Changeset 59056 in webkit for trunk/JavaScriptCore

Timestamp:

May 9, 2010, 4:42:22 AM (15 years ago)

Author:

[email protected]

Message:

2010-05-09 Oliver Hunt <​[email protected]>

Reviewed by Maciej Stachowiak.

Improve string indexing performance
​https://bugs.webkit.org/show_bug.cgi?id=38814

Add an assembly stub to do indexed loads from strings much
more cheaply than the current stub dispatch logic. We can
do this because we are able to make guarantees about the
register contents when entering the stub so the call overhead
is negligible.

• jit/JIT.h:
• jit/JITInlineMethods.h:
• jit/JITOpcodes.cpp:
• jit/JITPropertyAccess.cpp: (JSC::JIT::stringGetByValStubGenerator): (JSC::JIT::emitSlow_op_get_by_val):

Moved from JITOpcodes.cpp to keep the slowcase next to
the normal case codegen as we do for everything else.

• jit/JITPropertyAccess32_64.cpp: (JSC::JIT::stringGetByValStubGenerator): (JSC::JIT::emitSlow_op_get_by_val):
• jit/JSInterfaceJIT.h: (JSC::JSInterfaceJIT::emitFastArithImmToInt):

Location:

trunk/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• jit/JIT.h (modified) (2 diffs)
• jit/JITInlineMethods.h (modified) (1 diff)
• jit/JITOpcodes.cpp (modified) (1 diff)
• jit/JITPropertyAccess.cpp (modified) (2 diffs)
• jit/JITPropertyAccess32_64.cpp (modified) (2 diffs)
• jit/JSInterfaceJIT.h (modified) (3 diffs)

trunk/JavaScriptCore/ChangeLog

@@ +1 @@
+2010-05-09  Oliver Hunt  <[email protected]>
+
+        Reviewed by Maciej Stachowiak.
+
+        Improve string indexing performance
+        https://bugs.webkit.org/show_bug.cgi?id=38814
+
+        Add an assembly stub to do indexed loads from strings much
+        more cheaply than the current stub dispatch logic.  We can
+        do this because we are able to make guarantees about the
+        register contents when entering the stub so the call overhead
+        is negligible.
+
+        * jit/JIT.h:
+        * jit/JITInlineMethods.h:
+        * jit/JITOpcodes.cpp:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::stringGetByValStubGenerator):
+        (JSC::JIT::emitSlow_op_get_by_val):
+           Moved from JITOpcodes.cpp to keep the slowcase next to
+           the normal case codegen as we do for everything else.
+        * jit/JITPropertyAccess32_64.cpp:
+        (JSC::JIT::stringGetByValStubGenerator):
+        (JSC::JIT::emitSlow_op_get_by_val):
+        * jit/JSInterfaceJIT.h:
+        (JSC::JSInterfaceJIT::emitFastArithImmToInt):
+
 2010-05-09  Maciej Stachowiak  <[email protected]>
 

trunk/JavaScriptCore/jit/JIT.h

@@ -448 +448 @@
 #endif
         void emitFastArithReTagImmediate(RegisterID src, RegisterID dest);
-        void emitFastArithImmToInt(RegisterID);
         void emitFastArithIntToImmNoCheck(RegisterID src, RegisterID dest);
 
@@ -905 +904 @@
 #endif
 #endif
+        static PassRefPtr<NativeExecutable> stringGetByValStubGenerator(JSGlobalData* globalData, ExecutablePool* pool);
     } JIT_CLASS_ALIGNMENT;
 

trunk/JavaScriptCore/jit/JITInlineMethods.h

@@ -821 +821 @@
 }
 
-ALWAYS_INLINE void JIT::emitFastArithImmToInt(RegisterID reg)
-{
-#if USE(JSVALUE64)
-    UNUSED_PARAM(reg);
-#else
-    rshift32(Imm32(JSImmediate::IntegerPayloadShift), reg);
-#endif
-}
-
 // operand is int32_t, must have been zero-extended if register is 64-bit.
 ALWAYS_INLINE void JIT::emitFastArithIntToImmNoCheck(RegisterID src, RegisterID dest)

