Skip to content

Instantly share code, notes, and snippets.

@caitp

caitp/fixup.diff Secret

Created October 20, 2020 19:28
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save caitp/96f175a31b7da1b763438b741933fe96 to your computer and use it in GitHub Desktop.
From 4b647a357ebe3fc4be92ff809bc0596016947e4f Mon Sep 17 00:00:00 2001
From: Caitlin Potter <caitp@igalia.com>
Date: Tue, 20 Oct 2020 12:11:17 -0400
Subject: [PATCH] Handle CellUse and UntypedUse seperately to improve register
allocation
---
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp | 2 +
.../JavaScriptCore/dfg/DFGSpeculativeJIT.cpp | 70 ++++++++++++-------
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h | 1 +
3 files changed, 46 insertions(+), 27 deletions(-)
diff --git a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
index d632cff3e0a3..265f941dd302 100644
--- a/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
+++ b/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
@@ -1784,6 +1784,8 @@ private:
case GetPrivateNameById:
if (node->child1()->shouldSpeculateCell())
fixEdge<CellUse>(node->child1());
+ else
+ fixEdge<UntypedUse>(node->child1());
if (!node->hasCacheableIdentifier())
fixEdge<SymbolUse>(node->child2());
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
index fb81f44c7154..eaace8c377dc 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
@@ -3473,79 +3473,95 @@ void SpeculativeJIT::compileGetPrivateName(Node* node)
if (node->hasCacheableIdentifier())
return compileGetPrivateNameById(node);
- JSValueOperand base(this, m_graph.child(node, 0), ManualOperandSpeculation);
- speculate(node, node->child1());
- SpeculateCellOperand property(this, m_graph.child(node, 1));
- JSValueRegsTemporary result(this);
+ switch (m_graph.child(node, 0).useKind()) {
+ case CellUse: {
+ SpeculateCellOperand base(this, m_graph.child(node, 0));
+ SpeculateCellOperand property(this, m_graph.child(node, 1));
- auto baseRegs = base.jsValueRegs();
- auto propertyRegs = JSValueRegs::payloadOnly(property.gpr());
- auto resultRegs = result.regs();
+ compileGetPrivateNameByVal(node, JSValueRegs::payloadOnly(base.gpr()), JSValueRegs::payloadOnly(property.gpr()));
+ break;
+ }
+ case UntypedUse: {
+ JSValueOperand base(this, m_graph.child(node, 0));
+ SpeculateCellOperand property(this, m_graph.child(node, 1));
- base.use();
- property.use();
+ compileGetPrivateNameByVal(node, base.jsValueRegs(), JSValueRegs::payloadOnly(property.gpr()));
+ break;
+ }
+ default:
+ DFG_CRASH(m_jit.graph(), node, "Bad use kind");
+ }
+}
- speculateSymbol(property.edge());
+void SpeculativeJIT::compileGetPrivateNameByVal(Node* node, JSValueRegs base, JSValueRegs property)
+{
+ DFG_ASSERT(m_jit.graph(), node, node->op() == GetPrivateName);
+ DFG_ASSERT(m_jit.graph(), node, m_graph.child(node, 1).useKind() == SymbolUse);
+ speculateSymbol(m_graph.child(node, 1));
+ JSValueRegsTemporary result(this);
CodeOrigin codeOrigin = node->origin.semantic;
CallSiteIndex callSite = m_jit.recordCallSiteAndGenerateExceptionHandlingOSRExitIfNeeded(codeOrigin, m_stream->size());
RegisterSet usedRegisters = this->usedRegisters();
JITCompiler::JumpList slowCases;
- if (!m_state.forNode(m_graph.child(node, 0)).isType(SpecCell))
- slowCases.append(m_jit.branchIfNotCell(baseRegs));
+ const bool baseIsKnownCell = m_state.forNode(m_graph.child(node, 0)).isType(SpecCell);
+ if (!baseIsKnownCell)
+ slowCases.append(m_jit.branchIfNotCell(base));
JITGetByValGenerator gen(
m_jit.codeBlock(), codeOrigin, callSite, AccessType::GetPrivateName, usedRegisters,
- JSValueRegs::payloadOnly(baseRegs.payloadGPR()), propertyRegs, resultRegs);
+ base, property, result.regs());
gen.stubInfo()->propertyIsSymbol = true;
gen.generateFastPath(m_jit);
slowCases.append(gen.slowPathJump());
- std::unique_ptr<SlowPathGenerator> slowPath = slowPathCall(
- slowCases, this, operationGetPrivateNameOptimize,
- resultRegs, TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(),
- baseRegs, CCallHelpers::CellValue(propertyRegs.payloadGPR()));
+ auto makeSlowPathCall = [&](auto base) {
+ return slowPathCall(
+ slowCases, this, operationGetPrivateNameOptimize,
+ result.regs(), TrustedImmPtr::weakPointer(m_graph, m_graph.globalObjectFor(codeOrigin)), gen.stubInfo(),
+ base, CCallHelpers::CellValue(property.payloadGPR()));
+ };
+
+ std::unique_ptr<SlowPathGenerator> slowPath = baseIsKnownCell
+ ? makeSlowPathCall(CCallHelpers::CellValue(base.payloadGPR()))
+ : makeSlowPathCall(base);
m_jit.addGetByVal(gen, slowPath.get());
addSlowPathGenerator(WTFMove(slowPath));
- jsValueResult(resultRegs, node, DataFormatJS, UseChildrenCalledExplicitly);
+ jsValueResult(result.regs(), node, DataFormatJS);
}
void SpeculativeJIT::compileGetPrivateNameById(Node* node)
{
- switch (node->child1().useKind()) {
+ switch (m_graph.child(node, 0).useKind()) {
case CellUse: {
- SpeculateCellOperand base(this, node->child1());
+ SpeculateCellOperand base(this, m_graph.child(node, 0));
JSValueRegsTemporary result(this, Reuse, base);
JSValueRegs baseRegs = JSValueRegs::payloadOnly(base.gpr());
JSValueRegs resultRegs = result.regs();
- base.use();
-
cachedGetById(node->origin.semantic, baseRegs, resultRegs, node->cacheableIdentifier(), JITCompiler::Jump(), NeedToSpill, AccessType::GetPrivateName);
- jsValueResult(resultRegs, node, DataFormatJS, UseChildrenCalledExplicitly);
+ jsValueResult(resultRegs, node, DataFormatJS);
break;
}
case UntypedUse: {
- JSValueOperand base(this, node->child1());
+ JSValueOperand base(this, m_graph.child(node, 0));
JSValueRegsTemporary result(this, Reuse, base);
JSValueRegs baseRegs = base.jsValueRegs();
JSValueRegs resultRegs = result.regs();
- base.use();
-
JITCompiler::Jump notCell = m_jit.branchIfNotCell(baseRegs);
cachedGetById(node->origin.semantic, baseRegs, resultRegs, node->cacheableIdentifier(), notCell, NeedToSpill, AccessType::GetPrivateName);
- jsValueResult(resultRegs, node, DataFormatJS, UseChildrenCalledExplicitly);
+ jsValueResult(resultRegs, node, DataFormatJS);
break;
}
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
index 48e0fac22874..af0426e280b0 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
@@ -1285,6 +1285,7 @@ public:
void compileGetPrivateName(Node*);
void compileGetPrivateNameById(Node*);
+ void compileGetPrivateNameByVal(Node*, JSValueRegs base, JSValueRegs property);
void compileGetScope(Node*);
void compileSkipScope(Node*);
--
2.17.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment