Bug 212734 - Reduce DFGDoesGCCheck to only storing a uint32_t.
Summary: Reduce DFGDoesGCCheck to only storing a uint32_t.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Mark Lam
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-06-04 02:22 PDT by Paulo Matos
Modified: 2020-06-04 12:55 PDT (History)
8 users (show)

See Also:

Attachments
Patch (4.49 KB, patch)
2020-06-04 02:26 PDT, Paulo Matos 		no flags Details | Formatted Diff | Diff
Patch (4.59 KB, patch)
2020-06-04 04:10 PDT, Paulo Matos 		no flags Details | Formatted Diff | Diff
Patch (5.60 KB, patch)
2020-06-04 04:52 PDT, Paulo Matos 		no flags Details | Formatted Diff | Diff
Patch (5.66 KB, patch)
2020-06-04 07:39 PDT, Paulo Matos 		mark.lam: review-
Details | Formatted Diff | Diff
proposed patch. (12.38 KB, patch)
2020-06-04 09:56 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
proposed patch. (12.46 KB, patch)
2020-06-04 10:29 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
proposed patch. (12.47 KB, patch)
2020-06-04 10:31 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
proposed patch. (13.27 KB, patch)
2020-06-04 10:51 PDT, Mark Lam 		no flags Details | Formatted Diff | Diff
proposed patch. (13.26 KB, patch)
2020-06-04 10:54 PDT, Mark Lam 		saam: review+
Details | Formatted Diff | Diff
Show Obsolete (8) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paulo Matos 2020-06-04 02:22:16 PDT 
Port DFGDoesGCCheck to 32 bits
Comment 1 Paulo Matos 2020-06-04 02:26:40 PDT 
Created attachment 401009 [details]
Patch
Comment 2 Caio Lima 2020-06-04 03:15:01 PDT 
Comment on attachment 401009 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401009&action=review

> Source/JavaScriptCore/dfg/DFGDoesGCCheck.h:130
> +    static constexpr unsigned nodeIndexShift = 16;

Is 8 bits enough to encode nodeOp?

> Source/JavaScriptCore/dfg/DFGDoesGCCheck.h:133
> +    static constexpr unsigned specialMask = 0x7fff;

Is this correct? This mask seems to be ok when we have 15 bits to store special, but here we only have 7.

> Source/JavaScriptCore/dfg/DFGDoesGCCheck.h:134
> +    static constexpr unsigned nodeOpMask = 0xffff;

The  same applies here.
Comment 3 Caio Lima 2020-06-04 03:43:38 PDT 
Comment on attachment 401009 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401009&action=review

> Source/JavaScriptCore/dfg/DFGDoesGCCheck.h:66
> +#else

Wouldn't be possible to use `size_t` and avoid this divergence from 32-bits and 64-bits?

>> Source/JavaScriptCore/dfg/DFGDoesGCCheck.h:130
>> +    static constexpr unsigned nodeIndexShift = 16;
> 
> Is 8 bits enough to encode nodeOp?

For reference, `Node::op` into `dfg/DFGNode.h` uses 10 bits.
Comment 4 Caio Lima 2020-06-04 04:10:03 PDT 
I'm also checking that we don't have a proper setup of doesGC into `dfg/DFGSpeculativeJIT32_64.cpp` like we have for `dfg/DFGSpeculativeJIT64.cpp` into `SpeculativeJIT::compile(Node* node)`. It would be necessary to include this for proper 32-bits support.
Comment 5 Paulo Matos 2020-06-04 04:10:23 PDT 
Created attachment 401013 [details]
Patch
Comment 6 Paulo Matos 2020-06-04 04:11:09 PDT 
(In reply to Caio Lima from comment #3)
> Comment on attachment 401009 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=401009&action=review
> 
> > Source/JavaScriptCore/dfg/DFGDoesGCCheck.h:66
> > +#else
> 
> Wouldn't be possible to use `size_t` and avoid this divergence from 32-bits
> and 64-bits?
> 
> >> Source/JavaScriptCore/dfg/DFGDoesGCCheck.h:130
> >> +    static constexpr unsigned nodeIndexShift = 16;
> > 
> > Is 8 bits enough to encode nodeOp?
> 
> For reference, `Node::op` into `dfg/DFGNode.h` uses 10 bits.

Thanks for the comments - I have addressed this. Now nodeOp has 15 bits available.
Comment 7 Paulo Matos 2020-06-04 04:12:03 PDT 
(In reply to Caio Lima from comment #4)
> I'm also checking that we don't have a proper setup of doesGC into
> `dfg/DFGSpeculativeJIT32_64.cpp` like we have for
> `dfg/DFGSpeculativeJIT64.cpp` into `SpeculativeJIT::compile(Node* node)`. It
> would be necessary to include this for proper 32-bits support.

