1. 23 Aug, 2013 1 commit
    • fpizlo@apple.com's avatar
      build-jsc --ftl-jit should work · 67aa405d
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=120194
      
      Reviewed by Oliver Hunt.
      
      Source/JavaScriptCore: 
      
      * Configurations/Base.xcconfig: CPPFLAGS should include FEATURE_DEFINES
      * Configurations/JSC.xcconfig: The 'jsc' tool includes headers where field layout may depend on FEATURE_DEFINES
      * Configurations/ToolExecutable.xcconfig: All other tools include headers where field layout may depend on FEATURE_DEFINES
      * ftl/FTLLowerDFGToLLVM.cpp: Build fix
      (JSC::FTL::LowerDFGToLLVM::compilePutStructure):
      (JSC::FTL::LowerDFGToLLVM::compilePhantomPutStructure):
      
      Source/WTF: 
      
      * wtf/LLVMHeaders.h: I don't know what went wrong here. If HAVE(LLVM), then we need those headers!
      
      Tools: 
      
      * Scripts/build-jsc: Need to pass the feature flag to xcodebuild
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@154509 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      67aa405d
  2. 24 Jul, 2013 4 commits
    • oliver@apple.com's avatar
      fourthTier: FTL should use the equivalent of llvm opt -O2 by default · 0fc04331
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=118311
      
      Source/JavaScriptCore:
      
      Reviewed by Mark Hahnenberg.
      
      Use a PassManagerBuilder instead of rolling our own.
      
      This boosts our speed-up by another 5% or so.
      
      * ftl/FTLCompile.cpp:
      (JSC::FTL::compile):
      * runtime/Options.h:
      (JSC):
      
      Source/WTF:
      
      Reviewed by Mark Hahnenberg.
      
      * wtf/LLVMHeaders.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153261 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0fc04331
    • oliver@apple.com's avatar
      fourthTier: JSC's disassembly infrastructure should be able to disassemble the... · 49a2bafa
      oliver@apple.com authored
      fourthTier: JSC's disassembly infrastructure should be able to disassemble the code that LLVM generates
      https://bugs.webkit.org/show_bug.cgi?id=118148
      
      Source/JavaScriptCore:
      
      Reviewed by Anders Carlsson.
      
      Oh boy. UDis86 cannot disassemble the AVX (or whatever it's called) stuff
      that LLVM generates for floating point. So the right decision is to
      switch to the LLVM disassembler, right? Wrong!! LLVM's disassembler
      cannot disassemble the load-from-absolute-address-into-%rax instructions
      that our JIT generates quite a lot of.
      
      So, this keeps the UDis86 disassembler, but adds the LLVM disassembler,
      and requires the caller of disassemble() to hint which one is likely to
      be less wrong for the given code.
      
      Maybe in the future LLVM will catch up to UDis86, but it's definitely not
      there right now.
      
      This now allows us to disassemble all of the code that LLVM generates.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * disassembler/Disassembler.cpp:
      (JSC::disassemble):
      * disassembler/Disassembler.h:
      (JSC::tryToDisassemble):
      (JSC):
      * disassembler/LLVMDisassembler.cpp: Added.
      (JSC):
      (JSC::symbolLookupCallback):
      (JSC::tryToDisassembleWithLLVM):
      * disassembler/LLVMDisassembler.h: Added.
      (JSC):
      (JSC::tryToDisassembleWithLLVM):
      * disassembler/UDis86Disassembler.cpp:
      (JSC::tryToDisassembleWithUDis86):
      * disassembler/UDis86Disassembler.h: Added.
      (JSC):
      (JSC::tryToDisassembleWithUDis86):
      * disassembler/X86Disassembler.cpp: Added.
      (JSC):
      (JSC::tryToDisassemble):
      * ftl/FTLAbbreviatedTypes.h:
      * ftl/FTLCompile.cpp:
      (JSC::FTL::compile):
      * ftl/FTLJITCode.h:
      * ftl/FTLJITFinalizer.h:
      * ftl/FTLLLVMHeaders.h: Removed.
      * ftl/FTLLink.cpp:
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      * runtime/Options.h:
      (JSC):
      
      Source/WTF:
      
      Reviewed by Anders Carlsson.
      
      We now use LLVM for two things: disassembler and FTL. Separate out the question
      of whether we have LLVM (HAVE(LLVM)) from whether we want to use the LLVM
      disassembler (USE(LLVM_DISASSEMBLER)) and whether we enable the FTL
      (ENABLE(FTL_JIT)).
      
      Also move the cruft for including LLVM headers into WTF since now we use it in
      a bunch of places, not all related to FTL. There's no obvious place to put that
      file in JSC so I put it in WTF.
      
      * WTF.xcodeproj/project.pbxproj:
      * wtf/LLVMHeaders.h: Copied from Source/JavaScriptCore/ftl/FTLLLVMHeaders.h.
      * wtf/Platform.h:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153256 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      49a2bafa
    • oliver@apple.com's avatar
      fourthTier: Landing the initial FTL logic in a single commit to avoid spurious · ea77149c
      oliver@apple.com authored
      broken builds.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153121 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      ea77149c
    • oliver@apple.com's avatar
      fourthTier: DFG should provide utilities for common OSR exit tasks · b9009149
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=114306
      
      Reviewed by Mark Hahnenberg.
      
      Just abstract out some things that the FTL will want to use as well.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler.h:
      (OSRExitCompiler):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompilerCommon.cpp: Added.
      (DFG):
      (JSC::DFG::handleExitCounts):
      (JSC::DFG::reifyInlinedCallFrames):
      (JSC::DFG::adjustAndJumpToTarget):
      * dfg/DFGOSRExitCompilerCommon.h: Added.
      (DFG):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@153119 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b9009149
  3. 02 Jul, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG OSR exit value recoveries should be computed lazily · 8618e4ba
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=82155
      
      Reviewed by Gavin Barraclough.
              
      This change aims to reduce one aspect of DFG compile times: the fact
      that we currently compute the value recoveries for each local and
      argument on every speculation check. We compile many speculation checks,
      so this can add up quick. The strategy that this change takes is to
      have the DFG save just enough information about how the compiler is
      choosing to represent state, that the DFG::OSRExitCompiler can reify
      the value recoveries lazily.
              
      This appears to be an 0.3% SunSpider speed-up and is neutral elsewhere.
              
      I also took the opportunity to fix the sampling regions profiler (it
      was missing an export macro) and to put in more sampling regions in
      the DFG (which are disabled so long as ENABLE(SAMPLING_REGIONS) is
      false).
              
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC):
      (JSC::CodeBlock::shrinkDFGDataToFit):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::minifiedDFG):
      (JSC::CodeBlock::variableEventStream):
      (DFGData):
      * bytecode/Operands.h:
      (JSC::Operands::hasOperand):
      (Operands):
      (JSC::Operands::size):
      (JSC::Operands::at):
      (JSC::Operands::operator[]):
      (JSC::Operands::isArgument):
      (JSC::Operands::isVariable):
      (JSC::Operands::argumentForIndex):
      (JSC::Operands::variableForIndex):
      (JSC::Operands::operandForIndex):
      (JSC):
      (JSC::dumpOperands):
      * bytecode/SamplingTool.h:
      (SamplingRegion):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::parse):
      * dfg/DFGCFAPhase.cpp:
      (JSC::DFG::performCFA):
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::performCSE):
      * dfg/DFGFixupPhase.cpp:
      (JSC::DFG::performFixup):
      * dfg/DFGGenerationInfo.h:
      (JSC::DFG::GenerationInfo::GenerationInfo):
      (JSC::DFG::GenerationInfo::initConstant):
      (JSC::DFG::GenerationInfo::initInteger):
      (JSC::DFG::GenerationInfo::initJSValue):
      (JSC::DFG::GenerationInfo::initCell):
      (JSC::DFG::GenerationInfo::initBoolean):
      (JSC::DFG::GenerationInfo::initDouble):
      (JSC::DFG::GenerationInfo::initStorage):
      (GenerationInfo):
      (JSC::DFG::GenerationInfo::noticeOSRBirth):
      (JSC::DFG::GenerationInfo::use):
      (JSC::DFG::GenerationInfo::spill):
      (JSC::DFG::GenerationInfo::setSpilled):
      (JSC::DFG::GenerationInfo::fillJSValue):
      (JSC::DFG::GenerationInfo::fillCell):
      (JSC::DFG::GenerationInfo::fillInteger):
      (JSC::DFG::GenerationInfo::fillBoolean):
      (JSC::DFG::GenerationInfo::fillDouble):
      (JSC::DFG::GenerationInfo::fillStorage):
      (JSC::DFG::GenerationInfo::appendFill):
      (JSC::DFG::GenerationInfo::appendSpill):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGMinifiedGraph.h: Added.
      (DFG):
      (MinifiedGraph):
      (JSC::DFG::MinifiedGraph::MinifiedGraph):
      (JSC::DFG::MinifiedGraph::at):
      (JSC::DFG::MinifiedGraph::append):
      (JSC::DFG::MinifiedGraph::prepareAndShrink):
      (JSC::DFG::MinifiedGraph::setOriginalGraphSize):
      (JSC::DFG::MinifiedGraph::originalGraphSize):
      * dfg/DFGMinifiedNode.cpp: Added.
      (DFG):
      (JSC::DFG::MinifiedNode::fromNode):
      * dfg/DFGMinifiedNode.h: Added.
      (DFG):
      (JSC::DFG::belongsInMinifiedGraph):
      (MinifiedNode):
      (JSC::DFG::MinifiedNode::MinifiedNode):
      (JSC::DFG::MinifiedNode::index):
      (JSC::DFG::MinifiedNode::op):
      (JSC::DFG::MinifiedNode::hasChild1):
      (JSC::DFG::MinifiedNode::child1):
      (JSC::DFG::MinifiedNode::hasConstant):
      (JSC::DFG::MinifiedNode::hasConstantNumber):
      (JSC::DFG::MinifiedNode::constantNumber):
      (JSC::DFG::MinifiedNode::hasWeakConstant):
      (JSC::DFG::MinifiedNode::weakConstant):
      (JSC::DFG::MinifiedNode::getIndex):
      (JSC::DFG::MinifiedNode::compareByNodeIndex):
      (JSC::DFG::MinifiedNode::hasChild):
      * dfg/DFGNode.h:
      (Node):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::OSRExit):
      * dfg/DFGOSRExit.h:
      (OSRExit):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler.h:
      (OSRExitCompiler):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::performPredictionPropagation):
      * dfg/DFGRedundantPhiEliminationPhase.cpp:
      (JSC::DFG::performRedundantPhiElimination):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      (DFG):
      (JSC::DFG::SpeculativeJIT::fillStorage):
      (JSC::DFG::SpeculativeJIT::noticeOSRBirth):
      (JSC::DFG::SpeculativeJIT::compileMovHint):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT.h:
      (DFG):
      (JSC::DFG::SpeculativeJIT::use):
      (SpeculativeJIT):
      (JSC::DFG::SpeculativeJIT::spill):
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      (JSC::DFG::SpeculativeJIT::forwardSpeculationCheck):
      (JSC::DFG::SpeculativeJIT::recordSetLocal):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillInteger):
      (JSC::DFG::SpeculativeJIT::fillDouble):
      (JSC::DFG::SpeculativeJIT::fillJSValue):
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGValueRecoveryOverride.h: Added.
      (DFG):
      (ValueRecoveryOverride):
      (JSC::DFG::ValueRecoveryOverride::ValueRecoveryOverride):
      * dfg/DFGValueSource.cpp: Added.
      (DFG):
      (JSC::DFG::ValueSource::dump):
      * dfg/DFGValueSource.h: Added.
      (DFG):
      (JSC::DFG::dataFormatToValueSourceKind):
      (JSC::DFG::valueSourceKindToDataFormat):
      (JSC::DFG::isInRegisterFile):
      (ValueSource):
      (JSC::DFG::ValueSource::ValueSource):
      (JSC::DFG::ValueSource::forPrediction):
      (JSC::DFG::ValueSource::forDataFormat):
      (JSC::DFG::ValueSource::isSet):
      (JSC::DFG::ValueSource::kind):
      (JSC::DFG::ValueSource::isInRegisterFile):
      (JSC::DFG::ValueSource::dataFormat):
      (JSC::DFG::ValueSource::valueRecovery):
      (JSC::DFG::ValueSource::nodeIndex):
      (JSC::DFG::ValueSource::nodeIndexFromKind):
      (JSC::DFG::ValueSource::kindFromNodeIndex):
      * dfg/DFGVariableEvent.cpp: Added.
      (DFG):
      (JSC::DFG::VariableEvent::dump):
      (JSC::DFG::VariableEvent::dumpFillInfo):
      (JSC::DFG::VariableEvent::dumpSpillInfo):
      * dfg/DFGVariableEvent.h: Added.
      (DFG):
      (VariableEvent):
      (JSC::DFG::VariableEvent::VariableEvent):
      (JSC::DFG::VariableEvent::reset):
      (JSC::DFG::VariableEvent::fillGPR):
      (JSC::DFG::VariableEvent::fillPair):
      (JSC::DFG::VariableEvent::fillFPR):
      (JSC::DFG::VariableEvent::spill):
      (JSC::DFG::VariableEvent::death):
      (JSC::DFG::VariableEvent::setLocal):
      (JSC::DFG::VariableEvent::movHint):
      (JSC::DFG::VariableEvent::kind):
      (JSC::DFG::VariableEvent::nodeIndex):
      (JSC::DFG::VariableEvent::dataFormat):
      (JSC::DFG::VariableEvent::gpr):
      (JSC::DFG::VariableEvent::tagGPR):
      (JSC::DFG::VariableEvent::payloadGPR):
      (JSC::DFG::VariableEvent::fpr):
      (JSC::DFG::VariableEvent::virtualRegister):
      (JSC::DFG::VariableEvent::operand):
      (JSC::DFG::VariableEvent::variableRepresentation):
      * dfg/DFGVariableEventStream.cpp: Added.
      (DFG):
      (JSC::DFG::VariableEventStream::logEvent):
      (MinifiedGenerationInfo):
      (JSC::DFG::MinifiedGenerationInfo::MinifiedGenerationInfo):
      (JSC::DFG::MinifiedGenerationInfo::update):
      (JSC::DFG::VariableEventStream::reconstruct):
      * dfg/DFGVariableEventStream.h: Added.
      (DFG):
      (VariableEventStream):
      (JSC::DFG::VariableEventStream::appendAndLog):
      * dfg/DFGVirtualRegisterAllocationPhase.cpp:
      (JSC::DFG::performVirtualRegisterAllocation):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121717 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8618e4ba
  4. 08 Jun, 2012 1 commit
    • wingo@igalia.com's avatar
      Explictly mark stubs called by JIT as being internal · 332e9bfa
      wingo@igalia.com authored
      https://bugs.webkit.org/show_bug.cgi?id=88552
      
