RESOLVED FIXED 133952
fix css jit register usage on armv7 
https://bugs.webkit.org/show_bug.cgi?id=133952
Summary fix css jit register usage on armv7
Alex Christensen
Reported 2014-06-16 14:27:23 PDT
I did a few things wrong with registers on armv7 in the css jit. This not only passes the tests, but it doesn't crash when running https://www.webkit.org/blog-files/css-jit-introduction/html5-single-page-microbenchmark.html Also, I'm not sure that my register allocation in modulo for arm64 and armv7 is counted correctly. Does this need to be changed somewhere, too?
Attachments
Patch (4.90 KB, patch)
2014-06-16 14:31 PDT, Alex Christensen 		benjamin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2014-06-16 14:31:59 PDT
Created attachment 233180 [details] Patch
Benjamin Poulain
Comment 2 2014-06-16 17:45:58 PDT
Comment on attachment 233180 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=233180&action=review > Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:1423 > - load32(left, dataTempRegister); > - return branch32(cond, dataTempRegister, right); > + // use addressTempRegister incase the branch32 we call uses dataTempRegister. :-/ > + load32(left, addressTempRegister); > + return branch32(cond, addressTempRegister, right); I don't get this. We know exactly which branch32() we want to use (Jump branch32(RelationalCondition cond, RegisterID left, RegisterID right)). What am I missing? > Source/WebCore/cssjit/SelectorCompiler.cpp:1096 > + // r6 is tempRegister in RegisterAllocator.h and addressTempRegister in MacroAssemblerARMv7.h and must be preserved by the callee. > + prologueRegisters.append(JSC::ARMRegisters::r6); I did not think of that. One more reason I hate the registers implicitly used by the MacroAssembler.
Alex Christensen
Comment 3 2014-06-16 22:58:44 PDT
(In reply to comment #2) > (From update of attachment 233180 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=233180&action=review > > > Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:1423 > > - load32(left, dataTempRegister); > > - return branch32(cond, dataTempRegister, right); > > + // use addressTempRegister incase the branch32 we call uses dataTempRegister. :-/ > > + load32(left, addressTempRegister); > > + return branch32(cond, addressTempRegister, right); > > I don't get this. We know exactly which branch32() we want to use (Jump branch32(RelationalCondition cond, RegisterID left, RegisterID right)). What am I missing? I think you're right. I'll test it in the morning without this change. For some reason I though it was necessary, but now I'm not sure.
Alex Christensen
Comment 4 2014-06-17 10:47:10 PDT
I confirmed that branchPtr is used and works without this change, so I'm committing the non-JavaScriptCore part of this patch.
Alex Christensen
Comment 5 2014-06-17 10:50:34 PDT
http://trac.webkit.org/changeset/170059
Note You need to log in before you can comment on or make changes to this bug.