trunk/JavaScriptCore/jit/JITOpcodes.cpp

@@ -1408 +1408 @@
 }
 
-void JIT::emitSlow_op_get_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
-{
-    unsigned dst = currentInstruction[1].u.operand;
-    unsigned base = currentInstruction[2].u.operand;
-    unsigned property = currentInstruction[3].u.operand;
-
-    linkSlowCase(iter); // property int32 check
-    linkSlowCaseIfNotJSCell(iter, base); // base cell check
-    linkSlowCase(iter); // base array check
-    linkSlowCase(iter); // vector length check
-    linkSlowCase(iter); // empty value
-
-    JITStubCall stubCall(this, cti_op_get_by_val);
-    stubCall.addArgument(base, regT2);
-    stubCall.addArgument(property, regT2);
-    stubCall.call(dst);
-}
-
 void JIT::emitSlow_op_loop_if_lesseq(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
 {

trunk/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -53 +53 @@
 namespace JSC {
 
+PassRefPtr<NativeExecutable> JIT::stringGetByValStubGenerator(JSGlobalData* globalData, ExecutablePool* pool)
+{
+    JSInterfaceJIT jit;
+    JumpList failures;
+    failures.append(jit.branchPtr(NotEqual, Address(regT0), ImmPtr(globalData->jsStringVPtr)));
+    failures.append(jit.branchTest32(NonZero, Address(regT0, OBJECT_OFFSETOF(JSString, m_fiberCount))));
+#if USE(JSVALUE64)
+    jit.zeroExtend32ToPtr(regT1, regT1);
+#else
+    jit.emitFastArithImmToInt(regT1);
+#endif
+
+    // Load string length to regT1, and start the process of loading the data pointer into regT0
+    jit.load32(Address(regT0, ThunkHelpers::jsStringLengthOffset()), regT2);
+    jit.loadPtr(Address(regT0, ThunkHelpers::jsStringValueOffset()), regT0);
+    jit.loadPtr(Address(regT0, ThunkHelpers::stringImplDataOffset()), regT0);
+    
+    // Do an unsigned compare to simultaneously filter negative indices as well as indices that are too large
+    failures.append(jit.branch32(AboveOrEqual, regT1, regT2));
+    
+    // Load the character
+    jit.load16(BaseIndex(regT0, regT1, TimesTwo, 0), regT0);
+    
+    failures.append(jit.branch32(AboveOrEqual, regT0, Imm32(0x100)));
+    jit.move(ImmPtr(globalData->smallStrings.singleCharacterStrings()), regT1);
+    jit.loadPtr(BaseIndex(regT1, regT0, ScalePtr, 0), regT0);
+    jit.ret();
+    
+    failures.link(&jit);
+    jit.move(Imm32(0), regT0);
+    jit.ret();
+    
+    LinkBuffer patchBuffer(&jit, pool);
+    return adoptRef(new NativeExecutable(patchBuffer.finalizeCode()));
+}
+
 void JIT::emit_op_get_by_val(Instruction* currentInstruction)
 {
@@ -82 +118 @@
 
     emitPutVirtualRegister(dst);
+}
+
+void JIT::emitSlow_op_get_by_val(Instruction* currentInstruction, Vector<SlowCaseEntry>::iterator& iter)
+{
+    unsigned dst = currentInstruction[1].u.operand;
+    unsigned base = currentInstruction[2].u.operand;
+    unsigned property = currentInstruction[3].u.operand;
+    
+    linkSlowCase(iter); // property int32 check
+    linkSlowCaseIfNotJSCell(iter, base); // base cell check
+    Jump nonCell = jump();
+    linkSlowCase(iter); // base array check
+    Jump notString = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr));
+    emitNakedCall(m_globalData->getThunk(stringGetByValStubGenerator)->generatedJITCode().addressForCall());
+    Jump failed = branchTestPtr(Zero, regT0);
+    emitPutVirtualRegister(dst, regT0);
+    emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_get_by_val));
+    failed.link(this);
+    notString.link(this);
+    nonCell.link(this);
+    
+    linkSlowCase(iter); // vector length check
+    linkSlowCase(iter); // empty value
+    
+    JITStubCall stubCall(this, cti_op_get_by_val);
+    stubCall.addArgument(base, regT2);
+    stubCall.addArgument(property, regT2);
+    stubCall.call(dst);
 }
 

