Changeset 37831 in webkit for trunk/JavaScriptCore

Timestamp:

Oct 23, 2008, 3:29:54 PM (17 years ago)

Author:

[email protected]

Message:

2008-10-23 Gavin Barraclough <​[email protected]>

Reviewed by Oliver Hunt.

Fix hideous pathological case performance when looking up repatch info, bug #21727.

When repatching JIT code to optimize we look up records providing information about
the generated code (also used to track recsources used in linking to be later released).
The lookup was being performed using a linear scan of all such records.

(1) Split up the different types of reptach information. This means we can search them

separately, and in some cases should reduce their size.

(2) In the case of property accesses, search with a binary chop over the data.
(3) In the case of calls, pass a pointer to the repatch info into the relink function.

• VM/CTI.cpp: (JSC::CTI::CTI): (JSC::CTI::compileOpCall): (JSC::CTI::privateCompileMainPass): (JSC::CTI::privateCompileSlowCases): (JSC::CTI::privateCompile): (JSC::CTI::unlinkCall): (JSC::CTI::linkCall):
• VM/CTI.h:
• VM/CodeBlock.cpp: (JSC::CodeBlock::dump): (JSC::CodeBlock::~CodeBlock): (JSC::CodeBlock::unlinkCallers): (JSC::CodeBlock::derefStructureIDs):
• VM/CodeBlock.h: (JSC::StructureStubInfo::StructureStubInfo): (JSC::CallLinkInfo::CallLinkInfo): (JSC::CallLinkInfo::setUnlinked): (JSC::CallLinkInfo::isLinked): (JSC::getStructureStubInfoReturnLocation): (JSC::binaryChop): (JSC::CodeBlock::addCaller): (JSC::CodeBlock::getStubInfo):
• VM/CodeGenerator.cpp: (JSC::CodeGenerator::emitResolve): (JSC::CodeGenerator::emitGetById): (JSC::CodeGenerator::emitPutById): (JSC::CodeGenerator::emitCall): (JSC::CodeGenerator::emitConstruct):
• VM/Machine.cpp: (JSC::Machine::cti_vm_lazyLinkCall):

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• VM/CTI.cpp (modified) (23 diffs)
• VM/CTI.h (modified) (4 diffs)
• VM/CodeBlock.cpp (modified) (4 diffs)
• VM/CodeBlock.h (modified) (6 diffs)
• VM/CodeGenerator.cpp (modified) (5 diffs)
• VM/Machine.cpp (modified) (2 diffs)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2008-10-23  Gavin Barraclough  <[email protected]>
+
+        Reviewed by Oliver Hunt.
+
+        Fix hideous pathological case performance when looking up repatch info, bug #21727.
+
+        When repatching JIT code to optimize we look up records providing information about
+        the generated code (also used to track recsources used in linking to be later released). 
+        The lookup was being performed using a linear scan of all such records.
+
+        (1) Split up the different types of reptach information.  This means we can search them
+            separately, and in some cases should reduce their size.
+        (2) In the case of property accesses, search with a binary chop over the data.
+        (3) In the case of calls, pass a pointer to the repatch info into the relink function.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::CTI):
+        (JSC::CTI::compileOpCall):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        (JSC::CTI::privateCompile):
+        (JSC::CTI::unlinkCall):
+        (JSC::CTI::linkCall):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        (JSC::CodeBlock::~CodeBlock):
+        (JSC::CodeBlock::unlinkCallers):
+        (JSC::CodeBlock::derefStructureIDs):
+        * VM/CodeBlock.h:
+        (JSC::StructureStubInfo::StructureStubInfo):
+        (JSC::CallLinkInfo::CallLinkInfo):
+        (JSC::CallLinkInfo::setUnlinked):
+        (JSC::CallLinkInfo::isLinked):
+        (JSC::getStructureStubInfoReturnLocation):
+        (JSC::binaryChop):
+        (JSC::CodeBlock::addCaller):
+        (JSC::CodeBlock::getStubInfo):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitResolve):
+        (JSC::CodeGenerator::emitGetById):
+        (JSC::CodeGenerator::emitPutById):
+        (JSC::CodeGenerator::emitCall):
+        (JSC::CodeGenerator::emitConstruct):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_vm_lazyLinkCall):
+
 2008-10-23  Peter Kasting  <[email protected]>
 

trunk/JavaScriptCore/VM/CTI.cpp

@@ -514 +514 @@
     , m_codeBlock(codeBlock)
     , m_labels(codeBlock ? codeBlock->instructions.size() : 0)
-    , m_structureStubCompilationInfo(codeBlock ? codeBlock->structureIDInstructions.size() : 0)
+    , m_propertyAccessCompilationInfo(codeBlock ? codeBlock->propertyAccessInstructions.size() : 0)
+    , m_callStructureStubCompilationInfo(codeBlock ? codeBlock->callLinkInfos.size() : 0)
 {
 }
@@ -577 +578 @@
 }
 
