<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[190435] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/190435">190435</a></dd>
<dt>Author</dt> <dd>mark.lam@apple.com</dd>
<dt>Date</dt> <dd>2015-10-01 16:21:39 -0700 (Thu, 01 Oct 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Remove unnecessary SpecialFastCaseProfiles.
https://bugs.webkit.org/show_bug.cgi?id=149729
Reviewed by Saam Barati.
The current baseline code creates special fast case profiles records for
bytecodes that don't need them. This was done to keep the DFG from crashing when
it searches for such a profile and don't find one. Instead, we will fix the code
to check for the existence of the profile before dereferencing it to get a count.
* bytecode/CodeBlock.h:
(JSC::CodeBlock::specialFastCaseProfileCountForBytecodeOffset):
(JSC::CodeBlock::couldTakeSpecialFastCase):
(JSC::CodeBlock::likelyToTakeDeepestSlowCase):
(JSC::CodeBlock::numberOfArrayProfiles):
(JSC::CodeBlock::arrayProfiles):
(JSC::CodeBlock::addArrayProfile):
(JSC::CodeBlock::likelyToTakeSpecialFastCase): Deleted. Not used.
(JSC::CodeBlock::likelyToTakeAnySlowCase): Deleted. Not used.
* jit/JITArithmetic.cpp:
(JSC::JIT::compileBinaryArithOp):
- Only op_mul needs the profile. So, only allocate it in the op_mul case.
(JSC::JIT::emit_op_mul):
- These op_mul cases create the profile but never increments its counter.
Hence, we can get rid of these.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockh">trunk/Source/JavaScriptCore/bytecode/CodeBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITArithmeticcpp">trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (190434 => 190435)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-10-01 22:32:56 UTC (rev 190434)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-10-01 23:21:39 UTC (rev 190435)
</span><span class="lines">@@ -1,3 +1,33 @@
</span><ins>+2015-10-01 Mark Lam <mark.lam@apple.com>
+
+ Remove unnecessary SpecialFastCaseProfiles.
+ https://bugs.webkit.org/show_bug.cgi?id=149729
+
+ Reviewed by Saam Barati.
+
+ The current baseline code creates special fast case profiles records for
+ bytecodes that don't need them. This was done to keep the DFG from crashing when
+ it searches for such a profile and don't find one. Instead, we will fix the code
+ to check for the existence of the profile before dereferencing it to get a count.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlock::specialFastCaseProfileCountForBytecodeOffset):
+ (JSC::CodeBlock::couldTakeSpecialFastCase):
+ (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
+ (JSC::CodeBlock::numberOfArrayProfiles):
+ (JSC::CodeBlock::arrayProfiles):
+ (JSC::CodeBlock::addArrayProfile):
+ (JSC::CodeBlock::likelyToTakeSpecialFastCase): Deleted. Not used.
+ (JSC::CodeBlock::likelyToTakeAnySlowCase): Deleted. Not used.
+ * jit/JITArithmetic.cpp:
+
+ (JSC::JIT::compileBinaryArithOp):
+ - Only op_mul needs the profile. So, only allocate it in the op_mul case.
+
+ (JSC::JIT::emit_op_mul):
+ - These op_mul cases create the profile but never increments its counter.
+ Hence, we can get rid of these.
