Changeset 273649 in webkit for trunk/Source/JavaScriptCore/bytecompiler

Timestamp:

Mar 1, 2021, 7:00:20 AM (4 years ago)

Author:

Alexey Shvayka

Message:

BytecodeGenerator::fuseCompareAndJump() fails for some language constructs
​https://bugs.webkit.org/show_bug.cgi?id=221927

Reviewed by Yusuke Suzuki.

For BytecodeGenerator::fuseCompareAndJump() to merge two ops into one, condition's dst
register should not be referenced from elsewhere. This change tracks down and eliminates
all such cases, which reduces bytecode size for a few language constructs:

-1 per every case of a switch;
-2 per generator function, -2 per every yield / yield*;
-2 per class extends;
-2 per finally, -1 per every break / continue / return inside;
-3 per Function.prototype.apply() with ...spread as a single argument.

Instead of mixing RefPtr with raw C++ pointers, single-line branches were preferred.
To keep them cleaner, this patch introduces emitLoad() override for JSGenerator::ResumeMode
enum, and tweaks existing override for CompletionType.

A few drive-by improvements:

• to enable future optimizations, replaces emitBinaryOp() with emitEqualityOp() for OpEq / OpStricteq (adds an assert), and vice-versa for other comparison ops;
• removes OperandTypes for comparison ops as it was ignored (let's re-introduce them consistently once supported);
• inlines too specific BytecodeGenerator::emitJumpIf();
• replaces eq with stricteq in ApplyFunctionCallDotNode.

No behavior change, no callee registers count grow.

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitYield):
(JSC::BytecodeGenerator::emitDelegateYield):
(JSC::BytecodeGenerator::emitFinallyCompletion):
(JSC::BytecodeGenerator::emitJumpIf): Deleted.

• bytecompiler/BytecodeGenerator.h:

(JSC::BytecodeGenerator::emitEqualityOp):
(JSC::BytecodeGenerator::emitLoad):

• bytecompiler/NodesCodegen.cpp:

(JSC::ApplyFunctionCallDotNode::emitBytecode):
(JSC::ForInNode::emitBytecode):
(JSC::CaseBlockNode::emitBytecodeForBlock):
(JSC::FunctionNode::emitBytecode):
(JSC::ClassExprNode::emitBytecode):

Location:

trunk/Source/JavaScriptCore/bytecompiler

Files:

• BytecodeGenerator.cpp (modified) (9 diffs)
• BytecodeGenerator.h (modified) (3 diffs)
• NodesCodegen.cpp (modified) (8 diffs)

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -4768 +4768 @@
 
     Ref<Label> normalLabel = newLabel();
-    RefPtr<RegisterID> condition = newTemporary();
-    emitEqualityOp<OpStricteq>(condition.get(), generatorResumeModeRegister(), emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGenerator::ResumeMode::NormalMode))));
-    emitJumpIfTrue(condition.get(), normalLabel.get());
+    emitJumpIfTrue(emitEqualityOp<OpStricteq>(newTemporary(), generatorResumeModeRegister(), emitLoad(nullptr, JSGenerator::ResumeMode::NormalMode)), normalLabel.get());
 
     Ref<Label> throwLabel = newLabel();
-    emitEqualityOp<OpStricteq>(condition.get(), generatorResumeModeRegister(), emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGenerator::ResumeMode::ThrowMode))));
-    emitJumpIfTrue(condition.get(), throwLabel.get());
+    emitJumpIfTrue(emitEqualityOp<OpStricteq>(newTemporary(), generatorResumeModeRegister(), emitLoad(nullptr, JSGenerator::ResumeMode::ThrowMode)), throwLabel.get());
     // Return.
     {
@@ -4954 +4951 @@
 
                 Ref<Label> normalLabel = newLabel();
+                emitJumpIfTrue(emitEqualityOp<OpStricteq>(newTemporary(), generatorResumeModeRegister(), emitLoad(nullptr, JSGenerator::ResumeMode::NormalMode)), normalLabel.get());
+
                 Ref<Label> returnLabel = newLabel();
-                {
-                    RefPtr<RegisterID> condition = newTemporary();
-                    emitEqualityOp<OpStricteq>(condition.get(), generatorResumeModeRegister(), emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGenerator::ResumeMode::NormalMode))));
-                    emitJumpIfTrue(condition.get(), normalLabel.get());
-
-                    emitEqualityOp<OpStricteq>(condition.get(), generatorResumeModeRegister(), emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGenerator::ResumeMode::ReturnMode))));
-                    emitJumpIfTrue(condition.get(), returnLabel.get());
-
-                    // Fallthrough to ThrowMode.
-                }
+                emitJumpIfTrue(emitEqualityOp<OpStricteq>(newTemporary(), generatorResumeModeRegister(), emitLoad(nullptr, JSGenerator::ResumeMode::ReturnMode)), returnLabel.get());
 
                 // Throw.
@@ -5132 +5122 @@
 {
     if (context.numberOfBreaksOrContinues() || context.handlesReturns()) {
-        emitJumpIf<OpStricteq>(context.completionTypeRegister(), CompletionType::Normal, normalCompletionLabel);
+        emitJumpIfTrue(emitEqualityOp<OpStricteq>(newTemporary(), context.completionTypeRegister(), emitLoad(nullptr, CompletionType::Normal)), normalCompletionLabel);
 
         FinallyContext* outerContext = context.outerContext();
@@ -5143 +5133 @@
             Ref<Label> nextLabel = newLabel();
             auto& jump = context.jumps(i);
-            emitJumpIf<OpNstricteq>(context.completionTypeRegister(), jump.jumpID, nextLabel.get());
+            emitJumpIfFalse(emitEqualityOp<OpStricteq>(newTemporary(), context.completionTypeRegister(), emitLoad(nullptr, jump.jumpID)), nextLabel.get());
 
             // This case is for Break / Continue completions from an inner finally context
@@ -5176 +5166 @@
             if (context.handlesReturns()) {
                 Ref<Label> isNotReturnLabel = newLabel();
-                emitJumpIf<OpNstricteq>(context.completionTypeRegister(), CompletionType::Return, isNotReturnLabel.get());
+                emitJumpIfFalse(emitEqualityOp<OpStricteq>(newTemporary(), context.completionTypeRegister(), emitLoad(nullptr, CompletionType::Return)), isNotReturnLabel.get());
 
                 // This case is for Return completion from an inner finally context:
@@ -5204 +5194 @@
             if (hasBreaksOrContinuesThatEscapeCurrentFinally) {
                 Ref<Label> isThrowOrNormalLabel = newLabel();
-                emitJumpIf<OpBeloweq>(context.completionTypeRegister(), CompletionType::Throw, isThrowOrNormalLabel.get());
+                emitJumpIfTrue(emitBinaryOp<OpBeloweq>(newTemporary(), context.completionTypeRegister(), emitLoad(nullptr, CompletionType::Throw)), isThrowOrNormalLabel.get());
 
                 // A completionType above Throw means we have a Break or Continue encoded as a jumpID.
@@ -5247 +5237 @@
             if (context.handlesReturns()) {
                 Ref<Label> notReturnLabel = newLabel();
-                emitJumpIf<OpNstricteq>(context.completionTypeRegister(), CompletionType::Return, notReturnLabel.get());
+                emitJumpIfFalse(emitEqualityOp<OpStricteq>(newTemporary(), context.completionTypeRegister(), emitLoad(nullptr, CompletionType::Return)), notReturnLabel.get());
 
                 // This case is for Return completion from the outermost finally context:
@@ -5271 +5261 @@
     // possibilities are Normal or Throw.
 
-    emitJumpIf<OpNstricteq>(context.completionTypeRegister(), CompletionType::Throw, normalCompletionLabel);
+    emitJumpIfFalse(emitEqualityOp<OpStricteq>(newTemporary(), context.completionTypeRegister(), emitLoad(nullptr, CompletionType::Throw)), normalCompletionLabel);
 
     // We get here because we entered this finally context with Throw completionType (i.e. we have
@@ -5284 +5274 @@
 
     emitThrow(context.completionValueRegister());
-}
-
-template<typename CompareOp>
-void BytecodeGenerator::emitJumpIf(RegisterID* completionTypeRegister, CompletionType type, Label& jumpTarget)
-{
-    RefPtr<RegisterID> tempRegister = newTemporary();
-    RegisterID* valueConstant = addConstantValue(jsNumber(static_cast<int>(type)));
-    OperandTypes operandTypes = OperandTypes(ResultType::numberTypeIsInt32(), ResultType::unknownType());
-
-    auto equivalenceResult = emitBinaryOp<CompareOp>(tempRegister.get(), completionTypeRegister, valueConstant, operandTypes);
-    emitJumpIfTrue(equivalenceResult, jumpTarget);
 }
 

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -724 +724 @@
             && BinaryOp::opcodeID != op_div,
             RegisterID*>
-        emitBinaryOp(RegisterID* dst, RegisterID* src1, RegisterID* src2, OperandTypes)
+        emitBinaryOp(RegisterID* dst, RegisterID* src1, RegisterID* src2, OperandTypes = OperandTypes())
         {
             BinaryOp::emit(this, dst, src1, src2);
@@ -748 +748 @@
         RegisterID* emitEqualityOp(RegisterID* dst, RegisterID* src1, RegisterID* src2)
         {
+            static_assert(EqOp::opcodeID == op_eq || EqOp::opcodeID == op_stricteq);
             if (!emitEqualityOpImpl(dst, src1, src2))
                 EqOp::emit(this, dst, src1, src2);
@@ -1021 +1022 @@
         void emitWillLeaveCallFrameDebugHook();
 
-        void emitLoad(RegisterID* completionTypeRegister, CompletionType type)
-        {
-            emitLoad(completionTypeRegister, JSValue(static_cast<int>(type)));
-        }
-
-        template<typename CompareOp>
-        void emitJumpIf(RegisterID* completionTypeRegister, CompletionType, Label& jumpTarget);
+        RegisterID* emitLoad(RegisterID* dst, CompletionType type) { return emitLoad(dst, jsNumber(static_cast<int32_t>(type))); }
+        RegisterID* emitLoad(RegisterID* dst, JSGenerator::ResumeMode mode) { return emitLoad(dst, jsNumber(static_cast<int32_t>(mode))); }
 
         bool emitJumpViaFinallyIfNeeded(int targetLabelScopeDepth, Label& jumpTarget);

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -2245 +2245 @@
                     Ref<Label> haveThis = generator.newLabel();
                     Ref<Label> end = generator.newLabel();
-                    RefPtr<RegisterID> compareResult = generator.newTemporary();
-                    RefPtr<RegisterID> indexZeroCompareResult = generator.emitBinaryOp<OpEq>(compareResult.get(), index.get(), generator.emitLoad(nullptr, jsNumber(0)), OperandTypes(ResultType::numberTypeIsInt32(), ResultType::numberTypeIsInt32()));
-                    generator.emitJumpIfFalse(indexZeroCompareResult.get(), haveThis.get());
+                    generator.emitJumpIfFalse(generator.emitEqualityOp<OpStricteq>(generator.newTemporary(), index.get(), generator.emitLoad(nullptr, jsNumber(0))), haveThis.get());
                     generator.move(thisRegister.get(), value);
                     generator.emitLoad(index.get(), jsNumber(1));
                     generator.emitJump(end.get());
                     generator.emitLabel(haveThis.get());
-                    RefPtr<RegisterID> indexOneCompareResult = generator.emitBinaryOp<OpEq>(compareResult.get(), index.get(), generator.emitLoad(nullptr, jsNumber(1)), OperandTypes(ResultType::numberTypeIsInt32(), ResultType::numberTypeIsInt32()));
-                    generator.emitJumpIfFalse(indexOneCompareResult.get(), end.get());
+                    generator.emitJumpIfFalse(generator.emitEqualityOp<OpStricteq>(generator.newTemporary(), index.get(), generator.emitLoad(nullptr, jsNumber(1))), end.get());
                     generator.move(argumentsRegister.get(), value);
                     generator.emitLoad(index.get(), jsNumber(2));
@@ -4213 +4210 @@
         generator.emitLoopHint();
 
-        RefPtr<RegisterID> result = generator.emitEqualityOp<OpLess>(generator.newTemporary(), i.get(), length.get());
+        RefPtr<RegisterID> result = generator.emitBinaryOp<OpLess>(generator.newTemporary(), i.get(), length.get());
         generator.emitJumpIfFalse(result.get(), loopEnd.get());
         generator.emitHasEnumerableIndexedProperty(result.get(), base.get(), i.get());
@@ -4619 +4616 @@
             RefPtr<RegisterID> clauseVal = generator.newTemporary();
             generator.emitNode(clauseVal.get(), list->getClause()->expr());
-            generator.emitBinaryOp<OpStricteq>(clauseVal.get(), clauseVal.get(), switchExpression, OperandTypes());
-            labelVector.append(generator.newLabel());
-            generator.emitJumpIfTrue(clauseVal.get(), labelVector[labelVector.size() - 1].get());
+            Ref<Label> clauseLabel = generator.newLabel();
+            labelVector.append(clauseLabel);
+            generator.emitJumpIfTrue(generator.emitEqualityOp<OpStricteq>(generator.newTemporary(), clauseVal.get(), switchExpression), clauseLabel.get());
         }
         
