Changeset 42065 in webkit for trunk/JavaScriptCore

Timestamp:

Mar 27, 2009, 8:50:39 PM (16 years ago)

Author:

[email protected]

Message:

Improve performance of Function.prototype.call
<​https://bugs.webkit.org/show_bug.cgi?id=24907>

Reviewed by Gavin Barraclough

Optimistically assume that expression.call(..) is going to be a call to
Function.prototype.call, and handle it specially to attempt to reduce the
degree of VM reentrancy.

When everything goes right this removes the vm reentry improving .call()
by around a factor of 10.

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• bytecode/CodeBlock.cpp (modified) (1 diff)
• bytecode/Opcode.h (modified) (1 diff)
• bytecompiler/BytecodeGenerator.cpp (modified) (1 diff)
• bytecompiler/BytecodeGenerator.h (modified) (1 diff)
• interpreter/Interpreter.cpp (modified) (1 diff)
• jit/JIT.cpp (modified) (1 diff)
• parser/Grammar.y (modified) (1 diff)
• parser/Nodes.cpp (modified) (1 diff)
• parser/Nodes.h (modified) (1 diff)
• runtime/FunctionPrototype.cpp (modified) (1 diff)
• runtime/FunctionPrototype.h (modified) (1 diff)
• runtime/JSGlobalObject.cpp (modified) (2 diffs)
• runtime/JSGlobalObject.h (modified) (2 diffs)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2009-03-27  Oliver Hunt  <[email protected]>
+
+        Reviewed by Gavin Barraclough.
+
+        Improve performance of Function.prototype.call
+        <https://bugs.webkit.org/show_bug.cgi?id=24907>
+
+        Optimistically assume that expression.call(..) is going to be a call to
+        Function.prototype.call, and handle it specially to attempt to reduce the
+        degree of VM reentrancy.
+
+        When everything goes right this removes the vm reentry improving .call()
+        by around a factor of 10.
+
+        * JavaScriptCore.xcodeproj/project.pbxproj:
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::dump):
+        * bytecode/Opcode.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitJumpIfNotFunctionCall):
+        * bytecompiler/BytecodeGenerator.h:
+        * interpreter/Interpreter.cpp:
+        (JSC::Interpreter::privateExecute):
+        * jit/JIT.cpp:
+        (JSC::JIT::privateCompileMainPass):
+        * parser/Grammar.y:
+        * parser/Nodes.cpp:
+        (JSC::CallFunctionCallDotNode::emitBytecode):
+        * parser/Nodes.h:
+        (JSC::CallFunctionCallDotNode::):
+        * runtime/FunctionPrototype.cpp:
+        (JSC::FunctionPrototype::addFunctionProperties):
+        * runtime/FunctionPrototype.h:
+        * runtime/JSGlobalObject.cpp:
+        (JSC::JSGlobalObject::reset):
+        (JSC::JSGlobalObject::mark):
+        * runtime/JSGlobalObject.h:
+
 2009-03-27  Laszlo Gombos  <[email protected]>
 

trunk/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -889 +889 @@
             break;
         }
-        case op_jnless: {
+        case op_jneq_ptr: {
             int r0 = (++it)->u.operand;
             int r1 = (++it)->u.operand;
             int offset = (++it)->u.operand;
-            printf("[%4d] jnless\t\t %s, %s, %d(->%d)\n", location, registerName(r0).c_str(), registerName(r1).c_str(), offset, locationForOffset(begin, it, offset));
+            printf("[%4d] jneq_ptr\t\t %s, %s, %d(->%d)\n", location, registerName(r0).c_str(), registerName(r1).c_str(), offset, locationForOffset(begin, it, offset));
+            break;
+        }
+        case op_jnless: {
+            int r0 = (++it)->u.operand;
+            JSValuePtr function = JSValuePtr((++it)->u.jsCell);
+            int offset = (++it)->u.operand;
+            printf("[%4d] jnless\t\t %s, %s, %d(->%d)\n", location, registerName(r0).c_str(), valueToSourceString(exec, function).ascii(), offset, locationForOffset(begin, it, offset));
             break;
         }

trunk/JavaScriptCore/bytecode/Opcode.h

@@ -126 +126 @@
         macro(op_jeq_null, 3) \
         macro(op_jneq_null, 3) \
+        macro(op_jneq_ptr, 4) \
         macro(op_jnless, 4) \
         macro(op_jmp_scopes, 3) \

trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -692 +692 @@
     emitOpcode(op_jfalse);
     instructions().append(cond->index());
+    instructions().append(target->offsetFrom(instructions().size()));
+    return target;
+}
+
+PassRefPtr<Label> BytecodeGenerator::emitJumpIfNotFunctionCall(RegisterID* cond, Label* target)
+{
+    emitOpcode(op_jneq_ptr);
+    instructions().append(cond->index());
+    instructions().append(m_scopeChain->globalObject()->d()->callFunction);
     instructions().append(target->offsetFrom(instructions().size()));
     return target;

trunk/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -299 +299 @@
         PassRefPtr<Label> emitJumpIfTrue(RegisterID* cond, Label* target);
         PassRefPtr<Label> emitJumpIfFalse(RegisterID* cond, Label* target);
+        PassRefPtr<Label> emitJumpIfNotFunctionCall(RegisterID* cond, Label* target);
         PassRefPtr<Label> emitJumpScopes(Label* target, int targetScopeDepth);
 

trunk/JavaScriptCore/interpreter/Interpreter.cpp

@@ -2667 +2667 @@
         NEXT_INSTRUCTION();
     }
+    DEFINE_OPCODE(op_jneq_ptr) {
+        /* jneq_ptr src(r) ptr(jsCell) target(offset)
+         
+           Jumps to offset target from the current instruction, if the value r is equal
+           to ptr, using pointer equality.
+         */
+        int src = (++vPC)->u.operand;
+        JSValuePtr ptr = JSValuePtr((++vPC)->u.jsCell);
+        int target = (++vPC)->u.operand;
+        JSValuePtr srcValue = callFrame[src].jsValue(callFrame);
+        if (srcValue != ptr) {
+            vPC += target;
+            NEXT_INSTRUCTION();
+        }
+
+        ++vPC;
+        NEXT_INSTRUCTION();
+    }
     DEFINE_OPCODE(op_loop_if_less) {
         /* loop_if_less src1(r) src2(r) target(offset)

trunk/JavaScriptCore/jit/JIT.cpp

@@ -820 +820 @@
             NEXT_OPCODE(op_jneq_null);
         }
+        case op_jneq_ptr: {
+            unsigned src = currentInstruction[1].u.operand;
+            JSCell* ptr = currentInstruction[2].u.jsCell;
+            unsigned target = currentInstruction[3].u.operand;
+            
+            emitGetVirtualRegister(src, regT0);
+            addJump(branchPtr(NotEqual, regT0, ImmPtr(JSValuePtr::encode(JSValuePtr(ptr)))), target + 3);            
+
+            RECORD_JUMP_TARGET(target + 3);
+            NEXT_OPCODE(op_jneq_ptr);
+        }
         case op_post_inc: {
             compileFastArith_op_post_inc(currentInstruction[1].u.operand, currentInstruction[2].u.operand);

trunk/JavaScriptCore/parser/Grammar.y

@@ -1926 +1926 @@
     ASSERT(func.m_node->isDotAccessorNode());
     DotAccessorNode* dot = static_cast<DotAccessorNode*>(func.m_node);
-    FunctionCallDotNode* node = new FunctionCallDotNode(GLOBAL_DATA, dot->base(), dot->identifier(), args.m_node, divot, divot - start, end - divot);
+    FunctionCallDotNode* node;
+    if (dot->identifier() == GLOBAL_DATA->propertyNames->call)
+        node = new CallFunctionCallDotNode(GLOBAL_DATA, dot->base(), dot->identifier(), args.m_node, divot, divot - start, end - divot);
+    else
+        node = new FunctionCallDotNode(GLOBAL_DATA, dot->base(), dot->identifier(), args.m_node, divot, divot - start, end - divot);
     node->setSubexpressionInfo(dot->divot(), dot->endOffset());
     return createNodeInfo<ExpressionNode*>(node, features, numConstants);

trunk/JavaScriptCore/parser/Nodes.cpp

@@ -693 +693 @@
     RefPtr<RegisterID> thisRegister = generator.emitMove(generator.newTemporary(), base.get());
     return generator.emitCall(generator.finalDestination(dst, function.get()), function.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
+}
+
+RegisterID* CallFunctionCallDotNode::emitBytecode(BytecodeGenerator& generator, RegisterID* dst)
+{
+    RefPtr<Label> realCall = generator.newLabel();
+    RefPtr<Label> end = generator.newLabel();
+    RefPtr<RegisterID> base = generator.emitNode(m_base.get());
+    generator.emitExpressionInfo(divot() - m_subexpressionDivotOffset, startOffset() - m_subexpressionDivotOffset, m_subexpressionEndOffset);
+    RefPtr<RegisterID> function = generator.emitGetById(generator.tempDestination(dst), base.get(), m_ident);
+    RefPtr<RegisterID> finalDestination = generator.finalDestination(dst, function.get());
+    generator.emitJumpIfNotFunctionCall(function.get(), realCall.get());
+    {
+        RefPtr<RegisterID> realFunction = generator.emitMove(generator.tempDestination(dst), base.get());
+        RefPtr<RegisterID> thisRegister = generator.newTemporary();
+        RefPtr<ArgumentListNode> oldList = m_args->m_listNode;
+        if (m_args->m_listNode && m_args->m_listNode->m_expr) {
+            generator.emitNode(thisRegister.get(), m_args->m_listNode->m_expr.get());
+            m_args->m_listNode = m_args->m_listNode->m_next;
+        } else {
+            generator.emitLoad(thisRegister.get(), jsNull());
+        }
+        generator.emitCall(finalDestination.get(), realFunction.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
+        generator.emitJump(end.get());
+        m_args->m_listNode = oldList;
+    }
+    generator.emitLabel(realCall.get());
+    {
+        RefPtr<RegisterID> thisRegister = generator.emitMove(generator.newTemporary(), base.get());
+        generator.emitCall(finalDestination.get(), function.get(), thisRegister.get(), m_args.get(), divot(), startOffset(), endOffset());
+    }
+    generator.emitLabel(end.get());
+    return finalDestination.get();
 }
 

