<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[37570] trunk/JavaScriptCore</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/37570">37570</a></dd>
<dt>Author</dt> <dd>cwzwarich@webkit.org</dd>
<dt>Date</dt> <dd>2008-10-13 17:20:49 -0700 (Mon, 13 Oct 2008)</dd>
</dl>

<h3>Log Message</h3>
<pre>2008-10-13  Cameron Zwarich  &lt;zwarich@apple.com&gt;

        Reviewed by Geoff Garen.

        Bug 21541: Move RegisterFile growth check to callee
        &lt;https://bugs.webkit.org/show_bug.cgi?id=21541&gt;

        Move the RegisterFile growth check to the callee in the common case,
        where some of the information is known statically at JIT time. There is
        still a check in the caller in the case where the caller provides too
        few arguments.

        This is a 2.1% speedup on the V8 benchmark, including a 5.1% speedup on
        the Richards benchmark, a 4.1% speedup on the DeltaBlue benchmark, and a
        1.4% speedup on the Earley-Boyer benchmark. It is also a 0.5% speedup on
        SunSpider.

        * VM/CTI.cpp:
        (JSC::CTI::privateCompile):
        * VM/Machine.cpp:
        (JSC::Machine::cti_register_file_check):
        (JSC::Machine::cti_op_call_JSFunction):
        (JSC::Machine::cti_op_construct_JSConstruct):
        * VM/Machine.h:
        * VM/RegisterFile.h:
        * masm/X86Assembler.h:
        (JSC::X86Assembler::):
        (JSC::X86Assembler::cmpl_mr):
        (JSC::X86Assembler::emitUnlinkedJg):</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkJavaScriptCoreChangeLog">trunk/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkJavaScriptCoreVMCTIcpp">trunk/JavaScriptCore/VM/CTI.cpp</a></li>
<li><a href="#trunkJavaScriptCoreVMMachinecpp">trunk/JavaScriptCore/VM/Machine.cpp</a></li>
<li><a href="#trunkJavaScriptCoreVMMachineh">trunk/JavaScriptCore/VM/Machine.h</a></li>
<li><a href="#trunkJavaScriptCoreVMRegisterFileh">trunk/JavaScriptCore/VM/RegisterFile.h</a></li>
<li><a href="#trunkJavaScriptCoremasmX86Assemblerh">trunk/JavaScriptCore/masm/X86Assembler.h</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/JavaScriptCore/ChangeLog (37569 => 37570)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JavaScriptCore/ChangeLog        2008-10-13 23:39:43 UTC (rev 37569)
+++ trunk/JavaScriptCore/ChangeLog        2008-10-14 00:20:49 UTC (rev 37570)
</span><span class="lines">@@ -1,3 +1,33 @@
</span><ins>+2008-10-13  Cameron Zwarich  &lt;zwarich@apple.com&gt;
+
+        Reviewed by Geoff Garen.
+
+        Bug 21541: Move RegisterFile growth check to callee
+        &lt;https://bugs.webkit.org/show_bug.cgi?id=21541&gt;
+
+        Move the RegisterFile growth check to the callee in the common case,
+        where some of the information is known statically at JIT time. There is
+        still a check in the caller in the case where the caller provides too
+        few arguments.
+
+        This is a 2.1% speedup on the V8 benchmark, including a 5.1% speedup on
+        the Richards benchmark, a 4.1% speedup on the DeltaBlue benchmark, and a
+        1.4% speedup on the Earley-Boyer benchmark. It is also a 0.5% speedup on
+        SunSpider.
+
+        * VM/CTI.cpp:
+        (JSC::CTI::privateCompile):
+        * VM/Machine.cpp:
+        (JSC::Machine::cti_register_file_check):
+        (JSC::Machine::cti_op_call_JSFunction):
+        (JSC::Machine::cti_op_construct_JSConstruct):
+        * VM/Machine.h:
+        * VM/RegisterFile.h:
+        * masm/X86Assembler.h:
+        (JSC::X86Assembler::):
+        (JSC::X86Assembler::cmpl_mr):
+        (JSC::X86Assembler::emitUnlinkedJg):
+
</ins><span class="cx"> 2008-10-13  Sam Weinig  &lt;sam@webkit.org&gt;
</span><span class="cx"> 
</span><span class="cx">         Reviewed by Dan Bernstein.
</span></span></pre></div>
<a id="trunkJavaScriptCoreVMCTIcpp"></a>
<div class="modfile"><h4>Modified: trunk/JavaScriptCore/VM/CTI.cpp (37569 => 37570)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JavaScriptCore/VM/CTI.cpp        2008-10-13 23:39:43 UTC (rev 37569)
+++ trunk/JavaScriptCore/VM/CTI.cpp        2008-10-14 00:20:49 UTC (rev 37570)
</span><span class="lines">@@ -2615,10 +2615,27 @@
</span><span class="cx">     m_jit.popl_r(X86::ecx);
</span><span class="cx">     emitPutToCallFrameHeader(X86::ecx, RegisterFile::ReturnPC);
</span><span class="cx"> 
</span><ins>+    X86Assembler::JmpSrc slowRegisterFileCheck;
+    X86Assembler::JmpDst afterRegisterFileCheck;
+    if (m_codeBlock-&gt;codeType == FunctionCode) {
+        emitGetCTIParam(CTI_ARGS_registerFile, X86::eax);
+        m_jit.leal_mr(m_codeBlock-&gt;numCalleeRegisters * sizeof(Register), X86::edi, X86::edx);
+        m_jit.cmpl_mr(OBJECT_OFFSET(RegisterFile, m_end), X86::eax, X86::edx);
+        slowRegisterFileCheck = m_jit.emitUnlinkedJg();
+        afterRegisterFileCheck = m_jit.label();
+    }
+
</ins><span class="cx">     privateCompileMainPass();
</span><span class="cx">     privateCompileLinkPass();
</span><span class="cx">     privateCompileSlowCases();
</span><span class="cx"> 
</span><ins>+    if (m_codeBlock-&gt;codeType == FunctionCode) {
+        m_jit.link(slowRegisterFileCheck, m_jit.label());
+        emitCall(0, Machine::cti_register_file_check);
+        X86Assembler::JmpSrc backToBody = m_jit.emitUnlinkedJmp();
+        m_jit.link(backToBody, afterRegisterFileCheck);
+    }
+
</ins><span class="cx">     ASSERT(m_jmpTable.isEmpty());
</span><span class="cx"> 
</span><span class="cx">     void* code = m_jit.copy();
</span></span></pre></div>
<a id="trunkJavaScriptCoreVMMachinecpp"></a>
<div class="modfile"><h4>Modified: trunk/JavaScriptCore/VM/Machine.cpp (37569 => 37570)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JavaScriptCore/VM/Machine.cpp        2008-10-13 23:39:43 UTC (rev 37569)
+++ trunk/JavaScriptCore/VM/Machine.cpp        2008-10-14 00:20:49 UTC (rev 37570)
</span><span class="lines">@@ -4336,6 +4336,22 @@
</span><span class="cx">     }
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+void Machine::cti_register_file_check(CTI_ARGS)
+{
+    CallFrame* callFrame = ARG_callFrame;
+    CodeBlock* codeBlock = callFrame-&gt;codeBlock();
+    RegisterFile* registerFile = ARG_registerFile;
+
+    if (!registerFile-&gt;grow(callFrame + codeBlock-&gt;numCalleeRegisters)) {
+        CallFrame* callerFrame = callFrame-&gt;callerFrame();
+        ARG_setCallFrame(callerFrame);
+        ARG_globalData-&gt;exception = createStackOverflowError(callerFrame);
+        ASSERT(ARG_globalData-&gt;exception);
+        ARG_globalData-&gt;throwReturnAddress = callFrame-&gt;returnPC();
+        doSetReturnAddressVMThrowTrampoline(&amp;CTI_RETURN_ADDRESS);
+    }
+}
+
</ins><span class="cx"> int Machine::cti_op_loop_if_less(CTI_ARGS)
</span><span class="cx"> {
</span><span class="cx">     JSValue* src1 = ARG_src1;
</span><span class="lines">@@ -4550,14 +4566,40 @@
</span><span class="cx"> 
</span><span class="cx">     ScopeChainNode* callDataScopeChain = static_cast&lt;JSFunction*&gt;(ARG_src1)-&gt;m_scopeChain.node();
</span><span class="cx">     CodeBlock* newCodeBlock = &amp;static_cast&lt;JSFunction*&gt;(ARG_src1)-&gt;m_body-&gt;byteCode(callDataScopeChain);
</span><ins>+    CallFrame* callFrame = ARG_callFrame;
+    size_t registerOffset = ARG_int2;
+    int argCount = ARG_int3;
</ins><span class="cx"> 
</span><del>-    CallFrame* callFrame = slideRegisterWindowForCall(newCodeBlock, ARG_registerFile, ARG_callFrame, ARG_int2, ARG_int3);
-    if (UNLIKELY(!callFrame)) {
-        ARG_globalData-&gt;exception = createStackOverflowError(ARG_callFrame);
</del><ins>+    if (LIKELY(argCount == newCodeBlock-&gt;numParameters)) {
+        VoidPtrPair pair = { newCodeBlock, CallFrame::create(callFrame-&gt;registers() + registerOffset) };
+        return pair;
+    }
+
+    if (argCount &gt; newCodeBlock-&gt;numParameters) {
+        size_t numParameters = newCodeBlock-&gt;numParameters;
+        Register* r = callFrame-&gt;registers() + registerOffset + numParameters;
+
+        Register* argv = r - RegisterFile::CallFrameHeaderSize - numParameters - argCount;
+        for (size_t i = 0; i &lt; numParameters; ++i)
+            argv[i + argCount] = argv[i];
+
+        VoidPtrPair pair = { newCodeBlock, CallFrame::create(r) };
+        return pair;
+    }
+
+    size_t omittedArgCount = newCodeBlock-&gt;numParameters - argCount;
+    Register* r = callFrame-&gt;registers() + registerOffset + omittedArgCount;
+    Register* newEnd = r + newCodeBlock-&gt;numCalleeRegisters;
+    if (!ARG_registerFile-&gt;grow(newEnd)) {
+        ARG_globalData-&gt;exception = createStackOverflowError(callFrame);
</ins><span class="cx">         VM_THROW_EXCEPTION_2();
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    VoidPtrPair pair = { newCodeBlock, callFrame };
</del><ins>+    Register* argv = r - RegisterFile::CallFrameHeaderSize - omittedArgCount;
+    for (size_t i = 0; i &lt; omittedArgCount; ++i)
+        argv[i] = jsUndefined();
+
+    VoidPtrPair pair = { newCodeBlock, CallFrame::create(r) };
</ins><span class="cx">     return pair;
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="lines">@@ -4685,7 +4727,6 @@
</span><span class="cx"> 
</span><span class="cx"> VoidPtrPair Machine::cti_op_construct_JSConstruct(CTI_ARGS)
</span><span class="cx"> {
</span><del>-    RegisterFile* registerFile = ARG_registerFile;
</del><span class="cx">     CallFrame* callFrame = ARG_callFrame;
</span><span class="cx"> 
</span><span class="cx">     JSFunction* constructor = static_cast&lt;JSFunction*&gt;(ARG_src1);
</span><span class="lines">@@ -4712,16 +4753,38 @@
</span><span class="cx">     else
</span><span class="cx">         structure = callDataScopeChain-&gt;globalObject()-&gt;emptyObjectStructure();
</span><span class="cx">     JSObject* newObject = new (ARG_globalData) JSObject(structure);
</span><del>-
</del><span class="cx">     callFrame[firstArg] = newObject; // &quot;this&quot; value
</span><span class="cx"> 
</span><del>-    callFrame = slideRegisterWindowForCall(newCodeBlock, registerFile, callFrame, registerOffset, argCount);
-    if (UNLIKELY(!callFrame)) {
-        ARG_globalData-&gt;exception = createStackOverflowError(ARG_callFrame);
</del><ins>+    if (LIKELY(argCount == newCodeBlock-&gt;numParameters)) {
+        VoidPtrPair pair = { newCodeBlock, CallFrame::create(callFrame-&gt;registers() + registerOffset) };
+        return pair;
+    }
+
+    if (argCount &gt; newCodeBlock-&gt;numParameters) {
+        size_t numParameters = newCodeBlock-&gt;numParameters;
+        Register* r = callFrame-&gt;registers() + registerOffset + numParameters;
+
+        Register* argv = r - RegisterFile::CallFrameHeaderSize - numParameters - argCount;
+        for (size_t i = 0; i &lt; numParameters; ++i)
+            argv[i + argCount] = argv[i];
+
+        VoidPtrPair pair = { newCodeBlock, CallFrame::create(r) };
+        return pair;
+    }
+
+    size_t omittedArgCount = newCodeBlock-&gt;numParameters - argCount;
+    Register* r = callFrame-&gt;registers() + registerOffset + omittedArgCount;
+    Register* newEnd = r + newCodeBlock-&gt;numCalleeRegisters;
+    if (!ARG_registerFile-&gt;grow(newEnd)) {
+        ARG_globalData-&gt;exception = createStackOverflowError(callFrame);
</ins><span class="cx">         VM_THROW_EXCEPTION_2();
</span><span class="cx">     }
</span><span class="cx"> 
</span><del>-    VoidPtrPair pair = { newCodeBlock, callFrame };
</del><ins>+    Register* argv = r - RegisterFile::CallFrameHeaderSize - omittedArgCount;
+    for (size_t i = 0; i &lt; omittedArgCount; ++i)
+        argv[i] = jsUndefined();
+
+    VoidPtrPair pair = { newCodeBlock, CallFrame::create(r) };
</ins><span class="cx">     return pair;
</span><span class="cx"> }
</span><span class="cx"> 
</span></span></pre></div>
<a id="trunkJavaScriptCoreVMMachineh"></a>
<div class="modfile"><h4>Modified: trunk/JavaScriptCore/VM/Machine.h (37569 => 37570)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JavaScriptCore/VM/Machine.h        2008-10-13 23:39:43 UTC (rev 37569)