      Reviewed by Filip Pizlo.
      
      Source/JavaScriptCore:
      
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOperations.cpp:
      * dfg/DFGOperations.h:
      * jit/HostCallReturnValue.h:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * jit/ThunkGenerators.cpp:
      * llint/LLIntSlowPaths.h: Mark a bunch of stubs as being
      WTF_INTERNAL.  Change most calls to SYMBOL_STRING_RELOCATION to
      LOCAL_REFERENCE, or GLOBAL_REFERENCE in the case of the wrappers
      to truly global symbols.
      * offlineasm/asm.rb: Generate LOCAL_REFERENCE instead of
      SYMBOL_STRING_RELOCATION.
      
      Don't rely on weak pointers for eager CodeBlock finalization
      https://bugs.webkit.org/show_bug.cgi?id=88465
      
      Reviewed by Gavin Barraclough.
      
      This is incompatible with lazy weak pointer finalization.
      
      I considered just making CodeBlock finalization lazy-friendly, but it
      turns out that the heap is already way up in CodeBlock's business when
      it comes to finalization, so I decided to finish the job and move full
      responsibility for CodeBlock finalization into the heap.
      
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Maybe this
      will build.
      
      * debugger/Debugger.cpp: Updated for rename.
      
      * heap/Heap.cpp:
      (JSC::Heap::deleteAllCompiledCode): Renamed for consistency. Fixed a bug
      where we would not delete code for a code block that had been previously
      jettisoned. I don't know if this happens in practice -- I mostly did
      this to improve consistency with deleteUnmarkedCompiledCode.
      
      (JSC::Heap::deleteUnmarkedCompiledCode): New function, responsible for
      eager finalization of unmarked code blocks.
      
      (JSC::Heap::collect): Updated for rename. Updated to call
      deleteUnmarkedCompiledCode(), which takes care of jettisoned DFG code
      blocks too.
      
      (JSC::Heap::addCompiledCode): Renamed, since this points to all code
      now, not just functions.
      
      * heap/Heap.h:
      (Heap): Keep track of all user code, not just functions. This is a
      negligible additional overhead, since most code is function code.
      
      * runtime/Executable.cpp:
      (JSC::*::finalize): Removed these functions, since we don't rely on
      weak pointer finalization anymore.
      
      (JSC::FunctionExecutable::FunctionExecutable): Moved linked-list stuff
      into base class so all executables can be in the list.
      
      (JSC::EvalExecutable::clearCode):
      (JSC::ProgramExecutable::clearCode):
      (JSC::FunctionExecutable::clearCode): All we need to do is delete our
      CodeBlock -- that will delete all of its internal data structures.
      
      (JSC::FunctionExecutable::clearCodeIfNotCompiling): Factored out a helper
      function to improve clarity.
      
      * runtime/Executable.h:
      (JSC::ExecutableBase): Moved linked-list stuff
      into base class so all executables can be in the list.
      
      (JSC::NativeExecutable::create):
      (NativeExecutable):
      (ScriptExecutable):
      (JSC::ScriptExecutable::finishCreation):
      (JSC::EvalExecutable::create):
      (EvalExecutable):
      (JSC::ProgramExecutable::create):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::create): Don't use a finalizer -- the heap
      will call us back to destroy our code block.
      
      (JSC::FunctionExecutable::discardCode): Renamed to clearCodeIfNotCompiling()
      for clarity.
      
      (JSC::FunctionExecutable::isCompiling): New helper function, for clarity.
      
      (JSC::ScriptExecutable::clearCodeVirtual): New helper function, since
      the heap needs to make polymorphic calls to clear code.
      
      * runtime/JSGlobalData.cpp:
      (JSC::StackPreservingRecompiler::operator()):
      * runtime/JSGlobalObject.cpp:
      (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Updated for
      renames.
      
      Source/WTF:
      
      * wtf/ExportMacros.h (WTF_INTERNAL, HAVE_INTERNAL_VISIBILITY): New
      defines.  Regardless of what the port does about visibility in
      general, for code referenced only from assembly it is useful to
      give it internal visibility.
      * wtf/InlineASM.h: Split SYMBOL_STRING_RELOCATION into
      LOCAL_REFERENCE and GLOBAL_REFERENCE; the former will try to avoid
      indirection if HAVE(INTERNAL_VISIBILITY).
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@119857 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      332e9bfa
  5. 23 May, 2012 1 commit
    • fpizlo@apple.com's avatar
      DFG should optimize aliased uses of the Arguments object of the current call frame · 9a548f19
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=86552
      
      Source/JavaScriptCore: 
      
      Reviewed by Geoff Garen.
              
      Merged r117542 and r117543 from dfgopt.
              
      Performs must-alias and escape analysis on uses of CreateArguments, and if
      a variable is must-aliased to CreateArguments and does not escape, then we
      turn all uses of that variable into direct arguments accesses.
              
      36% speed-up on V8/earley leading to a 2.3% speed-up overall in V8.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::uncheckedArgumentsRegister):
      * bytecode/ValueRecovery.h:
      (JSC::ValueRecovery::argumentsThatWereNotCreated):
      (ValueRecovery):
      (JSC::ValueRecovery::dump):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
      * dfg/DFGAdjacencyList.h:
      (AdjacencyList):
      (JSC::DFG::AdjacencyList::removeEdgeFromBag):
      * dfg/DFGArgumentsSimplificationPhase.cpp:
      (JSC::DFG::ArgumentsSimplificationPhase::run):
      (ArgumentsSimplificationPhase):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::observeBadArgumentsUses):
      (JSC::DFG::ArgumentsSimplificationPhase::observeProperArgumentsUse):
      (JSC::DFG::ArgumentsSimplificationPhase::isOKToOptimize):
      (JSC::DFG::ArgumentsSimplificationPhase::removeArgumentsReferencingPhantomChild):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::argumentsRegisterFor):
      (AssemblyHelpers):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCFGSimplificationPhase.cpp:
      (JSC::DFG::CFGSimplificationPhase::removePotentiallyDeadPhiReference):
      * dfg/DFGGPRInfo.h:
      (GPRInfo):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::collectGarbage):
      (DFG):
      * dfg/DFGGraph.h:
      (Graph):
      (JSC::DFG::Graph::executableFor):
      (JSC::DFG::Graph::argumentsRegisterFor):
      (JSC::DFG::Graph::uncheckedArgumentsRegisterFor):
      (JSC::DFG::Graph::clobbersWorld):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasHeapPrediction):
      * dfg/DFGNodeType.h:
      (DFG):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler.h:
      (JSC::DFG::OSRExitCompiler::OSRExitCompiler):
      (OSRExitCompiler):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::ValueSource::dump):
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::computeValueRecoveryFor):
      * dfg/DFGSpeculativeJIT.h:
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::VariableAccessData):
      (JSC::DFG::VariableAccessData::mergeIsArgumentsAlias):
      (VariableAccessData):
      (JSC::DFG::VariableAccessData::isArgumentsAlias):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      
      LayoutTests: 
      
      Rubber stamped by Geoff Garen.
              
      Merged r117542 from dfgopt.
              
      Added a bunch of tests that check that our optimizations for aliased uses of the
      'arguments' object are robust against various forms of JavaScript crazy.
              
      * fast/js/dfg-arguments-alias-escape-expected.txt: Added.
      * fast/js/dfg-arguments-alias-escape.html: Added.
      * fast/js/dfg-arguments-alias-expected.txt: Added.
      * fast/js/dfg-arguments-alias.html: Added.
      * fast/js/dfg-arguments-cross-code-origin-expected.txt: Added.
      * fast/js/dfg-arguments-cross-code-origin.html: Added.
      * fast/js/dfg-arguments-mixed-alias-expected.txt: Added.
      * fast/js/dfg-arguments-mixed-alias.html: Added.
      * fast/js/dfg-arguments-osr-exit-expected.txt: Added.
      * fast/js/dfg-arguments-osr-exit.html: Added.
      * fast/js/dfg-arguments-unexpected-escape-expected.txt: Added.
      * fast/js/dfg-arguments-unexpected-escape.html: Added.
      * fast/js/jsc-test-list:
      * fast/js/script-tests/dfg-arguments-alias-escape.js: Added.
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arguments-alias.js: Added.
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arguments-cross-code-origin.js: Added.
      (foo):
      (bar):
      (baz):
      * fast/js/script-tests/dfg-arguments-mixed-alias.js: Added.
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arguments-osr-exit.js: Added.
      (baz):
      (foo):
      (bar):
      * fast/js/script-tests/dfg-arguments-unexpected-escape.js: Added.
      (baz):
      (foo):
      (bar):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@118323 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      9a548f19
  6. 08 Apr, 2012 1 commit
    • fpizlo@apple.com's avatar
      Forced OSR exits should lead to recompilation based on count, not rate · 3cb7e2c7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=83247
      <rdar://problem/10720925>
      
      Reviewed by Geoff Garen.
              
      Track which OSR exits happen because of inadequate coverage. Count them
      separately. If the count reaches a threshold, immediately trigger
      reoptimization.
              
      This is in contrast to the recompilation trigger for all other OSR exits.
      Normally recomp is triggered when the exit rate exceeds a certain ratio.
              
      Looks like a slight V8 speedup (sub 1%).
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::forcedOSRExitCounter):
      (JSC::CodeBlock::addressOfForcedOSRExitCounter):
      (JSC::CodeBlock::offsetOfForcedOSRExitCounter):
      (JSC::CodeBlock::shouldReoptimizeNow):
      (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
      (CodeBlock):
      * bytecode/DFGExitProfile.h:
      (JSC::DFG::exitKindToString):
      * dfg/DFGOSRExitCompiler.cpp:
      (JSC::DFG::OSRExitCompiler::handleExitCounts):
      (DFG):
      * dfg/DFGOSRExitCompiler.h:
      (OSRExitCompiler):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileGetIndexedPropertyStorage):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@113552 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      3cb7e2c7
  7. 16 Dec, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG OSR exit may get confused about where in the scratch buffer it stored a value · 32776a52
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=74695
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      The code that reads from the scratch buffer now explicitly knows which locations to
      read from. No new tests, since this patch covers a case so uncommon that I don't know
      how to make a test for it.
      