@@ -4627 +4624 @@
             RefPtr<RegisterID> clauseVal = generator.newTemporary();
             generator.emitNode(clauseVal.get(), list->getClause()->expr());
-            generator.emitBinaryOp<OpStricteq>(clauseVal.get(), clauseVal.get(), switchExpression, OperandTypes());
-            labelVector.append(generator.newLabel());
-            generator.emitJumpIfTrue(clauseVal.get(), labelVector[labelVector.size() - 1].get());
+            Ref<Label> clauseLabel = generator.newLabel();
+            labelVector.append(clauseLabel);
+            generator.emitJumpIfTrue(generator.emitEqualityOp<OpStricteq>(generator.newTemporary(), clauseVal.get(), switchExpression), clauseLabel.get());
         }
         generator.emitJump(defaultLabel.get());
@@ -4964 +4961 @@
         generator.move(args.argumentRegister(argumentCount++), generator.promiseRegister());
         generator.emitLoad(args.argumentRegister(argumentCount++), jsUndefined());
-        generator.emitLoad(args.argumentRegister(argumentCount++), jsNumber(static_cast<int32_t>(JSGenerator::ResumeMode::NormalMode)));
+        generator.emitLoad(args.argumentRegister(argumentCount++), JSGenerator::ResumeMode::NormalMode);
         // JSTextPosition(int _line, int _offset, int _lineStartOffset)
         JSTextPosition divot(firstLine(), startOffset(), lineStartOffset());
@@ -4980 +4977 @@
         Ref<Label> generatorBodyLabel = generator.newLabel();
         {
-            RefPtr<RegisterID> condition = generator.newTemporary();
-            generator.emitEqualityOp<OpStricteq>(condition.get(), generator.generatorResumeModeRegister(), generator.emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGenerator::ResumeMode::NormalMode))));
-            generator.emitJumpIfTrue(condition.get(), generatorBodyLabel.get());
+            generator.emitJumpIfTrue(generator.emitEqualityOp<OpStricteq>(generator.newTemporary(), generator.generatorResumeModeRegister(), generator.emitLoad(nullptr, JSGenerator::ResumeMode::NormalMode)), generatorBodyLabel.get());
 
             Ref<Label> throwLabel = generator.newLabel();
-            generator.emitEqualityOp<OpStricteq>(condition.get(), generator.generatorResumeModeRegister(), generator.emitLoad(nullptr, jsNumber(static_cast<int32_t>(JSGenerator::ResumeMode::ThrowMode))));
-            generator.emitJumpIfTrue(condition.get(), throwLabel.get());
+            generator.emitJumpIfTrue(generator.emitEqualityOp<OpStricteq>(generator.newTemporary(), generator.generatorResumeModeRegister(), generator.emitLoad(nullptr, JSGenerator::ResumeMode::ThrowMode)), throwLabel.get());
 
             generator.emitReturn(generator.generatorValueRegister());
@@ -5213 +5207 @@
         generator.emitLoad(protoParent.get(), jsNull());
 
-        RefPtr<RegisterID> tempRegister = generator.newTemporary();
-
         Ref<Label> superclassIsNullLabel = generator.newLabel();
-        generator.emitJumpIfTrue(generator.emitIsNull(tempRegister.get(), superclass.get()), superclassIsNullLabel.get());
+        generator.emitJumpIfTrue(generator.emitIsNull(generator.newTemporary(), superclass.get()), superclassIsNullLabel.get());
 
         Ref<Label> superclassIsConstructorLabel = generator.newLabel();
-        generator.emitJumpIfTrue(generator.emitIsConstructor(tempRegister.get(), superclass.get()), superclassIsConstructorLabel.get());
+        generator.emitJumpIfTrue(generator.emitIsConstructor(generator.newTemporary(), superclass.get()), superclassIsConstructorLabel.get());
         generator.emitThrowTypeError("The superclass is not a constructor."_s);
         generator.emitLabel(superclassIsConstructorLabel.get());
@@ -5225 +5217 @@
 
         Ref<Label> protoParentIsObjectOrNullLabel = generator.newLabel();
-        generator.emitJumpIfTrue(generator.emitIsObject(tempRegister.get(), protoParent.get()), protoParentIsObjectOrNullLabel.get());
-        generator.emitJumpIfTrue(generator.emitIsNull(tempRegister.get(), protoParent.get()), protoParentIsObjectOrNullLabel.get());
+        generator.emitJumpIfTrue(generator.emitIsObject(generator.newTemporary(), protoParent.get()), protoParentIsObjectOrNullLabel.get());
+        generator.emitJumpIfTrue(generator.emitIsNull(generator.newTemporary(), protoParent.get()), protoParentIsObjectOrNullLabel.get());
         generator.emitThrowTypeError("The value of the superclass's prototype property is not an object or null."_s);
         generator.emitLabel(protoParentIsObjectOrNullLabel.get());