Changeset 38763 in webkit for trunk/JavaScriptCore/interpreter/Interpreter.cpp

Timestamp:

Nov 25, 2008, 3:07:30 PM (17 years ago)

Author:

[email protected]

Message:

2008-11-24 Gavin Barraclough <​[email protected]>

Reviewed by Geoff Garen.

Polymorpic caching for get by id chain. Similar to the polymorphic caching already implemented
for self and proto accesses (implemented by allowing multiple trampolines to be JIT genertaed,
and linked together) - the get by id chain caching is implemented as a genericization of the
proto list caching, allowing cached access lists to contain a mix of proto and proto chain
accesses (since in JS style inheritance hierarchies you may commonly see a mix of properties
being overridden on the direct prototype, or higher up its prototype chain).

In order to allow this patch to compile there is a fix to appease gcc 4.2 compiler issues
(removing the jumps between fall-through cases in privateExecute).

This patch also removes redundant immediate checking from the reptach code, and fixes a related
memory leak (failure to deallocate trampolines).

~2% progression on v8 tests (bulk on the win on deltablue)

• bytecode/Instruction.h: (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::): (JSC::PolymorphicAccessStructureList::PolymorphicStubInfo::set): (JSC::PolymorphicAccessStructureList::PolymorphicAccessStructureList): (JSC::PolymorphicAccessStructureList::derefStructures):
• interpreter/Interpreter.cpp: (JSC::countPrototypeChainEntriesAndCheckForProxies): (JSC::Interpreter::tryCacheGetByID): (JSC::Interpreter::privateExecute): (JSC::Interpreter::tryCTICacheGetByID): (JSC::Interpreter::cti_op_get_by_id_self_fail): (JSC::getPolymorphicAccessStructureListSlot): (JSC::Interpreter::cti_op_get_by_id_proto_list):
• interpreter/Interpreter.h:
• jit/JIT.cpp: (JSC::JIT::privateCompileGetByIdProto): (JSC::JIT::privateCompileGetByIdSelfList): (JSC::JIT::privateCompileGetByIdProtoList): (JSC::JIT::privateCompileGetByIdChainList): (JSC::JIT::privateCompileGetByIdChain): (JSC::JIT::privateCompilePatchGetArrayLength):
• jit/JIT.h: (JSC::JIT::compileGetByIdChainList):

File:

• trunk/JavaScriptCore/interpreter/Interpreter.cpp (modified) (14 diffs)

trunk/JavaScriptCore/interpreter/Interpreter.cpp

@@ -84 +84 @@
 // Preferred number of milliseconds between each timeout check
 static const int preferredScriptCheckTimeInterval = 1000;
-
-#if HAVE(COMPUTED_GOTO)
-static void* op_throw_end_indirect;
-static void* op_call_indirect;
-#endif
 
 #if ENABLE(JIT)
@@ -1324 +1319 @@
 }
 
+static size_t countPrototypeChainEntriesAndCheckForProxies(CallFrame* callFrame, JSValue* baseValue, const PropertySlot& slot)
+{
+    JSObject* o = asObject(baseValue);
+    size_t count = 0;
+
+    while (slot.slotBase() != o) {
+        JSValue* v = o->structure()->prototypeForLookup(callFrame);
+
+        // If we didn't find slotBase in baseValue's prototype chain, then baseValue
+        // must be a proxy for another object.
+
+        if (v->isNull())
+            return 0;
+
+        o = asObject(v);
+
+        // Heavy access to a prototype is a good indication that it's not being
+        // used as a dictionary.
+        if (o->structure()->isDictionary()) {
+            RefPtr<Structure> transition = Structure::fromDictionaryTransition(o->structure());
+            o->setStructure(transition.release());
+            asObject(baseValue)->structure()->setCachedPrototypeChain(0);
+        }
+
+        ++count;
+    }
+    
+    ASSERT(count);
+    return count;
+}
+
 NEVER_INLINE void Interpreter::tryCacheGetByID(CallFrame* callFrame, CodeBlock* codeBlock, Instruction* vPC, JSValue* baseValue, const Identifier& propertyName, const PropertySlot& slot)
 {
@@ -1404 +1430 @@
     }
 
-    size_t count = 0;
-    JSObject* o = asObject(baseValue);
-    while (slot.slotBase() != o) {
-        JSValue* v = o->structure()->prototypeForLookup(callFrame);
-
-        // If we didn't find base in baseValue's prototype chain, then baseValue
-        // must be a proxy for another object.
-        if (v->isNull()) {
-            vPC[0] = getOpcode(op_get_by_id_generic);
-            return;
-        }
-
-        o = asObject(v);
-
-        // Heavy access to a prototype is a good indication that it's not being
-        // used as a dictionary.
-        if (o->structure()->isDictionary()) {
-            RefPtr<Structure> transition = Structure::fromDictionaryTransition(o->structure());
-            o->setStructure(transition.release());
-            asObject(baseValue)->structure()->setCachedPrototypeChain(0);
-        }
-
-        ++count;
+    size_t count = countPrototypeChainEntriesAndCheckForProxies(callFrame, baseValue, slot);
+    if (!count) {
+        vPC[0] = getOpcode(op_get_by_id_generic);
+        return;
     }
 
@@ -1463 +1470 @@
             #undef ADD_OPCODE_ID
             ASSERT(m_opcodeIDTable.size() == numOpcodeIDs);
-            op_throw_end_indirect = &&op_throw_end;
-            op_call_indirect = &&op_call;
         #endif // HAVE(COMPUTED_GOTO)
         return noValue();
@@ -3315 +3320 @@
         // We didn't find the blessed version of eval, so process this
         // instruction as a normal function call.
-
-#if HAVE(COMPUTED_GOTO)
-        // Hack around gcc performance quirk by performing an indirect goto
-        // in order to set the vPC -- attempting to do so directly results in a
-        // significant regression.
-        goto *op_call_indirect; // indirect goto -> op_call
-#endif
         // fall through to op_call
     }
@@ -3802 +3800 @@
             return jsNull();
         }
-
-#if HAVE(COMPUTED_GOTO)
-        // Hack around gcc performance quirk by performing an indirect goto
-        // in order to set the vPC -- attempting to do so directly results in a
-        // significant regression.
-        goto *op_throw_end_indirect; // indirect goto -> op_throw_end
-    }
-    op_throw_end: {
-#endif
 
         vPC = handlerVPC;
@@ -4228 +4217 @@
     }
 
-    size_t count = 0;
-    JSObject* o = asObject(baseValue);
-    while (slot.slotBase() != o) {
-        JSValue* v = o->structure()->prototypeForLookup(callFrame);
-
-        // If we didn't find slotBase in baseValue's prototype chain, then baseValue
-        // must be a proxy for another object.
-
-        if (v->isNull()) {
-            vPC[0] = getOpcode(op_get_by_id_generic);
-            return;
-        }
-
-        o = asObject(v);
-
-        // Heavy access to a prototype is a good indication that it's not being
-        // used as a dictionary.
-        if (o->structure()->isDictionary()) {
-            RefPtr<Structure> transition = Structure::fromDictionaryTransition(o->structure());
-            o->setStructure(transition.release());
-            asObject(baseValue)->structure()->setCachedPrototypeChain(0);
-        }
-
-        ++count;
+    size_t count = countPrototypeChainEntriesAndCheckForProxies(callFrame, baseValue, slot);
+    if (!count) {
+        vPC[0] = getOpcode(op_get_by_id_generic);
+        return;
     }
 
@@ -4257 +4226 @@
     if (!chain)
         chain = cachePrototypeChain(callFrame, structure);
-
     ASSERT(chain);
+
     vPC[0] = getOpcode(op_get_by_id_chain);
     vPC[4] = structure;
@@ -4621 +4590 @@
         if (vPC[0].u.opcode == ARG_globalData->interpreter->getOpcode(op_get_by_id_self)) {
             ASSERT(!stubInfo->stubRoutine);
-            polymorphicStructureList = new PolymorphicAccessStructureList(vPC[4].u.structure, 0, vPC[5].u.operand, 0);
+            polymorphicStructureList = new PolymorphicAccessStructureList(vPC[5].u.operand, 0, vPC[4].u.structure);
 
             vPC[0] = ARG_globalData->interpreter->getOpcode(op_get_by_id_self_list);
@@ -4643 +4612 @@
 }
 
+static PolymorphicAccessStructureList* getPolymorphicAccessStructureListSlot(Interpreter* interpreter, StructureStubInfo* stubInfo, Instruction* vPC, int& listIndex)
+{
+    PolymorphicAccessStructureList* prototypeStructureList;
+    listIndex = 1;
+
+    if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_proto)) {
+        prototypeStructureList = new PolymorphicAccessStructureList(vPC[6].u.operand, stubInfo->stubRoutine, vPC[4].u.structure, vPC[5].u.structure);
+        stubInfo->stubRoutine = 0;
+
+        vPC[0] = interpreter->getOpcode(op_get_by_id_proto_list);
+        vPC[4] = prototypeStructureList;
+        vPC[5] = 2;
+    } else if (vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_chain)) {
+        prototypeStructureList = new PolymorphicAccessStructureList(vPC[6].u.operand, stubInfo->stubRoutine, vPC[4].u.structure, vPC[5].u.structureChain);
+        stubInfo->stubRoutine = 0;
+
+        vPC[0] = interpreter->getOpcode(op_get_by_id_proto_list);
+        vPC[4] = prototypeStructureList;
+        vPC[5] = 2;
+    } else {
+        ASSERT(vPC[0].u.opcode == interpreter->getOpcode(op_get_by_id_proto_list));
+        prototypeStructureList = vPC[4].u.polymorphicStructures;
+        listIndex = vPC[5].u.operand;
+        vPC[5] = listIndex + 1;
+
+        ASSERT(listIndex < POLYMORPHIC_LIST_CACHE_SIZE);
+    }
+    
+    return prototypeStructureList;
+}
+
 JSValue* Interpreter::cti_op_get_by_id_proto_list(CTI_ARGS)
 {
@@ -4655 +4655 @@
     CHECK_FOR_EXCEPTION();
 
-    if (baseValue->isObject()
-        && slot.isCacheable()
-        && !asCell(baseValue)->structure()->isDictionary()
-        && slot.slotBase() == asCell(baseValue)->structure()->prototypeForLookup(callFrame)) {
-
-        JSCell* baseCell = asCell(baseValue);
-        Structure* structure = baseCell->structure();
-        CodeBlock* codeBlock = callFrame->codeBlock();
-        unsigned vPCIndex = codeBlock->ctiReturnAddressVPCMap.get(CTI_RETURN_ADDRESS);
-        Instruction* vPC = codeBlock->instructions.begin() + vPCIndex;
-
-        ASSERT(slot.slotBase()->isObject());
-
-        JSObject* slotBaseObject = asObject(slot.slotBase());
-
+    if (!baseValue->isObject() || !slot.isCacheable() || asCell(baseValue)->structure()->isDictionary()) {
+        ctiRepatchCallByReturnAddress(CTI_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_proto_fail));
+        return result;
+    }
+
+    Structure* structure = asCell(baseValue)->structure();
+    CodeBlock* codeBlock = callFrame->codeBlock();
+    Instruction* vPC = codeBlock->instructions.begin() + codeBlock->ctiReturnAddressVPCMap.get(CTI_RETURN_ADDRESS);
+
+    ASSERT(slot.slotBase()->isObject());
+    JSObject* slotBaseObject = asObject(slot.slotBase());
+
+    if (slot.slotBase() == baseValue)
+        ctiRepatchCallByReturnAddress(CTI_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_proto_fail));
+    else if (slot.slotBase() == asCell(baseValue)->structure()->prototypeForLookup(callFrame)) {
         // Heavy access to a prototype is a good indication that it's not being
         // used as a dictionary.
@@ -4679 +4679 @@
 
         StructureStubInfo* stubInfo = &codeBlock->getStubInfo(CTI_RETURN_ADDRESS);
-
-        PolymorphicAccessStructureList* prototypeStructureList;
-        int listIndex = 1;
-
-        if (vPC[0].u.opcode == ARG_globalData->interpreter->getOpcode(op_get_by_id_proto)) {
-            prototypeStructureList = new PolymorphicAccessStructureList(vPC[4].u.structure, vPC[5].u.structure, vPC[6].u.operand, stubInfo->stubRoutine);
-            stubInfo->stubRoutine = 0;
-
-            vPC[0] = ARG_globalData->interpreter->getOpcode(op_get_by_id_proto_list);
-            vPC[4] = prototypeStructureList;
-            vPC[5] = 2;
-        } else {
-            prototypeStructureList = vPC[4].u.polymorphicStructures;
-            listIndex = vPC[5].u.operand;
-
-            vPC[5] = listIndex + 1;
-        }
+        int listIndex;
+        PolymorphicAccessStructureList* prototypeStructureList = getPolymorphicAccessStructureListSlot(ARG_globalData->interpreter, stubInfo, vPC, listIndex);
 
         JIT::compileGetByIdProtoList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, slotBaseObject->structure(), slot.cachedOffset());
@@ -4701 +4686 @@
         if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
             ctiRepatchCallByReturnAddress(CTI_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_proto_list_full));
-    } else {
+    } else if (size_t count = countPrototypeChainEntriesAndCheckForProxies(callFrame, baseValue, slot)) {
+        StructureChain* chain = structure->cachedPrototypeChain();
+        if (!chain)
+            chain = cachePrototypeChain(callFrame, structure);
+        ASSERT(chain);
+
+        StructureStubInfo* stubInfo = &codeBlock->getStubInfo(CTI_RETURN_ADDRESS);
+        int listIndex;
+        PolymorphicAccessStructureList* prototypeStructureList = getPolymorphicAccessStructureListSlot(ARG_globalData->interpreter, stubInfo, vPC, listIndex);
+
+        JIT::compileGetByIdChainList(callFrame->scopeChain()->globalData, callFrame, codeBlock, stubInfo, prototypeStructureList, listIndex, structure, chain, count, slot.cachedOffset());
+
+        if (listIndex == (POLYMORPHIC_LIST_CACHE_SIZE - 1))
+            ctiRepatchCallByReturnAddress(CTI_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_proto_list_full));
+    } else
         ctiRepatchCallByReturnAddress(CTI_RETURN_ADDRESS, reinterpret_cast<void*>(cti_op_get_by_id_proto_fail));
-    }
+
     return result;
 }
@@ -4720 +4719 @@
 
 JSValue* Interpreter::cti_op_get_by_id_proto_fail(CTI_ARGS)
-{
-    CTI_STACK_HACK();
-
-    JSValue* baseValue = ARG_src1;
-    PropertySlot slot(baseValue);
-    JSValue* result = baseValue->get(ARG_callFrame, *ARG_id2, slot);
-
-    CHECK_FOR_EXCEPTION_AT_END();
-    return result;
-}
-
-JSValue* Interpreter::cti_op_get_by_id_chain_fail(CTI_ARGS)
 {
     CTI_STACK_HACK();