platformArgGPR);
-                    m_jit.move(TrustedImm64(JSValue::encode(jsUndefined())), argumentTemp.gpr());
-                }
-            }
         }
     }
@@ -952 +884 @@
     if (!isTail || isVarargs || isForwardVarargs) {
         Edge calleeEdge = m_jit.graph().child(node, 0);
-        JSValueOperand callee(this, calleeEdge, argumentRegisterForCallee());
+        JSValueOperand callee(this, calleeEdge);
         calleeGPR = callee.gpr();
         callee.use();
-        if (argumentsLocation == StackArgs)
-            m_jit.store64(calleeGPR, JITCompiler::calleeFrameSlot(CallFrameSlot::callee));
+        m_jit.store64(calleeGPR, JITCompiler::calleeFrameSlot(CallFrameSlot::callee));
 
         flushRegisters();
@@ -983 +914 @@
     
     CallLinkInfo* callLinkInfo = m_jit.codeBlock()->addCallLinkInfo();
-    callLinkInfo->setUpCall(callType, argumentsLocation, m_currentNode->origin.semantic, calleeGPR);
+    callLinkInfo->setUpCall(callType, m_currentNode->origin.semantic, calleeGPR);
 
     if (node->op() == CallEval) {
@@ -1024 +955 @@
             RELEASE_ASSERT(node->op() == DirectTailCall);
             
-            if (calleeGPRTemporary != std::nullopt)
-                m_jit.move(tailCallee->gpr(), calleeGPRTemporary->gpr());
-
             JITCompiler::PatchableJump patchableJump = m_jit.patchableJump();
             JITCompiler::Label mainPath = m_jit.label();
-
-            incrementCounter(&m_jit, VM::TailCall);
-            incrementCounter(&m_jit, VM::DirectCall);
             
             m_jit.emitStoreCallSiteIndex(callSite);
@@ -1047 +972 @@
             silentFillAllRegisters(InvalidGPRReg);
             m_jit.exceptionCheck();
-            if (calleeGPRTemporary != std::nullopt)
-                m_jit.move(tailCallee->gpr(), calleeGPRTemporary->gpr());
             m_jit.jump().linkTo(mainPath, &m_jit);
             
@@ -1059 +982 @@
         JITCompiler::Label mainPath = m_jit.label();
         
-        incrementCounter(&m_jit, VM::DirectCall);
-
         m_jit.emitStoreCallSiteIndex(callSite);
         
@@ -1068 +989 @@
         JITCompiler::Label slowPath = m_jit.label();
         if (isX86())
-            m_jit.pop(GPRInfo::nonArgGPR0);
-
-        m_jit.move(MacroAssembler::TrustedImmPtr(callLinkInfo), GPRInfo::nonArgGPR0); // Link info needs to be in nonArgGPR0
-        JITCompiler::Call slowCall = m_jit.nearCall();
-
+            m_jit.pop(JITCompiler::selectScratchGPR(calleeGPR));
+
+        callOperation(operationLinkDirectCall, callLinkInfo, calleeGPR);
         m_jit.exceptionCheck();
         m_jit.jump().linkTo(mainPath, &m_jit);
@@ -1079 +998 @@
         
         setResultAndResetStack();
-
-        m_jit.addJSDirectCall(call, slowCall, slowPath, callLinkInfo);
+        
+        m_jit.addJSDirectCall(call, slowPath, callLinkInfo);
         return;
     }
-
-    if (isTail && calleeGPRTemporary != std::nullopt)
-        m_jit.move(tailCallee->gpr(), calleeGPRTemporary->gpr());
-
+    
     m_jit.emitStoreCallSiteIndex(callSite);
     
@@ -1110 +1026 @@
     if (node->op() == TailCall) {
         CallFrameShuffler callFrameShuffler(m_jit, shuffleData);
-        if (argumentsLocation == StackArgs)
-            callFrameShuffler.setCalleeJSValueRegs(JSValueRegs(argumentRegisterForCallee()));
+        callFrameShuffler.setCalleeJSValueRegs(JSValueRegs(GPRInfo::regT0));
         callFrameShuffler.prepareForSlowPath();
-    } else if (isTail)
-        m_jit.emitRestoreCalleeSaves();
-
-    m_jit.move(MacroAssembler::TrustedImmPtr(callLinkInfo), GPRInfo::nonArgGPR0); // Link info needs to be in nonArgGPR0
+    } else {
+        m_jit.move(calleeGPR, GPRInfo::regT0); // Callee needs to be in regT0
+
+        if (isTail)
+            m_jit.emitRestoreCalleeSaves(); // This needs to happen after we moved calleeGPR to regT0
+    }
+
+    m_jit.move(MacroAssembler::TrustedImmPtr(callLinkInfo), GPRInfo::regT2); // Link info needs to be in regT2
     JITCompiler::Call slowCall = m_jit.nearCall();
 
     done.link(&m_jit);
 
-    if (isTail) {
-        tailCallee = std::nullopt;
-        calleeGPRTemporary = std::nullopt;
+    if (isTail)
         m_jit.abortWithReason(JITDidReturnFromTailCall);
-    } else
+    else
         setResultAndResetStack();
 
@@ -4250 +4167 @@
     }
 
-    case GetArgumentRegister:
-        break;
-            
     case GetRestLength: {
         compileGetRestLength(node);