Closed Bug 1566607 Opened 5 years ago Closed 5 years ago

Add LazyScript::jitCodeRaw so JITs can call lazy functions directly

Categories

(Core :: JavaScript Engine, task, P2)

Product:
Core
Component:
JavaScript Engine
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla70
Tracking Flags:
Tracking Status
firefox70 --- fixed

People

(Reporter: tcampbell, Assigned: tcampbell)

References

Details

Attachments

(5 files)

Bug 1566607 - Add LazyScript::jitCodeRaw. r?jandem
47 bytes, text/x-phabricator-request
Details | Review
Bug 1566607 - Add JSFunction::hasLazyScript. r?jandem
47 bytes, text/x-phabricator-request
Details | Review
Bug 1566607 - Add SelfHostedLazyScript type to hold trampoline pointer. r=jandem
47 bytes, text/x-phabricator-request
Details | Review
Bug 1566607 - Add selfHostingLazy_ field to JSFunction. r?jandem
47 bytes, text/x-phabricator-request
Details | Review
Bug 1566607 - Support LazyScript/SelfHostedLazyScript in JITs. r?jandem,iain
47 bytes, text/x-phabricator-request
Details | Review

The JSScript::jitCodeRaw mechanism lets the JITs call functions without caring about what JIT tiers have been compiled. When invoking a scripted callee, we currently have to check if it has script and hit error paths if not. Instead, we could make LazyScript have a jitCodeRaw as the first word and use the same interpreter trampoline we do for JSScript.

The result is fewer special cases in the JITs and LazyScript/JSScript become more similar.

One caveat is that lazy self-hosted builtin functions have neither a JSScript nor a LazyScript. An option here is to introduce a SelfHostedLazyScript with a single instance per runtime that also has a jitCodeRaw.

This is initialized to the same interpreter trampoline as used for
JSScript::jitCodeRaw. This allows JITs in the future to call scripted
functions that have not been delazified yet.

This helper distinguishes normal lazy functions from lazy self-hosted
funtions which have a nullptr LazyScript. A function may return true for
hasLazyScript but still return a null lazy-script if it has been
partially initialized and is still being accessed such as by GC.

Depends on D38251

A lazy self-hosted function has neither a JSScript nor a LazyScript.
This patch adds a SelfHostedLazyScript type with a jitCodeRaw that
allows these functions to called directly by JIT via the interpreter
trampoline. Only one instance per Runtime is needed.

Depends on D38252

This union arm is used by lazy self-hosted functions to point to the
runtime SelfHostedLazyScript object. Previously this pointer was null
for these types of functions. This will make these types of functions
more JIT-friendly.

Also avoid setting the INTERPRETED_LAZY flag except for initLazyScript
and initSelfHostedLazyScript. We remove some dead code paths from
NewFunctionFromSpec / DefineFunction.

Depends on D38253

These structures all have a compatible jitCodeRaw and the JITs may now
call lazy functions. Also remove checks that only existed for lazy
script checking.

Depends on D38254

This is pretty much complete. There is still an Ion test failing that I need to resolve, but the general idea seemed to work out. Once final bug is fixed, we can measure perf and memory impact.

Tests seem to pass now. The final issue was that the noArgCheck entry point must handle the case of lambda clones that are still pointing to the LazyScript. Once JSScript and LazyScript are merged, this type of silliness will be gone.

Speedometer results:
https://treeherder.mozilla.org/perf.html#/compare?originalProject=try&originalRevision=66346b4adc3407dd733116d9811ebed7416da1c0&newProject=try&newRevision=03b33ec05081cec26dc9cebc64cc90895023e5d4&framework=10

A minor improvement. There is a 15kB base memory regression, but that will all be made up for by eventually sharing the base classes.

I think it is worth landing this step.

Attachment #9078559 - Attachment description: Bug 1566607 - Add LazyScript::jitCodeRaw → Bug 1566607 - Add LazyScript::jitCodeRaw. r?jandem
Attachment #9078560 - Attachment description: Bug 1566607 - Add JSFunction::hasLazyScript → Bug 1566607 - Add JSFunction::hasLazyScript. r?jandem
Attachment #9078561 - Attachment description: Bug 1566607 - Add SelfHostedLazyScript type to hold trampoline pointer → Bug 1566607 - Add SelfHostedLazyScript type to hold trampoline pointer. r=jandem
Attachment #9078562 - Attachment description: Bug 1566607 - Add selfHostingLazy_ field to JSFunction → Bug 1566607 - Add selfHostingLazy_ field to JSFunction. r?jandem
Attachment #9078563 - Attachment description: Bug 1566607 - Support LazyScript/SelfHostedLazyScript in JITs → Bug 1566607 - Support LazyScript/SelfHostedLazyScript in JITs. r?jandem,iain
Blocks: 1566803
Pushed by tcampbell@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a3b58e34bf2b
Add LazyScript::jitCodeRaw. r=jandem
https://hg.mozilla.org/integration/autoland/rev/3f2f72c37e4e
Add JSFunction::hasLazyScript. r=jandem
https://hg.mozilla.org/integration/autoland/rev/e4bf7a4c4bbf
Add SelfHostedLazyScript type to hold trampoline pointer. r=jandem
https://hg.mozilla.org/integration/autoland/rev/b88fad4496c5
Add selfHostingLazy_ field to JSFunction. r=jandem
https://hg.mozilla.org/integration/autoland/rev/afc58591c3fc
Support LazyScript/SelfHostedLazyScript in JITs. r=jandem,iain
Depends on: 1567157
Regressions: 1568759
No longer depends on: 1567157
Blocks: 1641466
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: