1. 06 Mar, 2012 1 commit
    • commit-queue@webkit.org's avatar
      Unreviewed, rolling out r109837. · cbcd594c
      commit-queue@webkit.org authored
      http://trac.webkit.org/changeset/109837
      https://bugs.webkit.org/show_bug.cgi?id=80399
      
      breaks Mac Productions builds, too late to try and fix it
      tonight (Requested by eseidel on #webkit).
      
      Patch by Sheriff Bot <webkit.review.bot@gmail.com> on 2012-03-06
      
      Source/JavaScriptCore:
      
      * API/tests/JSNode.c:
      * API/tests/JSNodeList.c:
      * Configurations/Base.xcconfig:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/MacroAssemblerCodeRef.h:
      * bytecompiler/BytecodeGenerator.h:
      * dfg/DFGOperations.cpp:
      * heap/GCAssertions.h:
      * heap/HandleHeap.h:
      * heap/HandleStack.h:
      * heap/MarkedSpace.h:
      * heap/PassWeak.h:
      * heap/Strong.h:
      * heap/Weak.h:
      * jit/HostCallReturnValue.cpp:
      * jit/JIT.cpp:
      * jit/JITStubs.cpp:
      * jit/ThunkGenerators.cpp:
      * parser/Lexer.cpp:
      * runtime/Completion.cpp:
      * runtime/Executable.cpp:
      * runtime/Identifier.h:
      * runtime/InitializeThreading.cpp:
      * runtime/JSDateMath.cpp:
      * runtime/JSGlobalObjectFunctions.cpp:
      * runtime/JSStringBuilder.h:
      * runtime/JSVariableObject.h:
      * runtime/NumberPrototype.cpp:
      * runtime/WriteBarrier.h:
      * tools/CodeProfile.cpp:
      * tools/TieredMMapArray.h:
      * yarr/YarrJIT.cpp:
      
      Tools:
      
      * Scripts/build-webkit:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109888 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      cbcd594c
  2. 05 Mar, 2012 2 commits
    • eric@webkit.org's avatar
      Source/JavaScriptCore: Update JavaScriptCore files to use fully-qualified WTF include paths · 37ac49ee
      eric@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=79960
      
      Reviewed by Adam Barth.
      
      This change does 5 small/related things:
       1. Updates JavaScriptCore.xcodeproj to install WTF headers into $BUILD/usr/local/include
          (WebCore, WebKit were already setup to look there, but JavaScriptCore.xcodeproj
          was not installing headers there.)
       2. Makes JavaScriptCore targets include $BUILD/usr/local/include in their
          header search path, as that's where the WTF headers will be installed.
       3. Similarly updates JavaScriptCore.vcproj/copy-files.cmd to copy WTF headers to PrivateHeaders/wtf/*
          in addition to the current behavior of flattening all headers to PrivateHeaders/*.h.
       4. Updates a bunch of JSC files to use #include <wtf/Foo.h> instead of #include "Foo.h"
          since soon the WTF headers will not be part of the JavaScriptCore Xcode project.
       5. Makes build-webkit build the WTF XCode project by default.
      
      * API/tests/JSNode.c:
      * API/tests/JSNodeList.c:
      * Configurations/Base.xcconfig:
      * assembler/MacroAssemblerCodeRef.h:
      * bytecompiler/BytecodeGenerator.h:
      * dfg/DFGOperations.cpp:
      * heap/GCAssertions.h:
      * heap/HandleHeap.h:
      * heap/HandleStack.h:
      * heap/MarkedSpace.h:
      * heap/PassWeak.h:
      * heap/Strong.h:
      * heap/Weak.h:
      * jit/HostCallReturnValue.cpp:
      * jit/JIT.cpp:
      * jit/JITStubs.cpp:
      * jit/ThunkGenerators.cpp:
      * parser/Lexer.cpp:
      * runtime/Completion.cpp:
      * runtime/Executable.cpp:
      * runtime/Identifier.h:
      * runtime/InitializeThreading.cpp:
      * runtime/JSDateMath.cpp:
      * runtime/JSGlobalObjectFunctions.cpp:
      * runtime/JSStringBuilder.h:
      * runtime/JSVariableObject.h:
      * runtime/NumberPrototype.cpp:
      * runtime/WriteBarrier.h:
      * tools/CodeProfile.cpp:
      * tools/TieredMMapArray.h:
      * yarr/YarrJIT.cpp:
      
      Tools: Update JavaScriptCore files to use fully-qualified WTF include path
      https://bugs.webkit.org/show_bug.cgi?id=79960
      
      Reviewed by Adam Barth.
      
      Build WTF/WTF.xcodeproj by default on Mac.
      
      * Scripts/build-webkit:
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109837 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      37ac49ee
    • oliver@apple.com's avatar
      Add basic support for constant blinding to the JIT · d5c48685
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=80354
      
      Reviewed by Filip Pizlo.
      
      This patch adds basic constant blinding support to the JIT, at the
      MacroAssembler level.  This means all JITs in JSC (Yarr, baseline, and DFG)
      get constant blinding.  Woo!
      
      This patch only introduces blinding for Imm32, a later patch will do similar
      for ImmPtr.  In order to make misuse of Imm32 as a trusted type essentially
      impossible, we make TrustedImm32 a private parent of Imm32 and add an explicit
      accessor that's needed to access the actual value.  This also means you cannot
      accidentally pass an untrusted value to a function that does not perform
      blinding.
      
      To make everything work sensibly, this patch also corrects some code that was using
      Imm32 when TrustedImm32 could be used, and refactors a few callers that use
      untrusted immediates, so that they call slightly different varaints of the functions
      that they used previously.  This is largely necessary to deal with x86-32 not having
      sufficient registers to handle the additional work required when we choose to blind
      a constant.
      
      * assembler/AbstractMacroAssembler.h:
      (JSC::AbstractMacroAssembler::Imm32::asTrustedImm32):
      (Imm32):
      (JSC::AbstractMacroAssembler::beginUninterruptedSequence):
      (JSC::AbstractMacroAssembler::endUninterruptedSequence):
      (JSC::AbstractMacroAssembler::AbstractMacroAssembler):
      (AbstractMacroAssembler):
      (JSC::AbstractMacroAssembler::inUninterruptedSequence):
      (JSC::AbstractMacroAssembler::random):
      (JSC::AbstractMacroAssembler::scratchRegisterForBlinding):
      (JSC::AbstractMacroAssembler::shouldBlindForSpecificArch):
      * assembler/MacroAssembler.h:
      (JSC::MacroAssembler::addressForPoke):
      (MacroAssembler):
      (JSC::MacroAssembler::poke):
      (JSC::MacroAssembler::branchPtr):
      (JSC::MacroAssembler::branch32):
      (JSC::MacroAssembler::convertInt32ToDouble):
      (JSC::MacroAssembler::shouldBlind):
      (JSC::MacroAssembler::BlindedImm32::BlindedImm32):
      (BlindedImm32):
      (JSC::MacroAssembler::keyForConstant):
      (JSC::MacroAssembler::xorBlindConstant):
      (JSC::MacroAssembler::additionBlindedConstant):
      (JSC::MacroAssembler::andBlindedConstant):
      (JSC::MacroAssembler::orBlindedConstant):
      (JSC::MacroAssembler::loadXorBlindedConstant):
      (JSC::MacroAssembler::add32):
      (JSC::MacroAssembler::addPtr):
      (JSC::MacroAssembler::and32):
      (JSC::MacroAssembler::andPtr):
      (JSC::MacroAssembler::move):
      (JSC::MacroAssembler::or32):
      (JSC::MacroAssembler::store32):
      (JSC::MacroAssembler::sub32):
      (JSC::MacroAssembler::subPtr):
      (JSC::MacroAssembler::xor32):
      (JSC::MacroAssembler::branchAdd32):
      (JSC::MacroAssembler::branchMul32):
      (JSC::MacroAssembler::branchSub32):
      (JSC::MacroAssembler::trustedImm32ForShift):
      (JSC::MacroAssembler::lshift32):
      (JSC::MacroAssembler::rshift32):
      (JSC::MacroAssembler::urshift32):
      * assembler/MacroAssemblerARMv7.h:
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::scratchRegisterForBlinding):
      (JSC::MacroAssemblerARMv7::shouldBlindForSpecificArch):
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::branchSubPtr):
      (MacroAssemblerX86_64):
      (JSC::MacroAssemblerX86_64::scratchRegisterForBlinding):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::linkOSRExits):
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::compileArithSub):
      (JSC::DFG::SpeculativeJIT::compileStrictEqForConstant):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callOperation):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compileObjectEquality):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall):
      (JSC::DFG::SpeculativeJIT::compileDoubleCompare):
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITArithmetic.cpp:
      (JSC::JIT::compileBinaryArithOp):
      (JSC::JIT::emit_op_add):
      (JSC::JIT::emit_op_mul):
      (JSC::JIT::emit_op_div):
      * jit/JITArithmetic32_64.cpp:
      (JSC::JIT::emitAdd32Constant):
      (JSC::JIT::emitSub32Constant):
      (JSC::JIT::emitBinaryDoubleOp):
      (JSC::JIT::emitSlow_op_mul):
      (JSC::JIT::emit_op_div):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileLoadVarargs):
      * jit/JITInlineMethods.h:
      (JSC::JIT::updateTopCallFrame):
      (JSC::JIT::emitValueProfilingSite):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emitSlow_op_jfalse):
      (JSC::JIT::emitSlow_op_jtrue):
      * jit/JITStubCall.h:
      (JITStubCall):
      (JSC::JITStubCall::addArgument):
      * yarr/YarrJIT.cpp:
      (JSC::Yarr::YarrGenerator::backtrack):
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109834 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d5c48685
  3. 04 Mar, 2012 1 commit
    • fpizlo@apple.com's avatar
      JIT heuristics should be hyperbolic · 254d43bc
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=80055
      <rdar://problem/10922260>
      
      Source/JavaScriptCore: 
      
      Reviewed by Oliver Hunt.
              
      Added tracking of the amount of executable memory typically used for a bytecode
      instruction. Modified the execution counter scheme to use this, and the amount
      of free memory, to determine how long to wait before invoking the JIT.
              
      The result is that even if we bomb the VM with more code than can fit in our
      executable memory pool, we still keep running and almost never run out of
      executable memory - which ensures that if we have to JIT something critical, then
      we'll likely have enough memory to do so. This also does not regress performance
      on the three main benchmarks.
              
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::predictedMachineCodeSize):
      (JSC):
      (JSC::CodeBlock::usesOpcode):
      * bytecode/CodeBlock.h:
      (CodeBlock):
      (JSC::CodeBlock::checkIfJITThresholdReached):
      (JSC::CodeBlock::dontJITAnytimeSoon):
      (JSC::CodeBlock::jitAfterWarmUp):
      (JSC::CodeBlock::jitSoon):
      (JSC::CodeBlock::llintExecuteCounter):
      (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
      (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
      (JSC::CodeBlock::addressOfJITExecuteCounter):
      (JSC::CodeBlock::offsetOfJITExecuteCounter):
      (JSC::CodeBlock::offsetOfJITExecutionActiveThreshold):
      (JSC::CodeBlock::offsetOfJITExecutionTotalCount):
      (JSC::CodeBlock::jitExecuteCounter):
      (JSC::CodeBlock::checkIfOptimizationThresholdReached):
      (JSC::CodeBlock::optimizeNextInvocation):
      (JSC::CodeBlock::dontOptimizeAnytimeSoon):
      (JSC::CodeBlock::optimizeAfterWarmUp):
      (JSC::CodeBlock::optimizeAfterLongWarmUp):
      (JSC::CodeBlock::optimizeSoon):
      * bytecode/ExecutionCounter.cpp: Added.
      (JSC):
      (JSC::ExecutionCounter::ExecutionCounter):
      (JSC::ExecutionCounter::checkIfThresholdCrossedAndSet):
      (JSC::ExecutionCounter::setNewThreshold):
      (JSC::ExecutionCounter::deferIndefinitely):
      (JSC::ExecutionCounter::applyMemoryUsageHeuristics):
      (JSC::ExecutionCounter::applyMemoryUsageHeuristicsAndConvertToInt):
      (JSC::ExecutionCounter::hasCrossedThreshold):
      (JSC::ExecutionCounter::setThreshold):
      (JSC::ExecutionCounter::reset):
      * bytecode/ExecutionCounter.h: Added.
      (JSC):
      (ExecutionCounter):
      (JSC::ExecutionCounter::formattedTotalCount):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * jit/ExecutableAllocator.cpp:
      (JSC::DemandExecutableAllocator::allocateNewSpace):
      (JSC::ExecutableAllocator::underMemoryPressure):
      (JSC):
      (JSC::ExecutableAllocator::memoryPressureMultiplier):
      * jit/ExecutableAllocator.h:
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::ExecutableAllocator::memoryPressureMultiplier):
      (JSC):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * llint/LLIntSlowPaths.cpp:
      (JSC::LLInt::jitCompileAndSetHeuristics):
      * llint/LowLevelInterpreter32_64.asm:
      * runtime/JSGlobalData.h:
      (JSGlobalData):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * wtf/SimpleStats.h: Added.
      (WTF):
      (SimpleStats):
      (WTF::SimpleStats::SimpleStats):
      (WTF::SimpleStats::add):
      (WTF::SimpleStats::operator!):
      (WTF::SimpleStats::count):
      (WTF::SimpleStats::sum):
      (WTF::SimpleStats::sumOfSquares):
      (WTF::SimpleStats::mean):
      (WTF::SimpleStats::variance):
      (WTF::SimpleStats::standardDeviation):
      
      Source/WebCore: 
      
      Reviewed by Oliver Hunt.
      
