Bug 82986 - jsr/sret should be removed
Summary: jsr/sret should be removed
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-02 17:20 PDT by Filip Pizlo
Modified: 2012-06-07 17:23 PDT (History)
1 user (show)

See Also:

Attachments
the patch (17.11 KB, patch)
2012-04-02 17:23 PDT, Filip Pizlo 		no flags Details | Formatted Diff | Diff
the patch (21.89 KB, patch)
2012-04-03 20:13 PDT, Filip Pizlo 		sam: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2012-04-02 17:20:07 PDT 
And replaced by inlining of finally blocks wherever we would have done jsr.

That makes the code easier to compile, should have no effect on performance or memory usage, and should allow us to kill off a lot of code.

Not to mention, it will preempt any bugs from OSR during execution of a finally block.  LLInt uses the virtual PC for the subroutine return, while the JIT uses the machine PC.
Comment 1 Filip Pizlo 2012-04-02 17:23:46 PDT 
Created attachment 135240 [details]
the patch
Comment 2 Filip Pizlo 2012-04-02 17:35:32 PDT 
Comment on attachment 135240 [details]
the patch

Reviewed by Geoff in person.
Comment 3 Filip Pizlo 2012-04-03 20:13:26 PDT 
Created attachment 135495 [details]
the patch

The previous patch failed to save/restore the correct state for finally inlining.  For example:

try {
   switch (foo) {
   case blah:
      return bar;
   }
} finally {
    break;
}

Since the finally block was emitted inline in the return, the break would break us out of the switch.

Other similarly horrible things would happen with scope depth and the finally depth, etc.
Comment 4 Geoffrey Garen 2012-04-03 20:30:00 PDT 
Comment on attachment 135495 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=135495&action=review

emitComplexJumpScopes is maybe not my favorite function.

r=me

> Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2177
> +                while (m_labelScopes.size() > finallyContext.labelScopesSize)
> +                    m_labelScopes.removeLast();

m_labelScopes.shrink(finallyContext.labelScopesSize) should suffice here.
Comment 5 Filip Pizlo 2012-04-03 20:35:06 PDT 
(In reply to comment #4)
> (From update of attachment 135495 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=135495&action=review
> 
> emitComplexJumpScopes is maybe not my favorite function.
> 
> r=me
> 
> > Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:2177
> > +                while (m_labelScopes.size() > finallyContext.labelScopesSize)
> > +                    m_labelScopes.removeLast();
> 
> m_labelScopes.shrink(finallyContext.labelScopesSize) should suffice here.

SegmentedVector is shrinkless!
Comment 6 Filip Pizlo 2012-04-03 21:26:41 PDT 
Landed in http://trac.webkit.org/changeset/113136
Comment 7 Yong Li 2012-06-07 13:48:32 PDT 
This commit gives >4% penalty on sunspider for me, tested on QNX without DFG turned on. Any idea?
Comment 8 Filip Pizlo 2012-06-07 14:07:15 PDT 
(In reply to comment #7)
> This commit gives >4% penalty on sunspider for me, tested on QNX without DFG turned on. Any idea?

I don't remember this being a regression. I will retest.
Comment 9 Filip Pizlo 2012-06-07 17:23:42 PDT 
(In reply to comment #8)
> (In reply to comment #7)
> > This commit gives >4% penalty on sunspider for me, tested on QNX without DFG turned on. Any idea?
> 
> I don't remember this being a regression. I will retest.

I reran all benchmarks on this change set.

There is no difference for me.