Changeset 37831 in webkit for trunk/JavaScriptCore/VM/CTI.cpp

Timestamp:

Oct 23, 2008, 3:29:54 PM (17 years ago)

Author:

[email protected]

Message:

2008-10-23 Gavin Barraclough <​[email protected]>

Reviewed by Oliver Hunt.

Fix hideous pathological case performance when looking up repatch info, bug #21727.

When repatching JIT code to optimize we look up records providing information about
the generated code (also used to track recsources used in linking to be later released).
The lookup was being performed using a linear scan of all such records.

(1) Split up the different types of reptach information. This means we can search them

separately, and in some cases should reduce their size.

(2) In the case of property accesses, search with a binary chop over the data.
(3) In the case of calls, pass a pointer to the repatch info into the relink function.

• VM/CTI.cpp: (JSC::CTI::CTI): (JSC::CTI::compileOpCall): (JSC::CTI::privateCompileMainPass): (JSC::CTI::privateCompileSlowCases): (JSC::CTI::privateCompile): (JSC::CTI::unlinkCall): (JSC::CTI::linkCall):
• VM/CTI.h:
• VM/CodeBlock.cpp: (JSC::CodeBlock::dump): (JSC::CodeBlock::~CodeBlock): (JSC::CodeBlock::unlinkCallers): (JSC::CodeBlock::derefStructureIDs):
• VM/CodeBlock.h: (JSC::StructureStubInfo::StructureStubInfo): (JSC::CallLinkInfo::CallLinkInfo): (JSC::CallLinkInfo::setUnlinked): (JSC::CallLinkInfo::isLinked): (JSC::getStructureStubInfoReturnLocation): (JSC::binaryChop): (JSC::CodeBlock::addCaller): (JSC::CodeBlock::getStubInfo):
• VM/CodeGenerator.cpp: (JSC::CodeGenerator::emitResolve): (JSC::CodeGenerator::emitGetById): (JSC::CodeGenerator::emitPutById): (JSC::CodeGenerator::emitCall): (JSC::CodeGenerator::emitConstruct):
• VM/Machine.cpp: (JSC::Machine::cti_vm_lazyLinkCall):

File:

• trunk/JavaScriptCore/VM/CTI.cpp (modified) (23 diffs)

trunk/JavaScriptCore/VM/CTI.cpp

@@ -514 +514 @@
     , m_codeBlock(codeBlock)
     , m_labels(codeBlock ? codeBlock->instructions.size() : 0)
-    , m_structureStubCompilationInfo(codeBlock ? codeBlock->structureIDInstructions.size() : 0)
+    , m_propertyAccessCompilationInfo(codeBlock ? codeBlock->propertyAccessInstructions.size() : 0)
+    , m_callStructureStubCompilationInfo(codeBlock ? codeBlock->callLinkInfos.size() : 0)
 {
 }
@@ -577 +578 @@
 }
 
-void CTI::compileOpCall(Instruction* instruction, unsigned i, unsigned structureIDInstructionIndex, CompileOpCallType type)
+void CTI::compileOpCall(Instruction* instruction, unsigned i, unsigned callLinkInfoIndex, CompileOpCallType type)
 {
     int dst = instruction[1].u.operand;
@@ -615 +616 @@
     m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJne(), i));
     ASSERT(X86Assembler::getDifferenceBetweenLabels(addressOfLinkedFunctionCheck, m_jit.label()) == repatchOffsetOpCallCall);
-    m_structureStubCompilationInfo[structureIDInstructionIndex].hotPathBegin = addressOfLinkedFunctionCheck;
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathBegin = addressOfLinkedFunctionCheck;
 
     // The following is the fast case, only used whan a callee can be linked.
@@ -639 +640 @@
 
     // Call to the callee
-    m_structureStubCompilationInfo[structureIDInstructionIndex].hotPathOther = emitNakedCall(i, unreachable);
+    m_callStructureStubCompilationInfo[callLinkInfoIndex].hotPathOther = emitNakedCall(i, unreachable);
     
     if (type == OpCallEval)
@@ -950 +951 @@
     unsigned instructionCount = m_codeBlock->instructions.size();
 
-    unsigned structureIDInstructionIndex = 0;
+    unsigned propertyAccessInstructionIndex = 0;
+    unsigned callLinkInfoIndex = 0;
 
     for (unsigned i = 0; i < instructionCount; ) {
@@ -1095 +1097 @@
             emitGetArg(instruction[i + 3].u.operand, X86::edx);
 
-            ASSERT(m_codeBlock->structureIDInstructions[structureIDInstructionIndex].opcodeIndex == i);
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].opcodeIndex == i);
             X86Assembler::JmpDst hotPathBegin = m_jit.label();
-            m_structureStubCompilationInfo[structureIDInstructionIndex].hotPathBegin = hotPathBegin;
-            ++structureIDInstructionIndex;
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+            ++propertyAccessInstructionIndex;
 
             // Jump to a slow case if either the base object is an immediate, or if the StructureID does not match.
@@ -1123 +1125 @@
             emitGetArg(instruction[i + 2].u.operand, X86::eax);
 
-            ASSERT(m_codeBlock->structureIDInstructions[structureIDInstructionIndex].opcodeIndex == i);
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].opcodeIndex == i);
 
             X86Assembler::JmpDst hotPathBegin = m_jit.label();
-            m_structureStubCompilationInfo[structureIDInstructionIndex].hotPathBegin = hotPathBegin;
-            ++structureIDInstructionIndex;
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].hotPathBegin = hotPathBegin;
+            ++propertyAccessInstructionIndex;
 
             emitJumpSlowCaseIfNotJSCell(X86::eax, i);
@@ -1253 +1255 @@
         }
         case op_call: {
-            compileOpCall(instruction + i, i, structureIDInstructionIndex++);
+            compileOpCall(instruction + i, i, callLinkInfoIndex++);
             i += 7;
             break;
@@ -1349 +1351 @@
         }
         case op_construct: {
-            compileOpCall(instruction + i, i, structureIDInstructionIndex++, OpConstruct);
+            compileOpCall(instruction + i, i, callLinkInfoIndex++, OpConstruct);
             i += 7;
             break;
@@ -1491 +1493 @@
             m_jit.movl_mr(structureIDAddr, X86::edx);
             m_jit.cmpl_rm(X86::edx, OBJECT_OFFSET(JSCell, m_structureID), X86::eax);
-            X86Assembler::JmpSrc slowCase = m_jit.emitUnlinkedJne(); // StructureIDs don't match
-            m_slowCases.append(SlowCaseEntry(slowCase, i));
+            X86Assembler::JmpSrc noMatch = m_jit.emitUnlinkedJne(); // StructureIDs don't match
 
             // Load cached property
@@ -1502 +1503 @@
 
             // Slow case
-            m_jit.link(slowCase, m_jit.label());
+            m_jit.link(noMatch, m_jit.label());
             emitPutArgConstant(globalObject, 0);
             emitPutArgConstant(reinterpret_cast<unsigned>(ident), 4);
@@ -1510 +1511 @@
             m_jit.link(end, m_jit.label());
             i += 6;
-            ++structureIDInstructionIndex;
             break;
         }
@@ -1842 +1842 @@
         }
         case op_call_eval: {
-            compileOpCall(instruction + i, i, structureIDInstructionIndex++, OpCallEval);
+            compileOpCall(instruction + i, i, callLinkInfoIndex++, OpCallEval);
             i += 7;
             break;
@@ -2193 +2193 @@
     }
 
-    ASSERT(structureIDInstructionIndex == m_codeBlock->structureIDInstructions.size());
+    ASSERT(propertyAccessInstructionIndex == m_codeBlock->propertyAccessInstructions.size());
+    ASSERT(callLinkInfoIndex == m_codeBlock->callLinkInfos.size());
 }
 
@@ -2218 +2219 @@
 void CTI::privateCompileSlowCases()
 {
-    unsigned structureIDInstructionIndex = 0;
+    unsigned propertyAccessInstructionIndex = 0;
+    unsigned callLinkInfoIndex = 0;
 
     Instruction* instruction = m_codeBlock->instructions.begin();
@@ -2362 +2364 @@
 
             // Track the location of the call; this will be used to recover repatch information.
-            ASSERT(m_codeBlock->structureIDInstructions[structureIDInstructionIndex].opcodeIndex == i);
-            m_structureStubCompilationInfo[structureIDInstructionIndex].callReturnLocation = call;
-            ++structureIDInstructionIndex;
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].opcodeIndex == i);
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].callReturnLocation = call;
+            ++propertyAccessInstructionIndex;
 
             i += 8;
@@ -2390 +2392 @@
 
             // Track the location of the call; this will be used to recover repatch information.
-            ASSERT(m_codeBlock->structureIDInstructions[structureIDInstructionIndex].opcodeIndex == i);
-            m_structureStubCompilationInfo[structureIDInstructionIndex].callReturnLocation = call;
-            ++structureIDInstructionIndex;
+            ASSERT(m_codeBlock->propertyAccessInstructions[propertyAccessInstructionIndex].opcodeIndex == i);
+            m_propertyAccessCompilationInfo[propertyAccessInstructionIndex].callReturnLocation = call;
+            ++propertyAccessInstructionIndex;
 
             i += 8;
-            break;
-        }
-        case op_resolve_global: {
-            ++structureIDInstructionIndex;
-            i += 6;
             break;
         }
@@ -2711 +2708 @@
 
             // Try to link & repatch this call.
-            m_structureStubCompilationInfo[structureIDInstructionIndex].callReturnLocation =
+            CallLinkInfo* info = &(m_codeBlock->callLinkInfos[callLinkInfoIndex]);
+            emitPutArgConstant(reinterpret_cast<unsigned>(info), 4);
+            m_callStructureStubCompilationInfo[callLinkInfoIndex].callReturnLocation =
                 emitCTICall(i, Machine::cti_vm_lazyLinkCall);
             emitNakedCall(i, X86::eax);
@@ -2717 +2716 @@
 
             // This is the address for the cold path *after* the first run (which tries to link the call).
-            m_structureStubCompilationInfo[structureIDInstructionIndex].coldPathOther = m_jit.label();
+            m_callStructureStubCompilationInfo[callLinkInfoIndex].coldPathOther = m_jit.label();
 
             // The arguments have been set up on the hot path for op_call_eval
@@ -2764 +2763 @@
             emitPutResult(dst);
 
-            ++structureIDInstructionIndex;
+            ++callLinkInfoIndex;
             i += 7;
             break;
@@ -2788 +2787 @@
     }
 
-    ASSERT(structureIDInstructionIndex == m_codeBlock->structureIDInstructions.size());
+    ASSERT(propertyAccessInstructionIndex == m_codeBlock->propertyAccessInstructions.size());
+    ASSERT(callLinkInfoIndex == m_codeBlock->callLinkInfos.size());
 }
 
@@ -2867 +2867 @@
         X86Assembler::linkAbsoluteAddress(code, iter->addrPosition, iter->target);
 
-    for (unsigned i = 0; i < m_codeBlock->structureIDInstructions.size(); ++i) {
-        StructureStubInfo& info = m_codeBlock->structureIDInstructions[i];
-        info.callReturnLocation = X86Assembler::getRelocatedAddress(code, m_structureStubCompilationInfo[i].callReturnLocation);
-        info.hotPathBegin = X86Assembler::getRelocatedAddress(code, m_structureStubCompilationInfo[i].hotPathBegin);
-        info.hotPathOther = X86Assembler::getRelocatedAddress(code, m_structureStubCompilationInfo[i].hotPathOther);
-        info.coldPathOther = X86Assembler::getRelocatedAddress(code, m_structureStubCompilationInfo[i].coldPathOther);
+    for (unsigned i = 0; i < m_codeBlock->propertyAccessInstructions.size(); ++i) {
+        StructureStubInfo& info = m_codeBlock->propertyAccessInstructions[i];
+        info.callReturnLocation = X86Assembler::getRelocatedAddress(code, m_propertyAccessCompilationInfo[i].callReturnLocation);
+        info.hotPathBegin = X86Assembler::getRelocatedAddress(code, m_propertyAccessCompilationInfo[i].hotPathBegin);
+    }
+    for (unsigned i = 0; i < m_codeBlock->callLinkInfos.size(); ++i) {
+        CallLinkInfo& info = m_codeBlock->callLinkInfos[i];
+        info.callReturnLocation = X86Assembler::getRelocatedAddress(code, m_callStructureStubCompilationInfo[i].callReturnLocation);
+        info.hotPathBegin = X86Assembler::getRelocatedAddress(code, m_callStructureStubCompilationInfo[i].hotPathBegin);
+        info.hotPathOther = X86Assembler::getRelocatedAddress(code, m_callStructureStubCompilationInfo[i].hotPathOther);
+        info.coldPathOther = X86Assembler::getRelocatedAddress(code, m_callStructureStubCompilationInfo[i].coldPathOther);
     }
 
@@ -3155 +3160 @@
 }
 
-void CTI::unlinkCall(StructureStubInfo* structureStubInfo)
+void CTI::unlinkCall(CallLinkInfo* callLinkInfo)
 {
     // When the JSFunction is deleted the pointer embedded in the instruction stream will no longer be valid
     // (and, if a new JSFunction happened to be constructed at the same location, we could get a false positive
     // match).  Reset the check so it no longer matches.
-    reinterpret_cast<void**>(structureStubInfo->hotPathBegin)[-1] = asPointer(JSImmediate::impossibleValue());
-}
-
-void CTI::linkCall(CodeBlock* callerCodeBlock, JSFunction* callee, CodeBlock* calleeCodeBlock, void* ctiCode, void* returnAddress, int callerArgCount)
-{
-    StructureStubInfo& stubInfo = callerCodeBlock->getStubInfo(returnAddress);
-
+    reinterpret_cast<void**>(callLinkInfo->hotPathBegin)[-1] = asPointer(JSImmediate::impossibleValue());
+}
+
+void CTI::linkCall(JSFunction* callee, CodeBlock* calleeCodeBlock, void* ctiCode, CallLinkInfo* callLinkInfo, int callerArgCount)
+{
     // Currently we only link calls with the exact number of arguments.
     if (callerArgCount == calleeCodeBlock->numParameters) {
-        ASSERT(!stubInfo.linkInfoPtr);
+        ASSERT(!callLinkInfo->isLinked());
     
-        calleeCodeBlock->addCaller(&stubInfo);
+        calleeCodeBlock->addCaller(callLinkInfo);
     
-        reinterpret_cast<void**>(stubInfo.hotPathBegin)[-1] = callee;
-        ctiRepatchCallByReturnAddress(stubInfo.hotPathOther, ctiCode);
+        reinterpret_cast<void**>(callLinkInfo->hotPathBegin)[-1] = callee;
+        ctiRepatchCallByReturnAddress(callLinkInfo->hotPathOther, ctiCode);
     }
 
     // repatch the instruction that jumps out to the cold path, so that we only try to link once.
-    void* repatchCheck = reinterpret_cast<void*>(reinterpret_cast<ptrdiff_t>(stubInfo.hotPathBegin) + repatchOffsetOpCallCall);
-    ctiRepatchCallByReturnAddress(repatchCheck, stubInfo.coldPathOther);
+    void* repatchCheck = reinterpret_cast<void*>(reinterpret_cast<ptrdiff_t>(callLinkInfo->hotPathBegin) + repatchOffsetOpCallCall);
+    ctiRepatchCallByReturnAddress(repatchCheck, callLinkInfo->coldPathOther);
 }