+++ trunk/JavaScriptCore/VM/Machine.h        2008-10-14 00:20:49 UTC (rev 37570)
</span><span class="lines">@@ -162,6 +162,7 @@
</span><span class="cx"> #if ENABLE(CTI)
</span><span class="cx"> 
</span><span class="cx">         static void SFX_CALL cti_timeout_check(CTI_ARGS);
</span><ins>+        static void SFX_CALL cti_register_file_check(CTI_ARGS);
</ins><span class="cx"> 
</span><span class="cx">         static JSValue* SFX_CALL cti_op_convert_this(CTI_ARGS);
</span><span class="cx">         static void SFX_CALL cti_op_end(CTI_ARGS);
</span></span></pre></div>
<a id="trunkJavaScriptCoreVMRegisterFileh"></a>
<div class="modfile"><h4>Modified: trunk/JavaScriptCore/VM/RegisterFile.h (37569 => 37570)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JavaScriptCore/VM/RegisterFile.h        2008-10-13 23:39:43 UTC (rev 37569)
+++ trunk/JavaScriptCore/VM/RegisterFile.h        2008-10-14 00:20:49 UTC (rev 37570)
</span><span class="lines">@@ -88,6 +88,7 @@
</span><span class="cx">     class JSGlobalObject;
</span><span class="cx"> 
</span><span class="cx">     class RegisterFile : Noncopyable {
</span><ins>+        friend class CTI;
</ins><span class="cx">     public:
</span><span class="cx">         enum CallFrameHeaderEntry {
</span><span class="cx">             CallFrameHeaderSize = 8,
</span></span></pre></div>
<a id="trunkJavaScriptCoremasmX86Assemblerh"></a>
<div class="modfile"><h4>Modified: trunk/JavaScriptCore/masm/X86Assembler.h (37569 => 37570)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JavaScriptCore/masm/X86Assembler.h        2008-10-13 23:39:43 UTC (rev 37569)
+++ trunk/JavaScriptCore/masm/X86Assembler.h        2008-10-14 00:20:49 UTC (rev 37570)
</span><span class="lines">@@ -191,6 +191,7 @@
</span><span class="cx">         PRE_PREDICT_BRANCH_NOT_TAKEN    = 0x2E,
</span><span class="cx">         OP_XOR_EvGv                     = 0x31,
</span><span class="cx">         OP_CMP_EvGv                     = 0x39,
</span><ins>+        OP_CMP_GvEv                     = 0x3B,
</ins><span class="cx">         OP_PUSH_EAX                     = 0x50,
</span><span class="cx">         OP_POP_EAX                      = 0x58,
</span><span class="cx">         PRE_OPERAND_SIZE                = 0x66,
</span><span class="lines">@@ -240,6 +241,7 @@
</span><span class="cx">         OP2_JL_rel32        = 0x8C,
</span><span class="cx">         OP2_JGE_rel32       = 0x8D,
</span><span class="cx">         OP2_JLE_rel32       = 0x8E,
</span><ins>+        OP2_JG_rel32       = 0x8F,
</ins><span class="cx">         OP2_IMUL_GvEv       = 0xAF,
</span><span class="cx">         OP2_MOVZX_GvEb      = 0xB6,
</span><span class="cx">         OP2_MOVZX_GvEw      = 0xB7,
</span><span class="lines">@@ -373,6 +375,12 @@
</span><span class="cx">         emitModRm_rm(src, base, offset);
</span><span class="cx">     }
</span><span class="cx"> 
</span><ins>+    void cmpl_mr(int offset, RegisterID base, RegisterID dst)
+    {
+        m_buffer-&gt;putByte(OP_CMP_GvEv);
+        emitModRm_rm(dst, base, offset);
+    }
+
</ins><span class="cx">     void cmpl_i32r(int imm, RegisterID dst)
</span><span class="cx">     {
</span><span class="cx">         m_buffer-&gt;putByte(OP_GROUP1_EvIz);
</span><span class="lines">@@ -945,7 +953,15 @@
</span><span class="cx">         m_buffer-&gt;putInt(0);
</span><span class="cx">         return JmpSrc(m_buffer-&gt;getOffset());
</span><span class="cx">     }
</span><del>-    
</del><ins>+
+    JmpSrc emitUnlinkedJg()
+    {
+        m_buffer-&gt;putByte(OP_2BYTE_ESCAPE);
+        m_buffer-&gt;putByte(OP2_JG_rel32);
+        m_buffer-&gt;putInt(0);
+        return JmpSrc(m_buffer-&gt;getOffset());
+    }
+
</ins><span class="cx">     JmpSrc emitUnlinkedJa()
</span><span class="cx">     {
</span><span class="cx">         m_buffer-&gt;putByte(OP_2BYTE_ESCAPE);
</span></span></pre>
</div>
</div>

</body>
</html>