Changeset 252684 in webkit for trunk/Source/JavaScriptCore/ChangeLog
- Timestamp:
- Nov 19, 2019, 9:53:38 PM (6 years ago)
- File:
-
- 1 edited
-
trunk/Source/JavaScriptCore/ChangeLog (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r252683 r252684 1 2019-11-19 Saam Barati <[email protected]> 2 3 GetByVal should use polymorphic access and hook into a status object 4 https://bugs.webkit.org/show_bug.cgi?id=202767 5 6 Reviewed by Keith Miller. 7 8 This patch puts get_by_val in our normal IC caching infrastructure. This means 9 building it on top of StructureStubInfo and PolymorphicAccess. For this to 10 work, AccessCase now supports all the array load variants that we used to have 11 fast paths for. For identifier based variants, it we just fall back to the 12 code we've already implemented, but only after doing a runtime check that 13 the identifier matches the expected identifier. This allows us to reuse all 14 the IC infrastructure we have for get_by_id. 15 16 Our compilation strategy is that the baseline JIT always emits a get_by_val 17 IC. If that IC goes to the slow path, the DFG/FTL won't also emit the same IC, 18 since it's probable that we're seeing a megamorphic switch over strings. This 19 was needed to keep this patch neutral on Speedometer 2. It's likely there is 20 room to improve this heuristic: https://bugs.webkit.org/show_bug.cgi?id=204336 21 22 This now allows us to have inline caches which contain array loads, and uses 23 of different identifiers. They just show up as different access cases inside 24 polymorphic access. 25 26 This patch is a progression on various microbenchmarks, especially those with 27 uses of a fixed set of multiple identifiers. It's neutral on JetStream 2 and 28 Speedometer 2. 29 30 This patch also hooks in get_by_val ICs to our ICStatus infrastructure. This 31 is going to pave the way to allow us to eagerly throw away baseline code, since 32 when we go for an FTL compile, we will be able to use the IC status from the 33 prior compile without relying on baseline specific data structures. 34 35 There are a few interesting tidbits in this patch that are worth 36 highlighting. 37 - Unlike get_by_id, when we take an IC snapshot for a get_by_val 38 IC, we're not guaranteed the various identifiers in question will outlive 39 the compile (get_by_id ensures this since they're in the constant pool of 40 CodeBlock). For get_by_val, the Identifiers in question are dynamic fields 41 of AccessCase, and AccessCase may get destroyed as we're compiling concurrently. 42 Also, String's reference counting isn't thread safe, so we can't just ref it. 43 Instead, we use a Box<Identifier> inside AccessCase. This allows us to safely 44 ref the Box without refing the underlying String. We're not worried about the 45 Box being destroyed while we're doing this, since we're holding a lock while 46 taking an IC snapshot inside GetByStatus. 47 - We no longer hold onto the actual JS symbol object in the inline cache. 48 This is what we used to do for inlining by val infos. Instead, this patch 49 extends the CheckStringIdent node to be able to handle symbols as well. This 50 patch also renames CheckStringIdent to CheckIdent. 51 52 This patch also renames various IC related helpers from GetById* to GetBy*, 53 since they can both be used by get_by_val and get_by_id. 54 55 * JavaScriptCore.xcodeproj/project.pbxproj: 56 * Sources.txt: 57 * bytecode/AccessCase.cpp: 58 (JSC::AccessCase::AccessCase): 59 (JSC::AccessCase::create): 60 (JSC::AccessCase::fromStructureStubInfo): 61 (JSC::AccessCase::commit): 62 (JSC::AccessCase::guardedByStructureCheck const): 63 (JSC::AccessCase::guardedByStructureCheckSkippingConstantIdentifierCheck const): 64 (JSC::AccessCase::requiresIdentifierNameMatch const): 65 (JSC::AccessCase::requiresInt32PropertyCheck const): 66 (JSC::AccessCase::needsScratchFPR const): 67 (JSC::AccessCase::forEachDependentCell const): 68 (JSC::AccessCase::doesCalls const): 69 (JSC::AccessCase::canReplace const): 70 (JSC::AccessCase::dump const): 71 (JSC::AccessCase::generateWithGuard): 72 (JSC::AccessCase::generate): 73 (JSC::AccessCase::generateImpl): 74 (JSC::AccessCase::toTypedArrayType): 75 (JSC::AccessCase::checkConsistency): 76 * bytecode/AccessCase.h: 77 (JSC::AccessCase::uid const): 78 (JSC::AccessCase::identifier const): 79 (JSC::AccessCase::checkConsistency): 80 (JSC::AccessCase::AccessCase): 81 * bytecode/GetByIdStatus.cpp: Removed. 82 * bytecode/GetByIdStatus.h: Removed. 83 * bytecode/GetByIdVariant.cpp: 84 (JSC::GetByIdVariant::GetByIdVariant): 85 (JSC::GetByIdVariant::operator=): 86 (JSC::GetByIdVariant::attemptToMerge): 87 * bytecode/GetByIdVariant.h: 88 (JSC::GetByIdVariant::domAttribute const): 89 (JSC::GetByIdVariant::identifier const): 90 * bytecode/GetByStatus.cpp: Copied from Source/JavaScriptCore/bytecode/GetByIdStatus.cpp. 91 (JSC::GetByStatus::appendVariant): 92 (JSC::GetByStatus::computeFromLLInt): 93 (JSC::GetByStatus::computeFor): 94 (JSC::GetByStatus::GetByStatus): 95 (JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback): 96 (JSC::GetByStatus::makesCalls const): 97 (JSC::GetByStatus::slowVersion const): 98 (JSC::GetByStatus::merge): 99 (JSC::GetByStatus::filter): 100 (JSC::GetByStatus::markIfCheap): 101 (JSC::GetByStatus::finalize): 102 (JSC::GetByStatus::singleIdentifier const): 103 (JSC::GetByStatus::dump const): 104 (JSC::GetByIdStatus::appendVariant): Deleted. 105 (JSC::GetByIdStatus::computeFromLLInt): Deleted. 106 (JSC::GetByIdStatus::computeFor): Deleted. 107 (JSC::GetByIdStatus::computeForStubInfo): Deleted. 108 (JSC::GetByIdStatus::GetByIdStatus): Deleted. 109 (JSC::GetByIdStatus::computeForStubInfoWithoutExitSiteFeedback): Deleted. 110 (JSC::GetByIdStatus::makesCalls const): Deleted. 111 (JSC::GetByIdStatus::slowVersion const): Deleted. 112 (JSC::GetByIdStatus::merge): Deleted. 113 (JSC::GetByIdStatus::filter): Deleted. 114 (JSC::GetByIdStatus::markIfCheap): Deleted. 115 (JSC::GetByIdStatus::finalize): Deleted. 116 (JSC::GetByIdStatus::dump const): Deleted. 117 * bytecode/GetByStatus.h: Copied from Source/JavaScriptCore/bytecode/GetByIdStatus.h. 118 (JSC::GetByStatus::GetByStatus): 119 (JSC::GetByStatus::moduleNamespaceObject const): 120 (JSC::GetByStatus::moduleEnvironment const): 121 (JSC::GetByStatus::scopeOffset const): 122 (JSC::GetByIdStatus::GetByIdStatus): Deleted. 123 (JSC::GetByIdStatus::state const): Deleted. 124 (JSC::GetByIdStatus::isSet const): Deleted. 125 (JSC::GetByIdStatus::operator bool const): Deleted. 126 (JSC::GetByIdStatus::isSimple const): Deleted. 127 (JSC::GetByIdStatus::isCustom const): Deleted. 128 (JSC::GetByIdStatus::isModuleNamespace const): Deleted. 129 (JSC::GetByIdStatus::numVariants const): Deleted. 130 (JSC::GetByIdStatus::variants const): Deleted. 131 (JSC::GetByIdStatus::at const): Deleted. 132 (JSC::GetByIdStatus::operator[] const): Deleted. 133 (JSC::GetByIdStatus::takesSlowPath const): Deleted. 134 (JSC::GetByIdStatus::wasSeenInJIT const): Deleted. 135 (JSC::GetByIdStatus::moduleNamespaceObject const): Deleted. 136 (JSC::GetByIdStatus::moduleEnvironment const): Deleted. 137 (JSC::GetByIdStatus::scopeOffset const): Deleted. 138 * bytecode/GetterSetterAccessCase.cpp: 139 (JSC::GetterSetterAccessCase::GetterSetterAccessCase): 140 (JSC::GetterSetterAccessCase::create): 141 * bytecode/GetterSetterAccessCase.h: 142 * bytecode/ICStatusMap.h: 143 * bytecode/InByIdStatus.cpp: 144 (JSC::InByIdStatus::computeForStubInfoWithoutExitSiteFeedback): 145 * bytecode/InlineAccess.cpp: 146 (JSC::InlineAccess::generateSelfPropertyAccess): 147 (JSC::InlineAccess::canGenerateSelfPropertyReplace): 148 (JSC::InlineAccess::generateSelfPropertyReplace): 149 (JSC::InlineAccess::isCacheableArrayLength): 150 (JSC::InlineAccess::generateArrayLength): 151 (JSC::InlineAccess::isCacheableStringLength): 152 (JSC::InlineAccess::generateStringLength): 153 (JSC::InlineAccess::generateSelfInAccess): 154 * bytecode/InstanceOfAccessCase.cpp: 155 (JSC::InstanceOfAccessCase::InstanceOfAccessCase): 156 * bytecode/InstanceOfStatus.cpp: 157 (JSC::InstanceOfStatus::computeForStubInfo): 158 * bytecode/IntrinsicGetterAccessCase.cpp: 159 (JSC::IntrinsicGetterAccessCase::IntrinsicGetterAccessCase): 160 (JSC::IntrinsicGetterAccessCase::create): 161 * bytecode/IntrinsicGetterAccessCase.h: 162 * bytecode/ModuleNamespaceAccessCase.cpp: 163 (JSC::ModuleNamespaceAccessCase::ModuleNamespaceAccessCase): 164 (JSC::ModuleNamespaceAccessCase::create): 165 * bytecode/ModuleNamespaceAccessCase.h: 166 * bytecode/PolymorphicAccess.cpp: 167 (JSC::AccessGenerationState::preserveLiveRegistersToStackForCall): 168 (JSC::PolymorphicAccess::addCases): 169 (JSC::PolymorphicAccess::addCase): 170 (JSC::PolymorphicAccess::commit): 171 (JSC::PolymorphicAccess::regenerate): 172 (WTF::printInternal): 173 * bytecode/PolymorphicAccess.h: 174 * bytecode/ProxyableAccessCase.cpp: 175 (JSC::ProxyableAccessCase::ProxyableAccessCase): 176 (JSC::ProxyableAccessCase::create): 177 * bytecode/ProxyableAccessCase.h: 178 * bytecode/PutByIdStatus.cpp: 179 (JSC::PutByIdStatus::computeForStubInfo): 180 * bytecode/RecordedStatuses.cpp: 181 (JSC::RecordedStatuses::addGetByStatus): 182 (JSC::RecordedStatuses::addGetByIdStatus): Deleted. 183 * bytecode/RecordedStatuses.h: 184 * bytecode/StructureStubInfo.cpp: 185 (JSC::StructureStubInfo::StructureStubInfo): 186 (JSC::StructureStubInfo::initGetByIdSelf): 187 (JSC::StructureStubInfo::initArrayLength): 188 (JSC::StructureStubInfo::initStringLength): 189 (JSC::StructureStubInfo::initPutByIdReplace): 190 (JSC::StructureStubInfo::initInByIdSelf): 191 (JSC::StructureStubInfo::deref): 192 (JSC::StructureStubInfo::aboutToDie): 193 (JSC::StructureStubInfo::addAccessCase): 194 (JSC::StructureStubInfo::reset): 195 (JSC::StructureStubInfo::visitWeakReferences): 196 (JSC::StructureStubInfo::propagateTransitions): 197 (JSC::StructureStubInfo::summary const): 198 (JSC::StructureStubInfo::containsPC const): 199 (JSC::StructureStubInfo::setCacheType): 200 (JSC::StructureStubInfo::checkConsistency): 201 * bytecode/StructureStubInfo.h: 202 (JSC::StructureStubInfo::getByIdSelfIdentifier): 203 (JSC::StructureStubInfo::thisValueIsInThisGPR const): 204 (JSC::StructureStubInfo::checkConsistency): 205 (JSC::StructureStubInfo::cacheType const): 206 (JSC::appropriateOptimizingGetByIdFunction): 207 (JSC::appropriateGenericGetByIdFunction): 208 * dfg/DFGAbstractInterpreterInlines.h: 209 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): 210 (JSC::DFG::AbstractInterpreter<AbstractStateType>::filterICStatus): 211 * dfg/DFGArgumentsEliminationPhase.cpp: 212 * dfg/DFGByteCodeParser.cpp: 213 (JSC::DFG::ByteCodeParser::handleDOMJITGetter): 214 (JSC::DFG::ByteCodeParser::handleModuleNamespaceLoad): 215 (JSC::DFG::ByteCodeParser::load): 216 (JSC::DFG::ByteCodeParser::handleGetById): 217 (JSC::DFG::ByteCodeParser::parseGetById): 218 (JSC::DFG::ByteCodeParser::parseBlock): 219 (JSC::DFG::ByteCodeParser::handlePutByVal): 220 * dfg/DFGClobberize.h: 221 (JSC::DFG::clobberize): 222 * dfg/DFGClobbersExitState.cpp: 223 (JSC::DFG::clobbersExitState): 224 * dfg/DFGConstantFoldingPhase.cpp: 225 (JSC::DFG::ConstantFoldingPhase::foldConstants): 226 * dfg/DFGDesiredIdentifiers.cpp: 227 (JSC::DFG::DesiredIdentifiers::processCodeBlockIdentifiersIfNeeded): 228 (JSC::DFG::DesiredIdentifiers::ensure): 229 (JSC::DFG::DesiredIdentifiers::at const): 230 (JSC::DFG::DesiredIdentifiers::reallyAdd): 231 * dfg/DFGDesiredIdentifiers.h: 232 * dfg/DFGDoesGC.cpp: 233 (JSC::DFG::doesGC): 234 * dfg/DFGFixupPhase.cpp: 235 (JSC::DFG::FixupPhase::fixupNode): 236 * dfg/DFGGraph.cpp: 237 (JSC::DFG::Graph::dump): 238 * dfg/DFGGraph.h: 239 * dfg/DFGInPlaceAbstractState.cpp: 240 * dfg/DFGJITCompiler.cpp: 241 (JSC::DFG::JITCompiler::link): 242 * dfg/DFGJITCompiler.h: 243 (JSC::DFG::JITCompiler::addGetByVal): 244 * dfg/DFGMayExit.cpp: 245 * dfg/DFGNode.h: 246 (JSC::DFG::Node::hasUidOperand): 247 (JSC::DFG::Node::hasGetByStatus): 248 (JSC::DFG::Node::getByStatus): 249 (JSC::DFG::Node::hasGetByIdStatus): Deleted. 250 (JSC::DFG::Node::getByIdStatus): Deleted. 251 * dfg/DFGNodeType.h: 252 * dfg/DFGObjectAllocationSinkingPhase.cpp: 253 * dfg/DFGPredictionPropagationPhase.cpp: 254 * dfg/DFGSafeToExecute.h: 255 (JSC::DFG::safeToExecute): 256 * dfg/DFGSpeculativeJIT.cpp: 257 (JSC::DFG::SpeculativeJIT::compileGetById): 258 (JSC::DFG::SpeculativeJIT::compileCheckIdent): 259 (JSC::DFG::SpeculativeJIT::compileCheckStringIdent): Deleted. 