-void CTI::compileOpCall(Instruction* instruction, unsigned i, unsigned structureIDInstructionIndex, CompileOpCallType type)
+void CTI::compileOpCall(Instruction* instruction, unsigned i, unsigned callLinkInfoIndex, CompileOpCallType type)
 {
     int dst = instruction[1].u.operand;
@@ -615 +616 @@
     m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJne(), i));
     ASSERT(X86Assembler::getDifferenceBetweenLabels(addressOfLinkedFunctionCheck, m_jit.label()) == repatchOffsetOpCallCall);
-    m_structureStubCompilationInfo[structureIDInstructionIndex].hotPathBegin = addressOfLinkedFunctionCheck;
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathBegin = addressOfLinkedFunctionCheck;
 
     // The following is the fast case, only used whan a callee can be linked.
@@ -639 +640 @@
 
     // Call to the callee
-    m_structureStubCompilationInfo[structureIDInstructionIndex].hotPathOther = emitNakedCall(i, unreachable);
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathOther = emitNakedCall(i, unreachable);
     
     if (type == OpCallEval)
@@ -950 +951 @@
     unsigned instructionCount = m_codeBlock->instructions.size();
 
-    unsigned structureIDInstructionIndex = 0;
+    unsigned propertyAccessInstructionIndex = 0;
+    unsigned callLinkInfoIndex = 0;
 
     for (unsigned i = 0; i < instructionCount; ) {
@@ -1095 +1097 @@
             emitGetArg(instruction[i + 3].u.operand, X86::edx);
 
-            ASSERT(m_codeBlock->structureIDInstructions[structureIDInstructionIndex].opcodeIndex == i);
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].opcodeIndex == i);
             X86Assembler::JmpDst hotPathBegin = m_jit.label();
-            m_structureStubCompilationInfo[structureIDInstructionIndex].hotPathBegin = hotPathBegin;
-            ++structureIDInstructionIndex;
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+            ++propertyAccessInstructionIndex;
 
             // Jump to a slow case if either the base object is an immediate, or if the StructureID does not match.
@@ -1123 +1125 @@
             emitGetArg(instruction[i + 2].u.operand, X86::eax);
 
-            ASSERT(m_codeBlock->structureIDInstructions[structureIDInstructionIndex].opcodeIndex == i);
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].opcodeIndex == i);
 
             X86Assembler::JmpDst hotPathBegin = m_jit.label();
-            m_structureStubCompilationInfo[structureIDInstructionIndex].hotPathBegin = hotPathBegin;
-            ++structureIDInstructionIndex;
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+            ++propertyAccessInstructionIndex;
 
             emitJumpSlowCaseIfNotJSCell(X86::eax, i);
@@ -1253 +1255 @@
         }
         case op_call: {
-            compileOpCall(instruction + i, i, structureIDInstructionIndex++);
+            compileOpCall(instruction + i, i, callLinkInfoIndex++);
             i += 7;
             break;
@@ -1349 +1351 @@
         }
         case op_construct: {
-            compileOpCall(instruction + i, i, structureIDInstructionIndex++, OpConstruct);
+            compileOpCall(instruction + i, i, callLinkInfoIndex++, OpConstruct);
             i += 7;
             break;
@@ -1491 +1493 @@
             m_jit.movl_mr(structureIDAddr, X86::edx);
             m_jit.cmpl_rm(X86::edx, OBJECT_OFFSET(JSCell, m_structureID), X86::eax);
-            X86Assembler::JmpSrc slowCase = m_jit.emitUnlinkedJne(); // StructureIDs don't match
-            m_slowCases.append(SlowCaseEntry(slowCase, i));
+            X86Assembler::JmpSrc noMatch = m_jit.emitUnlinkedJne(); // StructureIDs don't match
 
             // Load cached property
@@ -1502 +1503 @@
 
             // Slow case
-            m_jit.link(slowCase, m_jit.label());
+            m_jit.link(noMatch, m_jit.label());
             emitPutArgConstant(globalObject, 0);
             emitPutArgConstant(reinterpret_cast<unsigned>(ident), 4);
@@ -1510 +1511 @@
             m_jit.link(end, m_jit.label());
             i += 6;
-            ++structureIDInstructionIndex;
             break;
         }
@@ -1842 +1842 @@
         }
         case op_call_eval: {
-            compileOpCall(instruction + i, i, structureIDInstructionIndex++, OpCallEval);
+            compileOpCall(instruction + i, i, callLinkInfoIndex++, OpCallEval);
             i += 7;
             break;
@@ -2193 +2193 @@
     }
 
-    ASSERT(structureIDInstructionIndex == m_codeBlock->structureIDInstructions.size());
+    ASSERT(propertyAccessInstructionIndex == m_codeBlock->propertyAccessInstructions.size());
+    ASSERT(callLinkInfoIndex == m_codeBlock->callLinkInfos.size());
 }
 
@@ -2218 +2219 @@
 void CTI::privateCompileSlowCases()
 {
-    unsigned structureIDInstructionIndex = 0;
+    unsigned propertyAccessInstructionIndex = 0;
+    unsigned callLinkInfoIndex = 0;
 
     Instruction* instruction = m_codeBlock->instructions.begin();
@@ -2362 +2364 @@
 
             // Track the location of the call; this will be used to recover repatch information.
-            ASSERT(m_codeBlock->structureIDInstructions[structureIDInstructionIndex].opcodeIndex == i);
-            m_structureStubCompilationInfo[structureIDInstructionIndex].callReturnLocation = call;
-            ++structureIDInstructionIndex;
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].opcodeIndex == i);
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].callReturnLocation = call;
+            ++propertyAccessInstructionIndex;
 
             i += 8;
@@ -2390 +2392 @@
 
             // Track the location of the call; this will be used to recover repatch information.
-            ASSERT(m_codeBlock->structureIDInstructions[structureIDInstructionIndex].opcodeIndex == i);
-            m_structureStubCompilationInfo[structureIDInstructionIndex].callReturnLocation = call;
-            ++structureIDInstructionIndex;
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].opcodeIndex == i);
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].callReturnLocation = call;
+            ++propertyAccessInstructionIndex;
 
             i += 8;
-            break;
-        }
-        case op_resolve_global: {
-            ++structureIDInstructionIndex;
-            i += 6;
             break;
         }
@@ -2711 +2708 @@
 
             // Try to link & repatch this call.
-            m_structureStubCompilationInfo[structureIDInstructionIndex].callReturnLocation =
+            CallLinkInfo* info = &(m_codeBlock->callLinkInfos[callLinkInfoIndex]);
+            emitPutArgConstant(reinterpret_cast<unsigned>(info), 4);
+            m_callStructureStubCompilationInfo[callLinkInfoIndex].callReturnLocation =
                 emitCTICall(i, Machine::cti_vm_lazyLinkCall);
             emitNakedCall(i, X86::eax);
@@ -2717 +2716 @@
 
             // This is the address for the cold path *after* the first run (which tries to link the call).
-            m_structureStubCompilationInfo[structureIDInstructionIndex].coldPathOther = m_jit.label();
+            m_callStructureStubCompilationInfo[callLinkInfoIndex].coldPathOther = m_jit.label();
 
             // The arguments have been set up on the hot path for op_call_eval
@@ -2764 +2763 @@
             emitPutResult(dst);
 
-            ++structureIDInstructionIndex;
+            ++callLinkInfoIndex;
             i += 7;
             break;
@@ -2788 +2787 @@
     }
 
-    ASSERT(structureIDInstructionIndex == m_codeBlock->structureIDInstructions.size());
+    ASSERT(propertyAccessInstructionIndex == m_codeBlock->propertyAccessInstructions.size());
+    ASSERT(callLinkInfoIndex == m_codeBlock->callLinkInfos.size());
 }
 
@@ -2867 +2867 @@
         X86Assembler::linkAbsoluteAddress(code, iter->addrPosition, iter->target);
 
-    for (unsigned i = 0; i < m_codeBlock->structureIDInstructions.size(); ++i) {
-        StructureStubInfo& info = m_codeBlock->structureIDInstructions[i];
-        info.callReturnLocation = X86Assembler::getRelocatedAddress(code, m_structureStubCompilationInfo[i].callReturnLocation);
-        info.hotPathBegin = X86Assembler::getRelocatedAddress(code, m_structureStubCompilationInfo[i].hotPathBegin);
-        info.hotPathOther = X86Assembler::getRelocatedAddress(code, m_structureStubCompilationInfo[i].hotPathOther);
-        info.coldPathOther = X86Assembler::getRelocatedAddress(code, m_structureStubCompilationInfo[i].coldPathOther);
+    for (unsigned i = 0; i < m_codeBlock->propertyAccessInstructions.size(); ++i) {
+        StructureStubInfo& info = m_codeBlock->propertyAccessInstructions[i];
+        info.callReturnLocation = X86Assembler::getRelocatedAddress(code, m_propertyAccessCompilationInfo[i].callReturnLocation);
+        info.hotPathBegin = X86Assembler::getRelocatedAddress(code, m_propertyAccessCompilationInfo[i].hotPathBegin);
+    }
+    for (unsigned i = 0; i < m_codeBlock->callLinkInfos.size(); ++i) {
+        CallLinkInfo& info = m_codeBlock->callLinkInfos[i];
+        info.callReturnLocation = X86Assembler::getRelocatedAddress(code, m_callStructureStubCompilationInfo[i].callReturnLocation);
+        info.hotPathBegin = X86Assembler::getRelocatedAddress(code, m_callStructureStubCompilationInfo[i].hotPathBegin);
+        info.hotPathOther = X86Assembler::getRelocatedAddress(code, m_callStructureStubCompilationInfo[i].hotPathOther);
+        info.coldPathOther = X86Assembler::getRelocatedAddress(code, m_callStructureStubCompilationInfo[i].coldPathOther);
     }
 
@@ -3155 +3160 @@
 }
 
-void CTI::unlinkCall(StructureStubInfo* structureStubInfo)
+void CTI::unlinkCall(CallLinkInfo* callLinkInfo)
 {
     // When the JSFunction is deleted the pointer embedded in the instruction stream will no longer be valid
     // (and, if a new JSFunction happened to be constructed at the same location, we could get a false positive
     // match).  Reset the check so it no longer matches.
-    reinterpret_cast<void**>(structureStubInfo->hotPathBegin)[-1] = asPointer(JSImmediate::impossibleValue());
-}
-
-void CTI::linkCall(CodeBlock* callerCodeBlock, JSFunction* callee, CodeBlock* calleeCodeBlock, void* ctiCode, void* returnAddress, int callerArgCount)
-{
-    StructureStubInfo& stubInfo = callerCodeBlock->getStubInfo(returnAddress);
-
+    reinterpret_cast<void**>(callLinkInfo->hotPathBegin)[-1] = asPointer(JSImmediate::impossibleValue());
+}
+
+void CTI::linkCall(JSFunction* callee, CodeBlock* calleeCodeBlock, void* ctiCode, CallLinkInfo* callLinkInfo, int callerArgCount)
+{
     // Currently we only link calls with the exact number of arguments.
     if (callerArgCount == calleeCodeBlock->numParameters) {
-        ASSERT(!stubInfo.linkInfoPtr);
+        ASSERT(!callLinkInfo->isLinked());
     
-        calleeCodeBlock->addCaller(&stubInfo);
+        calleeCodeBlock->addCaller(callLinkInfo);
     
-        reinterpret_cast<void**>(stubInfo.hotPathBegin)[-1] = callee;
-        ctiRepatchCallByReturnAddress(stubInfo.hotPathOther, ctiCode);
+        reinterpret_cast<void**>(callLinkInfo->hotPathBegin)[-1] = callee;
+        ctiRepatchCallByReturnAddress(callLinkInfo->hotPathOther, ctiCode);
     }
 
     // repatch the instruction that jumps out to the cold path, so that we only try to link once.
-    void* repatchCheck = reinterpret_cast<void*>(reinterpret_cast<ptrdiff_t>(stubInfo.hotPathBegin) + repatchOffsetOpCallCall);
-    ctiRepatchCallByReturnAddress(repatchCheck, stubInfo.coldPathOther);
+    void* repatchCheck = reinterpret_cast<void*>(reinterpret_cast<ptrdiff_t>(callLinkInfo->hotPathBegin) + repatchOffsetOpCallCall);
+    ctiRepatchCallByReturnAddress(repatchCheck, callLinkInfo->coldPathOther);
 }
 

trunk/JavaScriptCore/VM/CTI.h

@@ -80 +80 @@
 #define ARG_instr5 static_cast<Instruction*>(ARGS[5])
 #define ARG_instr6 static_cast<Instruction*>(ARGS[6])
+#define ARG_linkInfo2 static_cast<CallLinkInfo*>(ARGS[2])
 
