Add LazyScript::jitCodeRaw so JITs can call lazy functions directly
Categories
(Core :: JavaScript Engine, task, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox70 | --- | fixed |
People
(Reporter: tcampbell, Assigned: tcampbell)
References
Details
Attachments
(5 files)
The JSScript::jitCodeRaw mechanism lets the JITs call functions without caring about what JIT tiers have been compiled. When invoking a scripted callee, we currently have to check if it has script and hit error paths if not. Instead, we could make LazyScript have a jitCodeRaw as the first word and use the same interpreter trampoline we do for JSScript.
The result is fewer special cases in the JITs and LazyScript/JSScript become more similar.
One caveat is that lazy self-hosted builtin functions have neither a JSScript nor a LazyScript. An option here is to introduce a SelfHostedLazyScript with a single instance per runtime that also has a jitCodeRaw.
Assignee | ||
Comment 1•5 years ago
|
||
This is initialized to the same interpreter trampoline as used for
JSScript::jitCodeRaw. This allows JITs in the future to call scripted
functions that have not been delazified yet.
Assignee | ||
Comment 2•5 years ago
|
||
This helper distinguishes normal lazy functions from lazy self-hosted
funtions which have a nullptr LazyScript. A function may return true for
hasLazyScript but still return a null lazy-script if it has been
partially initialized and is still being accessed such as by GC.
Depends on D38251
Assignee | ||
Comment 3•5 years ago
|
||
A lazy self-hosted function has neither a JSScript nor a LazyScript.
This patch adds a SelfHostedLazyScript type with a jitCodeRaw that
allows these functions to called directly by JIT via the interpreter
trampoline. Only one instance per Runtime is needed.
Depends on D38252
Assignee | ||
Comment 4•5 years ago
|
||
This union arm is used by lazy self-hosted functions to point to the
runtime SelfHostedLazyScript object. Previously this pointer was null
for these types of functions. This will make these types of functions
more JIT-friendly.
Also avoid setting the INTERPRETED_LAZY flag except for initLazyScript
and initSelfHostedLazyScript. We remove some dead code paths from
NewFunctionFromSpec / DefineFunction.
Depends on D38253
Assignee | ||
Comment 5•5 years ago
|
||
These structures all have a compatible jitCodeRaw and the JITs may now
call lazy functions. Also remove checks that only existed for lazy
script checking.
Depends on D38254
Assignee | ||
Comment 6•5 years ago
|
||
This is pretty much complete. There is still an Ion test failing that I need to resolve, but the general idea seemed to work out. Once final bug is fixed, we can measure perf and memory impact.
Assignee | ||
Comment 7•5 years ago
|
||
Tests seem to pass now. The final issue was that the noArgCheck entry point must handle the case of lambda clones that are still pointing to the LazyScript. Once JSScript and LazyScript are merged, this type of silliness will be gone.
Assignee | ||
Comment 8•5 years ago
|
||
A minor improvement. There is a 15kB base memory regression, but that will all be made up for by eventually sharing the base classes.
I think it is worth landing this step.
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Updated•5 years ago
|
Comment 10•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/a3b58e34bf2b
https://hg.mozilla.org/mozilla-central/rev/3f2f72c37e4e
https://hg.mozilla.org/mozilla-central/rev/e4bf7a4c4bbf
https://hg.mozilla.org/mozilla-central/rev/b88fad4496c5
https://hg.mozilla.org/mozilla-central/rev/afc58591c3fc
Description
•