Bug 133952 - fix css jit register usage on armv7
Summary: fix css jit register usage on armv7
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords:
Depends on:
Blocks: 133961
  Show dependency treegraph
 
Reported: 2014-06-16 14:27 PDT by Alex Christensen
Modified: 2014-06-17 10:50 PDT (History)
1 user (show)

See Also:

Attachments
Patch (4.90 KB, patch)
2014-06-16 14:31 PDT, Alex Christensen 		benjamin: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Christensen 2014-06-16 14:27:23 PDT 
I did a few things wrong with registers on armv7 in the css jit.  This not only passes the tests, but it doesn't crash when running https://www.webkit.org/blog-files/css-jit-introduction/html5-single-page-microbenchmark.html

Also, I'm not sure that my register allocation in modulo for arm64 and armv7 is counted correctly.  Does this need to be changed somewhere, too?
Comment 1 Alex Christensen 2014-06-16 14:31:59 PDT 
Created attachment 233180 [details]
Patch
Comment 2 Benjamin Poulain 2014-06-16 17:45:58 PDT 
Comment on attachment 233180 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=233180&action=review

> Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:1423
> -        load32(left, dataTempRegister);
> -        return branch32(cond, dataTempRegister, right);
> +        // use addressTempRegister incase the branch32 we call uses dataTempRegister. :-/
> +        load32(left, addressTempRegister);
> +        return branch32(cond, addressTempRegister, right);

I don't get this. We know exactly which branch32() we want to use (Jump branch32(RelationalCondition cond, RegisterID left, RegisterID right)). What am I missing?

> Source/WebCore/cssjit/SelectorCompiler.cpp:1096
> +    // r6 is tempRegister in RegisterAllocator.h and addressTempRegister in MacroAssemblerARMv7.h and must be preserved by the callee.
> +    prologueRegisters.append(JSC::ARMRegisters::r6);

I did not think of that. One more reason I hate the registers implicitly used by the MacroAssembler.
Comment 3 Alex Christensen 2014-06-16 22:58:44 PDT 
(In reply to comment #2)
> (From update of attachment 233180 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=233180&action=review
> 
> > Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h:1423
> > -        load32(left, dataTempRegister);
> > -        return branch32(cond, dataTempRegister, right);
> > +        // use addressTempRegister incase the branch32 we call uses dataTempRegister. :-/
> > +        load32(left, addressTempRegister);
> > +        return branch32(cond, addressTempRegister, right);
> 
> I don't get this. We know exactly which branch32() we want to use (Jump branch32(RelationalCondition cond, RegisterID left, RegisterID right)). What am I missing?
I think you're right.  I'll test it in the morning without this change.  For some reason I though it was necessary, but now I'm not sure.
Comment 4 Alex Christensen 2014-06-17 10:47:10 PDT 
I confirmed that branchPtr is used and works without this change, so I'm committing the non-JavaScriptCore part of this patch.
Comment 5 Alex Christensen 2014-06-17 10:50:34 PDT 
http://trac.webkit.org/changeset/170059