Closed Bug 740212 Opened 13 years ago Closed 13 years ago

IonMonkey: Inline allocation for LCreateThis.

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: sstangl, Unassigned)

References

Details

Attachments

(1 file, 2 obsolete files)

Inline allocation, v2.
21.81 KB, patch
dvander
: review+
Details | Diff | Splinter Review
The attached patch translates JM's getNewObject() allocation code to IonMonkey. SS-1.0's access-binary-trees executes in ~3ms instead of ~6ms, but -- apart from DeltaBlue, which sees an improvement from 495 -> 483ms -- all other tests appear to be unaffected by inline allocation, or appear to very slightly regress. This is a bit of a mystery.
Attached patch x86-only patch. (obsolete) — Splinter Review
Attached patch Inline allocation. (obsolete) — Splinter Review
'perf stat' shows this patch eliminating ~100,000,000 instructions from Earley-Boyer execution, but the suites are so large that allocation from Ion context appears to be but a small component of the total runtime. Further measurements show small improvements in all benchmarks.
Attachment #610367 - Attachment is obsolete: true
Attachment #610737 - Flags: review?(dvander)
Comment on attachment 610737 [details] [diff] [review] Inline allocation. Review of attachment 610737 [details] [diff] [review]: ----------------------------------------------------------------- ::: js/src/ion/CodeGenerator.cpp @@ +907,5 @@ > + pushArg(protoReg); > + pushArg(calleeReg); > + > + if (!callVM(CreateThisInfo, lir)) > + return false; Looks good, but if we have a template object, this should be in the out-of-line path instead (you can just bind the inline failure to ool->entry()). We don't want to make LCreateThis as a call either, since we expect to take the fast path. ::: js/src/ion/IonMacroAssembler.cpp @@ +381,5 @@ > + storePtr(ImmWord(emptyObjectElements), Address(result, JSObject::offsetOfElements())); > + } > + > + storePtr(ImmWord(templateObject->lastProperty()), Address(result, JSObject::offsetOfShape())); > + storePtr(ImmWord(templateObject->type()), Address(result, JSObject::offsetOfType())); Both of these stores should use ImmGCPtr instead.
Attachment #610737 - Flags: review?(dvander)
Depends on: 732852
Implements above changes. Unmarking as a call and moving to OOL appears to have made v8-deltablue run slightly more slowly (~15ms out of 485), but 'perf stat' shows a strict reduction in cycles and branches.
Attachment #610737 - Attachment is obsolete: true
Attachment #611614 - Flags: review?(dvander)
Attachment #611614 - Flags: review?(dvander) → review+
https://hg.mozilla.org/projects/ionmonkey/rev/6967695492f3
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: