Changeset 293009 in webkit for trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

Timestamp:

Apr 19, 2022, 1:06:44 AM (3 years ago)

Author:

[email protected]

Message:

[JSC] Use constants buffer in DFG
​https://bugs.webkit.org/show_bug.cgi?id=237863

Reviewed by Saam Barati.

This patch newly introduces LinkableConstant concept. We replace TrustedImmPtr::weakPointer with
that, and it can be switched between two modes: (1) just embedding a constant pointer in machine code
or (2) emitting a load from specific callee-save register. We use (2) for unlinked DFG code so that
we can start decoupling constants from machine code, which will be separately allocated as DFG constant buffer.
To introduce this mechanism, we introduce CCallHelpers::ConstantMaterializer concept, which can be used
to materialize constant in a specified way in CCallHelpers. And we use this to implement DFG LinkableConstant.

We also avoid embedding global object pointer in the tail call by modifying CallFrameShuffler to save it.

• Source/JavaScriptCore/assembler/MacroAssemblerARM64.h:

(JSC::MacroAssemblerARM64::transfer64):
(JSC::MacroAssemblerARM64::transferPtr):
(JSC::MacroAssemblerARM64::branch64):
(JSC::MacroAssemblerARM64::branchPtr):

• Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h:

(JSC::MacroAssemblerRISCV64::transfer64):
(JSC::MacroAssemblerRISCV64::transferPtr):
(JSC::MacroAssemblerRISCV64::branch64):
(JSC::MacroAssemblerRISCV64::branchPtr):

• Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h:

(JSC::MacroAssemblerX86_64::transfer64):
(JSC::MacroAssemblerX86_64::transferPtr):
(JSC::MacroAssemblerX86_64::branch64):
(JSC::MacroAssemblerX86_64::branchPtr):

• Source/JavaScriptCore/bytecode/CodeBlock.cpp:

(JSC::CodeBlock::setupWithLinkableBaselineCode):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::propagateTransitions):
(JSC::CodeBlock::finalizeJITInlineCaches):
(JSC::CodeBlock::getICStatusMap):
(JSC::CodeBlock::findStubInfo):
(JSC::CodeBlock::resetBaselineJITData):
(JSC::CodeBlock::stronglyVisitStrongReferences):
(JSC::CodeBlock::findPC):

• Source/JavaScriptCore/bytecode/CodeBlock.h:

(JSC::CodeBlock::offsetOfJITData):
(JSC::CodeBlock::baselineJITData):
(JSC::CodeBlock::setDFGJITData):
(JSC::CodeBlock::dfgJITData):
(JSC::CodeBlock::offsetOfBaselineJITData): Deleted.

• Source/JavaScriptCore/dfg/DFGCallArrayAllocatorSlowPathGenerator.h:
• Source/JavaScriptCore/dfg/DFGJITCode.h:
• Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compileSetupRegistersForEntry):
(JSC::DFG::JITCompiler::compileFunction):
(JSC::DFG::JITCompiler::loadLinkableConstant):
(JSC::DFG::JITCompiler::storeLinkableConstant):
(JSC::DFG::JITCompiler::LinkableConstant::LinkableConstant):
(JSC::DFG::JITCompiler::LinkableConstant::materialize):
(JSC::DFG::JITCompiler::LinkableConstant::poke):

• Source/JavaScriptCore/dfg/DFGJITCompiler.h:

(JSC::DFG::JITCompiler::branchLinkableConstant):
(JSC::DFG::JITCompiler::branchWeakPtr): Deleted.

• Source/JavaScriptCore/dfg/DFGJITFinalizer.cpp:

(JSC::DFG::JITFinalizer::finalize):

• Source/JavaScriptCore/dfg/DFGPlan.cpp:

(JSC::DFG::Plan::addLinkableConstant):
(JSC::DFG::Plan::finalizeJITData):

• Source/JavaScriptCore/dfg/DFGPlan.h:
• Source/JavaScriptCore/dfg/DFGSaneStringGetByValSlowPathGenerator.h:
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::emitGetCallee):
(JSC::DFG::SpeculativeJIT::silentFill):
(JSC::DFG::SpeculativeJIT::compileDeleteById):
(JSC::DFG::SpeculativeJIT::compileDeleteByVal):
(JSC::DFG::SpeculativeJIT::compileInById):
(JSC::DFG::SpeculativeJIT::compileInByVal):
(JSC::DFG::SpeculativeJIT::compileHasPrivate):
(JSC::DFG::SpeculativeJIT::compilePushWithScope):
(JSC::DFG::SpeculativeJIT::compileStringSlice):
(JSC::DFG::SpeculativeJIT::compileToLowerCase):
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
(JSC::DFG::SpeculativeJIT::compileCheckTraps):
(JSC::DFG::SpeculativeJIT::compileContiguousPutByVal):
(JSC::DFG::SpeculativeJIT::compileDoublePutByVal):
(JSC::DFG::SpeculativeJIT::compilePutByVal):
(JSC::DFG::SpeculativeJIT::compileGetByValOnString):
(JSC::DFG::SpeculativeJIT::compileFromCharCode):
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):

• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:

(JSC::DFG::SpeculativeJIT::TrustedImmPtr::TrustedImmPtr):
(JSC::DFG::SpeculativeJIT::callOperationWithCallFrameRollbackOnException):
(JSC::DFG::SpeculativeJIT::branchLinkableConstant):

• Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::genericJSValueNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileArithRandom):

• Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::nonSpeculativeNonPeepholeCompareNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeBranchNullOrUndefined):
(JSC::DFG::SpeculativeJIT::nonSpeculativePeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::genericJSValueNonPeepholeStrictEq):
(JSC::DFG::SpeculativeJIT::emitCall):
(JSC::DFG::SpeculativeJIT::compileCompareEqPtr):
(JSC::DFG::SpeculativeJIT::compileToBooleanObjectOrOther):
(JSC::DFG::SpeculativeJIT::emitObjectOrOtherBranch):
(JSC::DFG::SpeculativeJIT::emitUntypedBranch):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compileRegExpTestInline):
(JSC::DFG::SpeculativeJIT::compile):

• Source/JavaScriptCore/dfg/DFGThunks.cpp:

(JSC::DFG::osrEntryThunkGenerator):

• Source/JavaScriptCore/jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::executableFor): Deleted.

