[webkit-changes] [WebKit/WebKit] 773f16: [JSC] Save more code size by aligning wasm operati...

Yusuke Suzuki noreply at github.com
Wed Jan 11 21:38:23 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 773f16e4b6254ca5f7ad09e410000f6e10ccc6d6
      https://github.com/WebKit/WebKit/commit/773f16e4b6254ca5f7ad09e410000f6e10ccc6d6
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-01-11 (Wed, 11 Jan 2023)

  Changed paths:
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    M Source/JavaScriptCore/interpreter/CallFrame.h
    M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.h
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp
    M Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h
    M Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp
    M Source/JavaScriptCore/wasm/WasmBinding.cpp
    M Source/JavaScriptCore/wasm/WasmIRGeneratorHelpers.h
    M Source/JavaScriptCore/wasm/WasmInstance.h
    M Source/JavaScriptCore/wasm/WasmOperations.cpp
    M Source/JavaScriptCore/wasm/WasmOperations.h
    A Source/JavaScriptCore/wasm/WasmOperationsInlines.h
    M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
    M Source/JavaScriptCore/wasm/WasmThunks.cpp
    M Source/JavaScriptCore/wasm/js/JSToWasm.cpp
    M Source/JavaScriptCore/wasm/js/WasmToJS.cpp

  Log Message:
  -----------
  [JSC] Save more code size by aligning wasm operations to JS's convention
https://bugs.webkit.org/show_bug.cgi?id=250455
rdar://problem/104121534

Reviewed by Saam Barati.

This patch fixes bunch of problems in wasm operations so that we can save code size, and we can make implementation clean by removing many FIXMEs.

1. We get CallFrame* via __builtin_frame_address(1) as the same way to JS's operation. This reduces code size in JIT code.
   Each wasm operation call now calls prepareWasmCallOperation, which set up frame pointer in Instance* if __builtin_frame_address(1) is not available.
   If __builtin_frame_address(1) is available, this is nop. Wasm operation retrieves CallFrame* from __builtin_frame_address(1) or passed Instance*.
2. We must not call Wasm operations from C++ world. This is because (1) strongly assumes that Wasm operations are called from JIT code. This patch
   extracts code to WasmOperationsInlines.h so that we no longer call Wasm operations from C++ world. This was met in JS operations before. Now wasm
   operations meet this too.
3. We appropriately pass Instance*. And we remove `CallFrame::deprecatedVM()` use in wasm operations completely. This is well aligned to how JS operations
   work: JS operations take JSGlobalObject* as its realm. Now wasm operations take Instance*.

* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/interpreter/CallFrame.h:
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::prepareWasmCallOperation):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
* Source/JavaScriptCore/wasm/WasmAirIRGenerator32_64.cpp:
(JSC::Wasm::AirIRGenerator32::emitCatchImpl):
* Source/JavaScriptCore/wasm/WasmAirIRGenerator64.cpp:
(JSC::Wasm::AirIRGenerator64::emitCatchImpl):
* Source/JavaScriptCore/wasm/WasmAirIRGeneratorBase.h:
(JSC::Wasm::AirIRGeneratorBase::emitCCall):
(JSC::Wasm::ExpressionType>::addGrowMemory):
* Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp:
(JSC::Wasm::B3IRGenerator::emitPrepareWasmOperation):
(JSC::Wasm::B3IRGenerator::addTableGet):
(JSC::Wasm::B3IRGenerator::addTableSet):
(JSC::Wasm::B3IRGenerator::addRefFunc):
(JSC::Wasm::B3IRGenerator::addTableInit):
(JSC::Wasm::B3IRGenerator::addElemDrop):
(JSC::Wasm::B3IRGenerator::addTableSize):
(JSC::Wasm::B3IRGenerator::addTableGrow):
(JSC::Wasm::B3IRGenerator::addTableFill):
(JSC::Wasm::B3IRGenerator::addTableCopy):
(JSC::Wasm::B3IRGenerator::addGrowMemory):
(JSC::Wasm::B3IRGenerator::addMemoryFill):
(JSC::Wasm::B3IRGenerator::addMemoryInit):
(JSC::Wasm::B3IRGenerator::addMemoryCopy):
(JSC::Wasm::B3IRGenerator::addDataDrop):
(JSC::Wasm::B3IRGenerator::setGlobal):
(JSC::Wasm::B3IRGenerator::emitWriteBarrier):
(JSC::Wasm::B3IRGenerator::atomicWait):
(JSC::Wasm::B3IRGenerator::atomicNotify):
(JSC::Wasm::B3IRGenerator::pushArrayNew):
(JSC::Wasm::B3IRGenerator::addArrayGet):
(JSC::Wasm::B3IRGenerator::addArraySet):
(JSC::Wasm::B3IRGenerator::addStructNew):
(JSC::Wasm::B3IRGenerator::addStructNewDefault):
(JSC::Wasm::B3IRGenerator::emitCatchImpl):
(JSC::Wasm::B3IRGenerator::addI32Popcnt):
(JSC::Wasm::B3IRGenerator::addI64Popcnt):
* Source/JavaScriptCore/wasm/WasmBinding.cpp:
(JSC::Wasm::wasmToWasm):
* Source/JavaScriptCore/wasm/WasmInstance.h:
(JSC::Wasm::Instance::offsetOfTemporaryCallFrame):
(JSC::Wasm::Instance::temporaryCallFrame const):
(JSC::Wasm::Instance::setTemporaryCallFrame):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_JIT_OPERATION):
(JSC::Wasm::WasmOperationsInternal::retrieveAndClearExceptionIfCatchableImpl):
(JSC::Wasm::setWasmTableElement): Deleted.
(JSC::Wasm::wait): Deleted.
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmOperationsInlines.h: Added.
(JSC::Wasm::refFunc):
(JSC::Wasm::arrayNew):
(JSC::Wasm::arrayGet):
(JSC::Wasm::arraySet):
(JSC::Wasm::structNew):
(JSC::Wasm::structGet):
(JSC::Wasm::structSet):
(JSC::Wasm::tableGet):
(JSC::Wasm::tableSet):
(JSC::Wasm::tableInit):
(JSC::Wasm::tableFill):
(JSC::Wasm::tableGrow):
(JSC::Wasm::tableCopy):
(JSC::Wasm::tableSize):
(JSC::Wasm::growMemory):
(JSC::Wasm::memoryInit):
(JSC::Wasm::memoryFill):
(JSC::Wasm::memoryCopy):
(JSC::Wasm::dataDrop):
(JSC::Wasm::elemDrop):
(JSC::Wasm::waitImpl):
(JSC::Wasm::memoryAtomicWait32):
(JSC::Wasm::memoryAtomicWait64):
(JSC::Wasm::memoryAtomicNotify):
(JSC::Wasm::throwWasmToJSException):
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::WASM_SLOW_PATH_DECL):
(JSC::LLInt::slow_path_wasm_throw_exception):
* Source/JavaScriptCore/wasm/WasmThunks.cpp:
(JSC::Wasm::throwExceptionFromWasmThunkGenerator):
* Source/JavaScriptCore/wasm/js/JSToWasm.cpp:
(JSC::Wasm::marshallJSResult):
* Source/JavaScriptCore/wasm/js/WasmToJS.cpp:
(JSC::Wasm::materializeImportJSCell):
(JSC::Wasm::handleBadImportTypeUse):
(JSC::Wasm::wasmToJS):
(JSC::Wasm::emitThrowWasmToJSException):

Canonical link: https://commits.webkit.org/258820@main

More information about the webkit-changes mailing list