Changeset 38917 in webkit for trunk/JavaScriptCore

Timestamp:

Dec 2, 2008, 1:52:24 PM (17 years ago)

Author:

[email protected]

Message:

2008-12-02 Geoffrey Garen <​[email protected]>

Reviewed by Geoffrey Garen. (Patch by Cameron Zwarich <​[email protected]>.)

Fixed ​https://bugs.webkit.org/show_bug.cgi?id=22482
REGRESSION (r37991): Occasionally see "Scene rendered incorrectly"
message when running the V8 Raytrace benchmark

Rolled out r37991. It didn't properly save xmm0, which is caller-save,
before calling helper functions.

SunSpider and v8 benchmarks show little change -- possibly a .2%
SunSpider regression, possibly a .2% v8 benchmark speedup.

• assembler/X86Assembler.h: (JSC::X86Assembler::):
• bytecode/CodeBlock.cpp: (JSC::CodeBlock::dump):
• bytecode/Instruction.h: (JSC::Instruction::):
• bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitUnaryOp):
• bytecompiler/BytecodeGenerator.h: (JSC::BytecodeGenerator::emitToJSNumber): (JSC::BytecodeGenerator::emitTypeOf): (JSC::BytecodeGenerator::emitGetPropertyNames):
• interpreter/Interpreter.cpp: (JSC::Interpreter::privateExecute):
• interpreter/Interpreter.h:
• jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases):
• jit/JIT.h:
• parser/Nodes.cpp: (JSC::UnaryOpNode::emitBytecode): (JSC::BinaryOpNode::emitBytecode): (JSC::EqualNode::emitBytecode):
• parser/ResultType.h: (JSC::ResultType::isReusable): (JSC::ResultType::mightBeNumber):
• runtime/JSNumberCell.h:

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• assembler/X86Assembler.h (modified) (4 diffs)
• bytecode/CodeBlock.cpp (modified) (1 diff)
• bytecode/Instruction.h (modified) (2 diffs)
• bytecompiler/BytecodeGenerator.cpp (modified) (1 diff)
• bytecompiler/BytecodeGenerator.h (modified) (4 diffs)
• interpreter/Interpreter.cpp (modified) (1 diff)
• interpreter/Interpreter.h (modified) (1 diff)
• jit/JIT.cpp (modified) (5 diffs)
• jit/JIT.h (modified) (2 diffs)
• parser/Nodes.cpp (modified) (3 diffs)
• parser/ResultType.h (modified) (2 diffs)
• runtime/JSNumberCell.h (modified) (1 diff)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2008-12-02  Geoffrey Garen  <[email protected]>
+
+        Reviewed by Geoffrey Garen. (Patch by Cameron Zwarich <[email protected]>.)
+        
+        Fixed https://bugs.webkit.org/show_bug.cgi?id=22482
+        REGRESSION (r37991): Occasionally see "Scene rendered incorrectly"
+        message when running the V8 Raytrace benchmark
+        
+        Rolled out r37991. It didn't properly save xmm0, which is caller-save,
+        before calling helper functions.
+        
+        SunSpider and v8 benchmarks show little change -- possibly a .2%
+        SunSpider regression, possibly a .2% v8 benchmark speedup.
+
+        * assembler/X86Assembler.h:
+        (JSC::X86Assembler::):
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/Instruction.h:
+        (JSC::Instruction::):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitUnaryOp):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::emitToJSNumber):
+        (JSC::BytecodeGenerator::emitTypeOf):
+        (JSC::BytecodeGenerator::emitGetPropertyNames):
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * interpreter/Interpreter.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        (JSC::JIT::privateCompileSlowCases):
+        * jit/JIT.h:
+        * parser/Nodes.cpp:
+        (JSC::UnaryOpNode::emitBytecode):
+        (JSC::BinaryOpNode::emitBytecode):
+        (JSC::EqualNode::emitBytecode):
+        * parser/ResultType.h:
+        (JSC::ResultType::isReusable):
+        (JSC::ResultType::mightBeNumber):
+        * runtime/JSNumberCell.h:
+
 2008-12-01  Gavin Barraclough  <[email protected]>
 

trunk/JavaScriptCore/assembler/X86Assembler.h

@@ -124 +124 @@
         OP2_CVTTSD2SI_GdWsd = 0x2C,
         OP2_UCOMISD_VsdWsd  = 0x2E,
-        OP2_XORPD_VsdWsd    = 0x57,
         OP2_ADDSD_VsdWsd    = 0x58,
         OP2_MULSD_VsdWsd    = 0x59,
@@ -160 +159 @@
 
         GROUP3_OP_TEST = 0,
-        GROUP3_OP_NEG  = 3,
         GROUP3_OP_IDIV = 7,
 
@@ -591 +589 @@
     }
 
-    void negl_r(RegisterID dst)
-    {
-        m_buffer->putByte(OP_GROUP3_Ev);
-        modRm_opr(GROUP3_OP_NEG, dst);
-    }
-
     void cdq()
     {
@@ -770 +762 @@
         modRm_rm((RegisterID)dst, base, offset);
     }
-
-#if !PLATFORM(X86_64)
-    void xorpd_mr(void* addr, XMMRegisterID dst)
-    {
-        m_buffer->putByte(PRE_SSE_66);
-        m_buffer->putByte(OP_2BYTE_ESCAPE);
-        m_buffer->putByte(OP2_XORPD_VsdWsd);
-        modRm_rm((RegisterID)dst, addr);
-    }
-#endif
 
     void movsd_rm(XMMRegisterID src, int offset, RegisterID base)

trunk/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -469 +469 @@
         case op_negate: {
             printUnaryOp(location, it, "negate");
-            ++it;
             break;
         }

trunk/JavaScriptCore/bytecode/Instruction.h

@@ -31 +31 @@
 
 #include "Opcode.h"
-#include "ResultType.h"
 #include <wtf/VectorTraits.h>
 
@@ -139 +138 @@
             StructureChain* structureChain;
             JSCell* jsCell;
-            ResultType::Type resultType;
             PolymorphicAccessStructureList* polymorphicStructures;
         } u;

trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -750 +750 @@
 }
 
-RegisterID* BytecodeGenerator::emitUnaryOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src, ResultType type)
+RegisterID* BytecodeGenerator::emitUnaryOp(OpcodeID opcodeID, RegisterID* dst, RegisterID* src)
 {
     emitOpcode(opcodeID);
     instructions().append(dst->index());
     instructions().append(src->index());
-    if (opcodeID == op_negate)
-        instructions().append(type.toInt());
     return dst;
 }

trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -232 +232 @@
         RegisterID* emitUnexpectedLoad(RegisterID* dst, double);
 
-        RegisterID* emitUnaryOp(OpcodeID, RegisterID* dst, RegisterID* src, ResultType);
+        RegisterID* emitUnaryOp(OpcodeID, RegisterID* dst, RegisterID* src);
         RegisterID* emitBinaryOp(OpcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2, OperandTypes);
         RegisterID* emitEqualityOp(OpcodeID, RegisterID* dst, RegisterID* src1, RegisterID* src2);
@@ -246 +246 @@
         RegisterID* emitMove(RegisterID* dst, RegisterID* src);
 
-        RegisterID* emitToJSNumber(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_to_jsnumber, dst, src, ResultType::unknown()); }
+        RegisterID* emitToJSNumber(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_to_jsnumber, dst, src); }
         RegisterID* emitPreInc(RegisterID* srcDst);
         RegisterID* emitPreDec(RegisterID* srcDst);
@@ -253 +253 @@
 
         RegisterID* emitInstanceOf(RegisterID* dst, RegisterID* value, RegisterID* base, RegisterID* basePrototype);
-        RegisterID* emitTypeOf(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_typeof, dst, src, ResultType::unknown()); }
+        RegisterID* emitTypeOf(RegisterID* dst, RegisterID* src) { return emitUnaryOp(op_typeof, dst, src); }
         RegisterID* emitIn(RegisterID* dst, RegisterID* property, RegisterID* base) { return emitBinaryOp(op_in, dst, property, base, OperandTypes()); }
 
@@ -291 +291 @@
         void emitSubroutineReturn(RegisterID* retAddrSrc);
 
-        RegisterID* emitGetPropertyNames(RegisterID* dst, RegisterID* base) { return emitUnaryOp(op_get_pnames, dst, base, ResultType::unknown()); }
+        RegisterID* emitGetPropertyNames(RegisterID* dst, RegisterID* base) { return emitUnaryOp(op_get_pnames, dst, base); }
         RegisterID* emitNextPropertyName(RegisterID* dst, RegisterID* iter, Label* target);
 

trunk/JavaScriptCore/interpreter/Interpreter.cpp

@@ -1874 +1874 @@
         }
 
-        ++vPC;
         NEXT_INSTRUCTION();
     }

trunk/JavaScriptCore/interpreter/Interpreter.h

@@ -273 +273 @@
         static void SFX_CALL cti_op_debug(CTI_ARGS);
 
-        static JSValue* SFX_CALL cti_allocate_number(CTI_ARGS);
-
         static JSValue* SFX_CALL cti_vm_throw(CTI_ARGS);
         static void* SFX_CALL cti_vm_dontLazyLinkCall(CTI_ARGS);

trunk/JavaScriptCore/jit/JIT.cpp

@@ -362 +362 @@
 #endif
 
-extern "C" {
-    static JSValue* FASTCALL allocateNumber(JSGlobalData* globalData) {
-        JSValue* result = new (globalData) JSNumberCell(globalData);
-        ASSERT(result);
-        return result;
-    }
-}
-
-ALWAYS_INLINE void JIT::emitAllocateNumber(JSGlobalData* globalData, unsigned bytecodeIndex)
-{
-    __ movl_i32r(reinterpret_cast<intptr_t>(globalData), X86::ecx);
-    emitNakedFastCall(bytecodeIndex, (void*)allocateNumber);
-}
-
 ALWAYS_INLINE JmpSrc JIT::emitNakedCall(unsigned bytecodeIndex, X86::RegisterID r)
 {
@@ -385 +371 @@
 
 ALWAYS_INLINE  JmpSrc JIT::emitNakedCall(unsigned bytecodeIndex, void* function)
-{
-    JmpSrc call = __ call();
-    m_calls.append(CallRecord(call, reinterpret_cast<CTIHelper_v>(function), bytecodeIndex));
-    return call;
-}
-
-ALWAYS_INLINE  JmpSrc JIT::emitNakedFastCall(unsigned bytecodeIndex, void* function)
 {
     JmpSrc call = __ call();
@@ -602 +581 @@
     __ addl_rr(reg, reg);
     emitFastArithReTagImmediate(reg);
-}
-
-ALWAYS_INLINE JmpSrc JIT::emitArithIntToImmWithJump(RegisterID reg)
-{
-    __ addl_rr(reg, reg);
-    JmpSrc jmp = __ jo();
-    emitFastArithReTagImmediate(reg);
-    return jmp;
 }
 
@@ -1597 +1568 @@
         }
         case op_negate: {
-            int srcVReg = instruction[i + 2].u.operand;
-            emitGetVirtualRegister(srcVReg, X86::eax, i);
-
-            __ testl_i32r(JSImmediate::TagBitTypeInteger, X86::eax);
-            JmpSrc notImmediate = __ je();
-
-            __ cmpl_i32r(JSImmediate::TagBitTypeInteger, X86::eax);
-            JmpSrc zeroImmediate = __ je();
-            emitFastArithImmToInt(X86::eax);
-            __ negl_r(X86::eax); // This can't overflow as we only have a 31bit int at this point
-            JmpSrc overflow = emitArithIntToImmWithJump(X86::eax);
-            emitPutVirtualRegister(instruction[i + 1].u.operand);
-            JmpSrc immediateNegateSuccess = __ jmp();
-
-            if (!isSSE2Present()) {
-                __ link(zeroImmediate, __ label());
-                __ link(overflow, __ label());
-                __ link(notImmediate, __ label());
-                emitPutCTIArgFromVirtualRegister(instruction[i + 2].u.operand, 0, X86::ecx);
-                emitCTICall(i, Interpreter::cti_op_negate);
-                emitPutVirtualRegister(instruction[i + 1].u.operand);
-            } else {
-                // Slow case immediates
-                m_slowCases.append(SlowCaseEntry(zeroImmediate, i));
-                m_slowCases.append(SlowCaseEntry(overflow, i));
-                __ link(notImmediate, __ label());
-                ResultType resultType(instruction[i + 3].u.resultType);
-                if (!resultType.definitelyIsNumber()) {
-                    emitJumpSlowCaseIfNotJSCell(X86::eax, i, srcVReg);
-                    Structure* numberStructure = m_globalData->numberStructure.get();
-                    __ cmpl_i32m(reinterpret_cast<unsigned>(numberStructure), FIELD_OFFSET(JSCell, m_structure), X86::eax);
-                    m_slowCases.append(SlowCaseEntry(__ jne(), i));
-                }
-                __ movsd_mr(FIELD_OFFSET(JSNumberCell, m_value), X86::eax, X86::xmm0);
-                // We need 3 copies of the sign bit mask so we can assure alignment and pad for the 128bit load
-                static double doubleSignBit[] = { -0.0, -0.0, -0.0 };
-                __ xorpd_mr((void*)((((uintptr_t)doubleSignBit)+15)&~15), X86::xmm0);
-                JmpSrc wasCell;
-                if (!resultType.isReusableNumber())
-                    emitAllocateNumber(m_globalData, i);
-
-                putDoubleResultToJSNumberCellOrJSImmediate(X86::xmm0, X86::eax, instruction[i + 1].u.operand, &wasCell,
-                                                           X86::xmm1, X86::ecx, X86::edx);
-                __ link(wasCell, __ label());
-            }
-            __ link(immediateNegateSuccess, __ label());
-            i += 4;
+            emitPutCTIArgFromVirtualRegister(instruction[i + 2].u.operand, 0, X86::ecx);
+            emitCTICall(i, Interpreter::cti_op_negate);
+            emitPutVirtualRegister(instruction[i + 1].u.operand);
+            i += 3;
             break;
         }
@@ -2486 +2414 @@
             break;
         }
-        case op_negate: {
-            __ link(iter->from, __ label());
-            __ link((++iter)->from, __ label());
-            ResultType resultType(instruction[i + 3].u.resultType);
-            if (!resultType.definitelyIsNumber()) {
-                if (linkSlowCaseIfNotJSCell(++iter, instruction[i + 2].u.operand))
-                    ++iter;
-                __ link(iter->from, __ label());
-            }
-
-            emitPutCTIArgFromVirtualRegister(instruction[i + 2].u.operand, 0, X86::ecx);
-            emitCTICall(i, Interpreter::cti_op_negate);
-            emitPutVirtualRegister(instruction[i + 1].u.operand);
-            i += 4;
-            break;
-        }
         case op_rshift: {
             __ link(iter->from, __ label());