I hadn't noticed that - I will take a look.
Comment 8 Paulo Matos 2020-06-04 04:52:20 PDT 
Created attachment 401014 [details]
Patch
Comment 9 Mark Lam 2020-06-04 07:27:37 PDT 
Comment on attachment 401014 [details]
Patch

r- because this appears to be breaking the build (see mac-debug bot).  I also have an alternate solution which I'll try to upload later today.
Comment 10 Paulo Matos 2020-06-04 07:39:44 PDT 
Created attachment 401022 [details]
Patch
Comment 11 Paulo Matos 2020-06-04 07:40:26 PDT 
(In reply to Mark Lam from comment #9)
> Comment on attachment 401014 [details]
> Patch
> 
> r- because this appears to be breaking the build (see mac-debug bot).  I
> also have an alternate solution which I'll try to upload later today.

Yes, I forgot to define a variable for 64bit. Now added new patch which should fix it.
Comment 12 Mark Lam 2020-06-04 08:07:26 PDT 
Comment on attachment 401022 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=401022&action=review

There is some value in this patch, but the 32-bit encoding is just wrong and won't work.  As I said before, I already have a patch brewing that will solve the 32-bit encoding problem.  Since the build is no longer breaking, can you wait for my patch?

> Source/JavaScriptCore/ChangeLog:10
> +        This change implements a port of the initial patch for 32bits. As it stands, 32bits ports
> +        are not compiling.

It's no longer true the 32-bits ports are not compiling.  Can you remove this?

> Source/JavaScriptCore/dfg/DFGDoesGCCheck.h:50
> +    static size_t encode(bool expectDoesGC, unsigned nodeIndex, unsigned nodeOp)

size_t is the wrong type to use here.  This can break the build for the arm64_32 port.  I recommend that you add the following at the top of this struct:

#if USE(JSVALUE64)
using EncodedWord = uint64_t;
#else
using EncodedWord = uint32_t;
#endif

... and use EncodedWord here instead of size_t.

> Source/JavaScriptCore/dfg/DFGDoesGCCheck.h:67
> -
> +    

please undo this.

> Source/JavaScriptCore/dfg/DFGDoesGCCheck.h:114
> +    static constexpr unsigned specialShift = 1;
> +    static constexpr unsigned nodeOpShift = 1;

This is wrong.  Based on the present encoding, the special section will collide with the nodeOp section, and you will get non-sensical results from the doesGC error messages.
Comment 13 Paulo Matos 2020-06-04 08:09:20 PDT 
(In reply to Mark Lam from comment #12)
> Comment on attachment 401022 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=401022&action=review
> 
> There is some value in this patch, but the 32-bit encoding is just wrong and
> won't work.  As I said before, I already have a patch brewing that will
> solve the 32-bit encoding problem.  Since the build is no longer breaking,
> can you wait for my patch?
> 

Thanks for the comments - I will wait for your patch as per your suggestion.
Comment 14 Mark Lam 2020-06-04 09:56:26 PDT 
Created attachment 401030 [details]
proposed patch.
Comment 15 Mark Lam 2020-06-04 10:29:05 PDT 
Created attachment 401037 [details]
proposed patch.
Comment 16 Mark Lam 2020-06-04 10:31:18 PDT 
Created attachment 401038 [details]
proposed patch.
Comment 17 Mark Lam 2020-06-04 10:51:09 PDT 
Created attachment 401042 [details]
proposed patch.
Comment 18 Mark Lam 2020-06-04 10:54:30 PDT 
Created attachment 401043 [details]
proposed patch.
Comment 19 Caio Lima 2020-06-04 12:00:10 PDT 
Comment on attachment 401043 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=401043&action=review

Informal r+ with comments. I tested compiling 32-bits locally (queue is not going to process it anytime soon) and both Release and Debug build if we  just add `#include "DFGDoesGC.h"` in `DFGSpeculativeJIT32_64.cpp`.

> Source/JavaScriptCore/dfg/DFGDoesGCCheck.cpp:45
> +    // We do this chck here just so we don't have to #include DFGNodeType.h

typo: s/chck/check/

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:1810
> +        bool expectDoesGC = doesGC(m_jit.graph(), node);

We are missing `#include "DFGDoesGC.h"` into this file. I tested the patch locally and it is causing compilation error.
Comment 20 Saam Barati 2020-06-04 12:27:26 PDT 
Comment on attachment 401043 [details]
proposed patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=401043&action=review

> Source/JavaScriptCore/ChangeLog:28
> +        This patch also makes ENABLE_DFG_DOES_GC_VALIDATION dependent on ENABLE(DFG_JIT).

can we also add a runtime flag for this to make it easy not to clutter the emitted assembly on debug builds?
Comment 21 Mark Lam 2020-06-04 12:35:22 PDT 
(In reply to Saam Barati from comment #20)
> Comment on attachment 401043 [details]
> proposed patch.
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=401043&action=review
> 
> > Source/JavaScriptCore/ChangeLog:28
> > +        This patch also makes ENABLE_DFG_DOES_GC_VALIDATION dependent on ENABLE(DFG_JIT).
> 
> can we also add a runtime flag for this to make it easy not to clutter the
> emitted assembly on debug builds?

I'll do this in a separate patch.  Thanks.
Comment 22 Mark Lam 2020-06-04 12:54:54 PDT 
Thanks for the reviews.  Landing in r262562: <http://trac.webkit.org/r262562>.
Comment 23 Radar WebKit Bug Importer 2020-06-04 12:55:23 PDT 
<rdar://problem/63991469>