Bug 202767

Summary:

GetByVal should use polymorphic access and hook into a status object

Product:

WebKit

Reporter:

Saam Barati <saam>

Component:

JavaScriptCore

Assignee:

Saam Barati <saam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

benjamin, commit-queue, ews-watchlist, fpizlo, ggaren, gskachkov, guijemont, keith_miller, mark.lam, msaboff, rmorisset, ticaiolima, tzagallo, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

203693

Bug Blocks:

203865, 203866, 204082, 204392

Attachments:

Description	Flags
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	none
WIP	ews-watchlist: commit-queue-
Archive of layout-test-results from ews214 for win-future	none
WIP	none
WIP	none
patch	none
patch	none
patch	none
patch	none
patch	none
patch	none
patch	none
patch	keith_miller: review+
patch for landing	none
patch for landing	none
Patch	none

Saam Barati

Reported 2019-10-09 15:06:22 PDT

...

Attachments
WIP (56.61 KB, patch) 2019-11-05 19:28 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (99.25 KB, patch) 2019-11-06 15:37 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (99.79 KB, patch) 2019-11-06 16:43 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (108.68 KB, patch) 2019-11-06 19:04 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (108.68 KB, patch) 2019-11-06 19:22 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (116.86 KB, patch) 2019-11-07 19:01 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (126.46 KB, patch) 2019-11-08 11:28 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (129.79 KB, patch) 2019-11-08 14:10 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (135.17 KB, patch) 2019-11-08 17:22 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (138.22 KB, patch) 2019-11-08 18:37 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (139.67 KB, patch) 2019-11-11 12:10 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (148.63 KB, patch) 2019-11-11 14:35 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (148.81 KB, patch) 2019-11-11 15:08 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (151.44 KB, patch) 2019-11-11 18:32 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (150.77 KB, patch) 2019-11-11 19:16 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (151.42 KB, patch) 2019-11-12 10:54 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (179.33 KB, patch) 2019-11-12 16:38 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (271.73 KB, patch) 2019-11-12 18:00 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (280.07 KB, patch) 2019-11-13 17:19 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (280.07 KB, patch) 2019-11-13 17:49 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (284.43 KB, patch) 2019-11-13 19:10 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (299.77 KB, patch) 2019-11-13 19:31 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (306.58 KB, patch) 2019-11-14 19:00 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (306.58 KB, patch) 2019-11-14 19:07 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (306.80 KB, patch) 2019-11-14 19:18 PST, Saam Barati	ews-watchlist: commit-queue-	Details Formatted Diff Diff
Archive of layout-test-results from ews214 for win-future (14.83 MB, application/zip) 2019-11-14 23:37 PST, EWS Watchlist	no flags	Details
WIP (317.92 KB, patch) 2019-11-15 16:41 PST, Saam Barati	no flags	Details Formatted Diff Diff
WIP (317.79 KB, patch) 2019-11-18 17:01 PST, Saam Barati	no flags	Details Formatted Diff Diff
patch (334.20 KB, patch) 2019-11-18 17:45 PST, Saam Barati	no flags	Details Formatted Diff Diff
patch (334.63 KB, patch) 2019-11-18 17:50 PST, Saam Barati	no flags	Details Formatted Diff Diff
patch (334.41 KB, patch) 2019-11-18 17:56 PST, Saam Barati	no flags	Details Formatted Diff Diff
patch (334.40 KB, patch) 2019-11-18 17:59 PST, Saam Barati	no flags	Details Formatted Diff Diff
patch (334.37 KB, patch) 2019-11-18 18:02 PST, Saam Barati	no flags	Details Formatted Diff Diff
patch (334.37 KB, patch) 2019-11-18 18:19 PST, Saam Barati	no flags	Details Formatted Diff Diff
patch (334.51 KB, patch) 2019-11-19 12:06 PST, Saam Barati	no flags	Details Formatted Diff Diff
patch (334.51 KB, patch) 2019-11-19 13:50 PST, Saam Barati	keith_miller: review+	Details Formatted Diff Diff
patch for landing (344.11 KB, patch) 2019-11-19 19:11 PST, Saam Barati	no flags	Details Formatted Diff Diff
patch for landing (343.96 KB, patch) 2019-11-19 19:13 PST, Saam Barati	no flags	Details Formatted Diff Diff
Patch (22.88 KB, patch) 2019-11-21 11:04 PST, Caio Lima	no flags	Details Formatted Diff Diff
Show Obsolete (38) View All Add attachment proposed patch, testcase, etc.

Saam Barati

Comment 1 2019-11-05 19:28:16 PST

Created attachment 382886 [details] WIP

Saam Barati

Comment 2 2019-11-06 15:37:02 PST

Created attachment 382970 [details] WIP

Saam Barati

Comment 3 2019-11-06 16:43:08 PST

Created attachment 382983 [details] WIP it cached some things

Saam Barati

Comment 4 2019-11-06 19:04:24 PST

Created attachment 383005 [details] WIP

Saam Barati

Comment 5 2019-11-06 19:22:57 PST

Created attachment 383011 [details] WIP

Saam Barati

Comment 6 2019-11-07 19:01:53 PST

Created attachment 383103 [details] WIP Works for strings and array loads. Need to do: - arguments object loads - typed array loads - string[index] loads

Saam Barati

Comment 7 2019-11-08 11:28:15 PST

Created attachment 383147 [details] WIP

Saam Barati

Comment 8 2019-11-08 14:10:31 PST

Created attachment 383163 [details] WIP scoped/direct arguments loads work now

Saam Barati

Comment 9 2019-11-08 17:22:29 PST

Created attachment 383185 [details] WIP Implemented direct/scoped argumetns Implemented typed arrays Going to do strings next

Saam Barati

Comment 10 2019-11-08 18:37:10 PST

Created attachment 383191 [details] WIP ok, I think all the ICs are implemented. What's left to do: 1. make DFG/FTL emit this inline cache 2. hook into the status objects

Saam Barati

Comment 11 2019-11-11 12:10:58 PST

Created attachment 383286 [details] WIP Now handles symbol properties

Saam Barati

Comment 12 2019-11-11 14:35:32 PST

Created attachment 383300 [details] WIP piping it through DFG/FTL

Saam Barati

Comment 13 2019-11-11 15:08:24 PST

Created attachment 383305 [details] WIP I think it now works in all the tiers.

Saam Barati

Comment 14 2019-11-11 18:32:52 PST

Created attachment 383329 [details] WIP Fixed a bug where we did the wrong thing by loading a union member and used the wrong |this| :-(

Saam Barati

Comment 15 2019-11-11 19:16:16 PST

Created attachment 383332 [details] WIP

Saam Barati

Comment 16 2019-11-12 10:54:57 PST

Created attachment 383366 [details] WIP Ok, it seems to pass all tests. Now I need to hook it into a status object and then I think it could be done

Saam Barati

Comment 17 2019-11-12 16:38:53 PST

Created attachment 383402 [details] WIP GetByIdStatus is starting to work

Saam Barati

Comment 18 2019-11-12 18:00:15 PST

Created attachment 383416 [details] WIP some renaming

Saam Barati

Comment 19 2019-11-13 17:19:00 PST

Created attachment 383524 [details] WIP It's almost done. Just looking into a bug that only happens with the concurrent JIT.

Saam Barati

Comment 20 2019-11-13 17:49:52 PST

Created attachment 383529 [details] WIP

Saam Barati

Comment 21 2019-11-13 19:10:33 PST

Created attachment 383534 [details] WIP

Saam Barati

Comment 22 2019-11-13 19:31:03 PST

Created attachment 383535 [details] WIP

Saam Barati

Comment 23 2019-11-14 19:00:49 PST

Created attachment 383592 [details] WIP might be done. Just need to clean a few things up.

Saam Barati

Comment 24 2019-11-14 19:07:43 PST

Created attachment 383594 [details] WIP test EWS

Saam Barati

Comment 25 2019-11-14 19:18:32 PST

Created attachment 383595 [details] WIP

EWS Watchlist

Comment 26 2019-11-14 23:37:37 PST

Comment on attachment 383595 [details] WIP Attachment 383595 [details] did not pass win-ews (win): Output: https://webkit-queues.webkit.org/results/13257609 New failing tests: animations/no-style-recalc-during-accelerated-animation.html fast/workers/worker-cloneport.html

EWS Watchlist

Comment 27 2019-11-14 23:37:41 PST

Created attachment 383604 [details] Archive of layout-test-results from ews214 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews214 Port: win-future Platform: CYGWIN_NT-10.0-17763-3.0.5-338.x86_64-x86_64-64bit

Saam Barati

Comment 28 2019-11-15 12:29:55 PST

It’s neutral on JetStream2. Testing Speedometer2 now

Saam Barati

Comment 29 2019-11-15 15:51:45 PST

Seems like it's a 1% speedo2 regression. Investigating...

