Fix value profiling in 32_64 JIT
https://bugs.webkit.org/show_bug.cgi?id=69717
Patch by Yuqiang Xian <yuqiang.xian@intel.com> on 2011-10-09
Reviewed by Filip Pizlo.
Current value profiling for 32_64 JIT is broken and cannot record
correct predicated types, which results in many speculation failures
in the 32_64 DFG JIT, fallbacks to baseline JIT, and re-optimizations
again and again.
With this fix 32_64 DFG JIT can demonstrate real performance gains.
* bytecode/ValueProfile.cpp:
(JSC::ValueProfile::computeStatistics):
* bytecode/ValueProfile.h:
(JSC::ValueProfile::classInfo):
(JSC::ValueProfile::numberOfSamples):
(JSC::ValueProfile::isLive):
(JSC::ValueProfile::numberOfInt32s):
(JSC::ValueProfile::numberOfDoubles):
(JSC::ValueProfile::numberOfBooleans):
(JSC::ValueProfile::dump):
Empty value check should be performed on decoded JSValue,
as for 32_64 empty value is not identical to encoded 0.
* jit/JIT.cpp:
(JSC::JIT::privateCompile):
* jit/JITInlineMethods.h:
(JSC::JIT::emitValueProfilingSite):
* jit/JITStubCall.h:
(JSC::JITStubCall::callWithValueProfiling):
Record the right profiling result for 32_64.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@97025 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/JavaScriptCore/jit/JITInlineMethods.h b/Source/JavaScriptCore/jit/JITInlineMethods.h
index bee36c4..c8a9c16 100644
--- a/Source/JavaScriptCore/jit/JITInlineMethods.h
+++ b/Source/JavaScriptCore/jit/JITInlineMethods.h
@@ -471,7 +471,13 @@
add32(Imm32(3), bucketCounterRegister);
and32(Imm32(ValueProfile::bucketIndexMask), bucketCounterRegister);
move(ImmPtr(valueProfile->m_buckets), scratch);
+#if USE(JSVALUE64)
storePtr(value, BaseIndex(scratch, bucketCounterRegister, TimesEight));
+#elif USE(JSVALUE32_64)
+ const RegisterID valueTag = regT1;
+ store32(value, BaseIndex(scratch, bucketCounterRegister, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.payload)));
+ store32(valueTag, BaseIndex(scratch, bucketCounterRegister, TimesEight, OBJECT_OFFSETOF(JSValue, u.asBits.tag)));
+#endif
}
#endif