      No new tests, since there's no new functionality.
      
      * ForwardingHeaders/wtf/SimpleStats.h: Added.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109705 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      254d43bc
  4. 29 Feb, 2012 1 commit
    • fpizlo@apple.com's avatar
      The JIT should not crash the entire process just because there is not · 0f25ee88
      fpizlo@apple.com authored
      enough executable memory, if the LLInt is enabled
      https://bugs.webkit.org/show_bug.cgi?id=79962
      <rdar://problem/10922215>
      
      Reviewed by Gavin Barraclough.
              
      Added the notion of JITCompilationEffort. If we're JIT'ing as a result of
      a tier-up, then we set it to JITCompilationCanFail. Otherwise it's
      JITCompilationMustSucceed. This preserves the old behavior of LLInt is
      disabled or if we're compiling something that can't be interpreted (like
      an OSR exit stub).
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/ARMAssembler.cpp:
      (JSC::ARMAssembler::executableCopy):
      * assembler/ARMAssembler.h:
      (ARMAssembler):
      * assembler/AssemblerBuffer.h:
      (JSC::AssemblerBuffer::executableCopy):
      * assembler/LinkBuffer.h:
      (JSC::LinkBuffer::LinkBuffer):
      (JSC::LinkBuffer::~LinkBuffer):
      (LinkBuffer):
      (JSC::LinkBuffer::didFailToAllocate):
      (JSC::LinkBuffer::isValid):
      (JSC::LinkBuffer::linkCode):
      (JSC::LinkBuffer::performFinalization):
      * assembler/MIPSAssembler.h:
      (JSC::MIPSAssembler::executableCopy):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::executableCopy):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::executableCopy):
      (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
      * bytecode/CodeBlock.cpp:
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::jitCompile):
      (CodeBlock):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGJITCompiler.h:
      (JITCompiler):
      * jit/ExecutableAllocator.cpp:
      (JSC::DemandExecutableAllocator::allocateNewSpace):
      (JSC::ExecutableAllocator::allocate):
      * jit/ExecutableAllocator.h:
      (ExecutableAllocator):
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::ExecutableAllocator::allocate):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      (JSC::JIT::compile):
      (JIT):
      * jit/JITCompilationEffort.h: Added.
      (JSC):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      (JSC::LLInt::jitCompileAndSetHeuristics):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      * runtime/Executable.cpp:
      (JSC::EvalExecutable::jitCompile):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      * runtime/Executable.h:
      (EvalExecutable):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h:
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109307 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0f25ee88
  5. 27 Feb, 2012 2 commits
    • barraclough@apple.com's avatar
      Implement support for op_negate and op_bitnot in the DFG JIT · 8ff7e8c2
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=79617
      
      Reviewed by Filip Pizlo.
      
      Add an ArithNegate op to the DFG JIT, to implement op_negate.
      
      This patch also adds support for op_negate to the JSVALUE64 baseline JIT
      (JSVALUE32_64 already had this), so that we can profile the slowpath usage.
      
      This is a 2.5%-3% Sunspider progression and a 1% win on Kraken.
      
      * assembler/ARMv7Assembler.h:
      (JSC::ARMv7Assembler::sub_S):
          - Added sub_S from immediate.
      (ARMv7Assembler):
      (JSC::ARMv7Assembler::vneg):
          - Added double negate.
      * assembler/MacroAssemblerARMv7.h:
      (JSC::MacroAssemblerARMv7::negateDouble):
          - Added double negate.
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::branchNeg32):
          - Added.
      * assembler/MacroAssemblerX86.h:
      (MacroAssemblerX86):
          - moved loadDouble, absDouble to common.
      * assembler/MacroAssemblerX86Common.h:
      (MacroAssemblerX86Common):
      (JSC::MacroAssemblerX86Common::absDouble):
          - implementation can be shared.
      (JSC::MacroAssemblerX86Common::negateDouble):
          - Added.
      (JSC::MacroAssemblerX86Common::loadDouble):
          - allow absDouble to have a common implementation.
      * assembler/MacroAssemblerX86_64.h:
      (MacroAssemblerX86_64):
          - moved loadDouble, absDouble to common.
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::execute):
          - support ArithNegate.
      * dfg/DFGArithNodeFlagsInferencePhase.cpp:
      (JSC::DFG::ArithNodeFlagsInferencePhase::propagate):
          - support ArithNegate.
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::makeSafe):
          - support ArithNegate.
      (JSC::DFG::ByteCodeParser::parseBlock):
          - support op_negate.
      * dfg/DFGCSEPhase.cpp:
      (JSC::DFG::CSEPhase::performNodeCSE):
          - support ArithNegate.
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
          - support op_negate.
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::negateShouldSpeculateInteger):
          - support ArithNegate.
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasArithNodeFlags):
          - support ArithNegate.
      * dfg/DFGPredictionPropagationPhase.cpp:
      (JSC::DFG::PredictionPropagationPhase::propagate):
          - support ArithNegate.
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compileArithNegate):
          - support ArithNegate.
      * dfg/DFGSpeculativeJIT.h:
      (SpeculativeJIT):
          - support ArithNegate.
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
          - support ArithNegate.
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
          - support ArithNegate.
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
          - Add support for op_negate in JSVALUE64.
      * jit/JITArithmetic.cpp:
      (JSC::JIT::emit_op_negate):
      (JSC::JIT::emitSlow_op_negate):
          - Add support for op_negate in JSVALUE64.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109038 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      8ff7e8c2
    • barraclough@apple.com's avatar
      Implement support for op_negate and op_bitnot in the DFG JIT · a6bdfc82
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=79617
      
      Reviewed by Sam Weinig.
      
      Remove op_bitnop - this is redundant, ~x === x^-1.
      This is a fractional (<1%) progression.
      
      Remove not32(X) from the MacroAssemblers - make this an optimization to add32(-1, X).
      Remove CanReuse from the result type - this was unused.
      Remove op_bitnot.
      
      * assembler/MacroAssemblerARM.h:
      (MacroAssemblerARM):
      (JSC::MacroAssemblerARM::xor32):
      * assembler/MacroAssemblerARMv7.h:
      (MacroAssemblerARMv7):
      (JSC::MacroAssemblerARMv7::xor32):
      * assembler/MacroAssemblerMIPS.h:
      (MacroAssemblerMIPS):
      (JSC::MacroAssemblerMIPS::xor32):
      * assembler/MacroAssemblerSH4.h:
      (MacroAssemblerSH4):
      (JSC::MacroAssemblerSH4::xor32):
      * assembler/MacroAssemblerX86Common.h:
      (MacroAssemblerX86Common):
      (JSC::MacroAssemblerX86Common::xor32):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecompiler/NodesCodegen.cpp:
      (JSC):
      (JSC::BitwiseNotNode::emitBytecode):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      (JIT):
      * jit/JITArithmetic32_64.cpp:
      (JSC):
      * jit/JITOpcodes.cpp:
      (JSC):
      * jit/JITStubs.cpp:
      (JSC):
      * jit/JITStubs.h:
      * llint/LLIntSlowPaths.cpp:
      (LLInt):
      * llint/LLIntSlowPaths.h:
      (LLInt):
      * llint/LowLevelInterpreter32_64.asm:
      * parser/NodeConstructors.h:
      (JSC::NegateNode::NegateNode):
      (JSC::BitwiseNotNode::BitwiseNotNode):
      (JSC::MultNode::MultNode):
      (JSC::DivNode::DivNode):
      (JSC::ModNode::ModNode):
      (JSC::SubNode::SubNode):
      (JSC::UnsignedRightShiftNode::UnsignedRightShiftNode):
      * parser/Nodes.h:
      (BitwiseNotNode):
      (JSC::BitwiseNotNode::expr):
      (JSC):
      * parser/ResultType.h:
      (ResultType):
      (JSC::ResultType::numberTypeIsInt32):
      (JSC::ResultType::stringOrNumberType):
      (JSC::ResultType::forAdd):
      (JSC::ResultType::forBitOp):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109007 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a6bdfc82
  6. 26 Feb, 2012 1 commit
    • mhahnenberg@apple.com's avatar
      Implement fast path for op_new_array in the baseline JIT · 87ff87df
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=78612
      
      Reviewed by Filip Pizlo.
      
      heap/CopiedAllocator.h:
      (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
      * heap/CopiedSpace.h:
      (CopiedSpace): Friended the JIT to allow access to isOversize.
      (JSC::CopiedSpace::allocator):
      * heap/Heap.h:
      (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
      can use it for simple allocation i.e. when we can just bump the offset without having to 
      do anything else.
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
      we have to bail out because the fast allocation path fails for whatever reason.
      * jit/JIT.h:
      (JIT):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to 
      allocate generic backing stores. This function is used by emitAllocateJSArray.
      (JSC):
      (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to 
      more easily allocate JSArrays. This function is used by emit_op_new_array and I expect 
      it will also be used for emit_op_new_array_buffer.
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does 
      a stub call for oversize arrays.
      (JSC):
      (JSC::JIT::emitSlow_op_new_array): New slow path that just bails out to a stub call if we 
      fail in any way on the fast path.
      * runtime/JSArray.cpp:
      (JSC):
      * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to 
      initialize in the JIT.
      (ArrayStorage):
      (JSC::ArrayStorage::lengthOffset):
      (JSC::ArrayStorage::numValuesInVectorOffset):
      (JSC::ArrayStorage::allocBaseOffset):
      (JSC::ArrayStorage::vectorOffset):
      (JSArray):
      (JSC::JSArray::sparseValueMapOffset):
      (JSC::JSArray::subclassDataOffset):
      (JSC::JSArray::indexBiasOffset):
      (JSC):
      (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
      to being a static function in the JSArray class. This move allows the JIT to call it to 
      see what size it should allocate.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108934 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      87ff87df
  7. 25 Feb, 2012 1 commit
  8. 21 Feb, 2012 2 commits
    • fpizlo@apple.com's avatar
      JSC should be a triple-tier VM · 7bbcaab7
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75812
      <rdar://problem/10079694>
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Implemented an interpreter that uses the JIT's calling convention. This
      interpreter is called LLInt, or the Low Level Interpreter. JSC will now
      will start by executing code in LLInt and will only tier up to the old
      JIT after the code is proven hot.
              
      LLInt is written in a modified form of our macro assembly. This new macro
      assembly is compiled by an offline assembler (see offlineasm), which
      implements many modern conveniences such as a Turing-complete CPS-based
      macro language and direct access to relevant C++ type information
      (basically offsets of fields and sizes of structs/classes).
              
      Code executing in LLInt appears to the rest of the JSC world "as if" it
      were executing in the old JIT. Hence, things like exception handling and
      cross-execution-engine calls just work and require pretty much no
      additional overhead.
              
      This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
      V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
      V8, and Kraken, but appear to get a double-digit improvement on real-world
      websites due to a huge reduction in the amount of JIT'ing.
              
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      (MacroAssemblerCodePtr):
      (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
      * bytecode/BytecodeConventions.h: Added.
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFromLLInt):
      (JSC):
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CallLinkStatus.h:
      (JSC::CallLinkStatus::isSet):
      (JSC::CallLinkStatus::operator!):
      (CallLinkStatus):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC):
      (CodeBlock):
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::jitCompile):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::addGlobalResolveInstruction):
      (JSC::CodeBlock::addLLIntCallLinkInfo):
      (JSC::CodeBlock::addGlobalResolveInfo):
      (JSC::CodeBlock::numberOfMethodCallLinkInfos):
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::addFrequentExitSite):
      (JSC::CodeBlock::dontJITAnytimeSoon):
      (JSC::CodeBlock::jitAfterWarmUp):
      (JSC::CodeBlock::jitSoon):
      (JSC::CodeBlock::llintExecuteCounter):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (JSC::GetByIdStatus::GetByIdStatus):
      (JSC::GetByIdStatus::wasSeenInJIT):
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      (Instruction):
      * bytecode/LLIntCallLinkInfo.h: Added.
      (JSC):
      (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
      (LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::isLinked):
      (JSC::LLIntCallLinkInfo::unlink):
      * bytecode/MethodCallLinkStatus.cpp:
      (JSC::MethodCallLinkStatus::computeFor):
      * bytecode/Opcode.cpp:
      (JSC):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (PutByIdStatus):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      (JSC::BytecodeGenerator::emitCatch):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      (JSC):
      (JSC::Heap::firstAllocatorWithoutDestructors):
      (Heap):
      * heap/MarkStack.cpp:
      (JSC::visitChildren):
      * heap/MarkedAllocator.h:
      (JSC):
      (MarkedAllocator):
      * heap/MarkedSpace.h:
      (JSC):
      (MarkedSpace):
      (JSC::MarkedSpace::firstAllocator):
      * interpreter/CallFrame.cpp:
      (JSC):
      (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::currentVPC):
      (JSC::CallFrame::setCurrentVPC):
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::hasReturnPC):
      (JSC::ExecState::clearReturnPC):
      (ExecState):
      (JSC::ExecState::bytecodeOffsetForNonDFGCode):
      (JSC::ExecState::currentVPC):
      (JSC::ExecState::setCurrentVPC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::~Interpreter):
      (JSC):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::privateExecute):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC):
      (Interpreter):
      (JSC::Interpreter::getOpcode):
      (JSC::Interpreter::getOpcodeID):
      (JSC::Interpreter::classicEnabled):
      * interpreter/RegisterFile.h:
      (JSC):
      (RegisterFile):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/HostCallReturnValue.cpp: Added.
      (JSC):
      (JSC::getHostCallReturnValueWithExecState):
      * jit/HostCallReturnValue.h: Added.
      (JSC):
      (JSC::initializeHostCallReturnValue):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITCode.h:
      (JSC::JITCode::isOptimizingJIT):
      (JITCode):
      (JSC::JITCode::isBaselineCode):
      (JSC::JITCode::JITCode):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::jitThrow):
      * jit/JITInlineMethods.h:
      (JSC::JIT::updateTopCallFrame):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      (JSC):
      * jit/JSInterfaceJIT.h:
      * llint: Added.
      * llint/LLIntCommon.h: Added.
      * llint/LLIntData.cpp: Added.
      (LLInt):
      (JSC::LLInt::Data::Data):
      (JSC::LLInt::Data::performAssertions):
      (JSC::LLInt::Data::~Data):
      * llint/LLIntData.h: Added.
      (JSC):
      (LLInt):
      (Data):
      (JSC::LLInt::Data::exceptionInstructions):
      (JSC::LLInt::Data::opcodeMap):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp: Added.
      (LLInt):
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h: Added.
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp: Added.
      (LLInt):
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrowForThrownException):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntExceptions.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntOfflineAsmConfig.h: Added.
      * llint/LLIntOffsetsExtractor.cpp: Added.
      (JSC):
      (LLIntOffsetsExtractor):
      (JSC::LLIntOffsetsExtractor::dummy):
      (main):
      * llint/LLIntSlowPaths.cpp: Added.
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::resolveGlobal):
      (JSC::LLInt::getByVal):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      (JSC::LLInt::genericCall):
      * llint/LLIntSlowPaths.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntThunks.cpp: Added.
      (LLInt):
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h: Added.
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm: Added.
      * llint/LowLevelInterpreter.cpp: Added.
      * llint/LowLevelInterpreter.h: Added.
      * offlineasm: Added.
      * offlineasm/armv7.rb: Added.
      * offlineasm/asm.rb: Added.
      * offlineasm/ast.rb: Added.
      * offlineasm/backends.rb: Added.
      * offlineasm/generate_offset_extractor.rb: Added.
      * offlineasm/instructions.rb: Added.
      * offlineasm/offset_extractor_constants.rb: Added.
      * offlineasm/offsets.rb: Added.
      * offlineasm/opt.rb: Added.
      * offlineasm/parser.rb: Added.
      * offlineasm/registers.rb: Added.
      * offlineasm/self_hash.rb: Added.
      * offlineasm/settings.rb: Added.
      * offlineasm/transform.rb: Added.
      * offlineasm/x86.rb: Added.
      * runtime/CodeSpecializationKind.h: Added.
      (JSC):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      (CommonSlowPaths):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC):
      (JSC::EvalExecutable::jitCompile):
      (JSC::samplingDescription):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC):
      (EvalExecutable):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      * runtime/JSCell.h:
      (JSC):
      (JSCell):
      * runtime/JSFunction.h:
      (JSC):
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSGlobalObject):
      * runtime/JSObject.h:
      (JSC):
      (JSObject):
      (JSFinalObject):
      * runtime/JSPropertyNameIterator.h:
      (JSC):
      (JSPropertyNameIterator):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      * runtime/JSTypeInfo.h:
      (JSC):
      (TypeInfo):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h:
      (LLInt):
      (JSValue):
      * runtime/JSVariableObject.h:
      (JSC):
      (JSVariableObject):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * runtime/ScopeChain.h:
      (JSC):
      (ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransition):
      * runtime/Structure.h:
      (JSC):
      (Structure):
      * runtime/StructureChain.h:
      (JSC):
      (StructureChain):
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      (SentinelLinkedList):
      (WTF::SentinelLinkedList::isEmpty):
      * wtf/text/StringImpl.h:
      (JSC):
      (StringImpl):
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough.
              
      No new tests, because there is no change in behavior.
      
      * CMakeLists.txt:
      
      Source/WebKit: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
              
      * CMakeLists.txt:
      
      Tools: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108444 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7bbcaab7
    • aroben@apple.com's avatar
      Roll out r108309, r108323, and r108326 · e089d623
      aroben@apple.com authored
      They broke the 32-bit Lion build.
      
      Original bugs is <http://webkit.org/b/75812> <rdar://problem/10079694>.
      
      Source/JavaScriptCore:
      
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      * bytecode/BytecodeConventions.h: Removed.
      * bytecode/CallLinkStatus.cpp:
      * bytecode/CallLinkStatus.h:
      * bytecode/CodeBlock.cpp:
      * bytecode/CodeBlock.h:
      * bytecode/GetByIdStatus.cpp:
      * bytecode/GetByIdStatus.h:
      * bytecode/Instruction.h:
      * bytecode/LLIntCallLinkInfo.h: Removed.
      * bytecode/MethodCallLinkStatus.cpp:
      * bytecode/Opcode.cpp:
      * bytecode/Opcode.h:
      * bytecode/PutByIdStatus.cpp:
      * bytecode/PutByIdStatus.h:
      * bytecompiler/BytecodeGenerator.cpp:
      * dfg/DFGByteCodeParser.cpp:
      * dfg/DFGCapabilities.h:
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      * heap/MarkStack.cpp:
      * heap/MarkedAllocator.h:
      * heap/MarkedSpace.h:
      * interpreter/CallFrame.cpp:
      * interpreter/CallFrame.h:
      * interpreter/Interpreter.cpp:
      * interpreter/Interpreter.h:
      * interpreter/RegisterFile.h:
      * jit/ExecutableAllocator.h:
      * jit/HostCallReturnValue.cpp: Removed.
      * jit/HostCallReturnValue.h: Removed.
      * jit/JIT.cpp:
      * jit/JITCode.h:
      * jit/JITDriver.h:
      * jit/JITExceptions.cpp:
      * jit/JITInlineMethods.h:
      * jit/JITStubs.cpp:
      * jit/JITStubs.h:
      * jit/JSInterfaceJIT.h:
      * llint/LLIntCommon.h: Removed.
      * llint/LLIntData.cpp: Removed.
      * llint/LLIntData.h: Removed.
      * llint/LLIntEntrypoints.cpp: Removed.
      * llint/LLIntEntrypoints.h: Removed.
      * llint/LLIntExceptions.cpp: Removed.
      * llint/LLIntExceptions.h: Removed.
      * llint/LLIntOfflineAsmConfig.h: Removed.
      * llint/LLIntOffsetsExtractor.cpp: Removed.
      * llint/LLIntSlowPaths.cpp: Removed.
      * llint/LLIntSlowPaths.h: Removed.
      * llint/LLIntThunks.cpp: Removed.
      * llint/LLIntThunks.h: Removed.
      * llint/LowLevelInterpreter.asm: Removed.
      * llint/LowLevelInterpreter.cpp: Removed.
      * llint/LowLevelInterpreter.h: Removed.
      * offlineasm/armv7.rb: Removed.
      * offlineasm/asm.rb: Removed.
      * offlineasm/ast.rb: Removed.
      * offlineasm/backends.rb: Removed.
      * offlineasm/generate_offset_extractor.rb: Removed.
      * offlineasm/instructions.rb: Removed.
      * offlineasm/offset_extractor_constants.rb: Removed.
      * offlineasm/offsets.rb: Removed.
      * offlineasm/opt.rb: Removed.
      * offlineasm/parser.rb: Removed.
      * offlineasm/registers.rb: Removed.
      * offlineasm/self_hash.rb: Removed.
      * offlineasm/settings.rb: Removed.
      * offlineasm/transform.rb: Removed.
      * offlineasm/x86.rb: Removed.
      * runtime/CodeSpecializationKind.h: Removed.
      * runtime/CommonSlowPaths.h:
      * runtime/Executable.cpp:
      * runtime/Executable.h:
      * runtime/ExecutionHarness.h: Removed.
      * runtime/JSArray.h:
      * runtime/JSCell.h:
      * runtime/JSFunction.h:
      * runtime/JSGlobalData.cpp:
      * runtime/JSGlobalData.h:
      * runtime/JSGlobalObject.h:
      * runtime/JSObject.h:
      * runtime/JSPropertyNameIterator.h:
      * runtime/JSString.h:
      * runtime/JSTypeInfo.h:
      * runtime/JSValue.cpp:
      * runtime/JSValue.h:
      * runtime/JSVariableObject.h:
      * runtime/Options.cpp:
      * runtime/Options.h:
      * runtime/ScopeChain.h:
      * runtime/Structure.cpp:
      * runtime/Structure.h:
      * runtime/StructureChain.h:
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      * wtf/text/StringImpl.h:
      
      Source/WebCore:
      
      * CMakeLists.txt:
      
      Source/WebKit:
      
      * CMakeLists.txt:
      
      Tools:
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108358 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e089d623
  9. 20 Feb, 2012 3 commits
    • fpizlo@apple.com's avatar
      JSC should be a triple-tier VM · 091129f4
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75812
      <rdar://problem/10079694>
      
      Source/JavaScriptCore: 
      
      Reviewed by Gavin Barraclough.
              
      Implemented an interpreter that uses the JIT's calling convention. This
      interpreter is called LLInt, or the Low Level Interpreter. JSC will now
      will start by executing code in LLInt and will only tier up to the old
      JIT after the code is proven hot.
              
      LLInt is written in a modified form of our macro assembly. This new macro
      assembly is compiled by an offline assembler (see offlineasm), which
      implements many modern conveniences such as a Turing-complete CPS-based
      macro language and direct access to relevant C++ type information
      (basically offsets of fields and sizes of structs/classes).
              
      Code executing in LLInt appears to the rest of the JSC world "as if" it
      were executing in the old JIT. Hence, things like exception handling and
      cross-execution-engine calls just work and require pretty much no
      additional overhead.
              
      This interpreter is 2-2.5x faster than our old interpreter on SunSpider,
      V8, and Kraken. With triple-tiering turned on, we're neutral on SunSpider,
      V8, and Kraken, but appear to get a double-digit improvement on real-world
      websites due to a huge reduction in the amount of JIT'ing.
              
