[webkit-changes] [292014] trunk/Source/JavaScriptCore

[ysuzuki]

Title: [292014] trunk/Source/_javascript_Core

Revision

292014

Author

ysuz...@apple.com

Date

2022-03-28 17:23:58 -0700 (Mon, 28 Mar 2022)

Log Message

[JSC] Clean up some 32bit load/store with 64bit load/store
https://bugs.webkit.org/show_bug.cgi?id=238440

Reviewed by Mark Lam.

1. On OSR entry, we should copy values from scratch to stack via loadValue / storeValue instead of 32bit load/store.
2. We should initialize tail-call's argumentCountIncludingThis slot via store64.

* dfg/DFGThunks.cpp:
(JSC::DFG::osrEntryThunkGenerator):
* jit/CallFrameShuffler.cpp:
(JSC::CallFrameShuffler::prepareAny):

Modified Paths

• trunk/Source/_javascript_Core/ChangeLog
• trunk/Source/_javascript_Core/dfg/DFGThunks.cpp
• trunk/Source/_javascript_Core/jit/CallFrameShuffler.cpp

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (292013 => 292014)

--- trunk/Source/_javascript_Core/ChangeLog	2022-03-29 00:22:21 UTC (rev 292013)
+++ trunk/Source/_javascript_Core/ChangeLog	2022-03-29 00:23:58 UTC (rev 292014)
@@ -1,3 +1,18 @@
+2022-03-28  Yusuke Suzuki  <ysuz...@apple.com>
+
+        [JSC] Clean up some 32bit load/store with 64bit load/store
+        https://bugs.webkit.org/show_bug.cgi?id=238440
+
+        Reviewed by Mark Lam.
+
+        1. On OSR entry, we should copy values from scratch to stack via loadValue / storeValue instead of 32bit load/store.
+        2. We should initialize tail-call's argumentCountIncludingThis slot via store64.
+
+        * dfg/DFGThunks.cpp:
+        (JSC::DFG::osrEntryThunkGenerator):
+        * jit/CallFrameShuffler.cpp:
+        (JSC::CallFrameShuffler::prepareAny):
+
 2022-03-28  Mark Lam  <mark....@apple.com>
 
         The lazy symbolObjectStructure should be realized before we allocate a SymbolObject.

Modified: trunk/Source/_javascript_Core/dfg/DFGThunks.cpp (292013 => 292014)

--- trunk/Source/_javascript_Core/dfg/DFGThunks.cpp	2022-03-29 00:22:21 UTC (rev 292013)
+++ trunk/Source/_javascript_Core/dfg/DFGThunks.cpp	2022-03-29 00:23:58 UTC (rev 292014)
@@ -151,10 +151,8 @@
     MacroAssembler::Label loop = jit.label();
     jit.subPtr(MacroAssembler::TrustedImm32(1), GPRInfo::regT1);
     jit.negPtr(GPRInfo::regT1, GPRInfo::regT4);
-    jit.load32(MacroAssembler::BaseIndex(GPRInfo::regT0, GPRInfo::regT1, MacroAssembler::TimesEight, offsetOfLocals), GPRInfo::regT2);
-    jit.load32(MacroAssembler::BaseIndex(GPRInfo::regT0, GPRInfo::regT1, MacroAssembler::TimesEight, offsetOfLocals + sizeof(int32_t)), GPRInfo::regT3);
-    jit.store32(GPRInfo::regT2, MacroAssembler::BaseIndex(GPRInfo::callFrameRegister, GPRInfo::regT4, MacroAssembler::TimesEight, -static_cast<intptr_t>(sizeof(Register))));
-    jit.store32(GPRInfo::regT3, MacroAssembler::BaseIndex(GPRInfo::callFrameRegister, GPRInfo::regT4, MacroAssembler::TimesEight, -static_cast<intptr_t>(sizeof(Register)) + static_cast<intptr_t>(sizeof(int32_t))));
+    jit.loadValue(MacroAssembler::BaseIndex(GPRInfo::regT0, GPRInfo::regT1, MacroAssembler::TimesEight, offsetOfLocals), JSRInfo::jsRegT32);
+    jit.storeValue(JSRInfo::jsRegT32, MacroAssembler::BaseIndex(GPRInfo::callFrameRegister, GPRInfo::regT4, MacroAssembler::TimesEight, -static_cast<intptr_t>(sizeof(Register))));
     jit.branchPtr(MacroAssembler::NotEqual, GPRInfo::regT1, MacroAssembler::TrustedImmPtr(bitwise_cast<void*>(-static_cast<intptr_t>(CallFrame::headerSizeInRegisters)))).linkTo(loop, &jit);
     
     jit.loadPtr(MacroAssembler::Address(GPRInfo::regT0, offsetOfTargetPC), GPRInfo::regT1);

Modified: trunk/Source/_javascript_Core/jit/CallFrameShuffler.cpp (292013 => 292014)

--- trunk/Source/_javascript_Core/jit/CallFrameShuffler.cpp	2022-03-29 00:22:21 UTC (rev 292013)
+++ trunk/Source/_javascript_Core/jit/CallFrameShuffler.cpp	2022-03-29 00:23:58 UTC (rev 292014)
@@ -739,11 +739,14 @@
     // m_newFrameBase, which could be a wanted register.
     if (verbose)
         dataLog("   * Storing the argument count into ", VirtualRegister { CallFrameSlot::argumentCountIncludingThis }, "\n");
-    m_jit.store32(MacroAssembler::TrustedImm32(0),
-        addressForNew(VirtualRegister { CallFrameSlot::argumentCountIncludingThis }).withOffset(TagOffset));
     RELEASE_ASSERT(m_numPassedArgs != UINT_MAX);
-    m_jit.store32(MacroAssembler::TrustedImm32(m_numPassedArgs),
-        addressForNew(VirtualRegister { CallFrameSlot::argumentCountIncludingThis }).withOffset(PayloadOffset));
+#if USE(JSVALUE64)
+    // Initialize CallFrameSlot::argumentCountIncludingThis's TagOffset and PayloadOffset with 0 and m_numPassedArgs.
+    m_jit.store64(MacroAssembler::TrustedImm32(m_numPassedArgs), addressForNew(VirtualRegister { CallFrameSlot::argumentCountIncludingThis }));
+#else
+    m_jit.store32(MacroAssembler::TrustedImm32(0), addressForNew(VirtualRegister { CallFrameSlot::argumentCountIncludingThis }).withOffset(TagOffset));
+    m_jit.store32(MacroAssembler::TrustedImm32(m_numPassedArgs), addressForNew(VirtualRegister { CallFrameSlot::argumentCountIncludingThis }).withOffset(PayloadOffset));
+#endif
 
     if (!isSlowPath()) {
         ASSERT(m_newFrameBase != MacroAssembler::stackPointerRegister);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes