[Webkit-unassigned] [Bug 183130] [MIPS] Optimize generated JIT code for branches

Wed Mar 21 04:36:48 PDT 2018

https://bugs.webkit.org/show_bug.cgi?id=183130

--- Comment #11 from Stanislav Ocovaj <stanislav.ocovaj at rt-rk.com> ---
Sorry, I think my explanation was not clear enough. The patch https://bugs.webkit.org/show_bug.cgi?id=101328 added two nop's to branchEqual() and branchNotEqual() in order to fix the following issue.
Without the nop's, branchPtrWithPatch() generates a block of instructions like this:

  lui immTempRegister, initialRightValue >> 16
  ori immTempRegister, immTempRegister, initialRightValue & 0xffff
  beq left, immTempRegister, label
  nop
  beq zero, zero, 1
  nop
  nop
  nop
1:

Then, at some point, this code may be changed by replaceWithJump() to

  lui t9, newLabel >> 16
  ori t9, newLabel & 0xffff
  jr  t9
  nop
  beq zero, zero, 1
  nop
  nop
  nop
1:

which overwrites the original beq instruction. Later on, the JIT may want to revert the jump back to branchPtrWithPatch by calling revertJumpReplacementToBranchPtrWithPatch(), which results with the following block:

  lui immTempRegister, initialRightValue >> 16
  ori immTempRegister, immTempRegister, initialRightValue & 0xffff
  nop
  nop
  beq zero, zero, 1
  nop
  nop
  nop
1:

Since the original beq instruction is lost, this code won't work anymore. So, the added nop's have nothing to do with patchable branches actually, they were added in orded to allow the code generated by branchPtrWithPatch() to be reverted back to branchPtrWithPatch after replacing it with a 4-instruction jump.
Repatching branches only modifies the last 6 instructions of the branch (see relinkJump() in MIPSAssembler.h), so that should not be affected.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180321/4cd791b8/attachment.html>