+
</ins><span class="cx"> 2015-10-01 Keith Miller <keith_miller@apple.com>
</span><span class="cx">
</span><span class="cx"> [ES6] Add TypedArray.prototype functionality.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.h (190434 => 190435)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.h 2015-10-01 22:32:56 UTC (rev 190434)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.h 2015-10-01 23:21:39 UTC (rev 190435)
</span><span class="lines">@@ -438,20 +438,19 @@
</span><span class="cx"> m_specialFastCaseProfiles, m_specialFastCaseProfiles.size(), bytecodeOffset,
</span><span class="cx"> getRareCaseProfileBytecodeOffset);
</span><span class="cx"> }
</span><del>-
- bool likelyToTakeSpecialFastCase(int bytecodeOffset)
</del><ins>+ unsigned specialFastCaseProfileCountForBytecodeOffset(int bytecodeOffset)
</ins><span class="cx"> {
</span><del>- if (!hasBaselineJITProfiling())
- return false;
- unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
- return specialFastCaseCount >= Options::likelyToTakeSlowCaseMinimumCount();
</del><ins>+ RareCaseProfile* profile = specialFastCaseProfileForBytecodeOffset(bytecodeOffset);
+ if (!profile)
+ return 0;
+ return profile->m_counter;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> bool couldTakeSpecialFastCase(int bytecodeOffset)
</span><span class="cx"> {
</span><span class="cx"> if (!hasBaselineJITProfiling())
</span><span class="cx"> return false;
</span><del>- unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
</del><ins>+ unsigned specialFastCaseCount = specialFastCaseProfileCountForBytecodeOffset(bytecodeOffset);
</ins><span class="cx"> return specialFastCaseCount >= Options::couldTakeSlowCaseMinimumCount();
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -460,21 +459,11 @@
</span><span class="cx"> if (!hasBaselineJITProfiling())
</span><span class="cx"> return false;
</span><span class="cx"> unsigned slowCaseCount = rareCaseProfileCountForBytecodeOffset(bytecodeOffset);
</span><del>- unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
</del><ins>+ unsigned specialFastCaseCount = specialFastCaseProfileCountForBytecodeOffset(bytecodeOffset);
</ins><span class="cx"> unsigned value = slowCaseCount - specialFastCaseCount;
</span><span class="cx"> return value >= Options::likelyToTakeSlowCaseMinimumCount();
</span><span class="cx"> }
</span><span class="cx">
</span><del>- bool likelyToTakeAnySlowCase(int bytecodeOffset)
- {
- if (!hasBaselineJITProfiling())
- return false;
- unsigned slowCaseCount = rareCaseProfileCountForBytecodeOffset(bytecodeOffset);
- unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
- unsigned value = slowCaseCount + specialFastCaseCount;
- return value >= Options::likelyToTakeSlowCaseMinimumCount();
- }
-
</del><span class="cx"> unsigned numberOfArrayProfiles() const { return m_arrayProfiles.size(); }
</span><span class="cx"> const ArrayProfileVector& arrayProfiles() { return m_arrayProfiles; }
</span><span class="cx"> ArrayProfile* addArrayProfile(unsigned bytecodeOffset)
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITArithmeticcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp (190434 => 190435)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp 2015-10-01 22:32:56 UTC (rev 190434)
+++ trunk/Source/JavaScriptCore/jit/JITArithmetic.cpp 2015-10-01 23:21:39 UTC (rev 190435)
</span><span class="lines">@@ -666,7 +666,6 @@
</span><span class="cx"> emitGetVirtualRegisters(op1, regT0, op2, regT1);
</span><span class="cx"> emitJumpSlowCaseIfNotInt(regT0);
</span><span class="cx"> emitJumpSlowCaseIfNotInt(regT1);
</span><del>- RareCaseProfile* profile = m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset);
</del><span class="cx"> if (opcodeID == op_add)
</span><span class="cx"> addSlowCase(branchAdd32(Overflow, regT1, regT0));
</span><span class="cx"> else if (opcodeID == op_sub)
</span><span class="lines">@@ -688,7 +687,7 @@
</span><span class="cx"> // We only get here if we have a genuine negative zero. Record this,
</span><span class="cx"> // so that the speculative JIT knows that we failed speculation
</span><span class="cx"> // because of a negative zero.
</span><del>- add32(TrustedImm32(1), AbsoluteAddress(&profile->m_counter));
</del><ins>+ add32(TrustedImm32(1), AbsoluteAddress(&m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset)->m_counter));
</ins><span class="cx"> addSlowCase(jump());
</span><span class="cx"> done.link(this);
</span><span class="cx"> move(regT2, regT0);
</span><span class="lines">@@ -836,15 +835,11 @@
</span><span class="cx"> // For now, only plant a fast int case if the constant operand is greater than zero.
</span><span class="cx"> int32_t value;
</span><span class="cx"> if (isOperandConstantInt(op1) && ((value = getOperandConstantInt(op1)) > 0)) {
</span><del>- // Add a special fast case profile because the DFG JIT will expect one.
- m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset);
</del><span class="cx"> emitGetVirtualRegister(op2, regT0);
</span><span class="cx"> emitJumpSlowCaseIfNotInt(regT0);
</span><span class="cx"> addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT1));
</span><span class="cx"> emitTagInt(regT1, regT0);
</span><span class="cx"> } else if (isOperandConstantInt(op2) && ((value = getOperandConstantInt(op2)) > 0)) {
</span><del>- // Add a special fast case profile because the DFG JIT will expect one.
- m_codeBlock->addSpecialFastCaseProfile(m_bytecodeOffset);
</del><span class="cx"> emitGetVirtualRegister(op1, regT0);
</span><span class="cx"> emitJumpSlowCaseIfNotInt(regT0);
</span><span class="cx"> addSlowCase(branchMul32(Overflow, Imm32(value), regT0, regT1));
</span></span></pre>
</div>
</div>
</body>
</html>