Changeset 250806 in webkit for trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

Timestamp:

Oct 7, 2019, 4:34:01 PM (6 years ago)

Author:

[email protected]

Message:

Allow OSR exit to the LLInt
​https://bugs.webkit.org/show_bug.cgi?id=197993

Reviewed by Tadeu Zagallo.

JSTests:

• stress/exit-from-getter-by-val.js: Added.
• stress/exit-from-setter-by-val.js: Added.

Source/JavaScriptCore:

This patch makes it so we can OSR exit to the LLInt.
Here are the interesting implementation details:

1. We no longer baseline compile everything in the inline stack.

2. When the top frame is a LLInt frame, we exit to the corresponding

LLInt bytecode. However, we need to materialize the LLInt registers
for PC, PB, and metadata.

3. When dealing with inline call frames where the caller is LLInt, we

need to return to the appropriate place. Let's consider we're exiting
at a place A->B (A calls B), where A is LLInt. If A is a normal call,
we place the return PC in the frame we materialize to B to be right
after the LLInt's inline cache for calls. If A is a varargs call, we place
it at the return location for vararg calls. The interesting scenario here
is where A is a getter/setter. This means that A might be get_by_id,
get_by_val, put_by_id, or put_by_val. Since the LLInt does not have any
form of IC for getters/setters, we make this work by creating new LLInt
"return location" stubs for these opcodes.

4. We need to update what callee saves we store in the callee if the caller frame

is a LLInt frame. Let's consider an inline stack A->B->C, where A is a LLInt frame.
When we materialize the stack frame for B, we need to ensure that the LLInt callee
saves that A uses is stored into B's preserved callee saves. Specifically, this
is just the PB/metadata registers.

This patch also fixes offlineasm's macro expansion to allow us to
use computed label names for global labels.

In a future bug, I'm going to investigate some kind of control system for
throwing away baseline code when we tier up:
​https://bugs.webkit.org/show_bug.cgi?id=202503

• JavaScriptCore.xcodeproj/project.pbxproj:
• Sources.txt:
• bytecode/CodeBlock.h:

(JSC::CodeBlock::metadataTable):
(JSC::CodeBlock::instructionsRawPointer):

• dfg/DFGOSRExit.cpp:

(JSC::DFG::OSRExit::executeOSRExit):
(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::adjustAndJumpToTarget):
(JSC::DFG::OSRExit::compileOSRExit):

• dfg/DFGOSRExit.h:

(JSC::DFG::OSRExitState::OSRExitState):

• dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::callerReturnPC):
(JSC::DFG::calleeSaveSlot):
(JSC::DFG::reifyInlinedCallFrames):
(JSC::DFG::adjustAndJumpToTarget):

• dfg/DFGOSRExitCompilerCommon.h:
• dfg/DFGOSRExitPreparation.cpp:

(JSC::DFG::prepareCodeOriginForOSRExit): Deleted.

• dfg/DFGOSRExitPreparation.h:
• ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileFTLOSRExit):

• llint/LLIntData.h:

(JSC::LLInt::getCodePtr):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• offlineasm/asm.rb:
• offlineasm/transform.rb:
• runtime/OptionsList.h:

Tools:

• Scripts/run-jsc-stress-tests:

File:

• trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm (modified) (6 diffs)

trunk/Source/JavaScriptCore/llint/LowLevelInterpreter64.asm

@@ -1329 +1329 @@
 end)
 
-
 llintOpWithMetadata(op_get_by_id, OpGetById, macro (size, get, dispatch, metadata, return)
     metadata(t2, t1)
@@ -1380 +1379 @@
     callSlowPath(_llint_slow_path_get_by_id)
     dispatch()
+
+.osrReturnPoint:
+    getterSetterOSRExitReturnPoint(op_get_by_id, size)
+    metadata(t2, t3)
+    valueProfile(OpGetById, t2, r0)
+    return(r0)
+
 end)
 
@@ -1452 +1458 @@
     callSlowPath(_llint_slow_path_put_by_id)
     dispatch()
+
+.osrReturnPoint:
+    getterSetterOSRExitReturnPoint(op_put_by_id, size)
+    dispatch()
+
 end)
 
@@ -1623 +1634 @@
     callSlowPath(_llint_slow_path_get_by_val)
     dispatch()
-end)
-
-
-macro putByValOp(opcodeName, opcodeStruct)
+
+.osrReturnPoint:
+    getterSetterOSRExitReturnPoint(op_get_by_val, size)
+    metadata(t5, t2)
+    valueProfile(OpGetByVal, t5, r0)
+    return(r0)
+
+end)
+
+
+macro putByValOp(opcodeName, opcodeStruct, osrExitPoint)
     llintOpWithMetadata(op_%opcodeName%, opcodeStruct, macro (size, get, dispatch, metadata, return)
         macro contiguousPutByVal(storeCallback)
@@ -1714 +1732 @@
         callSlowPath(_llint_slow_path_%opcodeName%)
         dispatch()
+
+        osrExitPoint(size, dispatch)
+        
     end)
 end
 
-putByValOp(put_by_val, OpPutByVal)
-
-putByValOp(put_by_val_direct, OpPutByValDirect)
+putByValOp(put_by_val, OpPutByVal, macro (size, dispatch)
+.osrReturnPoint:
+    getterSetterOSRExitReturnPoint(op_put_by_val, size)
+    dispatch()
+end)
+
+putByValOp(put_by_val_direct, OpPutByValDirect, macro (a, b) end)
 
 
@@ -2008 +2033 @@
         move t3, sp
         prepareCall(%opcodeStruct%::Metadata::m_callLinkInfo.m_machineCodeTarget[t5], t2, t3, t4, JSEntryPtrTag)
-        callTargetFunction(size, opcodeStruct, dispatch, %opcodeStruct%::Metadata::m_callLinkInfo.m_machineCodeTarget[t5], JSEntryPtrTag)
+        callTargetFunction(opcodeName, size, opcodeStruct, dispatch, %opcodeStruct%::Metadata::m_callLinkInfo.m_machineCodeTarget[t5], JSEntryPtrTag)
 
     .opCallSlow:
-        slowPathForCall(size, opcodeStruct, dispatch, slowPath, prepareCall)
+        slowPathForCall(opcodeName, size, opcodeStruct, dispatch, slowPath, prepareCall)
     end)
 end