Merge r174298 - Implement op_profile_type in the 32-bit baseline JIT

https://bugs.webkit.org/show_bug.cgi?id=137181 Reviewed by Michael Saboff. Generate inline code to write to the TypeProfilerLog inside the 32-bit baseline JIT instead of unconditionally bailing out to the slow path for op_profile_type. * jit/JITOpcodes32_64.cpp: (JSC::JIT::emit_op_profile_type): Canonical link: https://commits.webkit.org/154760.105@webkitgtk/2.6 git-svn-id: https://svn.webkit.org/repository/webkit/releases/WebKitGTK/webkit-2.6@174957 268f45cc-cd09-0410-ab3c-d52691b4dbfc
WebKit · Oct 21, 2014 · 62f1e8c · 62f1e8c
1 parent 39e7e9c
commit 62f1e8c
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 2 deletions.
diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog
@@ -1,3 +1,17 @@
+2014-10-03  Saam Barati  <saambarati1@gmail.com>
+
+        Implement op_profile_type in the 32-bit baseline JIT
+        https://bugs.webkit.org/show_bug.cgi?id=137181
+
+        Reviewed by Michael Saboff.
+
+        Generate inline code to write to the TypeProfilerLog inside the 32-bit 
+        baseline JIT instead of unconditionally bailing out to the slow path 
+        for op_profile_type.
+
+        * jit/JITOpcodes32_64.cpp:
+        (JSC::JIT::emit_op_profile_type):
+
 2014-10-03  Oliver Hunt  <oliver@apple.com>
 
         tearoff_arguments should always refer to the unmodified arguments register

diff --git a/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp b/Source/JavaScriptCore/jit/JITOpcodes32_64.cpp
@@ -42,6 +42,7 @@
 #include "MaxFrameExtentForSlowPathCall.h"
 #include "RepatchBuffer.h"
 #include "SlowPathCall.h"
+#include "TypeProfilerLog.h"
 #include "VirtualRegister.h"
 
 namespace JSC {
@@ -1310,8 +1311,66 @@ void JIT::emit_op_to_index_string(Instruction* currentInstruction)
 
 void JIT::emit_op_profile_type(Instruction* currentInstruction)
 {
-    JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_profile_type);
-    slowPathCall.call();
+    TypeLocation* cachedTypeLocation = currentInstruction[2].u.location;
+    int valueToProfile = currentInstruction[1].u.operand;
+
+    // Load payload in T0. Load tag in T3.
+    emitLoadPayload(valueToProfile, regT0);
+    emitLoadTag(valueToProfile, regT3);
+
+    JumpList jumpToEnd;
+
+    // Compile in a predictive type check, if possible, to see if we can skip writing to the log.
+    // These typechecks are inlined to match those of the 32-bit JSValue type checks.
+    if (cachedTypeLocation->m_lastSeenType == TypeUndefined)
+        jumpToEnd.append(branch32(Equal, regT3, TrustedImm32(JSValue::UndefinedTag)));
+    else if (cachedTypeLocation->m_lastSeenType == TypeNull)
+        jumpToEnd.append(branch32(Equal, regT3, TrustedImm32(JSValue::NullTag)));
+    else if (cachedTypeLocation->m_lastSeenType == TypeBoolean)
+        jumpToEnd.append(branch32(Equal, regT3, TrustedImm32(JSValue::BooleanTag)));
+    else if (cachedTypeLocation->m_lastSeenType == TypeMachineInt)
+        jumpToEnd.append(branch32(Equal, regT3, TrustedImm32(JSValue::Int32Tag)));
+    else if (cachedTypeLocation->m_lastSeenType == TypeNumber) {
+        jumpToEnd.append(branch32(Below, regT3, TrustedImm32(JSValue::LowestTag)));
+        jumpToEnd.append(branch32(Equal, regT3, TrustedImm32(JSValue::Int32Tag)));
+    } else if (cachedTypeLocation->m_lastSeenType == TypeString) {
+        Jump isNotCell = branch32(NotEqual, regT3, TrustedImm32(JSValue::CellTag));
+        jumpToEnd.append(branch8(Equal, Address(regT0, JSCell::typeInfoTypeOffset()), TrustedImm32(StringType)));
+        isNotCell.link(this);
+    }
+
+    // Load the type profiling log into T2.
+    TypeProfilerLog* cachedTypeProfilerLog = m_vm->typeProfilerLog();
+    move(TrustedImmPtr(cachedTypeProfilerLog), regT2);
+
+    // Load the next log entry into T1.
+    loadPtr(Address(regT2, TypeProfilerLog::currentLogEntryOffset()), regT1);
+
+    // Store the JSValue onto the log entry.
+    store32(regT0, Address(regT1, TypeProfilerLog::LogEntry::valueOffset() + OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
+    store32(regT3, Address(regT1, TypeProfilerLog::LogEntry::valueOffset() + OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
+
+    // Store the structureID of the cell if argument is a cell, otherwise, store 0 on the log entry.
+    Jump notCell = branch32(NotEqual, regT3, TrustedImm32(JSValue::CellTag));
+    load32(Address(regT0, JSCell::structureIDOffset()), regT0);
+    store32(regT0, Address(regT1, TypeProfilerLog::LogEntry::structureIDOffset()));
+    Jump skipNotCell = jump();
+    notCell.link(this);
+    store32(TrustedImm32(0), Address(regT1, TypeProfilerLog::LogEntry::structureIDOffset()));
+    skipNotCell.link(this);
+
+    // Store the typeLocation on the log entry.
+    move(TrustedImmPtr(cachedTypeLocation), regT0);
+    store32(regT0, Address(regT1, TypeProfilerLog::LogEntry::locationOffset()));
+
+    // Increment the current log entry.
+    addPtr(TrustedImm32(sizeof(TypeProfilerLog::LogEntry)), regT1);
+    store32(regT1, Address(regT2, TypeProfilerLog::currentLogEntryOffset()));
+    jumpToEnd.append(branchPtr(NotEqual, regT1, TrustedImmPtr(cachedTypeProfilerLog->logEndPtr())));
+    // Clear the log if we're at the end of the log.
+    callOperation(operationProcessTypeProfilerLog);
+
+    jumpToEnd.link(this);
 }
 
 } // namespace JSC