[webkit-reviews] review granted: [Bug 175144] Use JIT probes for DFG OSR exit. : [Attachment 320151] proposed patch (removed some debugging code).
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 7 15:21:43 PDT 2017
Saam Barati <sbarati at apple.com> has granted Mark Lam <mark.lam at apple.com>'s
request for review:
Bug 175144: Use JIT probes for DFG OSR exit.
https://bugs.webkit.org/show_bug.cgi?id=175144
Attachment 320151: proposed patch (removed some debugging code).
https://bugs.webkit.org/attachment.cgi?id=320151&action=review
--- Comment #35 from Saam Barati <sbarati at apple.com> ---
Comment on attachment 320151
--> https://bugs.webkit.org/attachment.cgi?id=320151
proposed patch (removed some debugging code).
View in context: https://bugs.webkit.org/attachment.cgi?id=320151&action=review
r=me with comments
> Source/JavaScriptCore/assembler/ProbeFrame.h:44
> + T getArgument(int argument)
style nit: here and below, you preface getters with get, but I don't think we
do that elsewhere, e.g, Operands. What about just calling this:
argument(...), and below, operand(...), etc.
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:80
> + RegisterSet dontRestoreRegisters =
RegisterSet(RegisterSet::stackRegisters(), RegisterSet::allFPRs());
style nit: This same thing is used here and below, might be worth making it a
function to call.
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:135
> + context.gpr(entry.reg().gpr()) =
stack.get<uintptr_t>(calleeSaveBuffer, entry.offset());
> + else
> + context.gpr(entry.reg().gpr()) =
stack.get<double>(calleeSaveBuffer, entry.offset());
why do these gets need to use the stack API?
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:152
> + ASSERT(is64Bit());
seems like this could be a static assert?
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:160
> + if (entry.reg().isGPR())
> + stack.set(calleeSaveBuffer, entry.offset(),
context.gpr<uintptr_t>(entry.reg().gpr()));
> + else
> + stack.set(calleeSaveBuffer, entry.offset(),
context.fpr<uintptr_t>(entry.reg().fpr()));
I think it'd be nice to have context expose a register API so it does this
branch for you. You also write the branch in a few places, but if context
handled it, you could just do:
stack.set(calleeSaveBuffer, entry.offset(),
context.reg<uintptr_t>(entry.reg()));
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:171
> + RegisterSet dontSaveRegisters =
RegisterSet(RegisterSet::stackRegisters(), RegisterSet::allFPRs());
ditto about method abstracting this instead of copy-pasting.
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:176
> +#if USE(JSVALUE64)
> + RegisterSet baselineCalleeSaves =
RegisterSet::llintBaselineCalleeSaveRegisters();
> +#endif
seems like this is guaranteed given NUMBER_OF_CALLEE_SAVES_REGISTERS.
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:187
> +#if USE(JSVALUE32_64)
> + UNUSED_PARAM(wasCalledViaTailCall);
> +#else
seems like this is dead given: NUMBER_OF_CALLEE_SAVES_REGISTERS
Maybe inside your:
#if NUMBER_OF_CALLEE_SAVES_REGISTERS > 0
you can add: static_assert(is64bit(), "")
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:326
> +void OSRExit::executeOSRExit(Context& context)
Should you set top call frame inside of here? I think that'd help the sampling
profiler at least. Maybe other things need it to.
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:353
> + if (UNLIKELY(!exit.exitState)) {
suggestion: Let's cache the various calls of JITCode::dfg() here since it's a
virtual function
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:366
> + // Compute the value recoveries.
> + Operands<ValueRecovery> operands;
> +
codeBlock->jitCode()->dfg()->variableEventStream.reconstruct(codeBlock,
exit.m_codeOrigin, codeBlock->jitCode()->dfg()->minifiedDFG,
exit.m_streamIndex, operands);
This is an interesting tradeoff. I think it's the right one. However, I know we
use the event stream to reconstruct on demand because storing the reconstructed
data for each exit has a high memory cost. That said, we're only doing this
here for *executed* exits. That's why I think this is ok and the right choice.
But it's worth making sure we truly believe this is the best choice.
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:489
> + Structure* structure = jsValueFor(cpu,
exit.m_jsValueSource).asCell()->structure(vm);
how do we know the incoming value is a cell?
> Source/JavaScriptCore/dfg/DFGOSRExit.cpp:745
> + saveOrCopyCalleeSavesFor(context, baselineCodeBlock,
static_cast<VirtualRegister>(inlineCallFrame->stackOffset), !trueCaller);
Style: This static cast here seems weird, why not just:
VirtualRegister(inlineCallFrame->stackOffset) ?
More information about the webkit-reviews
mailing list