Bug 185708

Summary: Baseline op_jtrue emits an insane amount of code
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, ews-watchlist, keith_miller, mark.lam, msaboff, saam, sam, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch fpizlo: review+

Filip Pizlo
Reported 2018-05-16 18:18:52 PDT
This is too much: [ 74] jtrue loc11, 21(->95) 0x7d2769f9871: mov -0x60(%rbp), %rax 0x7d2769f9875: mov %rax, %rsi 0x7d2769f9878: xor $0x6, %rsi 0x7d2769f987c: test $0xfffffffffffffffe, %rsi 0x7d2769f9883: jnz 0x7d2769f9899 0x7d2769f9889: cmp $0x7, %eax 0x7d2769f988c: setz %sil 0x7d2769f9890: movzx %sil, %esi 0x7d2769f9894: jmp 0x7d2769f994a 0x7d2769f9899: test %rax, %r14 0x7d2769f989c: jz 0x7d2769f98e1 0x7d2769f98a2: cmp %r14, %rax 0x7d2769f98a5: jb 0x7d2769f98ba 0x7d2769f98ab: test %eax, %eax 0x7d2769f98ad: setnz %sil 0x7d2769f98b1: movzx %sil, %esi 0x7d2769f98b5: jmp 0x7d2769f994a 0x7d2769f98ba: lea (%r14,%rax), %rsi 0x7d2769f98be: movq %rsi, %xmm0 0x7d2769f98c3: xorps %xmm1, %xmm1 0x7d2769f98c6: ucomisd %xmm1, %xmm0 0x7d2769f98ca: jz 0x7d2769f98da 0x7d2769f98d0: mov $0x1, %esi 0x7d2769f98d5: jmp 0x7d2769f994a 0x7d2769f98da: xor %esi, %esi 0x7d2769f98dc: jmp 0x7d2769f994a 0x7d2769f98e1: test %rax, %r15 0x7d2769f98e4: jnz 0x7d2769f9948 0x7d2769f98ea: cmp $0x1, 0x5(%rax) 0x7d2769f98ee: jnz 0x7d2769f9906 0x7d2769f98f4: mov 0x8(%rax), %esi 0x7d2769f98f7: test %esi, %esi 0x7d2769f98f9: setnz %sil 0x7d2769f98fd: movzx %sil, %esi 0x7d2769f9901: jmp 0x7d2769f994a 0x7d2769f9906: test $0x1, 0x6(%rax) 0x7d2769f990a: jz 0x7d2769f993e 0x7d2769f9910: mov (%rax), %esi 0x7d2769f9912: mov $0x10c5000e8, %rdx 0x7d2769f991c: mov (%rdx), %rdx 0x7d2769f991f: mov (%rdx,%rsi,8), %rsi 0x7d2769f9923: mov $0x10c9dc000, %rdx 0x7d2769f992d: cmp %rdx, 0x18(%rsi) 0x7d2769f9931: jnz 0x7d2769f993e 0x7d2769f9937: xor %esi, %esi 0x7d2769f9939: jmp 0x7d2769f994a 0x7d2769f993e: mov $0x1, %esi 0x7d2769f9943: jmp 0x7d2769f994a 0x7d2769f9948: xor %esi, %esi 0x7d2769f994a: test %esi, %esi 0x7d2769f994c: jnz 0x7d2769f99e6
Attachments
Patch (27.41 KB, patch)
2018-06-01 05:33 PDT, Yusuke Suzuki 		fpizlo: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2018-06-01 05:33:02 PDT
Created attachment 341752 [details] Patch
EWS Watchlist
Comment 2 2018-06-01 05:35:16 PDT
Attachment 341752 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/jit/AssemblyHelpers.h:1761: The parameter name "value" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 1 in 12 files If any of these errors are false positives, please file a bug against check-webkit-style.
Yusuke Suzuki
Comment 3 2018-06-01 05:39:02 PDT
Comment on attachment 341752 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=341752&action=review > Source/JavaScriptCore/ChangeLog:104 > + [ 12] jtrue arg1, 6(->18) > + 0x7f6c8710156c: mov 0x30(%rbp), %rax > + 0x7f6c87101570: test %rax, %r15 > + 0x7f6c87101573: jnz 0x7f6c871015c8 > + 0x7f6c87101579: cmp $0x1, 0x5(%rax) > + 0x7f6c8710157d: jnz 0x7f6c87101592 > + 0x7f6c87101583: cmp $0x0, 0x8(%rax) > + 0x7f6c87101587: jnz 0x7f6c87101623 > + 0x7f6c8710158d: jmp 0x7f6c87101615 > + 0x7f6c87101592: test $0x1, 0x6(%rax) > + 0x7f6c87101596: jz 0x7f6c87101623 > + 0x7f6c8710159c: mov (%rax), %esi > + 0x7f6c8710159e: mov $0x7f6c86f000e0, %rdx > + 0x7f6c871015a8: mov (%rdx), %rdx > + 0x7f6c871015ab: mov (%rdx,%rsi,8), %rsi > + 0x7f6c871015af: mov $0x7f6c867e0000, %rdx > + 0x7f6c871015b9: cmp %rdx, 0x18(%rsi) > + 0x7f6c871015bd: jnz 0x7f6c87101623 > + 0x7f6c871015c3: jmp 0x7f6c87101615 > + 0x7f6c871015c8: cmp %r14, %rax > + 0x7f6c871015cb: jb 0x7f6c871015de > + 0x7f6c871015d1: test %eax, %eax > + 0x7f6c871015d3: jnz 0x7f6c87101623 > + 0x7f6c871015d9: jmp 0x7f6c87101615 > + 0x7f6c871015de: test %rax, %r14 > + 0x7f6c871015e1: jz 0x7f6c87101602 > + 0x7f6c871015e7: lea (%r14,%rax), %rsi > + 0x7f6c871015eb: movq %rsi, %xmm0 > + 0x7f6c871015f0: xorps %xmm1, %xmm1 > + 0x7f6c871015f3: ucomisd %xmm1, %xmm0 > + 0x7f6c871015f7: jz 0x7f6c87101615 > + 0x7f6c871015fd: jmp 0x7f6c87101623 > + 0x7f6c87101602: mov $0x7, %r11 > + 0x7f6c8710160c: cmp %r11, %rax > + 0x7f6c8710160f: jz 0x7f6c87101623 We can reduce this further by, 1. Extracting this as a stub routine and call it from baseline, 2. Split it into fast path / slow path 3. IC But I think this is a good first patch towards reducing this size.
Yusuke Suzuki
Comment 4 2018-06-02 14:13:52 PDT
Committed r232444: <https://trac.webkit.org/changeset/232444>
Radar WebKit Bug Importer
Comment 5 2018-06-02 14:21:19 PDT
<rdar://problem/40750479>
Note You need to log in before you can comment on or make changes to this bug.