260 * dfg/DFGSpeculativeJIT.h: 261 * dfg/DFGSpeculativeJIT32_64.cpp: 262 (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis): 263 (JSC::DFG::SpeculativeJIT::compile): 264 * dfg/DFGSpeculativeJIT64.cpp: 265 (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis): 266 (JSC::DFG::SpeculativeJIT::compile): 267 * dfg/DFGVarargsForwardingPhase.cpp: 268 * ftl/FTLCapabilities.cpp: 269 (JSC::FTL::canCompile): 270 * ftl/FTLLowerDFGToB3.cpp: 271 (JSC::FTL::DFG::LowerDFGToB3::compileNode): 272 (JSC::FTL::DFG::LowerDFGToB3::compileCheckIdent): 273 (JSC::FTL::DFG::LowerDFGToB3::compileGetById): 274 (JSC::FTL::DFG::LowerDFGToB3::compileGetByVal): 275 (JSC::FTL::DFG::LowerDFGToB3::getByIdWithThis): 276 (JSC::FTL::DFG::LowerDFGToB3::compileCheckStringIdent): Deleted. 277 * jit/ICStats.h: 278 * jit/JIT.cpp: 279 (JSC::JIT::privateCompileSlowCases): 280 (JSC::JIT::link): 281 * jit/JIT.h: 282 * jit/JITInlineCacheGenerator.cpp: 283 (JSC::garbageStubInfo): 284 (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator): 285 (JSC::JITInstanceOfGenerator::JITInstanceOfGenerator): 286 (JSC::JITGetByValGenerator::JITGetByValGenerator): 287 (JSC::JITGetByValGenerator::generateFastPath): 288 (JSC::JITGetByValGenerator::finalize): 289 * jit/JITInlineCacheGenerator.h: 290 (JSC::JITGetByValGenerator::JITGetByValGenerator): 291 (JSC::JITGetByValGenerator::slowPathJump const): 292 * jit/JITInlines.h: 293 (JSC::JIT::emitDoubleGetByVal): Deleted. 294 (JSC::JIT::emitContiguousGetByVal): Deleted. 295 (JSC::JIT::emitArrayStorageGetByVal): Deleted. 296 * jit/JITOperations.cpp: 297 (JSC::getByVal): 298 (JSC::tryGetByValOptimize): Deleted. 299 * jit/JITOperations.h: 300 * jit/JITPropertyAccess.cpp: 301 (JSC::JIT::emit_op_get_by_val): 302 (JSC::JIT::emitSlow_op_get_by_val): 303 (JSC::JIT::emit_op_try_get_by_id): 304 (JSC::JIT::emit_op_get_by_id_direct): 305 (JSC::JIT::emit_op_get_by_id): 306 (JSC::JIT::emit_op_get_by_id_with_this): 307 (JSC::JIT::emitGetByValWithCachedId): Deleted. 308 (JSC::JIT::privateCompileGetByVal): Deleted. 309 (JSC::JIT::privateCompileGetByValWithCachedId): Deleted. 310 (JSC::JIT::emitDirectArgumentsGetByVal): Deleted. 311 (JSC::JIT::emitScopedArgumentsGetByVal): Deleted. 312 (JSC::JIT::emitIntTypedArrayGetByVal): Deleted. 313 (JSC::JIT::emitFloatTypedArrayGetByVal): Deleted. 314 * jit/JITPropertyAccess32_64.cpp: 315 (JSC::JIT::emit_op_get_by_val): 316 (JSC::JIT::emit_op_try_get_by_id): 317 (JSC::JIT::emit_op_get_by_id_direct): 318 (JSC::JIT::emit_op_get_by_id): 319 (JSC::JIT::emit_op_get_by_id_with_this): 320 (JSC::JIT::emitGetByValWithCachedId): Deleted. 321 * jit/Repatch.cpp: 322 (JSC::appropriateOptimizingGetByFunction): 323 (JSC::appropriateGetByFunction): 324 (JSC::tryCacheGetBy): 325 (JSC::repatchGetBy): 326 (JSC::tryCacheArrayGetByVal): 327 (JSC::repatchArrayGetByVal): 328 (JSC::tryCachePutByID): 329 (JSC::tryCacheInByID): 330 (JSC::tryCacheInstanceOf): 331 (JSC::resetGetBy): 332 (JSC::appropriateOptimizingGetByIdFunction): Deleted. 333 (JSC::appropriateGetByIdFunction): Deleted. 334 (JSC::tryCacheGetByID): Deleted. 335 (JSC::repatchGetByID): Deleted. 336 (JSC::resetGetByID): Deleted. 337 * jit/Repatch.h: 338 * llint/LowLevelInterpreter.h: 339 * runtime/DOMAnnotation.h: 340 * runtime/JSCJSValue.cpp: 341 (JSC::JSValue::dumpInContextAssumingStructure const): 342 * runtime/Structure.h: 343 1 344 2019-11-19 Ross Kirsling <[email protected]> 2 345
Note:
See TracChangeset
for help on using the changeset viewer.
