Changeset 37991 in webkit for trunk/JavaScriptCore

Timestamp:

Oct 29, 2008, 9:33:21 PM (17 years ago)

Author:

[email protected]

Message:

Initial work to reduce cost of JSNumberCell allocation

Reviewed by Geoffrey Garen

This does the initial work needed to bring more of number
allocation into CTI code directly, rather than just falling
back onto the slow paths if we can't guarantee that a number
cell can be reused.

Initial implementation only used by op_negate to make sure
it all works. In a negate heavy (though not dominated) test
it results in a 10% win in the non-reusable cell case.

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• VM/CTI.cpp (modified) (5 diffs)
• VM/CTI.h (modified) (2 diffs)
• VM/CodeBlock.cpp (modified) (1 diff)
• VM/CodeGenerator.cpp (modified) (1 diff)
• VM/CodeGenerator.h (modified) (4 diffs)
• VM/Instruction.h (modified) (2 diffs)
• VM/Machine.cpp (modified) (1 diff)
• VM/Machine.h (modified) (1 diff)
• kjs/ResultType.h (modified) (2 diffs)
• kjs/nodes.cpp (modified) (3 diffs)
• masm/X86Assembler.h (modified) (4 diffs)
• runtime/JSNumberCell.h (modified) (1 diff)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2008-10-29  Oliver Hunt  <[email protected]>
+
+        Reviewed by Geoff Garen.
+
+        Initial work to reduce cost of JSNumberCell allocation
+
+        This does the initial work needed to bring more of number
+        allocation into CTI code directly, rather than just falling
+        back onto the slow paths if we can't guarantee that a number
+        cell can be reused.
+
+        Initial implementation only used by op_negate to make sure
+        it all works.  In a negate heavy (though not dominated) test
+        it results in a 10% win in the non-reusable cell case.
+
+        * VM/CTI.cpp:
+        (JSC::):
+        (JSC::CTI::emitAllocateNumber):
+        (JSC::CTI::emitNakedFastCall):
+        (JSC::CTI::emitArithIntToImmWithJump):
+        (JSC::CTI::privateCompileMainPass):
+        (JSC::CTI::privateCompileSlowCases):
+        * VM/CTI.h:
+        * VM/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * VM/CodeGenerator.cpp:
+        (JSC::CodeGenerator::emitUnaryOp):
+        * VM/CodeGenerator.h:
+        (JSC::CodeGenerator::emitToJSNumber):
+        (JSC::CodeGenerator::emitTypeOf):
+        (JSC::CodeGenerator::emitGetPropertyNames):
+        * VM/Machine.cpp:
+        (JSC::Machine::privateExecute):
+        * VM/Machine.h:
+        * kjs/ResultType.h:
+        (JSC::ResultType::isReusableNumber):
+        (JSC::ResultType::toInt):
+        * kjs/nodes.cpp:
+        (JSC::UnaryOpNode::emitCode):
+        (JSC::BinaryOpNode::emitCode):
+        (JSC::EqualNode::emitCode):
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::negl_r):
+        (JSC::X86Assembler::xorpd_mr):
+        * runtime/JSNumberCell.h:
+        (JSC::JSNumberCell::JSNumberCell):
+
 2008-10-29  Steve Falkenburg  <[email protected]>
 

trunk/JavaScriptCore/VM/CTI.cpp

@@ -312 +312 @@
 #endif
 
+extern "C" {
+    static JSValue* FASTCALL allocateNumber(JSGlobalData* globalData) {
+        JSValue* result = new (globalData) JSNumberCell(globalData);
+        ASSERT(result);
+        return result;
+    }
+}
+
+ALWAYS_INLINE void CTI::emitAllocateNumber(JSGlobalData* globalData, unsigned opcodeIndex)
+{
+    m_jit.movl_i32r(reinterpret_cast<intptr_t>(globalData), X86::ecx);
+    emitNakedFastCall(opcodeIndex, (void*)allocateNumber);
+}
+
 ALWAYS_INLINE X86Assembler::JmpSrc CTI::emitNakedCall(unsigned opcodeIndex, X86::RegisterID r)
 {
@@ -321 +335 @@
 
 ALWAYS_INLINE  X86Assembler::JmpSrc CTI::emitNakedCall(unsigned opcodeIndex, void(*function)())
+{
+    X86Assembler::JmpSrc call = m_jit.emitCall();
+    m_calls.append(CallRecord(call, reinterpret_cast<CTIHelper_v>(function), opcodeIndex));
+    return call;
+}
+
+ALWAYS_INLINE  X86Assembler::JmpSrc CTI::emitNakedFastCall(unsigned opcodeIndex, void* function)
 {
     X86Assembler::JmpSrc call = m_jit.emitCall();
@@ -515 +536 @@
     m_jit.addl_rr(reg, reg);
     emitFastArithReTagImmediate(reg);
+}
+
+ALWAYS_INLINE X86Assembler::JmpSrc CTI::emitArithIntToImmWithJump(X86Assembler::RegisterID reg)
+{
+    m_jit.addl_rr(reg, reg);
+    X86Assembler::JmpSrc jmp = m_jit.emitUnlinkedJo();
+    emitFastArithReTagImmediate(reg);
+    return jmp;
 }
 
@@ -1481 +1510 @@
         }
         case op_negate: {
-            emitGetPutArg(instruction[i + 2].u.operand, 0, X86::ecx);
-            emitCTICall(instruction + i, i, Machine::cti_op_negate);
-            emitPutResult(instruction[i + 1].u.operand);
-            i += 3;
+            emitGetArg(instruction[i + 2].u.operand, X86::eax);
+            m_jit.testl_i32r(JSImmediate::TagBitTypeInteger, X86::eax);
+            X86Assembler::JmpSrc notImmediate = m_jit.emitUnlinkedJe();
+
+            m_jit.cmpl_i32r(JSImmediate::TagBitTypeInteger, X86::eax);
+            X86Assembler::JmpSrc zeroImmediate = m_jit.emitUnlinkedJe();
+            emitFastArithImmToInt(X86::eax);
+            m_jit.negl_r(X86::eax); // This can't overflow as we only have a 31bit int at this point
+            X86Assembler::JmpSrc overflow = emitArithIntToImmWithJump(X86::eax);
+            emitPutResult(instruction[i + 1].u.operand);
+            X86Assembler::JmpSrc immediateNegateSuccess = m_jit.emitUnlinkedJmp();
+
+            if (!isSSE2Present()) {
+                m_jit.link(zeroImmediate, m_jit.label());
+                m_jit.link(overflow, m_jit.label());
+                m_jit.link(notImmediate, m_jit.label());
+                emitGetPutArg(instruction[i + 2].u.operand, 0, X86::ecx);
+                emitCTICall(instruction + i, i, Machine::cti_op_negate);
+                emitPutResult(instruction[i + 1].u.operand);
+            } else {
+                // Slow case immediates
+                m_slowCases.append(SlowCaseEntry(zeroImmediate, i));
+                m_slowCases.append(SlowCaseEntry(overflow, i));
+                m_jit.link(notImmediate, m_jit.label());
+                ResultType resultType(instruction[i + 3].u.resultType);
+                if (!resultType.definitelyIsNumber()) {
+                    emitJumpSlowCaseIfNotJSCell(X86::eax, i);
+                    StructureID* numberStructureID = m_callFrame->globalData().numberStructureID.get();
+                    m_jit.cmpl_i32m(reinterpret_cast<unsigned>(numberStructureID), OBJECT_OFFSET(JSCell, m_structureID), X86::eax);
+                    m_slowCases.append(SlowCaseEntry(m_jit.emitUnlinkedJne(), i));
+                }
+                m_jit.movsd_mr(OBJECT_OFFSET(JSNumberCell, m_value), X86::eax, X86::xmm0);
+                // We need 3 copies of the sign bit mask so we can assure alignment and pad for the 128bit load
+                static double doubleSignBit[] = { -0.0, -0.0, -0.0 };
+                m_jit.xorpd_mr((void*)((((uintptr_t)doubleSignBit)+15)&~15), X86::xmm0);
+                X86Assembler::JmpSrc wasCell;
+                if (!resultType.isReusableNumber())
+                    emitAllocateNumber(&m_callFrame->globalData(), i);
+
+                putDoubleResultToJSNumberCellOrJSImmediate(X86::xmm0, X86::eax, instruction[i + 1].u.operand, &wasCell,
+                                                           X86::xmm1, X86::ecx, X86::edx);
+                m_jit.link(wasCell, m_jit.label());
+            }
+            m_jit.link(immediateNegateSuccess, m_jit.label());
+            i += 4;
             break;
         }
@@ -2318 +2388 @@
             break;
         }
+        case op_negate: {
+            m_jit.link(iter->from, m_jit.label());
+            emitGetPutArg(instruction[i + 2].u.operand, 0, X86::ecx);
+            emitCTICall(instruction + i, i, Machine::cti_op_negate);
+            emitPutResult(instruction[i + 1].u.operand);
+            i += 4;
+            break;
+        }
         case op_rshift: {
             m_jit.link(iter->from, m_jit.label());

trunk/JavaScriptCore/VM/CTI.h

@@ -84 +84 @@
 #define CTI_RETURN_ADDRESS_SLOT (ARGS[-1])
 
+#if COMPILER(MSVC)
+#define FASTCALL __fastcall
+#elif COMPILER(GCC)
+#define FASTCALL  __attribute__ ((fastcall))
+#else
+#error Need to support fastcall calling convention in this compiler
+#endif
+
 namespace JSC {
 
@@ -406 +414 @@
         void emitFastArithIntToImmOrSlowCase(X86Assembler::RegisterID, unsigned opcodeIndex);
         void emitFastArithIntToImmNoCheck(X86Assembler::RegisterID);
+        X86Assembler::JmpSrc emitArithIntToImmWithJump(X86Assembler::RegisterID reg);
 
         void emitTagAsBoolImmediate(X86Assembler::RegisterID reg);
+
+        void emitAllocateNumber(JSGlobalData*, unsigned);
 
         X86Assembler::JmpSrc emitNakedCall(unsigned opcodeIndex, X86::RegisterID);
         X86Assembler::JmpSrc emitNakedCall(unsigned opcodeIndex, void(*function)());
+        X86Assembler::JmpSrc emitNakedFastCall(unsigned opcodeIndex, void*);
         X86Assembler::JmpSrc emitCTICall(Instruction*, unsigned opcodeIndex, CTIHelper_j);
         X86Assembler::JmpSrc emitCTICall(Instruction*, unsigned opcodeIndex, CTIHelper_o);

trunk/JavaScriptCore/VM/CodeBlock.cpp

@@ -469 +469 @@
         case op_negate: {
             printUnaryOp(location, it, "negate");
+            ++it;
             break;
         }

trunk/JavaScriptCore/VM/CodeGenerator.cpp

@@ -710 +710 @@
 }
 
-RegisterID* CodeGenerator::emitUnaryOp(OpcodeID opcode, RegisterID* dst, RegisterID* src)
+RegisterID* CodeGenerator::emitUnaryOp(OpcodeID opcode, RegisterID* dst, RegisterID* src, ResultType type)
 {
     emitOpcode(opcode);
     instructions().append(dst->index());
     instructions().append(src->index());
+    if (opcode == op_negate)
+        instructions().append(type.toInt());
     return dst;
 }

trunk/JavaScriptCore/VM/CodeGenerator.h

@@ -234 +234 @@
         RegisterID* emitUnexpectedLoad(RegisterID* dst, double);
 
-        RegisterID* emitUnaryOp(OpcodeID, RegisterID* dst, RegisterID* src);
+        RegisterID* emitUnaryOp(OpcodeID, RegisterID* dst, RegisterID* src, ResultType);
         RegisterID* emitBinaryOp(OpcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2, OperandTypes);
         RegisterID* emitEqualityOp(OpcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2);
@@ -248 +248 @@
         RegisterID* emitMove(RegisterID* dst, RegisterID* src);
 
-        RegisterID* emitToJSNumber(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_to_jsnumber, dst, src); }
+        RegisterID* emitToJSNumber(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_to_jsnumber, dst, src, ResultType::unknown()); }
         RegisterID* emitPreInc(RegisterID* srcDst);
         RegisterID* emitPreDec(RegisterID* srcDst);
@@ -255 +255 @@
 
         RegisterID* emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* base, RegisterID* basePrototype);
-        RegisterID* emitTypeOf(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_typeof, dst, src); }
+        RegisterID* emitTypeOf(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_typeof, dst, src, ResultType::unknown()); }
         RegisterID* emitIn(RegisterID* dst, RegisterID* property, RegisterID* base) { return emitBinaryOp(op_in, dst, property, base, OperandTypes()); }
 
@@ -293 +293 @@
         void emitSubroutineReturn(RegisterID* retAddrSrc);
 
-        RegisterID* emitGetPropertyNames(RegisterID* dst, RegisterID* base) { return emitUnaryOp(op_get_pnames, dst, base); }
+        RegisterID* emitGetPropertyNames(RegisterID* dst, RegisterID* base) { return emitUnaryOp(op_get_pnames, dst, base, ResultType::unknown()); }
         RegisterID* emitNextPropertyName(RegisterID* dst, RegisterID* iter, LabelID* target);
 

trunk/JavaScriptCore/VM/Instruction.h

@@ -31 +31 @@
 
 #include "Opcode.h"
+#include "ResultType.h"
 #include <wtf/VectorTraits.h>
 
@@ -59 +60 @@
             StructureIDChain* structureIDChain;
             JSCell* jsCell;
+            ResultType::Type resultType;
         } u;
     };

trunk/JavaScriptCore/VM/Machine.cpp

@@ -1845 +1845 @@
         int dst = (++vPC)->u.operand;
         JSValue* src = callFrame[(++vPC)->u.operand].jsValue(callFrame);
+        ++vPC;
         double v;
         if (fastIsNumber(src, v))

trunk/JavaScriptCore/VM/Machine.h

@@ -260 +260 @@
         static void SFX_CALL cti_op_debug(CTI_ARGS);
 
