[JSC] Use an inline cache to generate op_negate
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 23 Sep 2016 03:50:22 +0000 (03:50 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 23 Sep 2016 03:50:22 +0000 (03:50 +0000)
commitd4c053adcb3f950b292b9a7ad39c273a7212d356
treefabdc7df47dede1b04ee9e436bd970772a6f5b21
parent584d56ff3643fa4a1f30fddce646477f28273d99
[JSC] Use an inline cache to generate op_negate
https://bugs.webkit.org/show_bug.cgi?id=162371

Patch by Benjamin Poulain <bpoulain@apple.com> on 2016-09-22
Reviewed by Saam Barati.

JSTests:

* stress/op-negate-inline-cache.js: Added.

Source/JavaScriptCore:

Use an inline cache to reduce the amount of code
required to implement op_negate.

For pure integer negate, the generated asm shrinks
from 147 bytes to 125 bytes (14%).
For double negate, the generated asm shrinks
to 130 bytes (11%).
The average size on Sunspider is 100bytes, this is due
to the op_negates that are never executed and do not
generate much.

* bytecode/ArithProfile.h:
(JSC::ArithProfile::ArithProfile):
(JSC::ArithProfile::observeLHS):
(JSC::ArithProfile::observeLHSAndRHS):
* bytecode/BytecodeList.json:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::addJITNegIC):
* bytecode/CodeBlock.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitUnaryOp):
* bytecompiler/BytecodeGenerator.h:
* bytecompiler/NodesCodegen.cpp:
(JSC::UnaryOpNode::emitBytecode):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileMathIC):
* dfg/DFGSpeculativeJIT.h:
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileMathIC):
* jit/CCallHelpers.h:
(JSC::CCallHelpers::setupArgumentsWithExecState):
* jit/JIT.h:
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_negate):
(JSC::JIT::emitSlow_op_negate):
(JSC::JIT::emitMathICFast):
(JSC::JIT::emitMathICSlow):
* jit/JITInlines.h:
(JSC::JIT::callOperation):
* jit/JITMathIC.h:
(JSC::JITMathIC::generateInline):
(JSC::canGenerateWithBinaryProfile):
(JSC::canGenerateWithUnaryProfile):
* jit/JITMathICForwards.h:
* jit/JITNegGenerator.cpp:
(JSC::JITNegGenerator::generateInline):
(JSC::JITNegGenerator::generateFastPath):
* jit/JITNegGenerator.h:
(JSC::JITNegGenerator::JITNegGenerator):
(JSC::JITNegGenerator::arithProfile):
(JSC::JITNegGenerator::didEmitFastPath): Deleted.
(JSC::JITNegGenerator::endJumpList): Deleted.
(JSC::JITNegGenerator::slowPathJumpList): Deleted.
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* llint/LowLevelInterpreter.asm:
* llint/LowLevelInterpreter32_64.asm:
* llint/LowLevelInterpreter64.asm:
* runtime/CommonSlowPaths.cpp:
(JSC::updateArithProfileForUnaryArithOp):
(JSC::SLOW_PATH_DECL):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@206289 268f45cc-cd09-0410-ab3c-d52691b4dbfc
27 files changed:
JSTests/ChangeLog
JSTests/stress/op-negate-inline-cache.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/ArithProfile.h
Source/JavaScriptCore/bytecode/BytecodeList.json
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/CodeBlock.h
Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Source/JavaScriptCore/jit/CCallHelpers.h
Source/JavaScriptCore/jit/JIT.h
Source/JavaScriptCore/jit/JITArithmetic.cpp
Source/JavaScriptCore/jit/JITInlines.h
Source/JavaScriptCore/jit/JITMathIC.h
Source/JavaScriptCore/jit/JITMathICForwards.h
Source/JavaScriptCore/jit/JITNegGenerator.cpp
Source/JavaScriptCore/jit/JITNegGenerator.h
Source/JavaScriptCore/jit/JITOperations.cpp
Source/JavaScriptCore/jit/JITOperations.h
Source/JavaScriptCore/llint/LowLevelInterpreter.asm
Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm
Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
Source/JavaScriptCore/runtime/CommonSlowPaths.cpp