Bug 82986

Summary: jsr/sret should be removed
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: yong.li.webkit
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch
none
the patch sam: review+

Filip Pizlo
Reported 2012-04-02 17:20:07 PDT
And replaced by inlining of finally blocks wherever we would have done jsr. That makes the code easier to compile, should have no effect on performance or memory usage, and should allow us to kill off a lot of code. Not to mention, it will preempt any bugs from OSR during execution of a finally block. LLInt uses the virtual PC for the subroutine return, while the JIT uses the machine PC.
Attachments
the patch (17.11 KB, patch)
2012-04-02 17:23 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (21.89 KB, patch)
2012-04-03 20:13 PDT, Filip Pizlo 		sam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2012-04-02 17:23:46 PDT
Created attachment 135240 [details] the patch
Filip Pizlo
Comment 2 2012-04-02 17:35:32 PDT
Comment on attachment 135240 [details] the patch Reviewed by Geoff in person.
Filip Pizlo
Comment 3 2012-04-03 20:13:26 PDT
Created attachment 135495 [details] the patch The previous patch failed to save/restore the correct state for finally inlining. For example: try { switch (foo) { case blah: return bar; } } finally { break; } Since the finally block was emitted inline in the return, the break would break us out of the switch. Other similarly horrible things would happen with scope depth and the finally depth, etc.
Geoffrey Garen
Comment 4 2012-04-03 20:30:00 PDT
Comment on attachment 135495 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=135495&action=review emitComplexJumpScopes is maybe not my favorite function. r=me > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2177 > + while (m_labelScopes.size() > finallyContext.labelScopesSize) > + m_labelScopes.removeLast(); m_labelScopes.shrink(finallyContext.labelScopesSize) should suffice here.
Filip Pizlo
Comment 5 2012-04-03 20:35:06 PDT
(In reply to comment #4) > (From update of attachment 135495 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=135495&action=review > > emitComplexJumpScopes is maybe not my favorite function. > > r=me > > > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2177 > > + while (m_labelScopes.size() > finallyContext.labelScopesSize) > > + m_labelScopes.removeLast(); > > m_labelScopes.shrink(finallyContext.labelScopesSize) should suffice here. SegmentedVector is shrinkless!
Filip Pizlo
Comment 6 2012-04-03 21:26:41 PDT
Landed in http://trac.webkit.org/changeset/113136
Yong Li
Comment 7 2012-06-07 13:48:32 PDT
This commit gives >4% penalty on sunspider for me, tested on QNX without DFG turned on. Any idea?
Filip Pizlo
Comment 8 2012-06-07 14:07:15 PDT
(In reply to comment #7) > This commit gives >4% penalty on sunspider for me, tested on QNX without DFG turned on. Any idea? I don't remember this being a regression. I will retest.
Filip Pizlo
Comment 9 2012-06-07 17:23:42 PDT
(In reply to comment #8) > (In reply to comment #7) > > This commit gives >4% penalty on sunspider for me, tested on QNX without DFG turned on. Any idea? > > I don't remember this being a regression. I will retest. I reran all benchmarks on this change set. There is no difference for me.
Note You need to log in before you can comment on or make changes to this bug.