trunk/JavaScriptCore/jit/JIT.h

@@ -87 +87 @@
 #define CTI_RETURN_ADDRESS_SLOT (ARGS[-1])
 
-#if COMPILER(MSVC)
-#define FASTCALL __fastcall
-#elif COMPILER(GCC)
-#define FASTCALL  __attribute__ ((fastcall))
-#else
-#error Need to support fastcall calling convention in this compiler
-#endif
-
 namespace JSC {
 
@@ -449 +441 @@
         void emitFastArithIntToImmOrSlowCase(RegisterID, unsigned bytecodeIndex);
         void emitFastArithIntToImmNoCheck(RegisterID);
-        JmpSrc emitArithIntToImmWithJump(RegisterID reg);
 
         void emitTagAsBoolImmediate(RegisterID reg);
-
-        void emitAllocateNumber(JSGlobalData*, unsigned);
 
         JmpSrc emitNakedCall(unsigned bytecodeIndex, RegisterID);
         JmpSrc emitNakedCall(unsigned bytecodeIndex, void* function);
-        JmpSrc emitNakedFastCall(unsigned bytecodeIndex, void*);
         JmpSrc emitCTICall(unsigned bytecodeIndex, CTIHelper_j);
         JmpSrc emitCTICall(unsigned bytecodeIndex, CTIHelper_o);

trunk/JavaScriptCore/parser/Nodes.cpp

@@ -1094 +1094 @@
 {
     RegisterID* src = generator.emitNode(m_expr.get());
-    return generator.emitUnaryOp(opcodeID(), generator.finalDestination(dst), src, m_expr->resultDescriptor());
+    return generator.emitUnaryOp(opcodeID(), generator.finalDestination(dst), src);
 }
 
@@ -1116 +1116 @@
         if (m_expr1->isNull() || m_expr2->isNull()) {
             RefPtr<RegisterID> src = generator.emitNode(dst, m_expr1->isNull() ? m_expr2.get() : m_expr1.get());
-            return generator.emitUnaryOp(op_neq_null, generator.finalDestination(dst, src.get()), src.get(), ResultType::unknown());
+            return generator.emitUnaryOp(op_neq_null, generator.finalDestination(dst, src.get()), src.get());
         }
     }
@@ -1129 +1129 @@
     if (m_expr1->isNull() || m_expr2->isNull()) {
         RefPtr<RegisterID> src = generator.emitNode(dst, m_expr1->isNull() ? m_expr2.get() : m_expr1.get());
-        return generator.emitUnaryOp(op_eq_null, generator.finalDestination(dst, src.get()), src.get(), ResultType::unknown());
+        return generator.emitUnaryOp(op_eq_null, generator.finalDestination(dst, src.get()), src.get());
     }
 

trunk/JavaScriptCore/parser/ResultType.h

@@ -53 +53 @@
             return (m_type & TypeReusable);
         }
-        
-        bool isReusableNumber()
-        {
-            return isReusable() && definitelyIsNumber();
-        }
 
         bool definitelyIsNumber()
@@ -72 +67 @@
         {
             return !isNotNumber();
-        }
-        
-        int toInt()
-        {
-            return static_cast<int>(m_type);
         }
 

trunk/JavaScriptCore/runtime/JSNumberCell.h

@@ -85 +85 @@
         static PassRefPtr<Structure> createStructure(JSValue* proto) { return Structure::create(proto, TypeInfo(NumberType, NeedsThisConversion)); }
 
-        JSNumberCell(JSGlobalData* globalData)
-        : JSCell(globalData->numberStructure.get())
-        {
-        }
-
     private:
         JSNumberCell(JSGlobalData* globalData, double value)