• Source/JavaScriptCore/jit/AssemblyHelpers.h:

(JSC::AssemblyHelpers::globalObjectFor): Deleted.

• Source/JavaScriptCore/jit/CCallHelpers.h:

(JSC::CCallHelpers::pokeForArgument):
(JSC::CCallHelpers::setupArgumentsImpl):

• Source/JavaScriptCore/jit/GPRInfo.h:

(JSC::GPRInfo::toRegister):

• Source/JavaScriptCore/jit/JIT.cpp:

(JSC::JIT::privateCompileMainPass):
(JSC::JIT::emitMaterializeMetadataAndConstantPoolRegisters):

• Source/JavaScriptCore/jit/JITOpcodes.cpp:

(JSC::JIT::emit_op_catch):

• Source/JavaScriptCore/jit/JITOperations.cpp:

(JSC::JSC_DEFINE_JIT_OPERATION):

• Source/JavaScriptCore/jit/JITOperations.h:
• Source/JavaScriptCore/jit/RegisterSet.cpp:

(JSC::RegisterSet::llintBaselineCalleeSaveRegisters):
(JSC::RegisterSet::dfgCalleeSaveRegisters):

• Source/JavaScriptCore/llint/LLIntData.h:
• Source/JavaScriptCore/llint/LowLevelInterpreter.asm:
• Source/JavaScriptCore/runtime/JSGlobalObject.h:

(JSC::JSGlobalObject::offsetOfGlobalThis):

Canonical link: ​https://commits.webkit.org/249748@main

File:

• trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp (modified) (3 diffs)

trunk/Source/JavaScriptCore/dfg/DFGJITCompiler.cpp

@@ -119 +119 @@
     emitSaveCalleeSaves();
     emitMaterializeTagCheckRegisters();    
+#if USE(JSVALUE64)
+    if (m_graph.m_plan.isUnlinked()) {
+        emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, GPRInfo::constantsRegister);
+        loadPtr(Address(GPRInfo::constantsRegister, CodeBlock::offsetOfJITData()), GPRInfo::constantsRegister);
+    }
+#endif
 }
 
@@ -436 +442 @@
         if (maxFrameExtentForSlowPathCall)
             addPtr(TrustedImm32(-static_cast<int32_t>(maxFrameExtentForSlowPathCall)), stackPointerRegister);
-        m_speculative->callOperationWithCallFrameRollbackOnException(m_codeBlock->isConstructor() ? operationConstructArityCheck : operationCallArityCheck, GPRInfo::regT0, m_codeBlock->globalObject());
+        emitGetFromCallFrameHeaderPtr(CallFrameSlot::codeBlock, GPRInfo::argumentGPR0);
+        loadPtr(Address(GPRInfo::argumentGPR0, CodeBlock::offsetOfGlobalObject()), GPRInfo::argumentGPR0);
+        m_speculative->callOperationWithCallFrameRollbackOnException(m_codeBlock->isConstructor() ? operationConstructArityCheck : operationCallArityCheck, GPRInfo::returnValueGPR, GPRInfo::argumentGPR0);
         if (maxFrameExtentForSlowPathCall)
             addPtr(TrustedImm32(maxFrameExtentForSlowPathCall), stackPointerRegister);
@@ -647 +655 @@
 }
 
+void JITCompiler::loadLinkableConstant(LinkableConstant constant, GPRReg dest)
+{
+    constant.materialize(*this, dest);
+}
+
+void JITCompiler::storeLinkableConstant(LinkableConstant constant, Address dest)
+{
+    constant.store(*this, dest);
+}
+
+JITCompiler::LinkableConstant::LinkableConstant(Graph& graph, JSCell* cell)
+{
+    graph.m_plan.weakReferences().addLazily(cell);
+    if (graph.m_plan.isUnlinked()) {
+        m_index = graph.m_plan.addLinkableConstant(cell);
+        return;
+    }
+    m_pointer = cell;
+}
+
+JITCompiler::LinkableConstant::LinkableConstant(Graph& graph, void* pointer, NonCellTag)
+{
+    if (graph.m_plan.isUnlinked()) {
+        m_index = graph.m_plan.addLinkableConstant(pointer);
+        return;
+    }
+    m_pointer = pointer;
+}
+
+void JITCompiler::LinkableConstant::materialize(CCallHelpers& jit, GPRReg resultGPR)
+{
+#if USE(JSVALUE64)
+    if (isUnlinked()) {
+        jit.loadPtr(unlinkedAddress(), resultGPR);
+        return;
+    }
+#endif
+    jit.move(TrustedImmPtr(m_pointer), resultGPR);
+}
+
+void JITCompiler::LinkableConstant::store(CCallHelpers& jit, CCallHelpers::Address address)
+{
+#if USE(JSVALUE64)
+    if (isUnlinked()) {
+        jit.transferPtr(unlinkedAddress(), address);
+        return;
+    }
+#endif
+    jit.storePtr(TrustedImmPtr(m_pointer), address);
+}
+
 } } // namespace JSC::DFG