185708 – Baseline op_jtrue emits an insane amount of code

Bug 185708 - Baseline op_jtrue emits an insane amount of code

Summary: Baseline op_jtrue emits an insane amount of code

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	WebKit Nightly Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Yusuke Suzuki

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-05-16 18:18 PDT by Filip Pizlo
Modified:	2018-06-02 16:03 PDT (History)
CC List:	9 users (show)

See Also:

Attachments
Patch (27.41 KB, patch) 2018-06-01 05:33 PDT, Yusuke Suzuki	fpizlo: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Filip Pizlo 2018-05-16 18:18:52 PDT

This is too much:

    [  74] jtrue             loc11, 21(->95)
           0x7d2769f9871: mov -0x60(%rbp), %rax
           0x7d2769f9875: mov %rax, %rsi
           0x7d2769f9878: xor $0x6, %rsi
           0x7d2769f987c: test $0xfffffffffffffffe, %rsi
           0x7d2769f9883: jnz 0x7d2769f9899
           0x7d2769f9889: cmp $0x7, %eax
           0x7d2769f988c: setz %sil
           0x7d2769f9890: movzx %sil, %esi
           0x7d2769f9894: jmp 0x7d2769f994a
           0x7d2769f9899: test %rax, %r14
           0x7d2769f989c: jz 0x7d2769f98e1
           0x7d2769f98a2: cmp %r14, %rax
           0x7d2769f98a5: jb 0x7d2769f98ba
           0x7d2769f98ab: test %eax, %eax
           0x7d2769f98ad: setnz %sil
           0x7d2769f98b1: movzx %sil, %esi
           0x7d2769f98b5: jmp 0x7d2769f994a
           0x7d2769f98ba: lea (%r14,%rax), %rsi
           0x7d2769f98be: movq %rsi, %xmm0
           0x7d2769f98c3: xorps %xmm1, %xmm1
           0x7d2769f98c6: ucomisd %xmm1, %xmm0
           0x7d2769f98ca: jz 0x7d2769f98da
           0x7d2769f98d0: mov $0x1, %esi
           0x7d2769f98d5: jmp 0x7d2769f994a
           0x7d2769f98da: xor %esi, %esi
           0x7d2769f98dc: jmp 0x7d2769f994a
           0x7d2769f98e1: test %rax, %r15
           0x7d2769f98e4: jnz 0x7d2769f9948
           0x7d2769f98ea: cmp $0x1, 0x5(%rax)
           0x7d2769f98ee: jnz 0x7d2769f9906
           0x7d2769f98f4: mov 0x8(%rax), %esi
           0x7d2769f98f7: test %esi, %esi
           0x7d2769f98f9: setnz %sil
           0x7d2769f98fd: movzx %sil, %esi
           0x7d2769f9901: jmp 0x7d2769f994a
           0x7d2769f9906: test $0x1, 0x6(%rax)
           0x7d2769f990a: jz 0x7d2769f993e
           0x7d2769f9910: mov (%rax), %esi
           0x7d2769f9912: mov $0x10c5000e8, %rdx
           0x7d2769f991c: mov (%rdx), %rdx
           0x7d2769f991f: mov (%rdx,%rsi,8), %rsi
           0x7d2769f9923: mov $0x10c9dc000, %rdx
           0x7d2769f992d: cmp %rdx, 0x18(%rsi)
           0x7d2769f9931: jnz 0x7d2769f993e
           0x7d2769f9937: xor %esi, %esi
           0x7d2769f9939: jmp 0x7d2769f994a
           0x7d2769f993e: mov $0x1, %esi
           0x7d2769f9943: jmp 0x7d2769f994a
           0x7d2769f9948: xor %esi, %esi
           0x7d2769f994a: test %esi, %esi
           0x7d2769f994c: jnz 0x7d2769f99e6

Comment 1 Yusuke Suzuki 2018-06-01 05:33:02 PDT

Created attachment 341752 [details]
Patch

Comment 2 EWS Watchlist 2018-06-01 05:35:16 PDT

Attachment 341752 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/jit/AssemblyHelpers.h:1761:  The parameter name "value" adds no information, so it should be removed.  [readability/parameter_name] [5]
Total errors found: 1 in 12 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 3 Yusuke Suzuki 2018-06-01 05:39:02 PDT

Comment on attachment 341752 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=341752&action=review

> Source/JavaScriptCore/ChangeLog:104
> +        [  12] jtrue             arg1, 6(->18)
> +              0x7f6c8710156c: mov 0x30(%rbp), %rax
> +              0x7f6c87101570: test %rax, %r15
> +              0x7f6c87101573: jnz 0x7f6c871015c8
> +              0x7f6c87101579: cmp $0x1, 0x5(%rax)
> +              0x7f6c8710157d: jnz 0x7f6c87101592
> +              0x7f6c87101583: cmp $0x0, 0x8(%rax)
> +              0x7f6c87101587: jnz 0x7f6c87101623
> +              0x7f6c8710158d: jmp 0x7f6c87101615
> +              0x7f6c87101592: test $0x1, 0x6(%rax)
> +              0x7f6c87101596: jz 0x7f6c87101623
> +              0x7f6c8710159c: mov (%rax), %esi
> +              0x7f6c8710159e: mov $0x7f6c86f000e0, %rdx
> +              0x7f6c871015a8: mov (%rdx), %rdx
> +              0x7f6c871015ab: mov (%rdx,%rsi,8), %rsi
> +              0x7f6c871015af: mov $0x7f6c867e0000, %rdx
> +              0x7f6c871015b9: cmp %rdx, 0x18(%rsi)
> +              0x7f6c871015bd: jnz 0x7f6c87101623
> +              0x7f6c871015c3: jmp 0x7f6c87101615
> +              0x7f6c871015c8: cmp %r14, %rax
> +              0x7f6c871015cb: jb 0x7f6c871015de
> +              0x7f6c871015d1: test %eax, %eax
> +              0x7f6c871015d3: jnz 0x7f6c87101623
> +              0x7f6c871015d9: jmp 0x7f6c87101615
> +              0x7f6c871015de: test %rax, %r14
> +              0x7f6c871015e1: jz 0x7f6c87101602
> +              0x7f6c871015e7: lea (%r14,%rax), %rsi
> +              0x7f6c871015eb: movq %rsi, %xmm0
> +              0x7f6c871015f0: xorps %xmm1, %xmm1
> +              0x7f6c871015f3: ucomisd %xmm1, %xmm0
> +              0x7f6c871015f7: jz 0x7f6c87101615
> +              0x7f6c871015fd: jmp 0x7f6c87101623
> +              0x7f6c87101602: mov $0x7, %r11
> +              0x7f6c8710160c: cmp %r11, %rax
> +              0x7f6c8710160f: jz 0x7f6c87101623

We can reduce this further by,

1. Extracting this as a stub routine and call it from baseline,
2. Split it into fast path / slow path
3. IC

But I think this is a good first patch towards reducing this size.

Comment 4 Yusuke Suzuki 2018-06-02 14:13:52 PDT

Committed r232444: <https://trac.webkit.org/changeset/232444>

Comment 5 Radar WebKit Bug Importer 2018-06-02 14:21:19 PDT

<rdar://problem/40750479>