[webkit-changes] [WebKit/WebKit] ef37e6: [JSC] Redesign DirectCall

Thu Feb 1 15:24:17 PST 2024

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: ef37e645ce878556343c35bf4c5ec721cd785a96
      https://github.com/WebKit/WebKit/commit/ef37e645ce878556343c35bf4c5ec721cd785a96
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-01 (Thu, 01 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/bytecode/CallLinkInfo.cpp
    M Source/JavaScriptCore/bytecode/CallLinkInfo.h
    M Source/JavaScriptCore/bytecode/CallLinkInfoBase.cpp
    M Source/JavaScriptCore/bytecode/CallLinkInfoBase.h
    M Source/JavaScriptCore/bytecode/CallLinkStatus.cpp
    M Source/JavaScriptCore/bytecode/CodeBlock.cpp
    M Source/JavaScriptCore/bytecode/CodeBlock.h
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/bytecode/Repatch.cpp
    M Source/JavaScriptCore/bytecode/Repatch.h
    M Source/JavaScriptCore/bytecode/RepatchInlines.h
    M Source/JavaScriptCore/dfg/DFGCommonData.h
    M Source/JavaScriptCore/dfg/DFGJITCode.h
    M Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
    M Source/JavaScriptCore/dfg/DFGJITCompiler.h
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/dfg/DFGOperations.h
    M Source/JavaScriptCore/dfg/DFGPlan.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp
    M Source/JavaScriptCore/jit/JITCall.cpp
    M Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
    M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
    M Source/JavaScriptCore/runtime/VM.h
    M Source/JavaScriptCore/wasm/js/WasmToJS.cpp

  Log Message:
  -----------
  [JSC] Redesign DirectCall
https://bugs.webkit.org/show_bug.cgi?id=268499
rdar://122042902

Reviewed by Justin Michaud.

This patch redesigns DirectCall. We decouple DirectCallLinkInfo from CallLinkInfo since they are very different mechanism now.
Right now, we continue using repatching DirectCalls since it seems that it is the fastest form from experiments. But instead,

1. For NativeExecutable, we attempt to inline call thunk into DFG / FTL directly and embed call targets / global objects if possible.
   We do not do it when debugger hook is injected (in this case, debugger hook injection once destroys all CodeBlock. So if we do not see this bool flag
   set when compiling, it is fine to continue).
2. For the other cases, we attempt to fill CodeBlock and CodePtr pair speculatively from compiler thread at link time to avoid repatching in the main thread.
   This can avoid repatching in most of cases. And then, in the main thread, we check whether this speculative values are the right ones, and if not, we repatch them.
   Otherwise, we will continue using them. We will chain DirectCallLinkInfo to CodeBlock in the main thread since this is main thread only operation.
3. We repatch to the newer CodeBlock / CodePtr when unlinkOrUpgradeImpl happens to DirectCall.

* Source/JavaScriptCore/bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::doneLocation):
(JSC::CallLinkInfo::setMonomorphicCallee):
(JSC::CallLinkInfo::clearCallee):
(JSC::CallLinkInfo::callee):
(JSC::CallLinkInfo::setLastSeenCallee):
(JSC::CallLinkInfo::lastSeenCallee const):
(JSC::CallLinkInfo::haveLastSeenCallee const):
(JSC::CallLinkInfo::visitWeak):
(JSC::CallLinkInfo::revertCallToStub):
(JSC::CallLinkInfo::reset):
(JSC::CallLinkInfo::setVirtualCall):
(JSC::DirectCallLinkInfo::reset):
(JSC::DirectCallLinkInfo::unlinkOrUpgradeImpl):
(JSC::DirectCallLinkInfo::visitWeak):
(JSC::CallLinkInfo::emitFastPathImpl):
(JSC::CallLinkInfo::emitDataICFastPath):
(JSC::CallLinkInfo::emitTailCallDataICFastPath):
(JSC::CallLinkInfo::setStub):
(JSC::CallLinkInfo::emitSlowPathImpl):
(JSC::CallLinkInfo::emitDataICSlowPath):
(JSC::CallLinkInfo::emitFastPath):
(JSC::CallLinkInfo::emitTailCallFastPath):
(JSC::CallLinkInfo::emitSlowPath):
(JSC::CallLinkInfo::emitTailCallSlowPath):
(JSC::OptimizingCallLinkInfo::emitFastPath):
(JSC::OptimizingCallLinkInfo::emitTailCallFastPath):
(JSC::OptimizingCallLinkInfo::emitSlowPath):
(JSC::OptimizingCallLinkInfo::emitTailCallSlowPath):
(JSC::OptimizingCallLinkInfo::initializeFromDFGUnlinkedCallLinkInfo):
(JSC::DirectCallLinkInfo::emitDirectFastPath):
(JSC::DirectCallLinkInfo::emitDirectTailCallFastPath):
(JSC::DirectCallLinkInfo::initialize):
(JSC::DirectCallLinkInfo::setCallTarget):
(JSC::DirectCallLinkInfo::setMaxArgumentCountIncludingThis):
(JSC::DirectCallLinkInfo::retrieveCallInfo):
(JSC::DirectCallLinkInfo::repatchSpeculatively):
(JSC::DirectCallLinkInfo::validateSpeculativeRepatchOnMainThread):
(JSC::CallLinkInfo::setCodeBlock): Deleted.
(JSC::CallLinkInfo::clearCodeBlock): Deleted.
(JSC::CallLinkInfo::codeBlock): Deleted.
(JSC::CallLinkInfo::clearLastSeenCallee): Deleted.
(JSC::CallLinkInfo::setExecutableDuringCompilation): Deleted.
(JSC::CallLinkInfo::executable): Deleted.
(JSC::OptimizingCallLinkInfo::slowPathStart): Deleted.
(JSC::OptimizingCallLinkInfo::fastPathStart): Deleted.
(JSC::OptimizingCallLinkInfo::emitDirectFastPath): Deleted.
(JSC::OptimizingCallLinkInfo::emitDirectTailCallFastPath): Deleted.
(JSC::OptimizingCallLinkInfo::initializeDirectCall): Deleted.
(JSC::OptimizingCallLinkInfo::setDirectCallTarget): Deleted.
(JSC::OptimizingCallLinkInfo::initializeDirectCallRepatch): Deleted.
(JSC::OptimizingCallLinkInfo::setDirectCallMaxArgumentCountIncludingThis): Deleted.
* Source/JavaScriptCore/bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::specializationKind const):
(JSC::CallLinkInfo::offsetOfCallee):
(JSC::CallLinkInfo::forEachDependentCell const):
(JSC::CallLinkInfo::callModeFor): Deleted.
(JSC::CallLinkInfo::isDirect): Deleted.
(JSC::CallLinkInfo::isDirect const): Deleted.
(JSC::CallLinkInfo::callLinkInfoGPR const): Deleted.
* Source/JavaScriptCore/bytecode/CallLinkInfoBase.cpp:
(JSC::CallLinkInfoBase::unlinkOrUpgrade):
* Source/JavaScriptCore/bytecode/CallLinkInfoBase.h:
(JSC::CallLinkInfoBase::callModeFor):
* Source/JavaScriptCore/bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::computeFromCallLinkInfo):
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finalizeJITInlineCaches):
(JSC::CodeBlock::addressForCallConcurrently const):
* Source/JavaScriptCore/bytecode/CodeBlock.h:
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateImpl):
(JSC::InlineCacheCompiler::emitProxyObjectAccess):
* Source/JavaScriptCore/bytecode/Repatch.cpp:
(JSC::linkDirectCall):
* Source/JavaScriptCore/bytecode/Repatch.h:
* Source/JavaScriptCore/bytecode/RepatchInlines.h:
(JSC::linkFor):
* Source/JavaScriptCore/dfg/DFGCommonData.h:
* Source/JavaScriptCore/dfg/DFGJITCode.h:
* Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::link):
(JSC::DFG::JITCompiler::addCallLinkInfo):
* Source/JavaScriptCore/dfg/DFGJITCompiler.h:
(JSC::DFG::JITCompiler::addJSDirectCall):
(JSC::DFG::JITCompiler::JSDirectCallRecord::JSDirectCallRecord):
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGPlan.cpp:
(JSC::DFG::Plan::reallyAdd):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp:
(Inspector::InspectorDebuggerAgent::addSymbolicBreakpoint):
* Source/JavaScriptCore/jit/JITCall.cpp:
(JSC::JIT::compileTailCall):
(JSC::JIT::compileOpCall):
* Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:
* Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:
* Source/JavaScriptCore/runtime/VM.h:
(JSC::VM::notifyDebuggerHookInjected):
(JSC::VM::isDebuggerHookInjected const):
* Source/JavaScriptCore/wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):

Canonical link: https://commits.webkit.org/273947@main