| blob | 8095107de1fb5a50c286243002f9577f33ba2ab8 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 ///////////////////////////////////////////////////////////////////////////////
8 // //
9 // Documentation. Code starts about 670 lines down from here. //
10 // //
11 ///////////////////////////////////////////////////////////////////////////////
13 // [SMDOC] An overview of Ion's register allocator
14 //
15 // The intent of this documentation is to give maintainers a map with which to
16 // navigate the allocator. As further understanding is obtained, it should be
17 // added to this overview.
18 //
19 // Where possible, invariants are stated and are marked "(INVAR)". Many
20 // details are omitted because their workings are currently unknown. In
21 // particular, this overview doesn't explain how Intel-style "modify" (tied)
22 // operands are handled. Facts or invariants that are speculative -- believed
23 // to be true, but not verified at the time of writing -- are marked "(SPEC)".
24 //
25 // The various concepts are interdependent, so a single forwards reading of the
26 // following won't make much sense. Many concepts are explained only after
27 // they are mentioned.
28 //
29 // Where possible examples are shown. Without those the description is
30 // excessively abstract.
31 //
32 // Names of the form ::name mean BacktrackingAllocator::name.
33 //
34 // The description falls into two sections:
35 //
36 // * Section 1: A tour of the data structures
37 // * Section 2: The core allocation loop, and bundle splitting
38 //
39 // The allocator sometimes produces poor allocations, with excessive spilling
40 // and register-to-register moves (bugs 1752520, bug 1714280 bug 1746596).
41 // Work in bug 1752582 shows we can get better quality allocations from this
42 // framework without having to make any large (conceptual) changes, by having
43 // better splitting heuristics.
44 //
45 // At https://bugzilla.mozilla.org/show_bug.cgi?id=1758274#c17
46 // (https://bugzilla.mozilla.org/attachment.cgi?id=9288467) is a document
47 // written at the same time as these comments. It describes some improvements
48 // we could make to our splitting heuristics, particularly in the presence of
49 // loops and calls, and shows why the current implementation sometimes produces
50 // excessive spilling. It builds on the commentary in this SMDOC.
51 //
52 //
53 // Top level pipeline
54 // ~~~~~~~~~~~~~~~~~~
55 // There are three major phases in allocation. They run sequentially, at a
56 // per-function granularity.
57 //
58 // (1) Liveness analysis and bundle formation
59 // (2) Bundle allocation and last-chance allocation
60 // (3) Rewriting the function to create MoveGroups and to "install"
61 // the allocation
62 //
63 // The input language (LIR) is in SSA form, and phases (1) and (3) depend on
64 // that SSAness. Without it the allocator wouldn't work.
65 //
66 // The top level function is ::go. The phases are divided into functions as
67 // follows:
68 //
69 // (1) ::buildLivenessInfo, ::mergeAndQueueRegisters
70 // (2) ::processBundle, ::tryAllocatingRegistersForSpillBundles,
71 // ::pickStackSlots
72 // (3) ::createMoveGroupsFromLiveRangeTransitions, ::installAllocationsInLIR,
73 // ::populateSafepoints, ::annotateMoveGroups
74 //
75 // The code in this file is structured as much as possible in the same sequence
76 // as flow through the pipeline. Hence, top level function ::go is right at
77 // the end. Where a function depends on helper function(s), the helpers appear
78 // first.
79 //
80 //
81 // ========================================================================
82 // ==== ====
83 // ==== Section 1: A tour of the data structures ====
84 // ==== ====
85 // ========================================================================
86 //
87 // Here are the key data structures necessary for understanding what follows.
88 //
89 // Some basic data structures
90 // ~~~~~~~~~~~~~~~~~~~~~~~~~~
91 //
92 // CodePosition
93 // ------------
94 // A CodePosition is an unsigned 32-bit int that indicates an instruction index
95 // in the incoming LIR. Each LIR actually has two code positions, one to
96 // denote the "input" point (where, one might imagine, the operands are read,
97 // at least useAtStart ones) and the "output" point, where operands are
98 // written. Eg:
99 //
100 // Block 0 [successor 2] [successor 1]
101 // 2-3 WasmParameter [def v1<g>:r14]
102 // 4-5 WasmCall [use v1:F:r14]
103 // 6-7 WasmLoadTls [def v2<o>] [use v1:R]
104 // 8-9 WasmNullConstant [def v3<o>]
105 // 10-11 Compare [def v4<i>] [use v2:R] [use v3:A]
106 // 12-13 TestIAndBranch [use v4:R]
107 //
108 // So for example the WasmLoadTls insn has its input CodePosition as 6 and
109 // output point as 7. Input points are even numbered, output points are odd
110 // numbered. CodePositions 0 and 1 never appear, because LIR instruction IDs
111 // start at 1. Indeed, CodePosition 0 is assumed to be invalid and hence is
112 // used as a marker for "unusual conditions" in various places.
113 //
114 // Phi nodes exist in the instruction stream too. They always appear at the
115 // start of blocks (of course) (SPEC), but their start and end points are
116 // printed for the group as a whole. This is to emphasise that they are really
117 // parallel assignments and that printing them sequentially would misleadingly
118 // imply that they are executed sequentially. Example:
119 //
120 // Block 6 [successor 7] [successor 8]
121 // 56-59 Phi [def v19<o>] [use v2:A] [use v5:A] [use v13:A]
122 // 56-59 Phi [def v20<o>] [use v7:A] [use v14:A] [use v12:A]
123 // 60-61 WasmLoadSlot [def v21<o>] [use v1:R]
124 // 62-63 Compare [def v22<i>] [use v20:R] [use v21:A]
125 // 64-65 TestIAndBranch [use v22:R]
126 //
127 // See that both Phis are printed with limits 56-59, even though they are
128 // stored in the LIR array like regular LIRs and so have code points 56-57 and
129 // 58-59 in reality.
130 //
131 // The process of allocation adds MoveGroup LIRs to the function. Each
132 // incoming LIR has its own private list of MoveGroups (actually, 3 lists; two
133 // for moves that conceptually take place before the instruction, and one for
134 // moves after it). Hence the CodePositions for LIRs (the "62-63", etc, above)
135 // do not change as a result of allocation.
136 //
137 // Virtual registers (vregs) in LIR
138 // --------------------------------
139 // The MIR from which the LIR is derived, is standard SSA. That SSAness is
140 // carried through into the LIR (SPEC). In the examples here, LIR SSA names
141 // (virtual registers, a.k.a. vregs) are printed as "v<number>". v0 never
142 // appears and is presumed to be a special value, perhaps "invalid" (SPEC).
143 //
144 // The allocator core has a type VirtualRegister, but this is private to the
145 // allocator and not part of the LIR. It carries far more information than
146 // merely the name of the vreg. The allocator creates one VirtualRegister
147 // structure for each vreg in the LIR.
148 //
149 // LDefinition and LUse
150 // --------------------
151 // These are part of the incoming LIR. Each LIR instruction defines zero or
152 // more values, and contains one LDefinition for each defined value (SPEC).
153 // Each instruction has zero or more input operands, each of which has its own
154 // LUse (SPEC).
155 //
156 // Both LDefinition and LUse hold both a virtual register name and, in general,
157 // a real (physical) register identity. The incoming LIR has the real register
158 // fields unset, except in places where the incoming LIR has fixed register
159 // constraints (SPEC). Phase 3 of allocation will visit all of the
160 // LDefinitions and LUses so as to write into the real register fields the
161 // decisions made by the allocator. For LUses, this is done by overwriting the
162 // complete LUse with a different LAllocation, for example LStackSlot. That's
163 // possible because LUse is a child class of LAllocation.
164 //
165 // This action of reading and then later updating LDefinition/LUses is the core
166 // of the allocator's interface to the outside world.
