We should only expect a RareCaseProfile to exist if the rare case actually exists.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Sep 2015 18:38:35 +0000 (18:38 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Sep 2015 18:38:35 +0000 (18:38 +0000)
https://bugs.webkit.org/show_bug.cgi?id=149531

Reviewed by Saam Barati.

The current code that calls rareCaseProfileForBytecodeOffset() assumes that it
will always return a non-null RareCaseProfile.  As a result, op_add in the
baseline JIT is forced to add a dummy slow case that will never be taken, only to
ensure that the RareCaseProfile for that bytecode is created.  This profile will
always produce a counter value of 0 (since that path will never be taken).

Instead, we'll make the callers of rareCaseProfileForBytecodeOffset() check if
the profile actually exist before dereferencing it.

* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
(JSC::CodeBlock::rareCaseProfileCountForBytecodeOffset):
(JSC::CodeBlock::capabilityLevel):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::addRareCaseProfile):
(JSC::CodeBlock::numberOfRareCaseProfiles):
(JSC::CodeBlock::likelyToTakeSlowCase):
(JSC::CodeBlock::couldTakeSlowCase):
(JSC::CodeBlock::likelyToTakeDeepestSlowCase):
(JSC::CodeBlock::likelyToTakeAnySlowCase):
(JSC::CodeBlock::rareCaseProfile): Deleted.
* jit/JITArithmetic.cpp:
(JSC::JIT::emit_op_add):
(JSC::JIT::emitSlow_op_add):
* jit/JITArithmetic32_64.cpp:
(JSC::JIT::emit_op_add):
(JSC::JIT::emitSlow_op_add):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@190213 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/bytecode/CodeBlock.cpp
Source/JavaScriptCore/bytecode/CodeBlock.h
Source/JavaScriptCore/jit/JITArithmetic.cpp
Source/JavaScriptCore/jit/JITArithmetic32_64.cpp

index 62113a2..9b7396b 100644 (file)
@@ -1,3 +1,38 @@
+2015-09-24  Mark Lam  <mark.lam@apple.com>
+
+        We should only expect a RareCaseProfile to exist if the rare case actually exists.
+        https://bugs.webkit.org/show_bug.cgi?id=149531
+
+        Reviewed by Saam Barati.
+
+        The current code that calls rareCaseProfileForBytecodeOffset() assumes that it
+        will always return a non-null RareCaseProfile.  As a result, op_add in the
+        baseline JIT is forced to add a dummy slow case that will never be taken, only to
+        ensure that the RareCaseProfile for that bytecode is created.  This profile will
+        always produce a counter value of 0 (since that path will never be taken).
+
+        Instead, we'll make the callers of rareCaseProfileForBytecodeOffset() check if
+        the profile actually exist before dereferencing it.
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::rareCaseProfileForBytecodeOffset):
+        (JSC::CodeBlock::rareCaseProfileCountForBytecodeOffset):
+        (JSC::CodeBlock::capabilityLevel):
+        * bytecode/CodeBlock.h:
+        (JSC::CodeBlock::addRareCaseProfile):
+        (JSC::CodeBlock::numberOfRareCaseProfiles):
+        (JSC::CodeBlock::likelyToTakeSlowCase):
+        (JSC::CodeBlock::couldTakeSlowCase):
+        (JSC::CodeBlock::likelyToTakeDeepestSlowCase):
+        (JSC::CodeBlock::likelyToTakeAnySlowCase):
+        (JSC::CodeBlock::rareCaseProfile): Deleted.
+        * jit/JITArithmetic.cpp:
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitSlow_op_add):
+        * jit/JITArithmetic32_64.cpp:
+        (JSC::JIT::emit_op_add):
+        (JSC::JIT::emitSlow_op_add):
+
 2015-09-24  Ryosuke Niwa  <rniwa@webkit.org>
 
         Ran sort-Xcode-project-file.
index acdb00b..bf6d19d 100644 (file)
@@ -3969,6 +3969,14 @@ RareCaseProfile* CodeBlock::rareCaseProfileForBytecodeOffset(int bytecodeOffset)
         getRareCaseProfileBytecodeOffset);
 }
 