      * dfg/DFGOSRExitCompiler.h:
      (JSC::DFG::OSRExitCompiler::badIndex):
      (JSC::DFG::OSRExitCompiler::initializePoisoned):
      (JSC::DFG::OSRExitCompiler::poisonIndex):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      
      LayoutTests: 
      
      Rubber stamped by Gavin Barraclough.
              
      Wrote a custom fuzzer that does 2048 different combinations of integer and float
      temporaries and induces a failure whilst all of them are live. If poisoning doesn't
      work correctly, a large number (>hundred) of the fuzzing cases fail.
      
      * fast/js/dfg-poison-fuzz-expected.txt: Added.
      * fast/js/dfg-poison-fuzz.html: Added.
      * fast/js/script-tests/dfg-poison-fuzz.js: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@103127 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      32776a52
  8. 09 Nov, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG OSR exit code should be lazily generated · 4621171a
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=71744
      
      Reviewed by Gavin Barraclough.
              
      The OSR exit code is now generated the first time it is executed,
      rather than right after speculative compilation. Because most OSR
      exits are never taken, this should greatly reduce both code size
      and compilation time.
              
      This is a 1% win on SunSpider, and a 1% win on V8 when running in
      my harness. No change in V8 in V8's harness (due to the long runs,
      so compile time is not an issue) and no change in Kraken (again,
      long runs of small code so compile time has no measurable effect).
      
      * CMakeListsEfl.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/AbstractMacroAssembler.h:
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::jump):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::jump):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::jmp_m):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::createDFGDataIfNecessary):
      (JSC::CodeBlock::appendDFGOSREntryData):
      (JSC::CodeBlock::numberOfDFGOSREntries):
      (JSC::CodeBlock::dfgOSREntryData):
      (JSC::CodeBlock::dfgOSREntryDataForBytecodeIndex):
      (JSC::CodeBlock::appendOSRExit):
      (JSC::CodeBlock::appendSpeculationRecovery):
      (JSC::CodeBlock::numberOfOSRExits):
      (JSC::CodeBlock::numberOfSpeculationRecoveries):
      (JSC::CodeBlock::osrExit):
      (JSC::CodeBlock::speculationRecovery):
      * dfg/DFGAssemblyHelpers.h:
      (JSC::DFG::AssemblyHelpers::debugCall):
      * dfg/DFGCorrectableJumpPoint.cpp: Added.
      (JSC::DFG::CorrectableJumpPoint::codeLocationForRepatch):
      * dfg/DFGCorrectableJumpPoint.h: Added.
      (JSC::DFG::CorrectableJumpPoint::CorrectableJumpPoint):
      (JSC::DFG::CorrectableJumpPoint::switchToLateJump):
      (JSC::DFG::CorrectableJumpPoint::correctInitialJump):
      (JSC::DFG::CorrectableJumpPoint::correctLateJump):
      (JSC::DFG::CorrectableJumpPoint::initialJump):
      (JSC::DFG::CorrectableJumpPoint::lateJump):
      (JSC::DFG::CorrectableJumpPoint::correctJump):
      (JSC::DFG::CorrectableJumpPoint::getJump):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGJITCompiler.h:
      * dfg/DFGOSRExit.cpp: Added.
      (JSC::DFG::OSRExit::OSRExit):
      (JSC::DFG::OSRExit::dump):
      * dfg/DFGOSRExit.h:
      * dfg/DFGOSRExitCompiler.cpp: Added.
      * dfg/DFGOSRExitCompiler.h:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::speculationCheck):
      * dfg/DFGThunks.cpp: Added.
      (JSC::DFG::osrExitGenerationThunkGenerator):
      * dfg/DFGThunks.h: Added.
      * jit/JITCode.h:
      (JSC::JITCode::dataAddressAtOffset):
      * runtime/JSGlobalData.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99787 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      4621171a
  9. 08 Nov, 2011 1 commit