Skip to content
Permalink
Browse files
[JSC] Avoid using DirectCall when executable is wasm function
https://bugs.webkit.org/show_bug.cgi?id=221055

Reviewed by Keith Miller.

This is a partial patch from https://bugs.webkit.org/show_bug.cgi?id=220339, which is reverted because of Facebook crash.
For now, we just avoid using DirectCall to wasm functions so that normal Call will be used, and it is efficient. This
patch avoids JetStream2 regression.

* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* jit/JITOperations.cpp:
(JSC::virtualForWithFunction):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setUpCall):
* runtime/Intrinsic.cpp:
(JSC::intrinsicName):
* runtime/Intrinsic.h:
* wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::create):


Canonical link: https://commits.webkit.org/233420@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271987 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
Constellation committed Jan 27, 2021
1 parent 5e45601 commit 9d781c52322ed564e8a869958007c4d8bf762a6e
Show file tree
Hide file tree
Showing 8 changed files with 42 additions and 1 deletion.
@@ -1,3 +1,28 @@
2021-01-27 Yusuke Suzuki <ysuzuki@apple.com>

[JSC] Avoid using DirectCall when executable is wasm function
https://bugs.webkit.org/show_bug.cgi?id=221055

Reviewed by Keith Miller.

This is a partial patch from https://bugs.webkit.org/show_bug.cgi?id=220339, which is reverted because of Facebook crash.
For now, we just avoid using DirectCall to wasm functions so that normal Call will be used, and it is efficient. This
patch avoids JetStream2 regression.

* dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* jit/JITOperations.cpp:
(JSC::virtualForWithFunction):
* llint/LLIntSlowPaths.cpp:
(JSC::LLInt::setUpCall):
* runtime/Intrinsic.cpp:
(JSC::intrinsicName):
* runtime/Intrinsic.h:
* wasm/js/WebAssemblyFunction.cpp:
(JSC::WebAssemblyFunction::create):

2021-01-27 Yusuke Suzuki <ysuzuki@apple.com>

Unreviewed, rebaselining builtin generator test result files
@@ -3548,6 +3548,8 @@ JSC_DEFINE_JIT_OPERATION(operationLinkDirectCall, void, (CallLinkInfo* callLinkI

JSScope* scope = callee->scopeUnchecked();

// FIXME: Support wasm IC.
// https://bugs.webkit.org/show_bug.cgi?id=220339
MacroAssemblerCodePtr<JSEntryPtrTag> codePtr;
CodeBlock* codeBlock = nullptr;
if (executable->isHostFunction())
@@ -927,6 +927,12 @@ class StrengthReductionPhase : public Phase {

if (!executable)
break;

// FIXME: Support wasm IC.
// DirectCall to wasm function has suboptimal implementation. We avoid using DirectCall if we know that function is a wasm function.
// https://bugs.webkit.org/show_bug.cgi?id=220339
if (executable->intrinsic() == WasmFunctionIntrinsic)
break;

if (FunctionExecutable* functionExecutable = jsDynamicCast<FunctionExecutable*>(vm(), executable)) {
if (m_node->op() == Construct && functionExecutable->constructAbility() == ConstructAbility::CannotConstruct)
@@ -1391,6 +1391,8 @@ inline SlowPathReturnType virtualForWithFunction(JSGlobalObject* globalObject, C
reinterpret_cast<void*>(KeepTheFrame));
}
}
// FIXME: Support wasm IC.
// https://bugs.webkit.org/show_bug.cgi?id=220339
return encodeResult(executable->entrypointFor(
kind, MustCheckArity).executableAddress(),
reinterpret_cast<void*>(callLinkInfo->callMode() == CallMode::Tail ? ReuseTheFrame : KeepTheFrame));
@@ -1736,6 +1736,8 @@ inline SlowPathReturnType setUpCall(CallFrame* calleeFrame, CodeSpecializationKi

MacroAssemblerCodePtr<JSEntryPtrTag> codePtr;
CodeBlock* codeBlock = nullptr;
// FIXME: Support wasm IC.
// https://bugs.webkit.org/show_bug.cgi?id=220339
if (executable->isHostFunction())
codePtr = executable->entrypointFor(kind, MustCheckArity);
else {
@@ -337,6 +337,8 @@ const char* intrinsicName(Intrinsic intrinsic)
return "DataViewSetFloat32";
case DataViewSetFloat64:
return "DataViewSetFloat64";
case WasmFunctionIntrinsic:
return "WasmFunctionIntrinsic";
}
RELEASE_ASSERT_NOT_REACHED();
return nullptr;
@@ -192,6 +192,8 @@ enum Intrinsic : uint8_t {
DataViewSetUint32,
DataViewSetFloat32,
DataViewSetFloat64,

WasmFunctionIntrinsic,
};

Optional<IterationKind> interationKindForIntrinsic(Intrinsic);
@@ -434,7 +434,7 @@ MacroAssemblerCodePtr<JSEntryPtrTag> WebAssemblyFunction::jsCallEntrypointSlow()

WebAssemblyFunction* WebAssemblyFunction::create(VM& vm, JSGlobalObject* globalObject, Structure* structure, unsigned length, const String& name, JSWebAssemblyInstance* instance, Wasm::Callee& jsEntrypoint, Wasm::WasmToWasmImportableFunction::LoadLocation wasmToWasmEntrypointLoadLocation, Wasm::SignatureIndex signatureIndex)
{
NativeExecutable* executable = vm.getHostFunction(callWebAssemblyFunction, NoIntrinsic, callHostFunctionAsConstructor, nullptr, name);
NativeExecutable* executable = vm.getHostFunction(callWebAssemblyFunction, WasmFunctionIntrinsic, callHostFunctionAsConstructor, nullptr, name);
WebAssemblyFunction* function = new (NotNull, allocateCell<WebAssemblyFunction>(vm.heap)) WebAssemblyFunction(vm, executable, globalObject, structure, jsEntrypoint, wasmToWasmEntrypointLoadLocation, signatureIndex);
function->finishCreation(vm, executable, length, name, instance);
return function;

0 comments on commit 9d781c5

Please sign in to comment.