Changeset 282478 in webkit for trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp

Timestamp:

Sep 15, 2021, 3:18:52 PM (4 years ago)

Author:

[email protected]

Message:

Move some profiling to UnlinkedCodeBlock
​https://bugs.webkit.org/show_bug.cgi?id=230078
<rdar://problem/82947571>

Reviewed by Yusuke Suzuki.

This patch moves ValueProfiles and ArrayProfiles for non-call opcodes into
UnlinkedCodeBlock. This way, the data is shared between the linked CodeBlocks
of the same UnlinkedCodeBlock. The profiling bet here is that when the same code
runs in a different global object, it largely runs in the same way. We've made
this same bet in other ways with our profiling, and it largely makes sense
to do for ValueProfile and ArrayProfile since they both hold global object
independent data.

Because ArrayProfiles are now shared between CodeBlocks, the existing m_usesOriginalArrayStructures
bit is slightly harder to track now, since the ArrayProfile may see inputs from a different
global object, an array may be an original array in one lexical global object,
but not another. So we now track when an ArrayProfile sees a different global
object than the lexical global object, and when we observe exits in the DFG,
we propagate that bit to the m_usesOriginalArrayStructures bit.

This patch also makes it so we no longer hold the CodeBlock lock when
processing ValueProfiles and ArrayProfiles. We now allow multiple compiler
threads to race against each other when updating these profiles. This is fine.
It may end up with incomplete data in the profiles, but it won't corrupt them.

This patch also makes it so we finalized visited UnlinkedCodeBlocks to finalize
their value profiles. We no longer do that work inside CodeBlock for the
ValueProfiles that UnlinkedCodeBlock owns. This also means that we have to
WriteBarrier UnlinkedCodeBlock when executing in the LLInt, Baseline, and
other areas, such as OSR exit, and in the GC when a CodeBlock was executing.
That way we're guaranteed to visit the UnlinkedCodeBlock, add it to the
visited set, and then finalize it at the end of GC.

This patch also makes it so that inside CodeBlock::finishCreation, we finish
linking before we do anything that can throw an exception. It's not valid to
finalize a CodeBlock that isn't linked.

This was measured as a 0.5-1% speedup on Speedometer2.

• bytecode/ArrayProfile.cpp:

(JSC::ArrayProfile::computeUpdatedPrediction):
(JSC::ArrayProfile::briefDescription):
(JSC::ArrayProfile::briefDescriptionWithoutUpdating):

• bytecode/ArrayProfile.h:

(JSC::ArrayProfile::ArrayProfile):
(JSC::ArrayProfile::observedArrayModes const):
(JSC::ArrayProfile::mayInterceptIndexedAccesses const):
(JSC::ArrayProfile::mayStoreToHole const):
(JSC::ArrayProfile::outOfBounds const):
(JSC::ArrayProfile::usesOriginalArrayStructures const):
(JSC::ArrayProfile::setDoesNotUseOriginalArrayStructures):
(JSC::ArrayProfile::observedDifferentGlobalObject const):

• bytecode/BytecodeList.rb:
• bytecode/BytecodeOperandsForCheckpoint.h:

(JSC::valueProfileForImpl):

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::setConstantRegisters):
(JSC::CodeBlock::initializeTemplateObjects):
(JSC::CodeBlock::setNumParameters):
(JSC::CodeBlock::visitChildren):
(JSC::CodeBlock::finalizeUnconditionally):
(JSC::CodeBlock::getArrayProfile):
(JSC::CodeBlock::updateAllValueProfilePredictionsAndCountLiveness):
(JSC::CodeBlock::updateAllArrayPredictions):
(JSC::CodeBlock::tryGetValueProfileForBytecodeIndex):
(JSC::CodeBlock::valueProfilePredictionForBytecodeIndex):

• bytecode/CodeBlock.h:

(JSC::CodeBlock::offsetOfUnlinkedCodeBlock):
(JSC::CodeBlock::numberOfArgumentValueProfiles):
(JSC::CodeBlock::valueProfileForArgument):
(JSC::CodeBlock::metadata):

• bytecode/CodeBlockInlines.h:

(JSC::CodeBlock::forEachValueProfile):
(JSC::CodeBlock::forEachArrayProfile):

• bytecode/DFGExitProfile.cpp:

