Closed
Bug 1405994
Opened 7 years ago
Closed 7 years ago
Get rid of arguments copy when entering JIT code
Categories
(Core :: JavaScript Engine: JIT, enhancement, P3)
Core
JavaScript Engine: JIT
Tracking
()
RESOLVED
FIXED
mozilla58
Tracking | Status | |
---|---|---|
firefox58 | --- | fixed |
People
(Reporter: jandem, Assigned: jandem)
References
(Blocks 1 open bug)
Details
(Keywords: perf, Whiteboard: [js:tech-debt])
Attachments
(2 files, 1 obsolete file)
18.61 KB,
patch
|
bbouvier
:
review+
|
Details | Diff | Splinter Review |
6.59 KB,
patch
|
nbp
:
review+
|
Details | Diff | Splinter Review |
When we enter Baseline or Ion from C++, we stack-allocate a Vector and if there are more formals than actuals, we copy the arguments to it and add |undefined| for missing arguments. It's much nicer to pass the number of missing formals to the enterJIT trampoline and push |undefined| there. Then we can remove the Vector and make SetEnterJitData infallible. Unfortunately EnterJIT is very platform dependent. At some point we should unify the implementations and pass EnterJitData* directly but that seemed overkill for this bug. This patch passes jit-tests on x86/x64/ARM/ARM64.
Attachment #8915522 -
Flags: review?(nicolas.b.pierron)
Comment 1•7 years ago
|
||
Comment on attachment 8915522 [details] [diff] [review] Patch Review of attachment 8915522 [details] [diff] [review]: ----------------------------------------------------------------- This patch sounds good to me, even after a careful review. Still, I prefer to ask Sean for feedback on arm64 comments and conditions. ::: js/src/jit/arm/Trampoline-arm.cpp @@ +101,5 @@ > /* > * This method generates a trampoline for a c++ function with the following > * signature: > * void enter(void* code, int argc, Value* argv, InterpreterFrame* fp, CalleeToken > * calleeToken, JSObject* scopeChain, Value* vp) nit: update the signature here. @@ +179,5 @@ > aasm->as_bic(r4, r4, Imm8(JitStackAlignment - 1)); > // r4 is now the aligned on the bottom of the list of arguments. > static_assert(sizeof(JitFrameLayout) % JitStackAlignment == 0, > "No need to consider the JitFrameLayout for aligning the stack"); > // sp' = ~(JitStackAlignment - 1) & (sp - argc * sizeof(Value)) - sizeof(JitFrameLayout) nit: update this comment with "- numPaddedArgs * sizeof(Value)" @@ +189,5 @@ > + // If we're constructing, decrement r5: we will push new.target later. > + { > + Label noNewTarget; > + masm.branchTest32(Assembler::Zero, r9, Imm32(CalleeToken_FunctionConstructing), > + &noNewTarget); Note-for-later: This is wrong but it works. CalleeToken are not meant to be a bit-field but a value which is incremented. Fortunately for us, we only have 0, 1 and 2 values, so this works fine in this particular case. ::: js/src/jit/arm64/Trampoline-arm64.cpp @@ +181,5 @@ > + masm.moveValue(UndefinedValue(), ValueOperand(r24)); > + masm.Str(x24, MemOperand(tmp_sp, Operand(8), vixl::PostIndex)); > + > + // Set the condition codes for |cmp reg_numPadded, 2| (using the old value). > + masm.Subs(reg_numPadded, reg_numPadded, Operand(1)); Sean? nit: I do not think the comment above this instruction is accurate. // Set the condition codes for |cmp reg_numPadded, 1| (using the old value) Same thing for the previous loop. ::: js/src/jit/x64/Trampoline-x64.cpp @@ +111,4 @@ > masm.shll(Imm32(3), r13); // r13 = argc * sizeof(Value) > + > + // r15 = numPaddedArgs * sizeof(Value) > + masm.movl(numPaddedArgs, r15); nit: This is a size_t value, by pure correctness use either masm.mov, masm.movq or masm.movePtr.
Attachment #8915522 -
Flags: review?(nicolas.b.pierron)
Attachment #8915522 -
Flags: review+
Attachment #8915522 -
Flags: feedback?(sstangl)
Comment 2•7 years ago
|
||
Comment on attachment 8915522 [details] [diff] [review] Patch Review of attachment 8915522 [details] [diff] [review]: ----------------------------------------------------------------- r+ with change. Very happy to see these vectors reduced! There's probably more we can do to further limit the amount of argument-copying around calls. ::: js/src/jit/arm64/Trampoline-arm64.cpp @@ +184,5 @@ > + // Set the condition codes for |cmp reg_numPadded, 2| (using the old value). > + masm.Subs(reg_numPadded, reg_numPadded, Operand(1)); > + > + // Branch if arguments remain. > + masm.B(&loopHead, vixl::Condition::gt); SUBS sets the condition code from the new value, not the old value. There's no need to open-code this logic, however -- it's preferable to use the helper function MacroAssembler::branchSub32(), which will be more obvious when used with Condition::NonZero, since it's standardized across all platforms. Same thing for the previous loop.
Attachment #8915522 -
Flags: feedback?(sstangl) → feedback+
Assignee | ||
Comment 3•7 years ago
|
||
I just realized that instead of this we can use the arguments rectifier, if we remove ArgumentsRectifierReg (bug 1406340). Then this becomes pretty trivial, the only annoying bit is the platform-dependent profiler code that has to be updated. bbouvier is also making changes to this code (bug 1347740), so I'll just wait for that to avoid bitrot.
Depends on: 1347740
Assignee | ||
Comment 4•7 years ago
|
||
You get to review this since you changed all this code recently :)
Attachment #8915522 -
Attachment is obsolete: true
Attachment #8916605 -
Flags: review?(bbouvier)
Assignee | ||
Comment 5•7 years ago
|
||
And now this is a much simpler patch.
Attachment #8916606 -
Flags: review?(nicolas.b.pierron)
Comment 6•7 years ago
|
||
Comment on attachment 8916605 [details] [diff] [review] Part 1 - Frame iteration changes Review of attachment 8916605 [details] [diff] [review]: ----------------------------------------------------------------- Hey, I know this code! Looks good to me, thanks!
Attachment #8916605 -
Flags: review?(bbouvier) → review+
Updated•7 years ago
|
Attachment #8916606 -
Flags: review?(nicolas.b.pierron) → review+
Pushed by jandemooij@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/7774c8002d5f part 1 - Handle rectifier frames following c++ entry frame in profiler code. r=bbouvier https://hg.mozilla.org/integration/mozilla-inbound/rev/fd1fe0931730 part 2 - Use arguments rectifier when entering JIT code instead of a Vector. r=nbp
Updated•7 years ago
|
Comment 8•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/7774c8002d5f https://hg.mozilla.org/mozilla-central/rev/fd1fe0931730
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox58:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58
You need to log in
before you can comment on or make changes to this bug.
Description
•