trunk/JavaScriptCore/jit/JITPropertyAccess32_64.cpp

@@ -270 +270 @@
 #endif
 
+PassRefPtr<NativeExecutable> JIT::stringGetByValStubGenerator(JSGlobalData* globalData, ExecutablePool* pool)
+{
+    JSInterfaceJIT jit;
+    JumpList failures;
+    failures.append(jit.branchPtr(NotEqual, Address(regT0), ImmPtr(globalData->jsStringVPtr)));
+    failures.append(jit.branchTest32(NonZero, Address(regT0, OBJECT_OFFSETOF(JSString, m_fiberCount))));
+    
+    // Load string length to regT1, and start the process of loading the data pointer into regT0
+    jit.load32(Address(regT0, ThunkHelpers::jsStringLengthOffset()), regT1);
+    jit.loadPtr(Address(regT0, ThunkHelpers::jsStringValueOffset()), regT0);
+    jit.loadPtr(Address(regT0, ThunkHelpers::stringImplDataOffset()), regT0);
+    
+    // Do an unsigned compare to simultaneously filter negative indices as well as indices that are too large
+    failures.append(jit.branch32(AboveOrEqual, regT2, regT1));
+    
+    // Load the character
+    jit.load16(BaseIndex(regT0, regT2, TimesTwo, 0), regT0);
+    
+    failures.append(jit.branch32(AboveOrEqual, regT0, Imm32(0x100)));
+    jit.move(ImmPtr(globalData->smallStrings.singleCharacterStrings()), regT1);
+    jit.loadPtr(BaseIndex(regT1, regT0, ScalePtr, 0), regT0);
+    jit.move(Imm32(JSValue::CellTag), regT1); // We null check regT0 on return so this is safe
+    jit.ret();
+
+    failures.link(&jit);
+    jit.move(Imm32(0), regT0);
+    jit.ret();
+    
+    LinkBuffer patchBuffer(&jit, pool);
+    return adoptRef(new NativeExecutable(patchBuffer.finalizeCode()));
+}
+
 void JIT::emit_op_get_by_val(Instruction* currentInstruction)
 {
@@ -301 +333 @@
     linkSlowCase(iter); // property int32 check
     linkSlowCaseIfNotJSCell(iter, base); // base cell check
+
+    Jump nonCell = jump();
     linkSlowCase(iter); // base array check
+    Jump notString = branchPtr(NotEqual, Address(regT0), ImmPtr(m_globalData->jsStringVPtr));
+    emitNakedCall(m_globalData->getThunk(stringGetByValStubGenerator)->generatedJITCode().addressForCall());
+    Jump failed = branchTestPtr(Zero, regT0);
+    emitStore(dst, regT1, regT0);
+    emitJumpSlowToHot(jump(), OPCODE_LENGTH(op_get_by_val));
+    failed.link(this);
+    notString.link(this);
+    nonCell.link(this);
+
     linkSlowCase(iter); // vector length check
     linkSlowCase(iter); // empty value

trunk/JavaScriptCore/jit/JSInterfaceJIT.h

@@ -170 +170 @@
         Jump emitJumpIfImmediateNumber(RegisterID reg);
         Jump emitJumpIfNotImmediateNumber(RegisterID reg);
+        void emitFastArithImmToInt(RegisterID reg);
 #endif
 
@@ -261 +262 @@
         return notNumber;
     }
-
+    
+    ALWAYS_INLINE void JSInterfaceJIT::emitFastArithImmToInt(RegisterID)
+    {
+    }
+    
 #endif
 
@@ -284 +289 @@
         return jump();
     }
+    
+    ALWAYS_INLINE void JSInterfaceJIT::emitFastArithImmToInt(RegisterID reg)
+    {
+        rshift32(Imm32(JSImmediate::IntegerPayloadShift), reg);
+    }
+    
 #endif