[webkit-changes] [WebKit/WebKit] 7d177e: [JSC] Make each IC as one big handler

Yusuke Suzuki noreply at github.com
Mon Oct 23 17:14:51 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 7d177e2ec1a6260e4272a03a4d2baf33dfd065ac
      https://github.com/WebKit/WebKit/commit/7d177e2ec1a6260e4272a03a4d2baf33dfd065ac
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-10-23 (Mon, 23 Oct 2023)

  Changed paths:
    M Source/JavaScriptCore/bytecode/AccessCase.cpp
    M Source/JavaScriptCore/bytecode/AccessCase.h
    M Source/JavaScriptCore/bytecode/CodeBlock.cpp
    M Source/JavaScriptCore/bytecode/InlineAccess.cpp
    M Source/JavaScriptCore/bytecode/InlineAccess.h
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h
    M Source/JavaScriptCore/bytecode/Repatch.cpp
    M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
    M Source/JavaScriptCore/bytecode/StructureStubInfo.h
    M Source/JavaScriptCore/dfg/DFGJITCode.cpp
    M Source/JavaScriptCore/dfg/DFGJITCode.h
    M Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
    M Source/JavaScriptCore/dfg/DFGJITCompiler.h
    M Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/jit/BaselineJITCode.cpp
    M Source/JavaScriptCore/jit/BaselineJITCode.h
    M Source/JavaScriptCore/jit/BaselineJITRegisters.h
    M Source/JavaScriptCore/jit/GPRInfo.h
    M Source/JavaScriptCore/jit/JIT.cpp
    M Source/JavaScriptCore/jit/JIT.h
    M Source/JavaScriptCore/jit/JITCall.cpp
    M Source/JavaScriptCore/jit/JITCode.h
    M Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp
    M Source/JavaScriptCore/jit/JITInlineCacheGenerator.h
    M Source/JavaScriptCore/jit/JITInlines.h
    M Source/JavaScriptCore/jit/JITOpcodes.cpp
    M Source/JavaScriptCore/jit/JITPropertyAccess.cpp
    M Source/JavaScriptCore/runtime/Options.cpp
    M Source/JavaScriptCore/runtime/OptionsList.h
    M Source/JavaScriptCore/runtime/VM.cpp
    M Source/WTF/WTF.xcodeproj/project.pbxproj
    A Source/WTF/wtf/ButterflyArray.h
    M Source/WTF/wtf/CMakeLists.txt

  Log Message:
  -----------
  [JSC] Make each IC as one big handler
https://bugs.webkit.org/show_bug.cgi?id=263414
rdar://117227541

Reviewed by Keith Miller.

This is a part of handler IC transition. In this patch, we make all IC as one big handler IC in each place.
So, each IC's launching code becomes the final form, which loads a handler and invoke it.
And now, each IC only has one handler which includes everything. The approach in handler IC will split this handler into chain of handlers,
and sharing these handlers across the IC sites.

Now, we need to have additional one level load for each IC, and we would like to alleviate the effect of this. To make it work well,
in this patch, we introduce ButterflyArray, and remove one level of load to get StructureStubInfo. Now StructureStubInfo is directly embedded
into JITData, and we can compute the pointer without load from that. This removes one load, and instead we introduce one load for handler.
So, while we are not getting the final handler IC benefit, we can keep perf neutral while we are continuously doing incremental work towards
handler IC.

