Ignore:
Timestamp:
Sep 19, 2011, 3:27:38 PM (14 years ago)
Author:
[email protected]
Message:

DFG speculation failures should act as additional value profiles
https://bugs.webkit.org/show_bug.cgi?id=68335

Reviewed by Oliver Hunt.

This adds slow-case counters to the old JIT. It also ensures that
negative zero in multiply is handled carefully. The old JIT
previously took slow path if the result of a multiply was zero,
which, without any changes, would cause the DFG to think that
every such multiply produced a double result.

This also fixes a bug in the old JIT's handling of decrements. It
would take the slow path if the result was zero, but not if it
underflowed.

By itself, this would be a 1% slow-down on V8 and Kraken. But then
I wrote optimizations in the DFG that take advantage of this new
information. It's no longer the case that every multiply needs to
do a check for negative zero; it only happens if the negative
zero is ignored.

This results in a 12% speed-up on v8-crypto, for a 1.4% geomean
speed-up in V8. It's mostly neutral on Kraken. I can see an
0.5% slow-down and it appears to be significant.

  • bytecode/CodeBlock.cpp:

(JSC::CodeBlock::resetRareCaseProfiles):
(JSC::CodeBlock::dumpValueProfiles):

  • bytecode/CodeBlock.h:
  • bytecode/ValueProfile.h:

(JSC::RareCaseProfile::RareCaseProfile):
(JSC::getRareCaseProfileBytecodeOffset):

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::toInt32):
(JSC::DFG::ByteCodeParser::makeSafe):
(JSC::DFG::ByteCodeParser::parseBlock):

  • dfg/DFGJITCodeGenerator.cpp:

(JSC::DFG::GPRTemporary::GPRTemporary):

  • dfg/DFGJITCodeGenerator.h:
  • dfg/DFGNode.h:
  • dfg/DFGPropagator.cpp:

(JSC::DFG::Propagator::propagateNode):
(JSC::DFG::Propagator::fixupNode):
(JSC::DFG::Propagator::clobbersWorld):
(JSC::DFG::Propagator::performNodeCSE):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):

  • jit/JIT.cpp:

(JSC::JIT::privateCompileSlowCases):

  • jit/JIT.h:

(JSC::JIT::linkDummySlowCase):

  • jit/JITArithmetic.cpp:

(JSC::JIT::emit_op_post_dec):
(JSC::JIT::emit_op_pre_dec):
(JSC::JIT::compileBinaryArithOp):
(JSC::JIT::emit_op_add):
(JSC::JIT::emitSlow_op_add):

  • jit/JITInlineMethods.h:

(JSC::JIT::addSlowCase):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/bytecode/ValueProfile.h

    r95134 r95484  
    360360    return valueProfile->m_bytecodeOffset;
    361361}
     362
     363// This is a mini value profile to catch pathologies. It is a counter that gets
     364// incremented when we take the slow path on any instruction.
     365struct RareCaseProfile {
     366    RareCaseProfile(int bytecodeOffset)
     367        : m_bytecodeOffset(bytecodeOffset)
     368        , m_counter(0)
     369    {
     370    }
     371   
     372    int m_bytecodeOffset;
     373    uint32_t m_counter;
     374};
     375
     376inline int getRareCaseProfileBytecodeOffset(RareCaseProfile* rareCaseProfile)
     377{
     378    return rareCaseProfile->m_bytecodeOffset;
     379}
    362380#endif
    363381
Note: See TracChangeset for help on using the changeset viewer.