(JSC::DFG::ExitProfile::hasAnyExitsAt const):

• bytecode/DFGExitProfile.h:
• bytecode/GetByIdMetadata.h:

(JSC::GetByIdModeMetadata::setArrayLengthMode):

• bytecode/LazyOperandValueProfile.cpp:

(JSC::CompressedLazyOperandValueProfileHolder::computeUpdatedPredictions):
(JSC::LazyOperandValueProfileParser::prediction const):

• bytecode/MetadataTable.cpp:

(JSC::DeallocTable::withOpcodeType):

• bytecode/MetadataTable.h:

(JSC::MetadataTable::get):
(JSC::MetadataTable::forEach):
(JSC::MetadataTable::getWithoutAligning):
(JSC::MetadataTable::getImpl): Deleted.

• bytecode/Opcode.h:
• bytecode/UnlinkedCodeBlock.cpp:

(JSC::UnlinkedCodeBlock::visitChildrenImpl):
(JSC::UnlinkedCodeBlock::allocateSharedProfiles):
(JSC::UnlinkedCodeBlock::finalizeUnconditionally):

• bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::hasAnyExitsAt const):
(JSC::UnlinkedCodeBlock::hasAnyExitsAt):
(JSC::UnlinkedCodeBlock::valueProfile):
(JSC::UnlinkedCodeBlock::arrayProfile):
(JSC::UnlinkedCodeBlock::numValueProfiles const):
(JSC::UnlinkedCodeBlock::numArrayProfiles const):

• bytecode/UnlinkedCodeBlockGenerator.cpp:

(JSC::UnlinkedCodeBlockGenerator::finalize):

• bytecode/UnlinkedMetadataTable.cpp:

(JSC::UnlinkedMetadataTable::finalize):

• bytecode/UnlinkedMetadataTable.h:

(JSC::UnlinkedMetadataTable::isFinalized):
(JSC::UnlinkedMetadataTable::hasMetadata):

• bytecode/UnlinkedMetadataTableInlines.h:

(JSC::UnlinkedMetadataTable::numEntries):

• bytecode/ValueProfile.h:

(JSC::ValueProfileBase::ValueProfileBase):
(JSC::ValueProfileBase::clearBuckets):
(JSC::ValueProfileBase::briefDescription):
(JSC::ValueProfileBase::computeUpdatedPrediction):
(JSC::ValueProfile::offsetOfFirstBucket):
(JSC::ValueProfileBase::classInfo const): Deleted.

• dfg/DFGArrayMode.cpp:

(JSC::DFG::ArrayMode::fromObserved):

• dfg/DFGArrayMode.h:

(JSC::DFG::ArrayMode::withSpeculationFromProfile const):
(JSC::DFG::ArrayMode::withProfile const):

• dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
(JSC::DFG::ByteCodeParser::getArrayMode):
(JSC::DFG::ByteCodeParser::handleVarargsInlining):
(JSC::DFG::ByteCodeParser::parseBlock):
(JSC::DFG::ByteCodeParser::handlePutByVal):

• dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::attemptToMakeGetArrayLength):

• dfg/DFGGraph.h:
• dfg/DFGOSRExitCompilerCommon.cpp:

(JSC::DFG::osrWriteBarrier):
(JSC::DFG::adjustAndJumpToTarget):

• dfg/DFGPredictionInjectionPhase.cpp:

(JSC::DFG::PredictionInjectionPhase::run):

• heap/CodeBlockSetInlines.h:

(JSC::CodeBlockSet::iterateViaSubspaces):

• heap/Heap.cpp:

(JSC::Heap::finalizeMarkedUnconditionalFinalizers):
(JSC::Heap::finalizeUnconditionalFinalizers):
(JSC::Heap::deleteUnmarkedCompiledCode):
(JSC::Heap::runEndPhase):
(JSC::Heap::addCoreConstraints):

• jit/JIT.h:
• jit/JITInlines.h:

(JSC::JIT::emitValueProfilingSiteIfProfiledOpcode):

• jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_enter):
(JSC::JIT::op_enter_handlerGenerator):

• jit/JITOperations.cpp:

(JSC::putByValOptimize):
(JSC::directPutByValOptimize):
(JSC::JSC_DEFINE_JIT_OPERATION):

• jit/JITPropertyAccess.cpp:

(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::generateGetByValSlowCase):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_in_by_val):
(JSC::JIT::emitSlow_op_in_by_val):
(JSC::JIT::generateOpGetFromScopeThunk):
(JSC::JIT::slow_op_get_from_scopeGenerator):
(JSC::JIT::emit_op_enumerator_get_by_val):

• jit/JITPropertyAccess32_64.cpp:

(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emitSlow_op_get_by_val):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emitSlow_op_put_by_val):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_in_by_val):
(JSC::JIT::emitSlow_op_in_by_val):

• llint/LLIntSlowPaths.cpp:

(JSC::LLInt::performLLIntGetByID):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
(JSC::LLInt::getByVal):

• llint/LowLevelInterpreter.asm:
• llint/LowLevelInterpreter32_64.asm:
• llint/LowLevelInterpreter64.asm:
• profiler/ProfilerBytecodeSequence.cpp:

(JSC::Profiler::BytecodeSequence::BytecodeSequence):

• runtime/CachedTypes.cpp:

(JSC::CachedCodeBlock::numValueProfiles const):
(JSC::CachedCodeBlock::numArrayProfiles const):
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
(JSC::CachedCodeBlock<CodeBlockType>::encode):

• runtime/CommonSlowPaths.cpp:

(JSC::iteratorNextTryFastImpl):
(JSC::JSC_DEFINE_COMMON_SLOW_PATH):

• runtime/JSScope.cpp:

(JSC::abstractAccess):
(JSC::JSScope::abstractResolve):

• runtime/VM.cpp:
• runtime/VM.h:

(JSC::VM::forEachUnlinkedCodeBlockSpace):
(JSC::VM::forEachCodeBlockSpace): Deleted.

File:

• trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp (modified) (4 diffs)

trunk/Source/JavaScriptCore/dfg/DFGArrayMode.cpp

@@ -37 +37 @@
 namespace JSC { namespace DFG {
 
-ArrayMode ArrayMode::fromObserved(const ConcurrentJSLocker& locker, ArrayProfile* profile, Array::Action action, bool makeSafe)
-{
+ArrayMode ArrayMode::fromObserved(Graph& graph, const CodeOrigin& origin, ArrayProfile* profile, Array::Action action, bool makeSafe)
+{
+    if (profile->observedDifferentGlobalObject() && graph.hasAnyExitsAt(origin)) {
+        // This could be an original array structure, but from a different
+        // global object than the lexical global object. So we conservatively
+        // say it is not an original array structure.
+        profile->setDoesNotUseOriginalArrayStructures();
+    }
+
     Array::Class nonArray;
-    if (profile->usesOriginalArrayStructures(locker))
+    if (profile->usesOriginalArrayStructures())
         nonArray = Array::OriginalNonArray;
     else
@@ -64 +71 @@
             converts = Array::AsIs;
 
-        return ArrayMode(type, isArray, converts, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(type, isArray, converts, action).withProfile(profile, makeSafe);
     };
 
-    ArrayModes observed = profile->observedArrayModes(locker);
+    ArrayModes observed = profile->observedArrayModes();
     switch (observed) {
     case 0:
         return ArrayMode(Array::Unprofiled);
     case asArrayModesIgnoringTypedArrays(NonArray):
-        if (action == Array::Write && !profile->mayInterceptIndexedAccesses(locker))
+        if (action == Array::Write && !profile->mayInterceptIndexedAccesses())
             return ArrayMode(Array::SelectUsingArguments, nonArray, Array::OutOfBounds, Array::Convert, action);
-        return ArrayMode(Array::SelectUsingPredictions, nonArray, action).withSpeculationFromProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::SelectUsingPredictions, nonArray, action).withSpeculationFromProfile(profile, makeSafe);
 
     case asArrayModesIgnoringTypedArrays(ArrayWithUndecided):
         if (action == Array::Write)
             return ArrayMode(Array::SelectUsingArguments, Array::Array, Array::OutOfBounds, Array::Convert, action);
-        return ArrayMode(Array::Undecided, Array::Array, Array::OutOfBounds, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::Undecided, Array::Array, Array::OutOfBounds, Array::AsIs, action).withProfile(profile, makeSafe);
         