Saam Barati

Comment 30 2019-11-15 16:41:52 PST

Created attachment 383664 [details] WIP

Saam Barati

Comment 31 2019-11-18 12:20:17 PST

I think I have fixed the speedometer2 regression

Saam Barati

Comment 32 2019-11-18 17:01:23 PST

Created attachment 383810 [details] WIP

Saam Barati

Comment 33 2019-11-18 17:45:05 PST

Created attachment 383819 [details] patch

Saam Barati

Comment 34 2019-11-18 17:50:03 PST

Created attachment 383821 [details] patch

Saam Barati

Comment 35 2019-11-18 17:50:40 PST

I have some tests and microbenchmarks I will upload in a bit, but this patch is ready to be reviewed

Saam Barati

Comment 36 2019-11-18 17:52:26 PST

rebasing now

Saam Barati

Comment 37 2019-11-18 17:56:45 PST

Created attachment 383822 [details] patch rebased

Saam Barati

Comment 38 2019-11-18 17:59:24 PST

Created attachment 383824 [details] patch

Saam Barati

Comment 39 2019-11-18 18:02:33 PST

Created attachment 383826 [details] patch

Saam Barati

Comment 40 2019-11-18 18:19:32 PST

Created attachment 383831 [details] patch fix scoped arguments part after index masking being rolled out

Saam Barati

Comment 41 2019-11-19 12:06:08 PST

Created attachment 383892 [details] patch

Saam Barati

Comment 42 2019-11-19 12:07:15 PST

Comment on attachment 383892 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=383892&action=review > Source/JavaScriptCore/bytecode/GetByStatus.cpp:345 > - for (ICStatusContext* context : icContextStack) { > + if (icContextStack.size()) { this old code seems clearly wrong. We're asking about ICs from the top most frame in random inline call frames (including possible doing OOB access on the instruction stream!). I'll verify with Phil if perhaps I'm missing something and there are cases where this helps.

Saam Barati

Comment 43 2019-11-19 13:50:32 PST

Created attachment 383901 [details] patch remove bad debug assert I forgot to delete

Keith Miller

Comment 44 2019-11-19 14:41:22 PST

Comment on attachment 383892 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=383892&action=review r=me with some comments. > Source/JavaScriptCore/bytecode/AccessCase.cpp:734 > + jit.loadPtr(MacroAssembler::Address(propertyGPR, JSString::offsetOfValue()), scratchGPR); How do we know the string is uniqued? Do we always unique strings? Or do we always hit the slow path? > Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp:464 > + for (auto& accessCase : cases) { > + if (accessCase->needsScratchFPR()) { > + state.scratchFPR = allocator.allocateScratchFPR(); > + break; > + } > + } I doubt it matters but it seems like this could be a bit on the PolymorphicAccess itself.

Saam Barati

Comment 45 2019-11-19 14:51:35 PST

Comment on attachment 383892 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=383892&action=review >> Source/JavaScriptCore/bytecode/AccessCase.cpp:734 >> + jit.loadPtr(MacroAssembler::Address(propertyGPR, JSString::offsetOfValue()), scratchGPR); > > How do we know the string is uniqued? Do we always unique strings? Or do we always hit the slow path? We know it's a unique string because it'll be pointer equal to the cached string of the access case. If it's not unique, we'll hit the slow path. (AccessCase stores a ref to a uniqued string implies) >> Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp:464 >> + } > > I doubt it matters but it seems like this could be a bit on the PolymorphicAccess itself. I don't think that's quite right, since this depends on the cases, which may change for the same polymorphic access instance.

Saam Barati

Comment 46 2019-11-19 19:11:16 PST

Created attachment 383936 [details] patch for landing

Saam Barati

Comment 47 2019-11-19 19:13:04 PST

Created attachment 383937 [details] patch for landing

WebKit Commit Bot

Comment 48 2019-11-19 21:53:49 PST

Comment on attachment 383937 [details] patch for landing Clearing flags on attachment: 383937 Committed r252684: <https://trac.webkit.org/changeset/252684>

WebKit Commit Bot

Comment 49 2019-11-19 21:53:52 PST

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 50 2019-11-19 21:54:25 PST

<rdar://problem/57348889>

Caio Lima

Comment 51 2019-11-21 11:04:54 PST

Reopening to attach new patch.

Caio Lima

Comment 52 2019-11-21 11:04:58 PST

Created attachment 384073 [details] Patch

Saam Barati

Comment 53 2019-11-21 11:15:03 PST

(In reply to Caio Lima from comment #52) > Created attachment 384073 [details] > Patch can we use a different bug for this?

Caio Lima

Comment 54 2019-11-21 11:47:50 PST

Comment on attachment 384073 [details] Patch Oops, uploaded to the wrong bug...

Note You need to log in before you can comment on or make changes to this bug.