trunk/JavaScriptCore/parser/Nodes.h

@@ -764 +764 @@
         virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0) JSC_FAST_CALL;
 
-    private:
+    protected:
         RefPtr<ExpressionNode> m_base;
         Identifier m_ident;
         RefPtr<ArgumentsNode> m_args;
+    };
+
+    class CallFunctionCallDotNode : public FunctionCallDotNode {
+    public:
+        CallFunctionCallDotNode(JSGlobalData* globalData, ExpressionNode* base, const Identifier& ident, ArgumentsNode* args, unsigned divot, unsigned startOffset, unsigned endOffset) JSC_FAST_CALL
+            : FunctionCallDotNode(globalData, base, ident, args, divot, startOffset, endOffset)
+        {
+        }
+        virtual RegisterID* emitBytecode(BytecodeGenerator&, RegisterID* = 0) JSC_FAST_CALL;
     };
 

trunk/JavaScriptCore/runtime/FunctionPrototype.cpp

@@ -44 +44 @@
 }
 
-void FunctionPrototype::addFunctionProperties(ExecState* exec, Structure* prototypeFunctionStructure)
+void FunctionPrototype::addFunctionProperties(ExecState* exec, Structure* prototypeFunctionStructure, PrototypeFunction** callFunction)
 {
     putDirectFunctionWithoutTransition(exec, new (exec) PrototypeFunction(exec, prototypeFunctionStructure, 0, exec->propertyNames().toString, functionProtoFuncToString), DontEnum);
     putDirectFunctionWithoutTransition(exec, new (exec) PrototypeFunction(exec, prototypeFunctionStructure, 2, exec->propertyNames().apply, functionProtoFuncApply), DontEnum);
-    putDirectFunctionWithoutTransition(exec, new (exec) PrototypeFunction(exec, prototypeFunctionStructure, 1, exec->propertyNames().call, functionProtoFuncCall), DontEnum);
+    *callFunction = new (exec) PrototypeFunction(exec, prototypeFunctionStructure, 1, exec->propertyNames().call, functionProtoFuncCall);
+    putDirectFunctionWithoutTransition(exec, *callFunction, DontEnum);
 }
 

trunk/JavaScriptCore/runtime/FunctionPrototype.h

@@ -26 +26 @@
 namespace JSC {
 
+    class PrototypeFunction;
+
     class FunctionPrototype : public InternalFunction {
     public:
         FunctionPrototype(ExecState*, PassRefPtr<Structure>);
-        void addFunctionProperties(ExecState*, Structure* prototypeFunctionStructure);
+        void addFunctionProperties(ExecState*, Structure* prototypeFunctionStructure, PrototypeFunction** callFunction);
 
         static PassRefPtr<Structure> createStructure(JSValuePtr proto)

trunk/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -204 +204 @@
     d()->functionPrototype = new (exec) FunctionPrototype(exec, FunctionPrototype::createStructure(jsNull())); // The real prototype will be set once ObjectPrototype is created.
     d()->prototypeFunctionStructure = PrototypeFunction::createStructure(d()->functionPrototype);
-    d()->functionPrototype->addFunctionProperties(exec, d()->prototypeFunctionStructure.get());
+    PrototypeFunction* callFunction = 0;
+    d()->functionPrototype->addFunctionProperties(exec, d()->prototypeFunctionStructure.get(), &callFunction);
+    d()->callFunction = callFunction;
     d()->objectPrototype = new (exec) ObjectPrototype(exec, ObjectPrototype::createStructure(jsNull()), d()->prototypeFunctionStructure.get());
     d()->functionPrototype->structure()->setPrototypeWithoutTransition(d()->objectPrototype);
@@ -371 +373 @@
 
     markIfNeeded(d()->evalFunction);
+    markIfNeeded(d()->callFunction);
 
     markIfNeeded(d()->objectPrototype);

trunk/JavaScriptCore/runtime/JSGlobalObject.h

@@ -41 +41 @@
     class NativeErrorConstructor;
     class ProgramCodeBlock;
+    class PrototypeFunction;
     class RegExpConstructor;
     class RegExpPrototype;
@@ -105 +106 @@
 
             GlobalEvalFunction* evalFunction;
+            PrototypeFunction* callFunction;
 
             ObjectPrototype* objectPrototype;