* Source/JavaScriptCore/bytecode/AccessCase.cpp:
(JSC::SharedJITStubSet::getMegamorphic): Deleted.
(JSC::SharedJITStubSet::setMegamorphic): Deleted.
* Source/JavaScriptCore/bytecode/AccessCase.h:
(JSC::SharedJITStubSet::Hash::Key::Key): Deleted.
(JSC::SharedJITStubSet::Hash::Key::isHashTableDeletedValue const): Deleted.
(JSC::SharedJITStubSet::Hash::hash): Deleted.
(JSC::SharedJITStubSet::Hash::equal): Deleted.
(JSC::SharedJITStubSet::Searcher::Translator::hash): Deleted.
(JSC::SharedJITStubSet::Searcher::Translator::equal): Deleted.
(JSC::SharedJITStubSet::PointerTranslator::hash): Deleted.
(JSC::SharedJITStubSet::PointerTranslator::equal): Deleted.
(JSC::SharedJITStubSet::add): Deleted.
(JSC::SharedJITStubSet::remove): Deleted.
(JSC::SharedJITStubSet::find): Deleted.
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::setupWithUnlinkedBaselineCode):
(JSC::CodeBlock::forEachStructureStubInfo):
(JSC::CodeBlock::resetBaselineJITData):
* Source/JavaScriptCore/bytecode/InlineAccess.cpp:
(JSC::InlineAccess::resetStubAsJumpInAccess):
(JSC::InlineAccess::resetStubAsJumpInAccessNotUsingInlineAccess):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheHandler::InlineCacheHandler):
(JSC::m_watchpoints):
(JSC::InlineCacheHandler::createSlowPath):
(JSC::InlineCacheCompiler::generateSlowPathHandler):
(JSC::InlineCacheCompiler::regenerate):
(JSC::PolymorphicAccess::visitWeak const):
(JSC::InlineCacheHandler::aboutToDie):
(JSC::InlineCacheHandler::visitWeak const):
(JSC::PolymorphicAccess::PolymorphicAccess): Deleted.
(JSC::PolymorphicAccess::~PolymorphicAccess): Deleted.
(JSC::PolymorphicAccess::aboutToDie): Deleted.
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.h:
(JSC::AccessGenerationResult::handler const):
(JSC::AccessGenerationResult::AccessGenerationResult):
(JSC::AccessGenerationResult::operator== const): Deleted.
(JSC::AccessGenerationResult::operator bool const): Deleted.
(JSC::PolymorphicAccess::containsPC const): Deleted.
* Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::aboutToDie):
(JSC::StructureStubInfo::addAccessCase):
(JSC::StructureStubInfo::visitWeakReferences):
(JSC::StructureStubInfo::containsPC const):
(JSC::StructureStubInfo::initializeFromUnlinkedStructureStubInfo):
(JSC::StructureStubInfo::initializeFromDFGUnlinkedStructureStubInfo):
(JSC::SharedJITStubSet::getMegamorphic const):
(JSC::SharedJITStubSet::setMegamorphic):
(JSC::SharedJITStubSet::getSlowPathHandler const):
(JSC::SharedJITStubSet::setSlowPathHandler):
* Source/JavaScriptCore/bytecode/StructureStubInfo.h:
(JSC::StructureStubInfo::offsetOfHandler):
(JSC::SharedJITStubSet::Hash::Key::Key):
(JSC::SharedJITStubSet::Hash::Key::isHashTableDeletedValue const):
(JSC::SharedJITStubSet::Hash::hash):
(JSC::SharedJITStubSet::Hash::equal):
(JSC::SharedJITStubSet::Searcher::Translator::hash):
(JSC::SharedJITStubSet::Searcher::Translator::equal):
(JSC::SharedJITStubSet::PointerTranslator::hash):
(JSC::SharedJITStubSet::PointerTranslator::equal):
(JSC::SharedJITStubSet::add):
(JSC::SharedJITStubSet::remove):
(JSC::SharedJITStubSet::find):
* Source/JavaScriptCore/dfg/DFGJITCode.cpp:
(JSC::DFG::JITData::JITData):
(JSC::DFG::JITData::tryInitialize):
* Source/JavaScriptCore/dfg/DFGJITCode.h:
(JSC::DFG::JITData::tryCreate):
* Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::loadConstant):
(JSC::DFG::JITCompiler::loadStructureStubInfo):
(JSC::DFG::JITCompiler::addStructureStubInfo):
* Source/JavaScriptCore/dfg/DFGJITCompiler.h:
* Source/JavaScriptCore/dfg/DFGSlowPathGenerator.h:
(JSC::DFG::slowPathICCall):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileDeleteById):
(JSC::DFG::SpeculativeJIT::compileDeleteByVal):
(JSC::DFG::SpeculativeJIT::compileInById):
(JSC::DFG::SpeculativeJIT::compileInByVal):
(JSC::DFG::SpeculativeJIT::compileHasPrivate):
(JSC::DFG::SpeculativeJIT::compilePutByVal):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::cachedGetById):
(JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis):
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileGetByValWithThis):
(JSC::DFG::SpeculativeJIT::compileEnumeratorPutByVal):
* Source/JavaScriptCore/jit/BaselineJITCode.cpp:
(JSC::BaselineJITData::BaselineJITData):
* Source/JavaScriptCore/jit/BaselineJITCode.h:
* Source/JavaScriptCore/jit/BaselineJITRegisters.h:
* Source/JavaScriptCore/jit/JIT.cpp:
(JSC::JIT::addUnlinkedStructureStubInfo):
* Source/JavaScriptCore/jit/JIT.h:
* Source/JavaScriptCore/jit/JITCall.cpp:
(JSC::JIT::emit_op_iterator_open):
(JSC::JIT::emit_op_iterator_next):
* Source/JavaScriptCore/jit/JITCode.h:
(JSC::StructureStubInfoIndex::StructureStubInfoIndex):
* Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp:
(JSC::JITInlineCacheGenerator::generateDFGDataICFastPath):
(JSC::JITInlineCacheGenerator::generateBaselineDataICFastPath):
(JSC::generateGetByIdInlineAccessBaselineDataIC):
(JSC::generateGetByIdInlineAccessDFGDataIC):
(JSC::JITGetByIdGenerator::generateDFGDataICFastPath):
(JSC::JITGetByIdWithThisGenerator::generateDFGDataICFastPath):
(JSC::generatePutByIdInlineAccessBaselineDataIC):
(JSC::JITPutByIdGenerator::generateDFGDataICFastPath):
(JSC::generateInByIdInlineAccessBaselineDataIC):
(JSC::JITInByIdGenerator::generateDFGDataICFastPath):
(JSC::generateGetByIdInlineAccessDataIC): Deleted.
(JSC::generatePutByIdInlineAccessDataIC): Deleted.
(JSC::generateInByIdInlineAccessDataIC): Deleted.
* Source/JavaScriptCore/jit/JITInlineCacheGenerator.h:
* Source/JavaScriptCore/jit/JITInlines.h:
(JSC::JIT::loadConstant):
(JSC::JIT::loadStructureStubInfo):
* Source/JavaScriptCore/jit/JITOpcodes.cpp:
(JSC::JIT::emit_op_instanceof):
* Source/JavaScriptCore/jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_get_by_val):
(JSC::JIT::emit_op_get_private_name):
(JSC::JIT::emit_op_set_private_brand):
(JSC::JIT::emit_op_check_private_brand):
(JSC::JIT::emit_op_put_by_val):
(JSC::JIT::emit_op_put_private_name):
(JSC::JIT::emit_op_del_by_id):
(JSC::JIT::emit_op_del_by_val):
(JSC::JIT::emit_op_try_get_by_id):
(JSC::JIT::emit_op_get_by_id_direct):
(JSC::JIT::emit_op_get_by_id):
(JSC::JIT::emit_op_get_by_id_with_this):
(JSC::JIT::emit_op_put_by_id):
(JSC::JIT::emit_op_in_by_id):
(JSC::JIT::emit_op_in_by_val):
(JSC::JIT::emitHasPrivate):
(JSC::JIT::emit_op_get_by_val_with_this):
(JSC::JIT::emit_op_enumerator_get_by_val):
(JSC::JIT::emit_op_enumerator_put_by_val):
* Source/JavaScriptCore/runtime/VM.cpp:
* Source/WTF/WTF.xcodeproj/project.pbxproj:
* Source/WTF/wtf/ButterflyArray.h: Added.
(WTF::ButterflyArray::ButterflyArray):
(WTF::ButterflyArray::createImpl):
(WTF::ButterflyArray::allocationSize):
(WTF::ButterflyArray::offsetOfLeadingSize):
(WTF::ButterflyArray::offsetOfTrailingSize):
(WTF::ButterflyArray::offsetOfTrailingData):
(WTF::ButterflyArray::memoryOffsetForDerived):
(WTF::ButterflyArray::leadingSpan):
(WTF::ButterflyArray::leadingSpan const):
(WTF::ButterflyArray::trailingSpan):
(WTF::ButterflyArray::trailingSpan const):
(WTF::ButterflyArray::operator delete):
(WTF::ButterflyArray::~ButterflyArray):
(WTF::ButterflyArray::leadingData):
(WTF::ButterflyArray::leadingData const):
(WTF::ButterflyArray::trailingData):
(WTF::ButterflyArray::trailingData const):
* Source/WTF/wtf/CMakeLists.txt:

Canonical link: https://commits.webkit.org/269685@main

More information about the webkit-changes mailing list