+unsigned CodeBlock::rareCaseProfileCountForBytecodeOffset(int bytecodeOffset)
+{
+    RareCaseProfile* profile = rareCaseProfileForBytecodeOffset(bytecodeOffset);
+    if (profile)
+        return profile->m_counter;
+    return 0;
+}
+
 #if ENABLE(JIT)
 DFG::CapabilityLevel CodeBlock::capabilityLevel()
 {
index ae9dcc0..37b5773 100644 (file)
@@ -406,14 +406,14 @@ public:
         return &m_rareCaseProfiles.last();
     }
     unsigned numberOfRareCaseProfiles() { return m_rareCaseProfiles.size(); }
-    RareCaseProfile* rareCaseProfile(int index) { return &m_rareCaseProfiles[index]; }
     RareCaseProfile* rareCaseProfileForBytecodeOffset(int bytecodeOffset);
+    unsigned rareCaseProfileCountForBytecodeOffset(int bytecodeOffset);
 
     bool likelyToTakeSlowCase(int bytecodeOffset)
     {
         if (!hasBaselineJITProfiling())
             return false;
-        unsigned value = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+        unsigned value = rareCaseProfileCountForBytecodeOffset(bytecodeOffset);
         return value >= Options::likelyToTakeSlowCaseMinimumCount();
     }
 
@@ -421,7 +421,7 @@ public:
     {
         if (!hasBaselineJITProfiling())
             return false;
-        unsigned value = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+        unsigned value = rareCaseProfileCountForBytecodeOffset(bytecodeOffset);
         return value >= Options::couldTakeSlowCaseMinimumCount();
     }
 
@@ -459,7 +459,7 @@ public:
     {
         if (!hasBaselineJITProfiling())
             return false;
-        unsigned slowCaseCount = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+        unsigned slowCaseCount = rareCaseProfileCountForBytecodeOffset(bytecodeOffset);
         unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
         unsigned value = slowCaseCount - specialFastCaseCount;
         return value >= Options::likelyToTakeSlowCaseMinimumCount();
@@ -469,7 +469,7 @@ public:
     {
         if (!hasBaselineJITProfiling())
             return false;
-        unsigned slowCaseCount = rareCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
+        unsigned slowCaseCount = rareCaseProfileCountForBytecodeOffset(bytecodeOffset);
         unsigned specialFastCaseCount = specialFastCaseProfileForBytecodeOffset(bytecodeOffset)->m_counter;
         unsigned value = slowCaseCount + specialFastCaseCount;
         return value >= Options::likelyToTakeSlowCaseMinimumCount();
index f1889cf..f846a12 100644 (file)
@@ -795,7 +795,6 @@ void JIT::emit_op_add(Instruction* currentInstruction)
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
-        addSlowCase();
         JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_add);
         slowPathCall.call();
         return;
@@ -824,10 +823,7 @@ void JIT::emitSlow_op_add(Instruction* currentInstruction, Vector<SlowCaseEntry>
     int op2 = currentInstruction[3].u.operand;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
-    if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
-        linkDummySlowCase(iter);
-        return;
-    }
+    RELEASE_ASSERT(types.first().mightBeNumber() && types.second().mightBeNumber());
 
     bool op1HasImmediateIntFastCase = isOperandConstantImmediateInt(op1);
     bool op2HasImmediateIntFastCase = !op1HasImmediateIntFastCase && isOperandConstantImmediateInt(op2);
index ad0cd3e..2d63fa4 100644 (file)
@@ -489,7 +489,6 @@ void JIT::emit_op_add(Instruction* currentInstruction)
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
     if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
-        addSlowCase();
         JITSlowPathCall slowPathCall(this, currentInstruction, slow_path_add);
         slowPathCall.call();
         return;
@@ -558,10 +557,7 @@ void JIT::emitSlow_op_add(Instruction* currentInstruction, Vector<SlowCaseEntry>
     int op2 = currentInstruction[3].u.operand;
     OperandTypes types = OperandTypes::fromInt(currentInstruction[4].u.operand);
 
-    if (!types.first().mightBeNumber() || !types.second().mightBeNumber()) {
-        linkDummySlowCase(iter);
-        return;
-    }
+    RELEASE_ASSERT(types.first().mightBeNumber() && types.second().mightBeNumber());
 
     int op;
     int32_t constant;