[webkit-changes] [WebKit/WebKit] c29ba6: [JSC] PutByOffset and PutClosureVar should interac...

Yusuke Suzuki noreply at github.com
Tue Sep 17 11:12:43 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c29ba63981cc26c709ef1fa8b65770f5d6a0fd0b
      https://github.com/WebKit/WebKit/commit/c29ba63981cc26c709ef1fa8b65770f5d6a0fd0b
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-09-17 (Tue, 17 Sep 2024)

  Changed paths:
    M Source/JavaScriptCore/assembler/ARM64Assembler.h
    M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
    M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h
    M Source/JavaScriptCore/dfg/DFGClobberize.h
    M Source/JavaScriptCore/dfg/DFGHeapLocation.cpp
    M Source/JavaScriptCore/dfg/DFGHeapLocation.h
    M Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp
    M Source/JavaScriptCore/dfg/DFGValueRepReductionPhase.cpp
    M Source/JavaScriptCore/ftl/FTLCommonValues.cpp
    M Source/JavaScriptCore/ftl/FTLCommonValues.h
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/runtime/JSCJSValue.h
    M Source/JavaScriptCore/runtime/PureNaN.h

  Log Message:
  -----------
  [JSC] PutByOffset and PutClosureVar should interact with DoubleRep directly
https://bugs.webkit.org/show_bug.cgi?id=279809
rdar://136126295

Reviewed by Yijia Huang.

When storing DoubleRep to property fields, we need to box them and store them.
On ARM64, we first convert it from FPRReg to GPRReg and do box operation on
the top of that. However this fmov is very costly operation.

Fortunately, on ARM64, we can add / sub integer values on FPRReg (this
is separate from addDouble) so we can box DoubleRep into JSValue format
in FPRReg. And if we can use storeDouble, then we do not need to use
fmov.

This patch extends DFG ValueRepReductionPhase on ARM64, and figuring out
this possibility. And when we found PutByOffset(..., @0) pattern with
appropriate value flows, we convert it to PutByOffset(..., DoubleRep:@0)
and do the above optimization.

We do these optimization as a part of ValueRepReductionPhase so that we
do not need to consider about Object Allocation Sinking's Double
handling (since Object Allocation Sinking is already done).

* Source/JavaScriptCore/assembler/ARM64Assembler.h:
(JSC::ARM64Assembler::add):
(JSC::ARM64Assembler::adr): Deleted.
(JSC::ARM64Assembler::adrp): Deleted.
(JSC::ARM64Assembler::and_): Deleted.
(JSC::ARM64Assembler::asr): Deleted.
(JSC::ARM64Assembler::asrv): Deleted.
(JSC::ARM64Assembler::b): Deleted.
(JSC::ARM64Assembler::b_cond): Deleted.
(JSC::ARM64Assembler::bfc): Deleted.
(JSC::ARM64Assembler::bfi): Deleted.
(JSC::ARM64Assembler::bfm): Deleted.
(JSC::ARM64Assembler::bfxil): Deleted.
(JSC::ARM64Assembler::bic): Deleted.
(JSC::ARM64Assembler::bl): Deleted.
(JSC::ARM64Assembler::blr): Deleted.
(JSC::ARM64Assembler::br): Deleted.
(JSC::ARM64Assembler::brk): Deleted.
(JSC::ARM64Assembler::isBrk): Deleted.
(JSC::ARM64Assembler::cbnz): Deleted.
(JSC::ARM64Assembler::cbz): Deleted.
(JSC::ARM64Assembler::ccmn): Deleted.
(JSC::ARM64Assembler::ccmp): Deleted.
(JSC::ARM64Assembler::cinc): Deleted.
(JSC::ARM64Assembler::cinv): Deleted.
(JSC::ARM64Assembler::cls): Deleted.
(JSC::ARM64Assembler::clz): Deleted.
(JSC::ARM64Assembler::cmn): Deleted.
(JSC::ARM64Assembler::cmp): Deleted.
(JSC::ARM64Assembler::cneg): Deleted.
(JSC::ARM64Assembler::csel): Deleted.
(JSC::ARM64Assembler::cset): Deleted.
(JSC::ARM64Assembler::csetm): Deleted.
(JSC::ARM64Assembler::csinc): Deleted.
(JSC::ARM64Assembler::csinv): Deleted.
(JSC::ARM64Assembler::csneg): Deleted.
(JSC::ARM64Assembler::eon): Deleted.
(JSC::ARM64Assembler::eor): Deleted.
(JSC::ARM64Assembler::extr): Deleted.
(JSC::ARM64Assembler::hint): Deleted.
(JSC::ARM64Assembler::hlt): Deleted.
(JSC::ARM64Assembler::illegalInstruction): Deleted.
(JSC::ARM64Assembler::isValidLDPImm): Deleted.
(JSC::ARM64Assembler::isValidLDPFPImm): Deleted.
(JSC::ARM64Assembler::ldp): Deleted.
(JSC::ARM64Assembler::ldnp): Deleted.
(JSC::ARM64Assembler::ldr): Deleted.
(JSC::ARM64Assembler::ldr_literal): Deleted.
(JSC::ARM64Assembler::ldrb): Deleted.
(JSC::ARM64Assembler::ldrh): Deleted.
(JSC::ARM64Assembler::ldrsb): Deleted.
(JSC::ARM64Assembler::ldrsh): Deleted.
(JSC::ARM64Assembler::ldrsw): Deleted.
(JSC::ARM64Assembler::ldrsw_literal): Deleted.
(JSC::ARM64Assembler::ldur): Deleted.
(JSC::ARM64Assembler::ldurb): Deleted.
(JSC::ARM64Assembler::ldurh): Deleted.
(JSC::ARM64Assembler::ldursb): Deleted.
(JSC::ARM64Assembler::ldursh): Deleted.
(JSC::ARM64Assembler::ldursw): Deleted.
(JSC::ARM64Assembler::lsl): Deleted.
(JSC::ARM64Assembler::lslv): Deleted.
(JSC::ARM64Assembler::lsr): Deleted.
(JSC::ARM64Assembler::lsrv): Deleted.
(JSC::ARM64Assembler::madd): Deleted.
(JSC::ARM64Assembler::mneg): Deleted.
(JSC::ARM64Assembler::simdQBit): Deleted.
(JSC::ARM64Assembler::encodeLaneAndIndex): Deleted.
(JSC::ARM64Assembler::ins): Deleted.
(JSC::ARM64Assembler::umov): Deleted.
(JSC::ARM64Assembler::smov): Deleted.
(JSC::ARM64Assembler::dupElement): Deleted.
(JSC::ARM64Assembler::dupGeneral): Deleted.
(JSC::ARM64Assembler::fcmeq): Deleted.
(JSC::ARM64Assembler::fcmgt): Deleted.
(JSC::ARM64Assembler::fcmge): Deleted.
(JSC::ARM64Assembler::vectorNot): Deleted.
(JSC::ARM64Assembler::sizeForIntegralSIMDOp): Deleted.
(JSC::ARM64Assembler::sizeForFloatingPointSIMDOp): Deleted.
(JSC::ARM64Assembler::cmeq): Deleted.
(JSC::ARM64Assembler::cmeqz): Deleted.
* Source/JavaScriptCore/assembler/MacroAssemblerARM64.h:
(JSC::MacroAssemblerARM64::loadVector):
(JSC::MacroAssemblerARM64::add64):
(JSC::MacroAssemblerARM64::sub64):
* Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h:
(JSC::MacroAssemblerX86_64::add64):
(JSC::MacroAssemblerX86_64::sub64):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGHeapLocation.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/dfg/DFGHeapLocation.h:
* Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp:
* Source/JavaScriptCore/dfg/DFGValueRepReductionPhase.cpp:
(JSC::DFG::ValueRepReductionPhase::convertValueRepsToDouble):
* Source/JavaScriptCore/ftl/FTLCommonValues.cpp:
(JSC::FTL::CommonValues::initializeConstants):
* Source/JavaScriptCore/ftl/FTLCommonValues.h:
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::boxDoubleAsDouble):
(JSC::FTL::DFG::LowerDFGToB3::unboxDoubleAsDouble):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compileMultiPutByOffset):
(JSC::FTL::DFG::LowerDFGToB3::compilePutGlobalVariable):
(JSC::FTL::DFG::LowerDFGToB3::compilePutClosureVar):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/runtime/JSCJSValue.h:
* Source/JavaScriptCore/runtime/PureNaN.h:

Canonical link: https://commits.webkit.org/283786@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list