[webkit-changes] [WebKit/WebKit] 2295d3: [JSC] Redesign CallIC

Yusuke Suzuki noreply at github.com
Wed Jan 17 18:38:00 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 2295d3675ce69f08f1e68248188a5f71f2ed2da4
      https://github.com/WebKit/WebKit/commit/2295d3675ce69f08f1e68248188a5f71f2ed2da4
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-01-17 (Wed, 17 Jan 2024)

  Changed paths:
    A JSTests/stress/tail-call-stacks.js
    M LayoutTests/inspector/unit-tests/array-utilities-expected.txt
    M LayoutTests/inspector/unit-tests/set-utilities-expected.txt
    M LayoutTests/js/caller-property-expected.txt
    M LayoutTests/js/script-tests/caller-property.js
    M LayoutTests/svg/animations/svglength-element-removed-crash-expected.txt
    M LayoutTests/svg/animations/svglength-element-removed-crash.svg
    M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
    M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h
    M Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h
    M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h
    M Source/JavaScriptCore/bytecode/BytecodeList.rb
    M Source/JavaScriptCore/bytecode/CallLinkInfo.cpp
    M Source/JavaScriptCore/bytecode/CallLinkInfo.h
    M Source/JavaScriptCore/bytecode/CallLinkInfoBase.cpp
    M Source/JavaScriptCore/bytecode/CallLinkInfoBase.h
    M Source/JavaScriptCore/bytecode/CallLinkStatus.cpp
    M Source/JavaScriptCore/bytecode/CodeBlock.cpp
    M Source/JavaScriptCore/bytecode/CodeBlock.h
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/bytecode/Repatch.cpp
    M Source/JavaScriptCore/bytecode/Repatch.h
    M Source/JavaScriptCore/bytecode/RepatchInlines.h
    M Source/JavaScriptCore/dfg/DFGJITCode.cpp
    M Source/JavaScriptCore/dfg/DFGJITCode.h
    M Source/JavaScriptCore/dfg/DFGJITCompiler.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/ftl/FTLState.cpp
    M Source/JavaScriptCore/interpreter/CachedCall.h
    M Source/JavaScriptCore/interpreter/Interpreter.cpp
    M Source/JavaScriptCore/interpreter/Interpreter.h
    M Source/JavaScriptCore/jit/BaselineJITRegisters.h
    M Source/JavaScriptCore/jit/CCallHelpers.h
    M Source/JavaScriptCore/jit/JIT.h
    M Source/JavaScriptCore/jit/JITCall.cpp
    M Source/JavaScriptCore/jit/JITOperations.cpp
    M Source/JavaScriptCore/jit/JITOperations.h
    M Source/JavaScriptCore/jit/JITStubRoutine.cpp
    M Source/JavaScriptCore/jit/JITStubRoutine.h
    M Source/JavaScriptCore/jit/JITThunks.h
    M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp
    M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h
    M Source/JavaScriptCore/jit/ThunkGenerators.cpp
    M Source/JavaScriptCore/jit/ThunkGenerators.h
    M Source/JavaScriptCore/llint/LLIntData.cpp
    M Source/JavaScriptCore/llint/LLIntEntrypoint.cpp
    M Source/JavaScriptCore/llint/LLIntEntrypoint.h
    M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
    M Source/JavaScriptCore/llint/LLIntSlowPaths.h
    M Source/JavaScriptCore/llint/LLIntThunks.cpp
    M Source/JavaScriptCore/llint/LLIntThunks.h
    M Source/JavaScriptCore/llint/LowLevelInterpreter.asm
    M Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
    M Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
    M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
    M Source/JavaScriptCore/offlineasm/cloop.rb
    M Source/JavaScriptCore/runtime/AggregateError.cpp
    M Source/JavaScriptCore/runtime/ArityCheckMode.h
    M Source/JavaScriptCore/runtime/Error.cpp
    M Source/JavaScriptCore/runtime/Error.h
    M Source/JavaScriptCore/runtime/ErrorInstance.cpp
    M Source/JavaScriptCore/runtime/ErrorInstance.h
    M Source/JavaScriptCore/runtime/ExceptionHelpers.cpp
    M Source/JavaScriptCore/runtime/ExceptionHelpers.h
    M Source/JavaScriptCore/runtime/Gate.h
    M Source/JavaScriptCore/runtime/JSCConfig.h
    M Source/JavaScriptCore/runtime/NullSetterFunction.cpp
    M Source/JavaScriptCore/runtime/Options.cpp
    M Source/JavaScriptCore/runtime/ScriptExecutable.cpp
    M Source/JavaScriptCore/runtime/StackFrame.cpp
    M Source/JavaScriptCore/runtime/StackFrame.h
    M Source/JavaScriptCore/runtime/VM.cpp
    M Source/JavaScriptCore/runtime/VM.h
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyCompileError.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyLinkError.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp
    M Source/JavaScriptCore/wasm/js/JSWebAssemblyRuntimeError.cpp
    M Source/JavaScriptCore/wasm/js/WasmToJS.cpp

  Log Message:
  -----------
  [JSC] Redesign CallIC
https://bugs.webkit.org/show_bug.cgi?id=267353
rdar://120794646

Reviewed by Justin Michaud.

This patch redesigns our CallIC, both RepatchingIC and DataIC.

1. We remove awkward slow path for CallIC. All CallIC thunks (virtual, poly, defaultCall etc.) are the same calling convension and
   it should be possible to be launched from the normal call dispatching path. This significantly eliminates the code bloat in JIT
   since we no longer need to generate tail-call sequence twice, one for dispatch and one for slow path. Now, all thunks are called
   after tail-call setup is done. It also eliminates tail-call sequence from poly IC repatching thunk.
2. CallLinkInfo::unlinkOrUpgrade is introduced. Previously, we always just invalidate CallLinkInfo when a new code is installed, like
   tiering up. But for DataIC, we can just replace the current code with the newly introduced one. This keeps DataIC working without
   reinitialization.
3. Removal of slow path makes it possible to use simplified virtual call path. We created new virtual call thunk and use it.
4. We simplify CodeBlock::noticeIncomingCall. The existing logic does not work well with tail-call, and it makes code much more complicated,
   while it does not offer benefit in benchmarks.
5. We fix LayoutTests/svg/animations/svglength-element-removed-crash.svg. This test is completely wrong: it does not account conservative GC,
   so it is extremely flaky with the changes in JSC side.

* LayoutTests/inspector/unit-tests/array-utilities-expected.txt:
* LayoutTests/inspector/unit-tests/set-utilities-expected.txt:
* LayoutTests/js/caller-property-expected.txt:
* LayoutTests/js/script-tests/caller-property.js:
* Source/JavaScriptCore/assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::transfer32):
(JSC::MacroAssemblerARM64::transfer64):
(JSC::MacroAssemblerARM64::transferPtr):
* Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:
(JSC::MacroAssemblerARMv7::transfer32):
(JSC::MacroAssemblerARMv7::transferPtr):
* Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h:
(JSC::MacroAssemblerRISCV64::transfer32):
(JSC::MacroAssemblerRISCV64::transfer64):
(JSC::MacroAssemblerRISCV64::transferPtr):
* Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::transfer32):
(JSC::MacroAssemblerX86_64::transfer64):
(JSC::MacroAssemblerX86_64::transferPtr):
* Source/JavaScriptCore/bytecode/BytecodeList.rb:
* Source/JavaScriptCore/bytecode/CallLinkInfo.cpp:
(JSC::CallLinkInfo::unlinkOrUpgradeImpl):
(JSC::CallLinkInfo::setMonomorphicCallee):
(JSC::CallLinkInfo::visitWeak):
(JSC::CallLinkInfo::revertCallToStub):
(JSC::BaselineCallLinkInfo::initialize):
(JSC::CallLinkInfo::retrieveCaller):
(JSC::OptimizingCallLinkInfo::setSlowPathCallDestination):
(JSC::CallLinkInfo::emitFastPathImpl):
(JSC::CallLinkInfo::emitDataICFastPath):
(JSC::CallLinkInfo::emitTailCallDataICFastPath):
(JSC::CallLinkInfo::setStub):
(JSC::CallLinkInfo::setVirtualCall):
(JSC::CallLinkInfo::revertCall):
(JSC::CallLinkInfo::emitSlowPathImpl):
(JSC::CallLinkInfo::emitDataICSlowPath):
(JSC::CallLinkInfo::emitFastPath):
(JSC::CallLinkInfo::emitTailCallFastPath):
(JSC::CallLinkInfo::emitSlowPath):
(JSC::CallLinkInfo::emitTailCallSlowPath):
(JSC::OptimizingCallLinkInfo::emitFastPath):
(JSC::OptimizingCallLinkInfo::emitTailCallFastPath):
(JSC::OptimizingCallLinkInfo::emitSlowPath):
(JSC::OptimizingCallLinkInfo::emitTailCallSlowPath):
(JSC::OptimizingCallLinkInfo::setDirectCallTarget):
(JSC::OptimizingCallLinkInfo::initializeFromDFGUnlinkedCallLinkInfo):
(JSC::CallLinkInfo::unlinkImpl): Deleted.
(JSC::CallLinkInfo::setSlowPathCallDestination): Deleted.
(JSC::OptimizingCallLinkInfo::setFrameShuffleData): Deleted.
* Source/JavaScriptCore/bytecode/CallLinkInfo.h:
(JSC::CallLinkInfo::isLinked const):
(JSC::CallLinkInfo::mode const):
(JSC::CallLinkInfo::owner const):
(JSC::CallLinkInfo::CallLinkInfo):
(JSC::BaselineUnlinkedCallLinkInfo::setUpCall):
(JSC::CallLinkInfo::offsetOfSlowPathCallDestination): Deleted.
(JSC::BaselineUnlinkedCallLinkInfo::setFrameShuffleData): Deleted.
(JSC::CallLinkInfo::calleeGPR const): Deleted.
* Source/JavaScriptCore/bytecode/CallLinkInfoBase.cpp:
(JSC::CallLinkInfoBase::unlinkOrUpgrade):
(JSC::CallLinkInfoBase::unlink): Deleted.
* Source/JavaScriptCore/bytecode/CallLinkInfoBase.h:
* Source/JavaScriptCore/bytecode/CallLinkStatus.cpp:
(JSC::CallLinkStatus::computeFromCallLinkInfo):
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::linkIncomingCall):
(JSC::CodeBlock::unlinkOrUpgradeIncomingCalls):
(JSC::CodeBlock::noticeIncomingCall):
(JSC::CodeBlock::unlinkIncomingCalls): Deleted.
* Source/JavaScriptCore/bytecode/CodeBlock.h:
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateImpl):
(JSC::InlineCacheCompiler::emitProxyObjectAccess):
* Source/JavaScriptCore/bytecode/Repatch.cpp:
(JSC::linkSlowFor):
(JSC::linkMonomorphicCall):
(JSC::linkDirectCall):
(JSC::linkVirtualFor):
(JSC::linkPolymorphicCall):
(JSC::linkSlowPathTo): Deleted.
(JSC::revertCall): Deleted.
(JSC::unlinkCall): Deleted.
* Source/JavaScriptCore/bytecode/Repatch.h:
* Source/JavaScriptCore/bytecode/RepatchInlines.h:
(JSC::throwNotAFunctionErrorFromCallIC):
(JSC::throwNotAConstructorErrorFromCallIC):
(JSC::handleHostCall):
(JSC::linkFor):
(JSC::virtualForWithFunction):
* Source/JavaScriptCore/dfg/DFGJITCode.cpp:
(JSC::DFG::JITData::tryInitialize):
* Source/JavaScriptCore/dfg/DFGJITCode.h:
(JSC::DFG::UnlinkedCallLinkInfo::setUpCall):
(JSC::DFG::UnlinkedCallLinkInfo::setFrameShuffleData): Deleted.
* Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::addCallLinkInfo):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::emitCall):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/ftl/FTLState.cpp:
(JSC::FTL::State::addCallLinkInfo):
* Source/JavaScriptCore/interpreter/CachedCall.h:
(JSC::CachedCall::unlinkOrUpgradeImpl):
(JSC::CachedCall::unlinkImpl): Deleted.
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
(JSC::Interpreter::prepareForCachedCall):
* Source/JavaScriptCore/jit/BaselineJITRegisters.h:
* Source/JavaScriptCore/jit/CCallHelpers.h:
* Source/JavaScriptCore/jit/JIT.h:
* Source/JavaScriptCore/jit/JITCall.cpp:
(JSC::JIT::compileSetupFrame):
(JSC::JIT::compileTailCall):
(JSC::JIT::compileOpCall):
(JSC::JIT::compileOpCallSlowCase):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/jit/JITOperations.h:
* Source/JavaScriptCore/jit/JITStubRoutine.cpp:
(JSC::JITStubRoutine::operator delete):
* Source/JavaScriptCore/jit/JITStubRoutine.h:
(JSC::JITStubRoutine::destroy):
* Source/JavaScriptCore/jit/JITThunks.h:
* Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp:
(JSC::PolymorphicCallNode::unlinkOrUpgradeImpl):
(JSC::PolymorphicCallNode::clear):
(JSC::PolymorphicCallNode::owner):
(JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
(JSC::PolymorphicCallStubRoutine::upgradeIfPossible):
(JSC::PolymorphicCallStubRoutine::variants const):
(JSC::PolymorphicCallStubRoutine::edges const):
(JSC::PolymorphicCallStubRoutine::clearCallNodesFor):
(JSC::PolymorphicCallStubRoutine::markRequiredObjectsInternalImpl):
(JSC::PolymorphicCallStubRoutine::destroy):
(JSC::PolymorphicCallNode::unlinkImpl): Deleted.
(JSC::PolymorphicCallNode::clearCallLinkInfo): Deleted.
* Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h:
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::virtualThunkFor):
(JSC::polymorphicThunkFor):
(JSC::polymorphicRepatchThunk):
(JSC::slowPathFor): Deleted.
(JSC::linkCallThunkGenerator): Deleted.
(JSC::linkPolymorphicCallThunkGenerator): Deleted.
* Source/JavaScriptCore/jit/ThunkGenerators.h:
* Source/JavaScriptCore/llint/LLIntData.cpp:
(JSC::LLInt::initialize):
* Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
(JSC::LLInt::llint_default_call):
(JSC::LLInt::llint_virtual_call):
(JSC::LLInt::llint_link_call): Deleted.
* Source/JavaScriptCore/llint/LLIntSlowPaths.h:
* Source/JavaScriptCore/llint/LLIntThunks.cpp:
(JSC::LLInt::defaultCallThunk):
* Source/JavaScriptCore/llint/LLIntThunks.h:
* Source/JavaScriptCore/llint/LowLevelInterpreter.asm:
* Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm:
* Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:
* Source/JavaScriptCore/runtime/ArityCheckMode.h:
* Source/JavaScriptCore/runtime/Error.cpp:
(JSC::getBytecodeIndex):
* Source/JavaScriptCore/runtime/ErrorInstance.cpp:
(JSC::appendSourceToErrorMessage):
(JSC::ErrorInstance::finishCreation):
* Source/JavaScriptCore/runtime/ErrorInstance.h:
* Source/JavaScriptCore/runtime/ExceptionHelpers.cpp:
(JSC::notAFunctionSourceAppender):
(JSC::constructErrorMessage):
(JSC::createError):
* Source/JavaScriptCore/runtime/ExceptionHelpers.h:
* Source/JavaScriptCore/runtime/Gate.h:
* Source/JavaScriptCore/runtime/JSCConfig.h:
* Source/JavaScriptCore/runtime/ScriptExecutable.cpp:
(JSC::ScriptExecutable::installCode):
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::VM::getCTILinkCall): Deleted.
* Source/JavaScriptCore/runtime/VM.h:
* Source/JavaScriptCore/wasm/js/JSWebAssemblyModule.cpp:
(JSC::JSWebAssemblyModule::clearJSCallICs):
* Source/JavaScriptCore/wasm/js/WasmToJS.cpp:
(JSC::Wasm::wasmToJS):

Canonical link: https://commits.webkit.org/273159@main

More information about the webkit-changes mailing list