 #define CTI_RETURN_ADDRESS_SLOT (ARGS[-1])
@@ -95 +96 @@
     class StructureIDChain;
 
+    struct CallLinkInfo;
     struct Instruction;
     struct OperandTypes;
-    struct StructureStubInfo;
 
     typedef JSValue* (SFX_CALL *CTIHelper_j)(CTI_ARGS);
@@ -335 +336 @@
         }
 
-        static void linkCall(CodeBlock* callerCodeBlock, JSFunction* callee, CodeBlock* calleeCodeBlock, void* ctiCode, void* returnAddress, int callerArgCount);
-        static void unlinkCall(StructureStubInfo*);
+        static void linkCall(JSFunction* callee, CodeBlock* calleeCodeBlock, void* ctiCode, CallLinkInfo* callLinkInfo, int callerArgCount);
+        static void unlinkCall(CallLinkInfo*);
 
         inline static JSValuePtr execute(void* code, RegisterFile* registerFile, CallFrame* callFrame, JSGlobalData* globalData, JSValuePtr* exception)
@@ -434 +435 @@
         Vector<CallRecord> m_calls;
         Vector<X86Assembler::JmpDst> m_labels;
-        Vector<StructureStubCompilationInfo> m_structureStubCompilationInfo;
+        Vector<StructureStubCompilationInfo> m_propertyAccessCompilationInfo;
+        Vector<StructureStubCompilationInfo> m_callStructureStubCompilationInfo;
         Vector<JmpTable> m_jmpTable;
 

trunk/JavaScriptCore/VM/CodeBlock.cpp

@@ -276 +276 @@
     }
 
-    if (structureIDInstructions.size()) {
+    if (globalResolveInstructions.size() || propertyAccessInstructions.size())
         printf("\nStructureIDs:\n");
+
+    if (globalResolveInstructions.size()) {
         size_t i = 0;
         do {
-             printStructureIDs(&instructions[structureIDInstructions[i].opcodeIndex]);
+             printStructureIDs(&instructions[globalResolveInstructions[i]]);
              ++i;
-        } while (i < structureIDInstructions.size());
+        } while (i < globalResolveInstructions.size());
+    }
+    if (propertyAccessInstructions.size()) {
+        size_t i = 0;
+        do {
+             printStructureIDs(&instructions[propertyAccessInstructions[i].opcodeIndex]);
+             ++i;
+        } while (i < propertyAccessInstructions.size());
     }
  
@@ -942 +951 @@
 CodeBlock::~CodeBlock()
 {
-    size_t size = structureIDInstructions.size();
-    for (size_t i = 0; i < size; ++i) {
-        derefStructureIDs(&instructions[structureIDInstructions[i].opcodeIndex]);
-        if (structureIDInstructions[i].stubRoutine)
-            WTF::fastFreeExecutable(structureIDInstructions[i].stubRoutine);
-        if (CallLinkInfo* callLinkInfo = structureIDInstructions[i].linkInfoPtr) {
+    for (size_t size = globalResolveInstructions.size(), i = 0; i < size; ++i) {
+        derefStructureIDs(&instructions[globalResolveInstructions[i]]);
+    }
+
+    for (size_t size = propertyAccessInstructions.size(), i = 0; i < size; ++i) {
+        derefStructureIDs(&instructions[propertyAccessInstructions[i].opcodeIndex]);
+        if (propertyAccessInstructions[i].stubRoutine)
+            WTF::fastFreeExecutable(propertyAccessInstructions[i].stubRoutine);
+    }
+
+    for (size_t size = callLinkInfos.size(), i = 0; i < size; ++i) {
+        CallLinkInfo* callLinkInfo = &callLinkInfos[i];
+        if (callLinkInfo->isLinked())
             callLinkInfo->callee->removeCaller(callLinkInfo);
-            delete callLinkInfo;
-        }
     }
 
@@ -967 +981 @@
     for (size_t i = 0; i < size; ++i) {
         CallLinkInfo* currentCaller = linkedCallerList[i];
-        CTI::unlinkCall(currentCaller->callerStructureStubInfo);
-        currentCaller->callerStructureStubInfo->linkInfoPtr = 0;
-        delete currentCaller;
+        CTI::unlinkCall(currentCaller);
+        currentCaller->setUnlinked();
     }
     linkedCallerList.clear();
@@ -1010 +1023 @@
     
     // These instructions don't ref their StructureIDs.
-    ASSERT(vPC[0].u.opcode == machine->getOpcode(op_get_by_id) || vPC[0].u.opcode == machine->getOpcode(op_put_by_id) || vPC[0].u.opcode == machine->getOpcode(op_get_by_id_generic) || vPC[0].u.opcode == machine->getOpcode(op_put_by_id_generic) || vPC[0].u.opcode == machine->getOpcode(op_get_array_length) || vPC[0].u.opcode == machine->getOpcode(op_get_string_length)
-        || vPC[0].u.opcode == machine->getOpcode(op_call_eval) || vPC[0].u.opcode == machine->getOpcode(op_call) || vPC[0].u.opcode == machine->getOpcode(op_construct));
+    ASSERT(vPC[0].u.opcode == machine->getOpcode(op_get_by_id) || vPC[0].u.opcode == machine->getOpcode(op_put_by_id) || vPC[0].u.opcode == machine->getOpcode(op_get_by_id_generic) || vPC[0].u.opcode == machine->getOpcode(op_put_by_id_generic) || vPC[0].u.opcode == machine->getOpcode(op_get_array_length) || vPC[0].u.opcode == machine->getOpcode(op_get_string_length));
 }
 

trunk/JavaScriptCore/VM/CodeBlock.h

@@ -79 +79 @@
     };
 
-    struct CallLinkInfo;
-
     struct StructureStubInfo {
         StructureStubInfo(unsigned opcodeIndex)
@@ -87 +85 @@
             , callReturnLocation(0)
             , hotPathBegin(0)
-            , hotPathOther(0)
-            , coldPathOther(0)
-            , linkInfoPtr(0)
         {
         }
@@ -97 +92 @@
         void* callReturnLocation;
         void* hotPathBegin;
+    };
+
+    struct CallLinkInfo {
+        CallLinkInfo()
+            : callReturnLocation(0)
+            , hotPathBegin(0)
+            , hotPathOther(0)
+            , coldPathOther(0)
+            , callee(0)
+        {
+        }
+    
+        unsigned opcodeIndex;
+        void* callReturnLocation;
+        void* hotPathBegin;
         void* hotPathOther;
         void* coldPathOther;
-        CallLinkInfo* linkInfoPtr;
-    };
-
-    struct CallLinkInfo {
         CodeBlock* callee;
-        StructureStubInfo* callerStructureStubInfo;
         unsigned position;
-
-        CallLinkInfo(CodeBlock* c, StructureStubInfo* css)
-        {
-            callee = c;
-            callerStructureStubInfo = css;
-        }
-    };
+        
+        void setUnlinked() { callee = 0; }
+        bool isLinked() { return callee; }
+    };
+
+    inline void* getStructureStubInfoReturnLocation(StructureStubInfo* structureStubInfo)
+    {
+        return structureStubInfo->callReturnLocation;
+    }
+
+    // Binary chop algorithm, calls valueAtPosition on pre-sorted elements in array,
+    // compares result with key (KeyTypes should be comparable with '--', '<', '>').
+    // Optimized for cases where the array contains the key, checked by assertions.
+    template<typename ArrayType, typename KeyType, KeyType(*valueAtPosition)(ArrayType*)>
+    inline ArrayType* binaryChop(ArrayType* array, size_t size, KeyType key)
+    {
+        // The array must contain at least one element (pre-condition, array does conatin key).
+        // If the array only contains one element, no need to do the comparison.
+        while (size > 1) {
+            // Pick an element to check, half way through the array, and read the value.
+            int pos = (size - 1) >> 1;
+            KeyType val = valueAtPosition(&array[pos]);
+            
+            // If the key matches, success!
+            if (val == key)
+                return &array[pos];
+            // The item we are looking for is smaller than the item being check; reduce the value of 'size',
+            // chopping off the right hand half of the array.
+            else if (key < val)
+                size = pos;
+            // Discard all values in the left hand half of the array, up to and including the item at pos.
+            else {
+                size -= (pos + 1);
+                array += (pos + 1);
+            }
+
+            // 'size' should never reach zero.
+            ASSERT(size);
+        }
+        
+        // If we reach this point we've chopped down to one element, no need to check it matches
+        ASSERT(size == 1);
+        ASSERT(key == valueAtPosition(&array[0]));
+        return &array[0];
+    }
 
     struct StringJumpTable {
@@ -228 +271 @@
 #endif
 
-        void addCaller(StructureStubInfo* caller)
-        {
-            CallLinkInfo* callLinkInfo = new CallLinkInfo(this, caller);
-            caller->linkInfoPtr = callLinkInfo;
-            callLinkInfo->position = linkedCallerList.size();
-            linkedCallerList.append(callLinkInfo);
+        void addCaller(CallLinkInfo* caller)
+        {
+            caller->callee = this;
+            caller->position = linkedCallerList.size();
+            linkedCallerList.append(caller);
         }
 
@@ -264 +306 @@
         StructureStubInfo& getStubInfo(void* returnAddress)
         {
-            // FIXME: would a binary chop be faster here?
-            for (unsigned i = 0; ; ++i) {
-                ASSERT(i < structureIDInstructions.size());
-                if (structureIDInstructions[i].callReturnLocation == returnAddress)
-                    return structureIDInstructions[i];
-            }
+            return *(binaryChop<StructureStubInfo, void*, getStructureStubInfoReturnLocation>(propertyAccessInstructions.begin(), propertyAccessInstructions.size(), returnAddress));
         }
 
@@ -296 +333 @@
 
         Vector<Instruction> instructions;
-        Vector<StructureStubInfo> structureIDInstructions;
+        Vector<unsigned> globalResolveInstructions;
+        Vector<StructureStubInfo> propertyAccessInstructions;
+        Vector<CallLinkInfo> callLinkInfos;
         Vector<CallLinkInfo*> linkedCallerList;
 

trunk/JavaScriptCore/VM/CodeGenerator.cpp

@@ -966 +966 @@
 
     if (globalObject) {
-        m_codeBlock->structureIDInstructions.append(instructions().size());
+        m_codeBlock->globalResolveInstructions.append(instructions().size());
         emitOpcode(op_resolve_global);
         instructions().append(dst->index());
@@ -1046 +1046 @@
 RegisterID* CodeGenerator::emitGetById(RegisterID* dst, RegisterID* base, const Identifier& property)
 {
-    m_codeBlock->structureIDInstructions.append(instructions().size());
+    m_codeBlock->propertyAccessInstructions.append(instructions().size());
 
     emitOpcode(op_get_by_id);
@@ -1061 +1061 @@
 RegisterID* CodeGenerator::emitPutById(RegisterID* base, const Identifier& property, RegisterID* value)
 {
-    m_codeBlock->structureIDInstructions.append(instructions().size());
+    m_codeBlock->propertyAccessInstructions.append(instructions().size());
 
     emitOpcode(op_put_by_id);
@@ -1220 +1220 @@
 
     emitExpressionInfo(divot, startOffset, endOffset);
-    m_codeBlock->structureIDInstructions.append(instructions().size());
+    m_codeBlock->callLinkInfos.append(CallLinkInfo());
     emitOpcode(opcodeID);
     instructions().append(dst->index());
@@ -1284 +1284 @@
 
     emitExpressionInfo(divot, startOffset, endOffset);
-    m_codeBlock->structureIDInstructions.append(instructions().size());
+    m_codeBlock->callLinkInfos.append(CallLinkInfo());
     emitOpcode(op_construct);
     instructions().append(dst->index());

trunk/JavaScriptCore/VM/Machine.cpp

@@ -4742 +4742 @@
     Machine* machine = ARG_globalData->machine;
     CallFrame* callFrame = CallFrame::create(ARG_callFrame);
-    CallFrame* callerCallFrame = callFrame->callerFrame();
-    CodeBlock* callerCodeBlock = callerCallFrame->codeBlock();
 
     JSFunction* callee = asFunction(ARG_src1);
@@ -4750 +4748 @@
         CTI::compile(machine, callFrame, codeBlock);
 
-    int argCount = ARG_int3;
-    CTI::linkCall(callerCodeBlock, callee, codeBlock, codeBlock->ctiCode, CTI_RETURN_ADDRESS, argCount);
+    CTI::linkCall(callee, codeBlock, codeBlock->ctiCode, ARG_linkInfo2, ARG_int3);
 
     return codeBlock->ctiCode;