     case asArrayModesIgnoringTypedArrays(NonArray) | asArrayModesIgnoringTypedArrays(ArrayWithUndecided):
-        if (action == Array::Write && !profile->mayInterceptIndexedAccesses(locker))
+        if (action == Array::Write && !profile->mayInterceptIndexedAccesses())
             return ArrayMode(Array::SelectUsingArguments, Array::PossiblyArray, Array::OutOfBounds, Array::Convert, action);
-        return ArrayMode(Array::SelectUsingPredictions, action).withSpeculationFromProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::SelectUsingPredictions, action).withSpeculationFromProfile(profile, makeSafe);
 
     case asArrayModesIgnoringTypedArrays(NonArrayWithInt32):
@@ -114 +121 @@
 
     case asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage):
-        return ArrayMode(Array::ArrayStorage, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::ArrayStorage, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage):
     case asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage):
-        return ArrayMode(Array::SlowPutArrayStorage, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::SlowPutArrayStorage, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage):
-        return ArrayMode(Array::ArrayStorage, Array::Array, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::ArrayStorage, Array::Array, Array::AsIs, action).withProfile(profile, makeSafe);
     case asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage):
     case asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage):
-        return ArrayMode(Array::SlowPutArrayStorage, Array::Array, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::SlowPutArrayStorage, Array::Array, Array::AsIs, action).withProfile(profile, makeSafe);
     case asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage):
-        return ArrayMode(Array::ArrayStorage, Array::PossiblyArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::ArrayStorage, Array::PossiblyArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage):
     case asArrayModesIgnoringTypedArrays(NonArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithArrayStorage) | asArrayModesIgnoringTypedArrays(NonArrayWithSlowPutArrayStorage) | asArrayModesIgnoringTypedArrays(ArrayWithSlowPutArrayStorage):
-        return ArrayMode(Array::SlowPutArrayStorage, Array::PossiblyArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::SlowPutArrayStorage, Array::PossiblyArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case Int8ArrayMode:
-        return ArrayMode(Array::Int8Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::Int8Array, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case Int16ArrayMode:
-        return ArrayMode(Array::Int16Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::Int16Array, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case Int32ArrayMode:
-        return ArrayMode(Array::Int32Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::Int32Array, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case Uint8ArrayMode:
-        return ArrayMode(Array::Uint8Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::Uint8Array, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case Uint8ClampedArrayMode:
-        return ArrayMode(Array::Uint8ClampedArray, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::Uint8ClampedArray, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case Uint16ArrayMode:
-        return ArrayMode(Array::Uint16Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::Uint16Array, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case Uint32ArrayMode:
-        return ArrayMode(Array::Uint32Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::Uint32Array, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case Float32ArrayMode:
-        return ArrayMode(Array::Float32Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::Float32Array, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case Float64ArrayMode:
-        return ArrayMode(Array::Float64Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::Float64Array, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case BigInt64ArrayMode:
-        return ArrayMode(Array::BigInt64Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::BigInt64Array, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
     case BigUint64ArrayMode:
-        return ArrayMode(Array::BigUint64Array, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(Array::BigUint64Array, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
 
     default:
         // If we have seen multiple TypedArray types, or a TypedArray and non-typed array, it doesn't make sense to try to convert the object since you can't convert typed arrays.
         if (observed & ALL_TYPED_ARRAY_MODES)
-            return ArrayMode(Array::Generic, nonArray, Array::AsIs, action).withProfile(locker, profile, makeSafe);
-
-        if ((observed & asArrayModesIgnoringTypedArrays(NonArray)) && profile->mayInterceptIndexedAccesses(locker))
-            return ArrayMode(Array::SelectUsingPredictions).withSpeculationFromProfile(locker, profile, makeSafe);
+            return ArrayMode(Array::Generic, nonArray, Array::AsIs, action).withProfile(profile, makeSafe);
+
+        if ((observed & asArrayModesIgnoringTypedArrays(NonArray)) && profile->mayInterceptIndexedAccesses())
+            return ArrayMode(Array::SelectUsingPredictions).withSpeculationFromProfile(profile, makeSafe);
         
         Array::Type type;
@@ -184 +191 @@
             arrayClass = Array::PossiblyArray;
         
-        return ArrayMode(type, arrayClass, Array::Convert, action).withProfile(locker, profile, makeSafe);
+        return ArrayMode(type, arrayClass, Array::Convert, action).withProfile(profile, makeSafe);
     }
 }