      * CMakeLists.txt:
      * GNUmakefile.am:
      * GNUmakefile.list.am:
      * JavaScriptCore.pri:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCoreCommon.vsprops:
      * JavaScriptCore.vcproj/JavaScriptCore/copy-files.cmd:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * assembler/LinkBuffer.h:
      * assembler/MacroAssemblerCodeRef.h:
      (MacroAssemblerCodePtr):
      (JSC::MacroAssemblerCodePtr::createFromExecutableAddress):
      * bytecode/BytecodeConventions.h: Added.
      * bytecode/CallLinkStatus.cpp:
      (JSC::CallLinkStatus::computeFromLLInt):
      (JSC):
      (JSC::CallLinkStatus::computeFor):
      * bytecode/CallLinkStatus.h:
      (JSC::CallLinkStatus::isSet):
      (JSC::CallLinkStatus::operator!):
      (CallLinkStatus):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::~CodeBlock):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::stronglyVisitStrongReferences):
      (JSC):
      (JSC::CodeBlock::unlinkCalls):
      (JSC::CodeBlock::unlinkIncomingCalls):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::ProgramCodeBlock::jettison):
      (JSC::EvalCodeBlock::jettison):
      (JSC::FunctionCodeBlock::jettison):
      (JSC::ProgramCodeBlock::jitCompileImpl):
      (JSC::EvalCodeBlock::jitCompileImpl):
      (JSC::FunctionCodeBlock::jitCompileImpl):
      * bytecode/CodeBlock.h:
      (JSC):
      (CodeBlock):
      (JSC::CodeBlock::baselineVersion):
      (JSC::CodeBlock::linkIncomingCall):
      (JSC::CodeBlock::bytecodeOffset):
      (JSC::CodeBlock::jitCompile):
      (JSC::CodeBlock::hasOptimizedReplacement):
      (JSC::CodeBlock::addPropertyAccessInstruction):
      (JSC::CodeBlock::addGlobalResolveInstruction):
      (JSC::CodeBlock::addLLIntCallLinkInfo):
      (JSC::CodeBlock::addGlobalResolveInfo):
      (JSC::CodeBlock::numberOfMethodCallLinkInfos):
      (JSC::CodeBlock::valueProfilePredictionForBytecodeOffset):
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::addFrequentExitSite):
      (JSC::CodeBlock::dontJITAnytimeSoon):
      (JSC::CodeBlock::jitAfterWarmUp):
      (JSC::CodeBlock::jitSoon):
      (JSC::CodeBlock::llintExecuteCounter):
      (ProgramCodeBlock):
      (EvalCodeBlock):
      (FunctionCodeBlock):
      * bytecode/GetByIdStatus.cpp:
      (JSC::GetByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::GetByIdStatus::computeFor):
      * bytecode/GetByIdStatus.h:
      (JSC::GetByIdStatus::GetByIdStatus):
      (JSC::GetByIdStatus::wasSeenInJIT):
      (GetByIdStatus):
      * bytecode/Instruction.h:
      (JSC):
      (JSC::Instruction::Instruction):
      (Instruction):
      * bytecode/LLIntCallLinkInfo.h: Added.
      (JSC):
      (JSC::LLIntCallLinkInfo::LLIntCallLinkInfo):
      (LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::~LLIntCallLinkInfo):
      (JSC::LLIntCallLinkInfo::isLinked):
      (JSC::LLIntCallLinkInfo::unlink):
      * bytecode/MethodCallLinkStatus.cpp:
      (JSC::MethodCallLinkStatus::computeFor):
      * bytecode/Opcode.cpp:
      (JSC):
      * bytecode/Opcode.h:
      (JSC):
      (JSC::padOpcodeName):
      * bytecode/PutByIdStatus.cpp:
      (JSC::PutByIdStatus::computeFromLLInt):
      (JSC):
      (JSC::PutByIdStatus::computeFor):
      * bytecode/PutByIdStatus.h:
      (PutByIdStatus):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitResolve):
      (JSC::BytecodeGenerator::emitResolveWithBase):
      (JSC::BytecodeGenerator::emitGetById):
      (JSC::BytecodeGenerator::emitPutById):
      (JSC::BytecodeGenerator::emitDirectPutById):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      (JSC::BytecodeGenerator::emitCatch):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::canCompileOpcode):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOperations.cpp:
      * heap/Heap.h:
      (JSC):
      (JSC::Heap::firstAllocatorWithoutDestructors):
      (Heap):
      * heap/MarkStack.cpp:
      (JSC::visitChildren):
      * heap/MarkedAllocator.h:
      (JSC):
      (MarkedAllocator):
      * heap/MarkedSpace.h:
      (JSC):
      (MarkedSpace):
      (JSC::MarkedSpace::firstAllocator):
      * interpreter/CallFrame.cpp:
      (JSC):
      (JSC::CallFrame::bytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::setBytecodeOffsetForNonDFGCode):
      (JSC::CallFrame::currentVPC):
      (JSC::CallFrame::setCurrentVPC):
      (JSC::CallFrame::trueCallerFrame):
      * interpreter/CallFrame.h:
      (JSC::ExecState::hasReturnPC):
      (JSC::ExecState::clearReturnPC):
      (ExecState):
      (JSC::ExecState::bytecodeOffsetForNonDFGCode):
      (JSC::ExecState::currentVPC):
      (JSC::ExecState::setCurrentVPC):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::Interpreter):
      (JSC::Interpreter::~Interpreter):
      (JSC):
      (JSC::Interpreter::initialize):
      (JSC::Interpreter::isOpcode):
      (JSC::Interpreter::unwindCallFrame):
      (JSC::getCallerInfo):
      (JSC::Interpreter::privateExecute):
      (JSC::Interpreter::retrieveLastCaller):
      * interpreter/Interpreter.h:
      (JSC):
      (Interpreter):
      (JSC::Interpreter::getOpcode):
      (JSC::Interpreter::getOpcodeID):
      (JSC::Interpreter::classicEnabled):
      * interpreter/RegisterFile.h:
      (JSC):
      (RegisterFile):
      * jit/ExecutableAllocator.h:
      (JSC):
      * jit/HostCallReturnValue.cpp: Added.
      (JSC):
      (JSC::getHostCallReturnValueWithExecState):
      * jit/HostCallReturnValue.h: Added.
      (JSC):
      (JSC::initializeHostCallReturnValue):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITCode.h:
      (JSC::JITCode::isOptimizingJIT):
      (JITCode):
      (JSC::JITCode::isBaselineCode):
      (JSC::JITCode::JITCode):
      * jit/JITDriver.h:
      (JSC::jitCompileIfAppropriate):
      (JSC::jitCompileFunctionIfAppropriate):
      * jit/JITExceptions.cpp:
      (JSC::jitThrow):
      * jit/JITInlineMethods.h:
      (JSC::JIT::updateTopCallFrame):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      (JSC):
      * jit/JITStubs.h:
      (JSC):
      * jit/JSInterfaceJIT.h:
      * llint: Added.
      * llint/LLIntCommon.h: Added.
      * llint/LLIntData.cpp: Added.
      (LLInt):
      (JSC::LLInt::Data::Data):
      (JSC::LLInt::Data::performAssertions):
      (JSC::LLInt::Data::~Data):
      * llint/LLIntData.h: Added.
      (JSC):
      (LLInt):
      (Data):
      (JSC::LLInt::Data::exceptionInstructions):
      (JSC::LLInt::Data::opcodeMap):
      (JSC::LLInt::Data::performAssertions):
      * llint/LLIntEntrypoints.cpp: Added.
      (LLInt):
      (JSC::LLInt::getFunctionEntrypoint):
      (JSC::LLInt::getEvalEntrypoint):
      (JSC::LLInt::getProgramEntrypoint):
      * llint/LLIntEntrypoints.h: Added.
      (JSC):
      (LLInt):
      (JSC::LLInt::getEntrypoint):
      * llint/LLIntExceptions.cpp: Added.
      (LLInt):
      (JSC::LLInt::interpreterThrowInCaller):
      (JSC::LLInt::returnToThrowForThrownException):
      (JSC::LLInt::returnToThrow):
      (JSC::LLInt::callToThrow):
      * llint/LLIntExceptions.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntOfflineAsmConfig.h: Added.
      * llint/LLIntOffsetsExtractor.cpp: Added.
      (JSC):
      (LLIntOffsetsExtractor):
      (JSC::LLIntOffsetsExtractor::dummy):
      (main):
      * llint/LLIntSlowPaths.cpp: Added.
      (LLInt):
      (JSC::LLInt::llint_trace_operand):
      (JSC::LLInt::llint_trace_value):
      (JSC::LLInt::LLINT_SLOW_PATH_DECL):
      (JSC::LLInt::traceFunctionPrologue):
      (JSC::LLInt::shouldJIT):
      (JSC::LLInt::entryOSR):
      (JSC::LLInt::resolveGlobal):
      (JSC::LLInt::getByVal):
      (JSC::LLInt::handleHostCall):
      (JSC::LLInt::setUpCall):
      (JSC::LLInt::genericCall):
      * llint/LLIntSlowPaths.h: Added.
      (JSC):
      (LLInt):
      * llint/LLIntThunks.cpp: Added.
      (LLInt):
      (JSC::LLInt::generateThunkWithJumpTo):
      (JSC::LLInt::functionForCallEntryThunkGenerator):
      (JSC::LLInt::functionForConstructEntryThunkGenerator):
      (JSC::LLInt::functionForCallArityCheckThunkGenerator):
      (JSC::LLInt::functionForConstructArityCheckThunkGenerator):
      (JSC::LLInt::evalEntryThunkGenerator):
      (JSC::LLInt::programEntryThunkGenerator):
      * llint/LLIntThunks.h: Added.
      (JSC):
      (LLInt):
      * llint/LowLevelInterpreter.asm: Added.
      * llint/LowLevelInterpreter.cpp: Added.
      * llint/LowLevelInterpreter.h: Added.
      * offlineasm: Added.
      * offlineasm/armv7.rb: Added.
      * offlineasm/asm.rb: Added.
      * offlineasm/ast.rb: Added.
      * offlineasm/backends.rb: Added.
      * offlineasm/generate_offset_extractor.rb: Added.
      * offlineasm/instructions.rb: Added.
      * offlineasm/offset_extractor_constants.rb: Added.
      * offlineasm/offsets.rb: Added.
      * offlineasm/opt.rb: Added.
      * offlineasm/parser.rb: Added.
      * offlineasm/registers.rb: Added.
      * offlineasm/self_hash.rb: Added.
      * offlineasm/settings.rb: Added.
      * offlineasm/transform.rb: Added.
      * offlineasm/x86.rb: Added.
      * runtime/CodeSpecializationKind.h: Added.
      (JSC):
      * runtime/CommonSlowPaths.h:
      (JSC::CommonSlowPaths::arityCheckFor):
      (CommonSlowPaths):
      * runtime/Executable.cpp:
      (JSC::jettisonCodeBlock):
      (JSC):
      (JSC::EvalExecutable::jitCompile):
      (JSC::samplingDescription):
      (JSC::EvalExecutable::compileInternal):
      (JSC::ProgramExecutable::jitCompile):
      (JSC::ProgramExecutable::compileInternal):
      (JSC::FunctionExecutable::baselineCodeBlockFor):
      (JSC::FunctionExecutable::jitCompileForCall):
      (JSC::FunctionExecutable::jitCompileForConstruct):
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      * runtime/Executable.h:
      (JSC):
      (EvalExecutable):
      (ProgramExecutable):
      (FunctionExecutable):
      (JSC::FunctionExecutable::jitCompileFor):
      * runtime/ExecutionHarness.h: Added.
      (JSC):
      (JSC::prepareForExecution):
      (JSC::prepareFunctionForExecution):
      * runtime/JSArray.h:
      (JSC):
      (JSArray):
      * runtime/JSCell.h:
      (JSC):
      (JSCell):
      * runtime/JSFunction.h:
      (JSC):
      (JSFunction):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
      (JSC):
      (JSGlobalData):
      * runtime/JSGlobalObject.h:
      (JSC):
      (JSGlobalObject):
      * runtime/JSObject.h:
      (JSC):
      (JSObject):
      (JSFinalObject):
      * runtime/JSPropertyNameIterator.h:
      (JSC):
      (JSPropertyNameIterator):
      * runtime/JSString.h:
      (JSC):
      (JSString):
      * runtime/JSTypeInfo.h:
      (JSC):
      (TypeInfo):
      * runtime/JSValue.cpp:
      (JSC::JSValue::description):
      * runtime/JSValue.h:
      (LLInt):
      (JSValue):
      * runtime/JSVariableObject.h:
      (JSC):
      (JSVariableObject):
      * runtime/Options.cpp:
      (Options):
      (JSC::Options::initializeOptions):
      * runtime/Options.h:
      (Options):
      * runtime/ScopeChain.h:
      (JSC):
      (ScopeChainNode):
      * runtime/Structure.cpp:
      (JSC::Structure::addPropertyTransition):
      * runtime/Structure.h:
      (JSC):
      (Structure):
      * runtime/StructureChain.h:
      (JSC):
      (StructureChain):
      * wtf/InlineASM.h:
      * wtf/Platform.h:
      * wtf/SentinelLinkedList.h:
      (SentinelLinkedList):
      (WTF::SentinelLinkedList::isEmpty):
      * wtf/text/StringImpl.h:
      (JSC):
      (StringImpl):
      
      Source/WebCore: 
      
      Reviewed by Gavin Barraclough.
              
      No new tests, because there is no change in behavior.
      
      * CMakeLists.txt:
      
      Source/WebKit: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
              
      * CMakeLists.txt:
      
      Tools: 
      
      Reviewed by Gavin Barraclough.
      
      Changed EFL's build system to include a new directory in JavaScriptCore.
      
      * DumpRenderTree/efl/CMakeLists.txt:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108309 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      091129f4
    • fpizlo@apple.com's avatar
      Unreviewed, rolling out http://trac.webkit.org/changeset/108291 · 29229227
      fpizlo@apple.com authored
      It completely broke the 32-bit JIT.
      
      * heap/CopiedAllocator.h:
      * heap/CopiedSpace.h:
      (CopiedSpace):
      * heap/Heap.h:
      (JSC::Heap::allocatorForObjectWithDestructor):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases):
      * jit/JIT.h:
      (JIT):
      * jit/JITInlineMethods.h:
      (JSC):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array):
      * runtime/JSArray.cpp:
      (JSC::storageSize):
      (JSC):
      * runtime/JSArray.h:
      (ArrayStorage):
      (JSArray):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108307 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      29229227
    • mhahnenberg@apple.com's avatar
      Implement fast path for op_new_array in the baseline JIT · d249ef82
      mhahnenberg@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=78612
      
      Reviewed by Filip Pizlo.
      
      * heap/CopiedAllocator.h:
      (CopiedAllocator): Friended the JIT to allow access to m_currentOffset.
      * heap/CopiedSpace.h:
      (CopiedSpace): Friended the JIT to allow access to
      (JSC::CopiedSpace::allocator):
      * heap/Heap.h:
      (JSC::Heap::storageAllocator): Added a getter for the CopiedAllocator class so the JIT
      can use it for simple allocation i.e. when we can just bump the offset without having to
      do anything else.
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileSlowCases): Added new slow case for op_new_array for when
      we have to bail out because the fast allocation path fails for whatever reason.
      * jit/JIT.h:
      (JIT):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitAllocateBasicStorage): Added utility function that allows objects to
      allocate generic backing stores. This function is used by emitAllocateJSArray.
      (JSC):
      (JSC::JIT::emitAllocateJSArray): Added utility function that allows the client to
      more easily allocate JSArrays. This function is used by emit_op_new_array and I expect
      it will also be used for emit_op_new_array_buffer.
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_new_array): Changed to do inline allocation of JSArrays. Still does
      a stub call for oversize arrays.
      (JSC):
      (JSC::JIT::emitSlow_op_new_array): Just bails out to a stub call if we fail in any way on
      the fast path.
      * runtime/JSArray.cpp:
      (JSC):
      * runtime/JSArray.h: Added lots of offset functions for all the fields that we need to
      initialize in the JIT.
      (ArrayStorage):
      (JSC::ArrayStorage::lengthOffset):
      (JSC::ArrayStorage::numValuesInVectorOffset):
      (JSC::ArrayStorage::allocBaseOffset):
      (JSC::ArrayStorage::vectorOffset):
      (JSArray):
      (JSC::JSArray::sparseValueMapOffset):
      (JSC::JSArray::subclassDataOffset):
      (JSC::JSArray::indexBiasOffset):
      (JSC):
      (JSC::JSArray::storageSize): Moved this function from being a static function in the cpp file
      to being a static function in the JSArray class. This move allows the JIT to call it to
      see what size it should allocate.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@108291 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d249ef82
  10. 11 Feb, 2012 1 commit
    • fpizlo@apple.com's avatar
      It should be possible to send all JSC debug logging to a file · d095b247
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=78418
      
      Reviewed by Sam Weinig.
              
      Introduced wtf/DataLog, which defines WTF::dataFile, WTF::dataLog,
      and WTF::dataLogV. Changed all debugging- and profiling-related printfs
      to use WTF::dataLog() or one of its friends. By default, debug logging
      goes to stderr, unless you change the setting in wtf/DataLog.cpp.
      
      Source/JavaScriptCore: 
      
      * GNUmakefile.list.am:
      * JavaScriptCore.gypi:
      * JavaScriptCore.vcproj/WTF/WTF.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/LinkBuffer.h:
      (JSC::LinkBuffer::dumpLinkStatistics):
      (JSC::LinkBuffer::dumpCode):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::vprintfStdoutInstr):
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::printUnaryOp):
      (JSC::CodeBlock::printBinaryOp):
      (JSC::CodeBlock::printConditionalJump):
      (JSC::CodeBlock::printGetByIdOp):
      (JSC::CodeBlock::printCallOp):
      (JSC::CodeBlock::printPutByIdOp):
      (JSC::printGlobalResolveInfo):
      (JSC::printStructureStubInfo):
      (JSC::CodeBlock::printStructure):
      (JSC::CodeBlock::printStructures):
      (JSC::CodeBlock::dump):
      (JSC::CodeBlock::dumpStatistics):
      (JSC::CodeBlock::finalizeUnconditionally):
      (JSC::CodeBlock::shouldOptimizeNow):
      (JSC::CodeBlock::tallyFrequentExitSites):
      (JSC::CodeBlock::dumpValueProfiles):
      * bytecode/Opcode.cpp:
      (JSC::OpcodeStats::~OpcodeStats):
      * bytecode/SamplingTool.cpp:
      (JSC::SamplingFlags::stop):
      (JSC::SamplingRegion::dumpInternal):
      (JSC::SamplingTool::dump):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::endBasicBlock):
      (JSC::DFG::AbstractState::mergeStateAtTail):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getPredictionWithoutOSRExit):
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::makeDivSafe):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack):
      (JSC::DFG::ByteCodeParser::linkBlock):
      (JSC::DFG::ByteCodeParser::parseCodeBlock):
      (JSC::DFG::ByteCodeParser::parse):
      * dfg/DFGCommon.h:
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::printWhiteSpace):
      (JSC::DFG::Graph::dumpCodeOrigin):
      (JSC::DFG::Graph::dump):
      (JSC::DFG::Graph::predictArgumentTypes):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::link):
      * dfg/DFGOSREntry.cpp:
      (JSC::DFG::prepareOSREntry):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOperations.cpp:
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::fixpoint):
      (JSC::DFG::Propagator::propagateArithNodeFlags):
      (JSC::DFG::Propagator::propagateArithNodeFlagsForward):
      (JSC::DFG::Propagator::propagateArithNodeFlagsBackward):
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::propagatePredictionsForward):
      (JSC::DFG::Propagator::propagatePredictionsBackward):
      (JSC::DFG::Propagator::doRoundOfDoubleVoting):
      (JSC::DFG::Propagator::fixupNode):
      (JSC::DFG::Propagator::fixup):
      (JSC::DFG::Propagator::startIndexForChildren):
      (JSC::DFG::Propagator::endIndexForPureCSE):
      (JSC::DFG::Propagator::setReplacement):
      (JSC::DFG::Propagator::eliminate):
      (JSC::DFG::Propagator::performNodeCSE):
      (JSC::DFG::Propagator::localCSE):
      (JSC::DFG::Propagator::allocateVirtualRegisters):
      (JSC::DFG::Propagator::performBlockCFA):
      (JSC::DFG::Propagator::performForwardCFA):
      * dfg/DFGRegisterBank.h:
      (JSC::DFG::RegisterBank::dump):
      * dfg/DFGScoreBoard.h:
      (JSC::DFG::ScoreBoard::dump):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::dump):
      (JSC::DFG::SpeculativeJIT::checkConsistency):
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::fillSpeculateIntInternal):
      (JSC::DFG::SpeculativeJIT::fillSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::fillSpeculateCell):
      (JSC::DFG::SpeculativeJIT::fillSpeculateBoolean):
      * heap/Heap.cpp:
      (JSC::Heap::destroy):
      * heap/MarkedBlock.h:
      * interpreter/CallFrame.cpp:
      (JSC::CallFrame::dumpCaller):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::dumpRegisters):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * profiler/Profile.cpp:
      (JSC::Profile::debugPrintData):
      (JSC::Profile::debugPrintDataSampleStyle):
      * profiler/ProfileNode.cpp:
      (JSC::ProfileNode::debugPrintData):
      (JSC::ProfileNode::debugPrintDataSampleStyle):
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::dumpRegExpTrace):
      * runtime/RegExp.cpp:
      (JSC::RegExp::matchCompareWithInterpreter):
      * runtime/SamplingCounter.cpp:
      (JSC::AbstractSamplingCounter::dump):
      * runtime/SamplingCounter.h:
      (JSC::DeletableSamplingCounter::~DeletableSamplingCounter):
      * runtime/ScopeChain.cpp:
      (JSC::ScopeChainNode::print):
      * runtime/Structure.cpp:
      (JSC::Structure::dumpStatistics):
      (JSC::PropertyMapStatisticsExitLogger::~PropertyMapStatisticsExitLogger):
      * tools/CodeProfile.cpp:
      (JSC::CodeProfile::report):
      * tools/ProfileTreeNode.h:
      (JSC::ProfileTreeNode::dumpInternal):
      * wtf/CMakeLists.txt:
      * wtf/DataLog.cpp: Added.
      (WTF):
      (WTF::initializeLogFileOnce):
      (WTF::initializeLogFile):
      (WTF::dataFile):
      (WTF::dataLogV):
      (WTF::dataLog):
      * wtf/DataLog.h: Added.
      (WTF):
      * wtf/HashTable.cpp:
      (WTF::HashTableStats::~HashTableStats):
      * wtf/MetaAllocator.cpp:
      (WTF::MetaAllocator::dumpProfile):
      * wtf/text/WTFString.cpp:
      (String::show):
      * yarr/YarrInterpreter.cpp:
      (JSC::Yarr::ByteCompiler::dumpDisjunction):
      
      Source/WebCore: 
      
      No new tests because behavior is unchanged.
      
      * ForwardingHeaders/wtf/DataLog.h: Added.
      
      Source/WTF: 
      
      * WTF.pro:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@107499 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d095b247
  11. 08 Feb, 2012 1 commit
  12. 30 Jan, 2012 1 commit
    • barraclough@apple.com's avatar
      Clean up putDirect · 09a55680
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=76232
      
      Reviewed by Sam Weinig.
      
      Part 3 - merge op_put_getter & op_put_setter.
      
      Putting these separately is inefficient (and makes future optimiation,
      e.g. making GetterSetter immutable) harder. Change to emit a single
      op_put_getter_setter bytecode op. Ultimately we should probably be
      able to merge this with put direct, to create a common op to initialize
      object literal properties.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump):
      * bytecode/Opcode.h:
      (JSC):
      ():
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitPutGetterSetter):
      * bytecompiler/BytecodeGenerator.h:
      (BytecodeGenerator):
      * bytecompiler/NodesCodegen.cpp:
      (JSC::PropertyListNode::emitBytecode):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::privateExecute):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      * jit/JIT.h:
      (JIT):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::emit_op_put_getter_setter):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_put_getter_setter):
      * jit/JITStubs.cpp:
      (JSC::DEFINE_STUB_FUNCTION):
      * jit/JITStubs.h:
      ():
      * runtime/JSObject.cpp:
      (JSC::JSObject::putDirectVirtual):
      (JSC::JSObject::putDirectAccessor):
      (JSC):
      (JSC::putDescriptor):
      (JSC::JSObject::defineOwnProperty):
      * runtime/JSObject.h:
      ():
      (JSC::JSObject::putDirectInternal):
      (JSC::JSObject::putDirect):
      (JSC::JSObject::putDirectWithoutTransition):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106255 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      09a55680
  13. 23 Jan, 2012 1 commit
    • barraclough@apple.com's avatar
      Implement a JIT-code aware sampling profiler for JSC · b6a00d35
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=76855
      
      Rubber stanmped by Geoff Garen.
      
      Mechanical change - pass CodeBlock through to the executable allocator,
      such that we will be able to map ranges of JIT code back to their owner.
      
      * assembler/ARMAssembler.cpp:
      (JSC::ARMAssembler::executableCopy):
      * assembler/ARMAssembler.h:
      * assembler/AssemblerBuffer.h:
      (JSC::AssemblerBuffer::executableCopy):
      * assembler/AssemblerBufferWithConstantPool.h:
      (JSC::AssemblerBufferWithConstantPool::executableCopy):
      * assembler/LinkBuffer.h:
      (JSC::LinkBuffer::LinkBuffer):
      (JSC::LinkBuffer::linkCode):
      * assembler/MIPSAssembler.h:
      (JSC::MIPSAssembler::executableCopy):
      * assembler/SH4Assembler.h:
      (JSC::SH4Assembler::executableCopy):
      * assembler/X86Assembler.h:
      (JSC::X86Assembler::executableCopy):
      (JSC::X86Assembler::X86InstructionFormatter::executableCopy):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGOSRExitCompiler.cpp:
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::generateProtoChainAccessStub):
      (JSC::DFG::tryCacheGetByID):
      (JSC::DFG::tryBuildGetByIDList):
      (JSC::DFG::tryCachePutByID):
      * dfg/DFGThunks.cpp:
      (JSC::DFG::osrExitGenerationThunkGenerator):
      * jit/ExecutableAllocator.cpp:
      (JSC::ExecutableAllocator::allocate):
      * jit/ExecutableAllocator.h:
      * jit/ExecutableAllocatorFixedVMPool.cpp:
      (JSC::ExecutableAllocator::allocate):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::privateCompileCTINativeCall):
      * jit/JITPropertyAccess.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::stringGetByValStubGenerator):
      (JSC::JIT::privateCompilePutByIdTransition):
      (JSC::JIT::privateCompilePatchGetArrayLength):
      (JSC::JIT::privateCompileGetByIdProto):
      (JSC::JIT::privateCompileGetByIdSelfList):
      (JSC::JIT::privateCompileGetByIdProtoList):
      (JSC::JIT::privateCompileGetByIdChainList):
      (JSC::JIT::privateCompileGetByIdChain):
      * jit/JITStubs.cpp:
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::finalize):
      * yarr/YarrJIT.cpp:
      (JSC::Yarr::YarrGenerator::compile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105636 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b6a00d35
  14. 11 Jan, 2012 1 commit
  15. 10 Jan, 2012 1 commit
    • fpizlo@apple.com's avatar
      CodeBlock::m_numParameters should be encapsulated · c4d5496c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=75985
      <rdar://problem/10671020>
      
      Reviewed by Oliver Hunt.
              
      Encapsulated CodeBlock::m_numParameters and hooked argument profile creation
      into it.  This appears to be performance neutral.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      (JSC::CodeBlock::setNumParameters):
      (JSC::CodeBlock::addParameter):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::numParameters):
      (JSC::CodeBlock::addressOfNumParameters):
      (JSC::CodeBlock::offsetOfNumParameters):
      (JSC::CodeBlock::numberOfArgumentValueProfiles):
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::addParameter):
      (JSC::BytecodeGenerator::emitReturn):
      * dfg/DFGAbstractState.cpp:
      (JSC::DFG::AbstractState::AbstractState):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::ByteCodeParser):
      (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::predictArgumentTypes):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileFunction):
      * dfg/DFGOperations.cpp:
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::SpeculativeJIT):
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::slideRegisterWindowForCall):
      (JSC::Interpreter::dumpRegisters):
      (JSC::Interpreter::execute):
      (JSC::Interpreter::prepareForRepeatCall):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JITStubs.cpp:
      (JSC::arityCheckFor):
      (JSC::lazyLinkFor):
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@104630 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      c4d5496c
  16. 20 Dec, 2011 2 commits
  17. 15 Dec, 2011 1 commit
    • commit-queue@webkit.org's avatar
      Rename JSC::Heuristics to JSC::Options · a2e15981
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=72889
      
      Patch by Andy Wingo <wingo@igalia.com> on 2011-12-15
      Reviewed by Filip Pizlo.
      
      * runtime/Options.cpp: Renamed from Source/JavaScriptCore/runtime/Heuristics.cpp.
      * runtime/Options.h: Renamed from Source/JavaScriptCore/runtime/Heuristics.h.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * Target.pri:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::reoptimizationRetryCounter):
      (JSC::CodeBlock::countReoptimization):
      (JSC::CodeBlock::counterValueForOptimizeAfterWarmUp):
      (JSC::CodeBlock::counterValueForOptimizeAfterLongWarmUp):
      (JSC::CodeBlock::optimizeNextInvocation):
      (JSC::CodeBlock::dontOptimizeAnytimeSoon):
      (JSC::CodeBlock::optimizeSoon):
      (JSC::CodeBlock::largeFailCountThreshold):
      (JSC::CodeBlock::largeFailCountThresholdForLoop):
      (JSC::CodeBlock::shouldReoptimizeNow):
      (JSC::CodeBlock::shouldReoptimizeFromLoopNow):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::handleInlining):
      * dfg/DFGCapabilities.h:
      (JSC::DFG::mightCompileEval):
      (JSC::DFG::mightCompileProgram):
      (JSC::DFG::mightCompileFunctionForCall):
      (JSC::DFG::mightCompileFunctionForConstruct):
      (JSC::DFG::mightInlineFunctionForCall):
      (JSC::DFG::mightInlineFunctionForConstruct):
      * dfg/DFGOSRExit.cpp:
      (JSC::DFG::OSRExit::considerAddingAsFrequentExitSiteSlow):
      * dfg/DFGOSRExitCompiler32_64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGOSRExitCompiler64.cpp:
      (JSC::DFG::OSRExitCompiler::compileExit):
      * dfg/DFGVariableAccessData.h:
      (JSC::DFG::VariableAccessData::shouldUseDoubleFormatAccordingToVote):
      * heap/MarkStack.cpp:
      (JSC::MarkStackSegmentAllocator::allocate):
      (JSC::MarkStackSegmentAllocator::shrinkReserve):
      (JSC::MarkStackArray::MarkStackArray):
      (JSC::MarkStackArray::donateSomeCellsTo):
      (JSC::MarkStackArray::stealSomeCellsFrom):
      (JSC::MarkStackThreadSharedData::MarkStackThreadSharedData):
      (JSC::SlotVisitor::donateSlow):
      (JSC::SlotVisitor::drain):
      (JSC::SlotVisitor::drainFromShared):
      * heap/MarkStack.h:
      (JSC::MarkStack::mergeOpaqueRootsIfProfitable):
      (JSC::MarkStack::addOpaqueRoot):
      (JSC::MarkStackArray::canDonateSomeCells):
      * heap/SlotVisitor.h:
      (JSC::SlotVisitor::donate):
      * jit/JIT.cpp:
      (JSC::JIT::emitOptimizationCheck):
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce): Adapt callers and build systems.
      
      * testRegExp.cpp:
      (CommandLine::CommandLine):
      * jsc.cpp:
      (CommandLine::CommandLine):
      Rename from Options, to avoid name conflict.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@102917 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      a2e15981
  18. 11 Dec, 2011 1 commit
    • ggaren@apple.com's avatar
      v8 benchmark takes 12-13 million function call slow paths due to extra arguments · 0af1468f
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=74244
      
      Reviewed by Filip Pizlo.
              
      .arguments function of order the Reversed
              
      10% speedup on v8-raytrace, 1.7% speedup on v8 overall, neutral on Kraken
      and SunSpider.
      
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::valueProfileForArgument): Clarified that the interface
      to this function is an argument number.
      
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::BytecodeGenerator):
      (JSC::BytecodeGenerator::emitCall):
      (JSC::BytecodeGenerator::emitConstruct):
      (JSC::BytecodeGenerator::isArgumentNumber): Switched to using CallFrame
      helper functions for computing offsets for arguments, rather than doing
      the math by hand.
              
      Switched to iterating argument offsets backwards (--) instead of forwards (++).
      
      * bytecompiler/BytecodeGenerator.h:
      (JSC::CallArguments::thisRegister):
      (JSC::CallArguments::argumentRegister):
      (JSC::CallArguments::registerOffset): Updated for arguments being reversed.
      
      * bytecompiler/NodesCodegen.cpp: Allocate arguments in reverse order.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::getArgument):
      (JSC::DFG::ByteCodeParser::setArgument):
      (JSC::DFG::ByteCodeParser::flush):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::handleInlining):
      (JSC::DFG::ByteCodeParser::handleMinMax):
      (JSC::DFG::ByteCodeParser::handleIntrinsic):
      (JSC::DFG::ByteCodeParser::parseBlock):
      (JSC::DFG::ByteCodeParser::processPhiStack): Use abstract argument indices
      that just-in-time convert to bytecode operands (i.e., indexes in the register
      file) through helper functions. This means only one piece of code needs
      to know how arguments are laid out in the register file.
      
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::dump): Ditto.
      
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::valueProfileFor): Ditto.
      
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileFunction): The whole point of this patch:
      Treat too many arguments as an arity match.
      
      * dfg/DFGOSRExit.h:
      (JSC::DFG::OSRExit::variableForIndex):
      (JSC::DFG::OSRExit::operandForIndex): Use helper functions, as above.
      
      * dfg/DFGOperands.h:
      (JSC::DFG::operandToArgument):
      (JSC::DFG::argumentToOperand): These are now the only two lines of code in
      the DFG compiler that know how arguments are laid out in memory.
      
      (JSC::DFG::Operands::operand):
      (JSC::DFG::Operands::setOperand): Use helper functions, as above.
      
      * dfg/DFGOperations.cpp: The whole point of this patch:
      Treat too many arguments as an arity match.
      
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
              
      Also, don't tag the caller frame slot as a cell, because it's not a cell.
      
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::emitCall): Use helper functions, as above.
      
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile): Use helper functions, as above.
      
      (JSC::DFG::SpeculativeJIT::checkArgumentTypes): Use already-computed
      argument virtual register instead of recomputing by hand.
      
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::callFrameSlot):
      (JSC::DFG::SpeculativeJIT::argumentSlot):
      (JSC::DFG::SpeculativeJIT::callFrameTagSlot):
      (JSC::DFG::SpeculativeJIT::callFramePayloadSlot):
      (JSC::DFG::SpeculativeJIT::argumentTagSlot):
      (JSC::DFG::SpeculativeJIT::argumentPayloadSlot): Added a few helper
      functions for dealing with callee arguments specifically. These still
      build on top of our other helper functions, and have no direct knowledge
      of how arguments are laid out in the register file.
      
      (JSC::DFG::SpeculativeJIT::resetCallArguments):
      (JSC::DFG::SpeculativeJIT::addCallArgument): Renamed argumentIndex to
      argumentOffset to match CallFrame naming.
      
      (JSC::DFG::SpeculativeJIT::valueSourceReferenceForOperand): Use helper
      functions, as above.
      
      * interpreter/CallFrame.h:
      (JSC::ExecState::argumentOffset):
      (JSC::ExecState::argumentOffsetIncludingThis):
      (JSC::ExecState::argument):
      (JSC::ExecState::setArgument):
      (JSC::ExecState::thisArgumentOffset):
      (JSC::ExecState::thisValue):
      (JSC::ExecState::setThisValue):
      (JSC::ExecState::offsetFor):
      (JSC::ExecState::hostThisRegister):
      (JSC::ExecState::hostThisValue): Added a bunch of helper functions for
      computing where an argument is in the register file. Anything in the
      runtime that needs to access arguments should use these helpers.
      
      * interpreter/CallFrameClosure.h:
      (JSC::CallFrameClosure::setThis):
      (JSC::CallFrameClosure::setArgument):
      (JSC::CallFrameClosure::resetCallFrame): This stuff is a lot simpler, now
      that too many arguments counts as an arity match and doesn't require
      preserving two copies of our arguments.
      
      * interpreter/Interpreter.cpp:
      (JSC::Interpreter::slideRegisterWindowForCall): Only need to do something
      special if the caller provided too few arguments.
              
      Key simplification: We never need to maintain two copies of our arguments
      anymore.
      
      (JSC::eval):
      (JSC::loadVarargs): Use helper functions.
      
      (JSC::Interpreter::unwindCallFrame): Updated for new interface.
      
      (JSC::Interpreter::execute):
      (JSC::Interpreter::executeCall):
      (JSC::Interpreter::executeConstruct):
      (JSC::Interpreter::prepareForRepeatCall): Seriously, though: use helper
      functions.
      
      (JSC::Interpreter::privateExecute): No need to check for stack overflow
      when calling host functions because they have zero callee registers.
      
      (JSC::Interpreter::retrieveArguments): Explicitly tear off the arguments
      object, since there's no special constructor for this anymore.
      
      * interpreter/Interpreter.h: Reduced the C++ re-entry depth because some
      workers tests were hitting stack overflow in some of my testing. We should
      make this test more exact in future.
      
      * interpreter/RegisterFile.h: Death to all runtime knowledge of argument
      location that does not belong to the CallFrame class!
      
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile): I am a broken record and I use helper functions.
              
      Also, the whole point of this patch: Treat too many arguments as an arity match.
      
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileLoadVarargs):
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs): Updated the argument copying math to use
      helper functions, for backwards-correctness. Removed the condition
      pertaining to declared argument count because, now that arguments are
      always in just one place, this optimization is valid for all functions.
      Standardized the if predicate for each line of the optimization. This might
      fix a bug, but I couldn't get the bug to crash in practice.
      
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::emit_op_create_arguments):
      (JSC::JIT::emit_op_get_argument_by_val):
      (JSC::JIT::emitSlow_op_get_argument_by_val):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::emit_op_create_arguments):
      (JSC::JIT::emit_op_get_argument_by_val):
      (JSC::JIT::emitSlow_op_get_argument_by_val): Removed cti_op_create_arguments_no_params
      optimization because it's no longer an optimization, now that arguments
      are always contiguous in a known location.
              
      Updated argument access opcode math for backwards-correctness.
      
      * jit/JITStubs.cpp:
      (JSC::arityCheckFor): Updated just like slideRegisterWindowForCall. This
      function is slightly different because it copies the call frame in
      addition to the arguments. (In the Interpreter, the call frame is not
      set up by this point.)
      
      (JSC::lazyLinkFor): The whole point of this patch: Treat too many
      arguments as an arity match.
      
      (JSC::DEFINE_STUB_FUNCTION): Updated for new iterface to tearOff().
      
      * jit/JITStubs.h:
      * jit/SpecializedThunkJIT.h:
      (JSC::SpecializedThunkJIT::loadDoubleArgument):
      (JSC::SpecializedThunkJIT::loadCellArgument):
      (JSC::SpecializedThunkJIT::loadInt32Argument): Use helper functions! They
      build strong bones and teeth!
      
      * runtime/ArgList.cpp:
      (JSC::ArgList::getSlice):
      (JSC::MarkedArgumentBuffer::slowAppend):
      * runtime/ArgList.h:
      (JSC::MarkedArgumentBuffer::MarkedArgumentBuffer):
      (JSC::MarkedArgumentBuffer::~MarkedArgumentBuffer):
      (JSC::MarkedArgumentBuffer::at):
      (JSC::MarkedArgumentBuffer::clear):
      (JSC::MarkedArgumentBuffer::append):
      (JSC::MarkedArgumentBuffer::removeLast):
      (JSC::MarkedArgumentBuffer::last):
      (JSC::ArgList::ArgList):
      (JSC::ArgList::at): Updated for backwards-correctness. WTF::Vector doesn't
      play nice with backwards-ness, so I changed to using manual allocation.
              
      Fixed a FIXME about not all values being marked in the case of out-of-line
      arguments. I had to rewrite the loop anyway, and I didn't feel like
      maintaining fidelity to its old bugs.
      
      * runtime/Arguments.cpp:
      (JSC::Arguments::visitChildren):
      (JSC::Arguments::copyToArguments):
      (JSC::Arguments::fillArgList):
      (JSC::Arguments::getOwnPropertySlotByIndex):
      (JSC::Arguments::getOwnPropertySlot):
      (JSC::Arguments::getOwnPropertyDescriptor):
      (JSC::Arguments::putByIndex):
      (JSC::Arguments::put):
      (JSC::Arguments::tearOff):
      * runtime/Arguments.h:
      (JSC::Arguments::create):
      (JSC::Arguments::Arguments):
      (JSC::Arguments::argument):
      (JSC::Arguments::finishCreation): Secondary benefit of this patch: deleted
      lots of tricky code designed to maintain two different copies of function
      arguments. Now that arguments are always contiguous in one place in memory,
      this complexity can go away.
              
      Reduced down to one create function for the Arguments class, from three.
      
      Moved tearOff() into an out-of-line function because it's huge.
              
      Moved logic about whether to tear off eagerly into the Arguments class,
      so we didn't have to duplicate it elsewhere.
      
      * runtime/JSActivation.cpp:
      (JSC::JSActivation::JSActivation):
      (JSC::JSActivation::visitChildren): Renamed m_numParametersMinusThis to
      m_numCapturedArgs because if the value really were m_numParametersMinusThis
      we would be marking too much. (We shouldn't mark 'this' because it can't
      be captured.) Also, use helper functions.
      
      * runtime/JSActivation.h:
      (JSC::JSActivation::tearOff): Use helper functions.
      
      * runtime/JSArray.cpp:
      (JSC::JSArray::copyToArguments):
      * runtime/JSArray.h: Use helper functions, as above.
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@102545 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      0af1468f
  19. 09 Dec, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG's interpretation of rare case profiles should be frequency-based not count-based · b490fcff
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=74170
      
      Reviewed by Geoff Garen.
              
      DFG optimizes for rare cases only when the rare case counter is above some threshold
      and it also constitutes a large enough fraction of total function executions. Also
      added some minor debug logic.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::CodeBlock):
      * bytecode/CodeBlock.h:
      (JSC::CodeBlock::likelyToTakeSlowCase):
      (JSC::CodeBlock::couldTakeSlowCase):
      (JSC::CodeBlock::likelyToTakeSpecialFastCase):
      (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
      (JSC::CodeBlock::likelyToTakeAnySlowCase):
      (JSC::CodeBlock::executionEntryCount):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::makeSafe):
      (JSC::DFG::ByteCodeParser::makeDivSafe):
      (JSC::DFG::ByteCodeParser::handleCall):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGDriver.cpp:
      (JSC::DFG::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * runtime/Heuristics.cpp:
      (JSC::Heuristics::initializeHeuristics):
      * runtime/Heuristics.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@102489 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      b490fcff
  20. 14 Nov, 2011 2 commits
    • ggaren@apple.com's avatar
      32-bit Build fix: declare virtual register indices to be int rather than · e1e4591c
      ggaren@apple.com authored
      unsigned, since they can be positive or negative.
              
      For better clarity, explicitly use ReturnPC instead of -1 as the "invalid"
      state, since we'll never load and operate on the ReturnPC as a JS value.
      
      * jit/JIT.cpp:
      (JSC::JIT::JIT):
      * jit/JIT.h:
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitLoadTag):
      (JSC::JIT::emitLoadPayload):
      (JSC::JIT::emitLoad):
      (JSC::JIT::emitLoad2):
      (JSC::JIT::emitLoadDouble):
      (JSC::JIT::emitLoadInt32ToDouble):
      (JSC::JIT::emitStore):
      (JSC::JIT::emitStoreInt32):
      (JSC::JIT::emitStoreAndMapInt32):
      (JSC::JIT::emitStoreCell):
      (JSC::JIT::emitStoreBool):
      (JSC::JIT::emitStoreDouble):
      (JSC::JIT::map):
      (JSC::JIT::unmap):
      (JSC::JIT::isMapped):
      (JSC::JIT::getMappedPayload):
      (JSC::JIT::getMappedTag):
      (JSC::JIT::emitJumpSlowCaseIfNotJSCell):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@100171 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      e1e4591c
    • ggaren@apple.com's avatar
      Standardized the JS calling convention · 539d1bba
      ggaren@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=72221
              
      Reviewed by Oliver Hunt.
      
      This patch standardizes the calling convention so that the caller always
      sets up the callee's CallFrame. Adjustments for call type, callee type,
      argument count, etc. now always take place after that initial setup.
              
      This is a step toward reversing the argument order, but also has these
      immediate benefits (measured on x64):
              
      (1) 1% benchmark speedup across the board.
              
      (2) 50% code size reduction in baseline JIT function calls.
              
      (3) 1.5x speedup for single-dispatch .apply forwarding.
              
      (4) 1.1x speedup for multi-dispatch .apply forwarding.
      
      This change affected the baseline JIT most, since the baseline JIT had
      lots of ad hoc calling conventions for different caller / callee types.
      
      * assembler/MacroAssemblerX86_64.h:
      (JSC::MacroAssemblerX86_64::branchPtr):
      (JSC::MacroAssemblerX86_64::branchAddPtr): Optimize compare to 0 into
      a test, like other assemblers do. (I added some compares to 0, and didn't
      want them to be slow.)
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::dump): Merged op_load_varargs into op_call_varargs so
      op_call_varargs could share code generation with other forms of op_call.
      This is also a small optimization, since op_*varargs no longer have to
      pass arguments to each other through the register file.
      
      (JSC::CallLinkInfo::unlink):
      * bytecode/CodeBlock.h: Added a new call type: CallVarargs. This allows
      us to link functions called through .apply syntax. We need to distinguish
      CallVarargs from Call because CallVarargs changes its argument count
      on each inovcation, so we must always link to the argument count checking
      version of the callee.
      
      * bytecode/Opcode.h:
      * bytecompiler/BytecodeGenerator.cpp:
      (JSC::BytecodeGenerator::emitCallVarargs):
      * bytecompiler/BytecodeGenerator.h: Merged op_load_varargs into op_call_varargs.
      
      * bytecompiler/NodesCodegen.cpp:
      (JSC::ApplyFunctionCallDotNode::emitBytecode): Ditto. Also, simplified
      some of this bytecode generation to remove redundant copies.
      
      * dfg/DFGJITCodeGenerator32_64.cpp:
      (JSC::DFG::JITCodeGenerator::emitCall):
      * dfg/DFGJITCodeGenerator64.cpp:
      (JSC::DFG::JITCodeGenerator::emitCall): Added a new call type: CallVarargs.
      DFG doesn't support this type, but its code needs to change slightly
      to accomodate a 3-state variable.
      
      Stopped passing the argument count in regT1 because this is non-standard.
      (The argument count goes in the CallFrame. This trades speed on the slow
      path for speed and code size on the fast path, and simplicity on all paths.
      A good trade, in my opinion.)
      
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileEntry):
      (JSC::DFG::JITCompiler::link):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction): Tweaked code to make CallFrame
      setup more obvious when single-stepping. Also, updated for argument count
      not being in regT1.
      
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::addJSCall):
      (JSC::DFG::JITCompiler::JSCallRecord::JSCallRecord): Added a new call
      type: CallVarargs.
      
      * dfg/DFGOperations.cpp: Do finish CallFrame setup in one place before
      doing anything else. Don't check for stack overflow because we have no callee
      registers, and our caller has already checked for its own registers.
      
      * dfg/DFGRepatch.cpp:
      (JSC::DFG::dfgLinkFor): We can link to our callee even if our argument
      count doesn't match -- we just need to link to the argument count checking
      version.
      
      * interpreter/CallFrameClosure.h:
      (JSC::CallFrameClosure::setArgument): BUG FIX: When supplying too many
      arguments from C++, we need to supply a full copy of the arguments prior
      to the subset copy that matches our callee's argument count. (That is what
      the standard calling convention would have produced in JS.) I would have
      split this into its own patch, but I couldn't find a way to get the JIT
      to fail a regression test in this area without my patch applied.
      
      * interpreter/Interpreter.cpp: Let the true code bomb begin!
      
      (JSC::eval): Fixed up this helper function to operate on eval()'s CallFrame,
      and not eval()'s caller frame. We no longer leave the CallFrame pointing
      to eval()'s caller during a call to eval(), since that is not standard.
      
      (JSC::loadVarargs): Factored out a shared helper function for use by JIT
      and interpreter because half the code means one quarter the bugs -- in my
      programming, at least.
      
      (JSC::Interpreter::execute): Removed a now-unused way to invoke eval.
              
      (JSC::Interpreter::privateExecute): Removed an invalid ASSERT following
      putDirect, because it got in the way of my testing. (When putting a
      function, the cached base of a PutPropertySlot can be 0 to signify "do
      not optimize".)
              
      op_call_eval: Updated for new, standard eval calling convention.
              
      op_load_varargs: Merged op_load_varargs into op_call_varargs.
      
      op_call_varags: Updated for new, standard eval calling convention. Don't
      check for stack overflow because the loadVarargs helper function already
      checked.
      
      * interpreter/Interpreter.h:
      (JSC::Interpreter::execute): Headers are fun and educational!
      
      * interpreter/RegisterFile.cpp:
      (JSC::RegisterFile::growSlowCase):
      * interpreter/RegisterFile.h:
      (JSC::RegisterFile::grow): Factored out the slow case into a slow
      case because it was cramping the style of my fast case.
      
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile): Moved initialization of
      RegisterFile::CodeBlock to make it more obvious when debugging. Removed
      assumption that argument count is in regT1, as above. Removed call to
      restoreArgumentReference() because the JITStubCall abstraction does this for us.
      
      (JSC::JIT::linkFor): Link even if we miss on argument count, as above.
      
      * jit/JIT.h:
      * jit/JITCall32_64.cpp:
      (JSC::JIT::emitSlow_op_call):
      (JSC::JIT::emitSlow_op_call_eval):
      (JSC::JIT::emitSlow_op_call_varargs):
      (JSC::JIT::emitSlow_op_construct):
      (JSC::JIT::emit_op_call_eval):
      (JSC::JIT::emit_op_call_varargs): Share all function call code generation.
      Don't count call_eval when accounting for linkable function calls because
      eval doesn't link. (Its fast path is to perform the eval.)
      
      (JSC::JIT::compileLoadVarargs): Ported this inline copying optimization
      to our new calling convention. The key to this optimization is the
      observation that, in a function that declares no arguments, if any
      arguments are passed, they all end up right behind 'this'.
      
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileCallEvalSlowCase): Factored out eval for a little clarity.
      
      (JSC::JIT::compileOpCall):
      (JSC::JIT::compileOpCallSlowCase): If you are still with me, dear reader,
      this is the whole point of my patch. The caller now unconditionally moves
      the CallFrame forward and fills in the data it knows before taking any
      branches to deal with weird caller/callee pairs.
              
      This also means that there is almost no slow path for calls -- it all
      gets folded into the shared virtual call stub. The only things remaining
      in the slow path are the rare case counter and a call to the stub.
      
      * jit/JITOpcodes32_64.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::privateCompileCTINativeCall): Updated for values being in
      different registers or in memory, based on our new standard calling
      convention.
              
      Added a shared path for calling out to CTI helper functions for non-JS
      calls.
      
      * jit/JITPropertyAccess32_64.cpp:
      (JSC::JIT::emit_op_method_check): method_check emits its own code and
      the following get_by_id's code, so it needs to add both when informing
      result chaining of its result. This is important because the standard
      calling convention can now take advantage of this chaining.
      
      * jit/JITCall.cpp:
      (JSC::JIT::compileLoadVarargs):
      (JSC::JIT::compileCallEval):
      (JSC::JIT::compileCallEvalSlowCase):
      (JSC::JIT::compileOpCall):
      (JSC::JIT::compileOpCallSlowCase):
      * jit/JITOpcodes.cpp:
      (JSC::JIT::privateCompileCTIMachineTrampolines):
      (JSC::JIT::emit_op_call_eval):
      (JSC::JIT::emit_op_call_varargs):
      (JSC::JIT::emitSlow_op_call):
      (JSC::JIT::emitSlow_op_call_eval):
      (JSC::JIT::emitSlow_op_call_varargs):
      (JSC::JIT::emitSlow_op_construct): Observe, as I write all of my code a
      second time, now with 64 bits.
      
      * jit/JITStubs.cpp:
      (JSC::throwExceptionFromOpCall):
      (JSC::jitCompileFor):
      (JSC::arityCheckFor):
      (JSC::lazyLinkFor): A lot of mechanical changes here for one purpose:
      Exceptions thrown in the middle of a function call now use a shared helper
      function (throwExceptionFromOpCall). This function understands that the
      CallFrame currently points to the callEE, and the exception must be
      thrown by the callER. (The old calling convention would often still have
      the CallFrame pointing at the callER at the point of an exception. That
      is not the way of our new, standard calling convention.)
      
      (JSC::op_call_eval): Finish standard CallFrame setup before calling 
      our eval helper function, which now depends on that setup.
      
      * runtime/Arguments.h:
      (JSC::Arguments::length): Renamed numProvidedArguments() to length()
      because that's what other objects call it, and the difference made our
      new loadVarargs helper function hard to read.
      
      * runtime/Executable.cpp:
      (JSC::FunctionExecutable::compileForCallInternal):
      (JSC::FunctionExecutable::compileForConstructInternal): Interpreter build
      fixes.
      
      * runtime/FunctionPrototype.cpp:
      (JSC::functionProtoFuncApply): Honor Arguments::MaxArguments even when
      the .apply call_varargs optimization fails. (This bug appears on layout
      tests when you disable the optimization.)
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@100165 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      539d1bba
  21. 09 Nov, 2011 1 commit
  22. 08 Nov, 2011 1 commit
    • barraclough@apple.com's avatar
      Fix OSR entry points to calculate offsets correctly WRT to branch compaction. · 13b3806d
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=71864
      
      Reviewed by Filip Pizlo.
      
      * assembler/LinkBuffer.h:
      (JSC::LinkBuffer::offsetOf):
          - We use this to return the offsets into the code of the entry points.
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::compileEntry):
      (JSC::DFG::JITCompiler::compileBody):
      (JSC::DFG::JITCompiler::compile):
      (JSC::DFG::JITCompiler::compileFunction):
          - Move the construction of the speculative JIT outside of
            compileBody, such that it is still available to link the
            OSR entry points at the point we are linking.
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::noticeOSREntry):
          - Pass the label of the block & linkbuffer into noticeOSREntry.
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      (JSC::DFG::SpeculativeJIT::linkOSREntries):
          - Moved call to noticeOSREntry until we we linking.
      * dfg/DFGSpeculativeJIT.h:
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
          - Moved calculation of entries until we we linking.
      * jit/JIT.h:
          - Removed some members.
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@99633 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      13b3806d
  23. 20 Oct, 2011 1 commit
  24. 13 Oct, 2011 2 commits
  25. 10 Oct, 2011 1 commit
  26. 09 Oct, 2011 1 commit
    • commit-queue@webkit.org's avatar
      Fix value profiling in 32_64 JIT · 387d2ece
      commit-queue@webkit.org authored
      https://bugs.webkit.org/show_bug.cgi?id=69717
      
      Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-10-09
      Reviewed by Filip Pizlo.
      
      Current value profiling for 32_64 JIT is broken and cannot record
      correct predicated types, which results in many speculation failures
      in the 32_64 DFG JIT, fallbacks to baseline JIT, and re-optimizations
      again and again.
      With this fix 32_64 DFG JIT can demonstrate real performance gains.
      
      * bytecode/ValueProfile.cpp:
      (JSC::ValueProfile::computeStatistics):
      * bytecode/ValueProfile.h:
      (JSC::ValueProfile::classInfo):
      (JSC::ValueProfile::numberOfSamples):
      (JSC::ValueProfile::isLive):
      (JSC::ValueProfile::numberOfInt32s):
      (JSC::ValueProfile::numberOfDoubles):
      (JSC::ValueProfile::numberOfBooleans):
      (JSC::ValueProfile::dump):
          Empty value check should be performed on decoded JSValue,
          as for 32_64 empty value is not identical to encoded 0.
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitValueProfilingSite):
      * jit/JITStubCall.h:
      (JSC::JITStubCall::callWithValueProfiling):
          Record the right profiling result for 32_64.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@97025 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      387d2ece
  27. 07 Oct, 2011 1 commit
    • oliver@apple.com's avatar
      Support direct calls to intrinsic functions · 1386ec98
      oliver@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69646
      
      Reviewed by Gavin Barraclough.
      
      Add support for optimising non-method_check calls
      to intrinsic functions (eg. when Math.abs, etc are
      cached in local variables).
      
      * bytecode/CodeBlock.h:
      (JSC::getCallLinkInfoBytecodeIndex):
          Support searching CallLinkInfos by bytecode index
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::parseBlock):
          Add support for linked calls in addition to method_check
          when searching for intrinsics
      * dfg/DFGNode.h:
      (JSC::DFG::Node::hasFunctionCheckData):
      (JSC::DFG::Node::function):
          Add ability to store a JSFunction* in a node - this is safe
          as the function will be marked by the codeblock we're compiling
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::checkFunctionElimination):
      (JSC::DFG::Propagator::performNodeCSE):
          Add support for new CheckFunction node, and implement CSE pass.
      * dfg/DFGSpeculativeJIT32_64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT64.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
          Rather trivial implementation of CheckFunction
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      * jit/JITCall.cpp:
      (JSC::JIT::compileOpCall):
      * jit/JITCall32_64.cpp:
      (JSC::JIT::compileOpCall):
          Need to propagate bytecode index for calls now.
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96962 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      1386ec98
  28. 03 Oct, 2011 1 commit
    • barraclough@apple.com's avatar
      On X86, switch bucketCount into a register, timeoutCheck into memory · 70558a37
      barraclough@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69299
      
      Reviewed by Geoff Garen.
      
      We don't have sufficient registers to keep both in registers, and DFG JIT will trample esi;
      it doesn't matter if the bucketCount gets stomped on (in fact it may add to randomness!),
      but it if the timeoutCheck gets trashed we may make calls out to the timout_check stub
      function too frequently (regressing performance). This patch has no perf impact on sunspider.
      
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * assembler/MacroAssemblerX86.h:
      (JSC::MacroAssemblerX86::branchAdd32):
      (JSC::MacroAssemblerX86::branchSub32):
          - Added branchSub32 with AbsoluteAddress.
      * jit/JIT.cpp:
      (JSC::JIT::emitTimeoutCheck):
          - Keep timeout count in memory on X86.
      * jit/JITInlineMethods.h:
      (JSC::JIT::emitValueProfilingSite):
          - remove X86 specific code, switch bucket count back into a register.
      * jit/JITStubs.cpp:
          - Stop initializing esi (it is no longer the timeoutCheck!)
      * jit/JSInterfaceJIT.h:
          - change definition of esi to be the bucketCountRegister.
      * runtime/JSGlobalData.cpp:
      (JSC::JSGlobalData::JSGlobalData):
      * runtime/JSGlobalData.h:
          - Add timeoutCount as a property to global data (the counter should be per-thread).
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96563 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      70558a37
  29. 01 Oct, 2011 1 commit
    • fpizlo@apple.com's avatar
      All of JSC's heuristics should be in one place for easier tuning · 7125f98c
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=69201
      
      Reviewed by Oliver Hunt.
              
      This makes it possible to change tiered compilation heuristics in
      one place (Heuristics.cpp) without recompiling the whole project.
              
      It also makes it possible to enable setting heuristics using
      environment variables. This is off by default. When turned on, it
      makes tuning the system much easier.
      
      * CMakeLists.txt:
      * GNUmakefile.list.am:
      * JavaScriptCore.pro:
      * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
      * JavaScriptCore.xcodeproj/project.pbxproj:
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::shouldOptimizeNow):
      * bytecode/CodeBlock.h:
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * jit/JIT.cpp:
      (JSC::JIT::emitOptimizationCheck):
      * runtime/Heuristics.cpp: Added.
      (JSC::Heuristics::parse):
      (JSC::Heuristics::setHeuristic):
      (JSC::Heuristics::initializeHeuristics):
      * runtime/Heuristics.h: Added.
      * runtime/InitializeThreading.cpp:
      (JSC::initializeThreadingOnce):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@96463 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7125f98c
  30. 25 Sep, 2011 1 commit
    • fpizlo@apple.com's avatar
      DFG static prediction code is no longer needed and should be removed · d93c9ad2
      fpizlo@apple.com authored
      https://bugs.webkit.org/show_bug.cgi?id=68784
      
      Reviewed by Oliver Hunt.
              
      This gets rid of static prediction code, and ensures that we do not
      try to compile code where dynamic predictions are not available.
      This is accomplished by immediately performing an OSR exit wherever
      a value is retrieved for which no predictions exist.
              
      This also adds value profiling for this on functions used for calls.
              
      The heuristics for deciding when to optimize code are also tweaked,
      since it is now profitable to optimize sooner. This may need to be
      tweaked further, but this patch only makes minimal changes.
              
      This results in a 16% speed-up on Kraken/ai-astar, leading to a 3%
      overall win on Kraken.  It's neutral elsewhere.
      
      * bytecode/CodeBlock.cpp:
      (JSC::CodeBlock::shouldOptimizeNow):
      (JSC::CodeBlock::dumpValueProfiles):
      * bytecode/CodeBlock.h:
      * bytecode/PredictedType.cpp:
      (JSC::predictionToString):
      * bytecode/PredictedType.h:
      (JSC::isCellPrediction):
      (JSC::isObjectPrediction):
      (JSC::isFinalObjectPrediction):
      (JSC::isStringPrediction):
      (JSC::isArrayPrediction):
      (JSC::isInt32Prediction):
      (JSC::isDoublePrediction):
      (JSC::isNumberPrediction):
      (JSC::isBooleanPrediction):
      (JSC::mergePredictions):
      * bytecode/PredictionTracker.h:
      (JSC::PredictionTracker::predictArgument):
      (JSC::PredictionTracker::predict):
      (JSC::PredictionTracker::predictGlobalVar):
      * bytecode/ValueProfile.cpp:
      (JSC::ValueProfile::computeUpdatedPrediction):
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::set):
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::getPrediction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGGraph.cpp:
      (JSC::DFG::Graph::predictArgumentTypes):
      * dfg/DFGGraph.h:
      (JSC::DFG::Graph::predict):
      (JSC::DFG::Graph::predictGlobalVar):
      (JSC::DFG::Graph::getMethodCheckPrediction):
      (JSC::DFG::Graph::getJSConstantPrediction):
      (JSC::DFG::Graph::getPrediction):
      * dfg/DFGJITCodeGenerator.cpp:
      (JSC::DFG::JITCodeGenerator::writeBarrier):
      (JSC::DFG::JITCodeGenerator::emitBranch):
      * dfg/DFGJITCompiler.h:
      (JSC::DFG::JITCompiler::getPrediction):
      * dfg/DFGNode.h:
      (JSC::DFG::Node::valueOfJSConstantNode):
      (JSC::DFG::Node::isInt32Constant):
      (JSC::DFG::Node::isDoubleConstant):
      (JSC::DFG::Node::isNumberConstant):
      (JSC::DFG::Node::isBooleanConstant):
      (JSC::DFG::Node::predict):
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::Propagator):
      (JSC::DFG::Propagator::propagateNodePredictions):
      (JSC::DFG::Propagator::fixupNode):
      (JSC::DFG::Propagator::isPredictedNumerical):
      (JSC::DFG::Propagator::logicalNotIsPure):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * dfg/DFGSpeculativeJIT.h:
      (JSC::DFG::SpeculativeJIT::shouldSpeculateInteger):
      (JSC::DFG::SpeculativeJIT::shouldSpeculateDouble):
      (JSC::DFG::SpeculativeJIT::shouldSpeculateNumber):
      (JSC::DFG::SpeculativeJIT::shouldNotSpeculateInteger):
      (JSC::DFG::SpeculativeJIT::shouldSpeculateFinalObject):
      (JSC::DFG::SpeculativeJIT::shouldSpeculateArray):
      (JSC::DFG::SpeculativeJIT::shouldSpeculateObject):
      (JSC::DFG::SpeculativeJIT::shouldSpeculateCell):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompile):
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95930 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      d93c9ad2
  31. 24 Sep, 2011 1 commit
    • fpizlo@apple.com's avatar
      The DFG should not attempt to guess types in the absence of value · 7e3ecae4
      fpizlo@apple.com authored
      profiles
      https://bugs.webkit.org/show_bug.cgi?id=68677
      
      Reviewed by Oliver Hunt.
              
      This adds the ForceOSRExit node, which is ignored by the propagator
      and virtual register allocator (and hence ensuring that liveness analysis
      works correctly), but forces terminateSpeculativeExecution() in the
      back-end. This appears to be a slight speed-up on benchmark averages,
      with ~5% swings on individual benchmarks, in both directions. But it's
      never a regression on any average, and appears to be a ~1% progression
      in the SunSpider average.
              
      This also adds a bit better debugging support in the old JIT and in DFG,
      as this was necessary to debug the much more frequent OSR transitions
      that occur with this change.
      
      * dfg/DFGByteCodeParser.cpp:
      (JSC::DFG::ByteCodeParser::addCall):
      (JSC::DFG::ByteCodeParser::getStrongPrediction):
      (JSC::DFG::ByteCodeParser::parseBlock):
      * dfg/DFGJITCompiler.cpp:
      (JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
      * dfg/DFGNode.h:
      * dfg/DFGPropagator.cpp:
      (JSC::DFG::Propagator::propagateNodePredictions):
      * dfg/DFGSpeculativeJIT.cpp:
      (JSC::DFG::SpeculativeJIT::compile):
      * jit/JIT.cpp:
      (JSC::JIT::privateCompileMainPass):
      (JSC::JIT::privateCompileSlowCases):
      (JSC::JIT::privateCompile):
      * jit/JIT.h:
      
      
      
      git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95916 268f45cc-cd09-0410-ab3c-d52691b4dbfc
      7e3ecae4
  32. 21 Sep, 2011 1 commit