Bug 204082

Summary: Implement GetByVal inline caching for 32-bit JITs
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Caio Lima <ticaiolima>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, fpizlo, ggaren, gskachkov, guijemont, jsc32, keith_miller, mark.lam, msaboff, rmorisset, ticaiolima, tzagallo, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 202767    
Bug Blocks:    
Attachments:
Description Flags
WIP - Patch
none
WIP - Patch
none
WIP - Patch
none
Patch
none
Patch
none
Patch none

Description Saam Barati 2019-11-11 13:27:44 PST 
In https://bugs.webkit.org/show_bug.cgi?id=202767, I'm going to implement it for 64-bit. It should be easy to make it work on 32-bit JIT too.
Comment 1 Caio Lima 2019-11-19 15:09:54 PST 
Created attachment 383912 [details]
WIP - Patch

It starts the implementation. It is only supporting Baseline IC generation, however the IC code generated is not working on 32-bits yet.
Comment 2 Caio Lima 2019-11-20 15:34:11 PST 
Created attachment 383995 [details]
WIP - Patch

This is implementing GetByVal IC into 32-bits.
Comment 3 Caio Lima 2019-11-20 15:35:17 PST 
Created attachment 383996 [details]
WIP - Patch

Oops, wrong patch.
Comment 4 Caio Lima 2019-11-21 11:49:33 PST 
Created attachment 384078 [details]
Patch
Comment 5 Caio Lima 2019-11-25 04:51:40 PST 
Created attachment 384290 [details]
Patch
Comment 6 Saam Barati 2019-11-30 16:36:39 PST 
Comment on attachment 384290 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=384290&action=review

Nice. r=me

> Source/JavaScriptCore/bytecode/StructureStubInfo.h:223
>          GPRReg baseTagGPR;

This isn’t your patch, but I wonder why this is needed. I think all users of StructureStubInfo branch around the base being a cell. But it might be worth looking at to verify and perhaps remove in the future.

> Source/JavaScriptCore/bytecode/StructureStubInfo.h:224
> +        union {

Why not put this in “u”?
Comment 7 Caio Lima 2019-12-01 07:16:03 PST 
Comment on attachment 384290 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=384290&action=review

Thank you very much for the review!

>> Source/JavaScriptCore/bytecode/StructureStubInfo.h:223
>>          GPRReg baseTagGPR;
> 
> This isn’t your patch, but I wonder why this is needed. I think all users of StructureStubInfo branch around the base being a cell. But it might be worth looking at to verify and perhaps remove in the future.

I think you are right here. I didn't check in a lot of places, but I do't remember a case where this is used, since all `JIT*InlineCacheGenerator` I saw was using `JSValueRegs::payloadOnly`. I created https://bugs.webkit.org/show_bug.cgi?id=204726 to care of it.

>> Source/JavaScriptCore/bytecode/StructureStubInfo.h:224
>> +        union {
> 
> Why not put this in “u”?

"u" is already being used by `thisPayloadGPR` and `propertyPayloadGPR`. If we would like to only have `u`, I think we can use `std::pair` or other structure, but I can't see how it would improve code quality.
Comment 8 Caio Lima 2019-12-01 08:02:58 PST 
Created attachment 384573 [details]
Patch
Comment 9 WebKit Commit Bot 2019-12-01 18:54:19 PST 
Comment on attachment 384573 [details]
Patch

Clearing flags on attachment: 384573

Committed r252974: <https://trac.webkit.org/changeset/252974>
Comment 10 WebKit Commit Bot 2019-12-01 18:54:21 PST 
All reviewed patches have been landed.  Closing bug.
Comment 11 Radar WebKit Bug Importer 2019-12-01 18:55:19 PST 
<rdar://problem/57548177>