+        static JSValue* SFX_CALL cti_allocate_number(CTI_ARGS);
+
         static JSValue* SFX_CALL cti_vm_throw(CTI_ARGS);
         static void* SFX_CALL cti_vm_compile(CTI_ARGS);

trunk/JavaScriptCore/kjs/ResultType.h

@@ -54 +54 @@
         }
         
+        bool isReusableNumber()
+        {
+            return isReusable() && definitelyIsNumber();
+        }
+
         bool definitelyIsNumber()
         {
@@ -69 +74 @@
         }
         
+        int toInt()
+        {
+            return static_cast<int>(m_type);
+        }
+
         static ResultType nullType()
         {

trunk/JavaScriptCore/kjs/nodes.cpp

@@ -716 +716 @@
 {
     RegisterID* src = generator.emitNode(m_expr.get());
-    return generator.emitUnaryOp(opcode(), generator.finalDestination(dst), src);
+    return generator.emitUnaryOp(opcode(), generator.finalDestination(dst), src, m_expr->resultDescriptor());
 }
 
@@ -727 +727 @@
         if (m_expr1->isNull() || m_expr2->isNull()) {
             RefPtr<RegisterID> src = generator.emitNode(dst, m_expr1->isNull() ? m_expr2.get() : m_expr1.get());
-            return generator.emitUnaryOp(op_neq_null, generator.finalDestination(dst, src.get()), src.get());
+            return generator.emitUnaryOp(op_neq_null, generator.finalDestination(dst, src.get()), src.get(), ResultType::unknown());
         }
     }
@@ -740 +740 @@
     if (m_expr1->isNull() || m_expr2->isNull()) {
         RefPtr<RegisterID> src = generator.emitNode(dst, m_expr1->isNull() ? m_expr2.get() : m_expr1.get());
-        return generator.emitUnaryOp(op_eq_null, generator.finalDestination(dst, src.get()), src.get());
+        return generator.emitUnaryOp(op_eq_null, generator.finalDestination(dst, src.get()), src.get(), ResultType::unknown());
     }
 

trunk/JavaScriptCore/masm/X86Assembler.h

@@ -229 +229 @@
         OP2_CVTTSD2SI_GdWsd = 0x2C,
         OP2_UCOMISD_VsdWsd  = 0x2E,
+        OP2_XORPD_VsdWsd    = 0x57,
         OP2_ADDSD_VsdWsd    = 0x58,
         OP2_MULSD_VsdWsd    = 0x59,
@@ -264 +265 @@
 
         GROUP3_OP_TEST = 0,
+        GROUP3_OP_NEG  = 3,
         GROUP3_OP_IDIV = 7,
 
@@ -606 +608 @@
     }
 
+    void negl_r(RegisterID dst)
+    {
+        m_buffer->putByte(OP_GROUP3_Ev);
+        emitModRm_opr(GROUP3_OP_NEG, dst);
+    }
+
     void cdq()
     {
@@ -740 +748 @@
         m_buffer->putByte(OP2_MOVSD_VsdWsd);
         emitModRm_rm((RegisterID)dst, base, offset);
+    }
+
+    void xorpd_mr(void* addr, XMMRegisterID dst)
+    {
+        m_buffer->putByte(PRE_SSE_66);
+        m_buffer->putByte(OP_2BYTE_ESCAPE);
+        m_buffer->putByte(OP2_XORPD_VsdWsd);
+        emitModRm_rm((RegisterID)dst, addr);
     }
 

trunk/JavaScriptCore/runtime/JSNumberCell.h

@@ -85 +85 @@
         static PassRefPtr<StructureID> createStructureID(JSValue* proto) { return StructureID::create(proto, TypeInfo(NumberType, NeedsThisConversion)); }
 
+        JSNumberCell(JSGlobalData* globalData)
+        : JSCell(globalData->numberStructureID.get())
+        {
+        }
+
     private:
         JSNumberCell(JSGlobalData* globalData, double value)