Closed Bug 1405994 Opened 7 years ago Closed 7 years ago

Get rid of arguments copy when entering JIT code

Categories

(Core :: JavaScript Engine: JIT, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
mozilla58
Tracking Status
firefox58 --- fixed

People

(Reporter: jandem, Assigned: jandem)

References

(Blocks 1 open bug)

Details

(Keywords: perf, Whiteboard: [js:tech-debt])

Attachments

(2 files, 1 obsolete file)

Attached patch Patch (obsolete) — Splinter Review
When we enter Baseline or Ion from C++, we stack-allocate a Vector and if there are more formals than actuals, we copy the arguments to it and add |undefined| for missing arguments.

It's much nicer to pass the number of missing formals to the enterJIT trampoline and push |undefined| there. Then we can remove the Vector and make SetEnterJitData infallible.

Unfortunately EnterJIT is very platform dependent. At some point we should unify the implementations and pass EnterJitData* directly but that seemed overkill for this bug. This patch passes jit-tests on x86/x64/ARM/ARM64.
Attachment #8915522 - Flags: review?(nicolas.b.pierron)
Comment on attachment 8915522 [details] [diff] [review]
Patch

Review of attachment 8915522 [details] [diff] [review]:
-----------------------------------------------------------------

This patch sounds good to me, even after a careful review.
Still, I prefer to ask Sean for feedback on arm64 comments and conditions.

::: js/src/jit/arm/Trampoline-arm.cpp
@@ +101,5 @@
>  /*
>   * This method generates a trampoline for a c++ function with the following
>   * signature:
>   *   void enter(void* code, int argc, Value* argv, InterpreterFrame* fp, CalleeToken
>   *              calleeToken, JSObject* scopeChain, Value* vp)

nit: update the signature here.

@@ +179,5 @@
>      aasm->as_bic(r4, r4, Imm8(JitStackAlignment - 1));
>      // r4 is now the aligned on the bottom of the list of arguments.
>      static_assert(sizeof(JitFrameLayout) % JitStackAlignment == 0,
>        "No need to consider the JitFrameLayout for aligning the stack");
>      // sp' = ~(JitStackAlignment - 1) & (sp - argc * sizeof(Value)) - sizeof(JitFrameLayout)

nit: update this comment with "- numPaddedArgs * sizeof(Value)"

@@ +189,5 @@
> +    // If we're constructing, decrement r5: we will push new.target later.
> +    {
> +        Label noNewTarget;
> +        masm.branchTest32(Assembler::Zero, r9, Imm32(CalleeToken_FunctionConstructing),
> +                          &noNewTarget);

Note-for-later: This is wrong but it works. CalleeToken are not meant to be a bit-field but a value which is incremented.  Fortunately for us, we only have 0, 1 and 2 values, so this works fine in this particular case.

::: js/src/jit/arm64/Trampoline-arm64.cpp
@@ +181,5 @@
> +            masm.moveValue(UndefinedValue(), ValueOperand(r24));
> +            masm.Str(x24, MemOperand(tmp_sp, Operand(8), vixl::PostIndex));
> +
> +            // Set the condition codes for |cmp reg_numPadded, 2| (using the old value).
> +            masm.Subs(reg_numPadded, reg_numPadded, Operand(1));

Sean?

nit: I do not think the comment above this instruction is accurate.

   // Set the condition codes for |cmp reg_numPadded, 1| (using the old value)

Same thing for the previous loop.

::: js/src/jit/x64/Trampoline-x64.cpp
@@ +111,4 @@
>      masm.shll(Imm32(3), r13);   // r13 = argc * sizeof(Value)
> +
> +    // r15 = numPaddedArgs * sizeof(Value)
> +    masm.movl(numPaddedArgs, r15);

nit: This is a size_t value, by pure correctness use either masm.mov, masm.movq or masm.movePtr.
Attachment #8915522 - Flags: review?(nicolas.b.pierron)
Attachment #8915522 - Flags: review+
Attachment #8915522 - Flags: feedback?(sstangl)
Comment on attachment 8915522 [details] [diff] [review]
Patch

Review of attachment 8915522 [details] [diff] [review]:
-----------------------------------------------------------------

r+ with change. Very happy to see these vectors reduced!

There's probably more we can do to further limit the amount of argument-copying around calls.

::: js/src/jit/arm64/Trampoline-arm64.cpp
@@ +184,5 @@
> +            // Set the condition codes for |cmp reg_numPadded, 2| (using the old value).
> +            masm.Subs(reg_numPadded, reg_numPadded, Operand(1));
> +
> +            // Branch if arguments remain.
> +            masm.B(&loopHead, vixl::Condition::gt);

SUBS sets the condition code from the new value, not the old value.

There's no need to open-code this logic, however -- it's preferable to use the helper function MacroAssembler::branchSub32(), which will be more obvious when used with Condition::NonZero, since it's standardized across all platforms.

Same thing for the previous loop.
Attachment #8915522 - Flags: feedback?(sstangl) → feedback+
Depends on: 1406340
I just realized that instead of this we can use the arguments rectifier, if we remove ArgumentsRectifierReg (bug 1406340).

Then this becomes pretty trivial, the only annoying bit is the platform-dependent profiler code that has to be updated. bbouvier is also making changes to this code (bug 1347740), so I'll just wait for that to avoid bitrot.
Depends on: 1347740
Blocks: 1406870
You get to review this since you changed all this code recently :)
Attachment #8915522 - Attachment is obsolete: true
Attachment #8916605 - Flags: review?(bbouvier)
And now this is a much simpler patch.
Attachment #8916606 - Flags: review?(nicolas.b.pierron)
Comment on attachment 8916605 [details] [diff] [review]
Part 1 - Frame iteration changes

Review of attachment 8916605 [details] [diff] [review]:
-----------------------------------------------------------------

Hey, I know this code!

Looks good to me, thanks!
Attachment #8916605 - Flags: review?(bbouvier) → review+
Attachment #8916606 - Flags: review?(nicolas.b.pierron) → review+
Pushed by jandemooij@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7774c8002d5f
part 1 - Handle rectifier frames following c++ entry frame in profiler code. r=bbouvier
https://hg.mozilla.org/integration/mozilla-inbound/rev/fd1fe0931730
part 2 - Use arguments rectifier when entering JIT code instead of a Vector. r=nbp
Keywords: perf
Priority: -- → P3
Whiteboard: [js:tech-debt]
https://hg.mozilla.org/mozilla-central/rev/7774c8002d5f
https://hg.mozilla.org/mozilla-central/rev/fd1fe0931730
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: