[webkit-changes] [WebKit/WebKit] c428fc: Support loop OSR entry to and from BBQ baseline JIT

EWS noreply at github.com
Tue Feb 28 12:00:23 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c428fc6916fa86f12d0fa545d3577ce3e0438143
      https://github.com/WebKit/WebKit/commit/c428fc6916fa86f12d0fa545d3577ce3e0438143
  Author: David Degazio <d_degazio at apple.com>
  Date:   2023-02-28 (Tue, 28 Feb 2023)

  Changed paths:
    M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
    M Source/JavaScriptCore/wasm/WasmBBQJIT.h
    M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp
    M Source/JavaScriptCore/wasm/WasmCallee.h
    M Source/JavaScriptCore/wasm/WasmFormat.h
    M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.h
    M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
    M Source/JavaScriptCore/wasm/WasmTierUpCount.cpp
    M Source/JavaScriptCore/wasm/WasmTierUpCount.h

  Log Message:
  -----------
  Support loop OSR entry to and from BBQ baseline JIT
https://bugs.webkit.org/show_bug.cgi?id=252939
rdar://105909610

Reviewed by Yusuke Suzuki and Justin Michaud.

Adds support for loop OSR entry tier-up to the new BBQ baseline JIT.
This lets us tier up from single-pass BBQ compiled code into OMG, or
tier up from LLInt into the new BBQ compiler.

To facilitate tiering up into OMG, we now generate a stackmap for every
WASM loop, and perform a tier-up check at the loop start. When this
exceeds a certain threshold, we trigger an OMG tier up, largely reusing
the existing machinery.

For tiering up from LLInt, it's a bit more involved. The existing Air
backend generates unique entrypoints for every loop index, and the B3
backend generates unique compilations for every loop index. To avoid
using a lot of executable memory, BBQ now generates a single shared
loop entrypoint, which sets up the call frame and then calls into an
operation. This operation looks up the stack map and label for the target
loop index in the BBQ callee, sets up the BBQ locals and temps using a
probe, then returns the label address back to our function, where we can
indirectly jump to it.

* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
* Source/JavaScriptCore/wasm/WasmBBQJIT.h:
* Source/JavaScriptCore/wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::work):
(JSC::Wasm::BBQPlan::compileFunction):
(JSC::Wasm::BBQPlan::initializeCallees):
* Source/JavaScriptCore/wasm/WasmCallee.h:
* Source/JavaScriptCore/wasm/WasmFormat.h:
* Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h:
(JSC::Wasm::computeExceptionHandlerAndLoopEntrypointLocations):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::WASM_SLOW_PATH_DECL):
* Source/JavaScriptCore/wasm/WasmTierUpCount.cpp:
(JSC::Wasm::TierUpCount::osrEntryData):
* Source/JavaScriptCore/wasm/WasmTierUpCount.h:

Canonical link: https://commits.webkit.org/260955@main

More information about the webkit-changes mailing list