167 //
168 // To make visiting of LDefinitions/LUses possible, the allocator doesn't work
169 // with LDefinition and LUse directly. Rather it has pointers to them
170 // (VirtualRegister::def_, UsePosition::use_). Hence Phase 3 can modify the
171 // LIR in-place.
172 //
173 // (INVARs, all SPEC):
174 //
175 // - The collective VirtualRegister::def_ values should be unique, and there
176 // should be a 1:1 mapping between the VirtualRegister::def_ values and the
177 // LDefinitions in the LIR. (So that the LIR LDefinition has exactly one
178 // VirtualRegister::def_ to track it). But only for the valid LDefinitions.
179 // If isBogusTemp() is true, the definition is invalid and doesn't have a
180 // vreg.
181 //
182 // - The same for uses: there must be a 1:1 correspondence between the
183 // CodePosition::use_ values and the LIR LUses.
184 //
185 // - The allocation process must preserve these 1:1 mappings. That implies
186 // (weaker) that the number of VirtualRegisters and of UsePositions must
187 // remain constant through allocation. (Eg: losing them would mean that some
188 // LIR def or use would necessarily not get annotated with its final
189 // allocation decision. Duplicating them would lead to the possibility of
190 // conflicting allocation decisions.)
191 //
192 // Other comments regarding LIR
193 // ----------------------------
194 // The incoming LIR is structured into basic blocks and a CFG, as one would
195 // expect. These (insns, block boundaries, block edges etc) are available
196 // through the BacktrackingAllocator object. They are important for Phases 1
197 // and 3 but not for Phase 2.
198 //
199 // Phase 3 "rewrites" the input LIR so as to "install" the final allocation.
200 // It has to insert MoveGroup instructions, but that isn't done by pushing them
201 // into the instruction array. Rather, each LIR has 3 auxiliary sets of
202 // MoveGroups (SPEC): two that "happen" conceptually before the LIR, and one
203 // that happens after it. The rewriter inserts MoveGroups into one of these 3
204 // sets, and later code generation phases presumably insert the sets (suitably
205 // translated) into the final machine code (SPEC).
206 //
207 //
208 // Key data structures: LiveRange, VirtualRegister and LiveBundle
209 // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
210 //
211 // These three have central roles in allocation. Of them, LiveRange is the
212 // most central. VirtualRegister is conceptually important throughout, but
213 // appears less frequently in the allocator code. LiveBundle is important only
214 // in Phase 2 (where it is central) and at the end of Phase 1, but plays no
215 // role in Phase 3.
216 //
217 // It's important to understand that LiveRange and VirtualRegister correspond
218 // to concepts visible in the incoming LIR, which is in SSA form. LiveBundle
219 // by comparison is related to neither the structure of LIR nor its SSA
220 // properties. Instead, LiveBundle is an essentially adminstrative structure
221 // used to accelerate allocation and to implement a crude form of
222 // move-coalescing.
223 //
224 // VirtualRegisters and LiveRanges are (almost) static throughout the process,
225 // because they reflect aspects of the incoming LIR, which does not change.
226 // LiveBundles by contrast come and go; they are created, but may be split up
227 // into new bundles, and old ones abandoned.
228 //
229 // Each LiveRange is a member of two different linked lists, chained through
230 // fields registerLink and bundleLink.
231 //
232 // A VirtualRegister (described in detail below) has a list of LiveRanges that
233 // it "owns". These are chained through LiveRange::registerLink.
234 //
235 // A LiveBundle (also described below) also has a list LiveRanges that it
236 // "owns", chained through LiveRange::bundleLink.
237 //
238 // Hence each LiveRange is "owned" by one VirtualRegister and one LiveBundle.
239 // LiveRanges may have their owning LiveBundle changed as a result of
240 // splitting. By contrast a LiveRange stays with its "owning" VirtualRegister
241 // for ever.
242 //
243 // A few LiveRanges have no VirtualRegister. This is used to implement
244 // register spilling for calls. Each physical register that's not preserved
245 // across a call has a small range that covers the call. It is
246 // ::buildLivenessInfo that adds these small ranges.
247 //
248 // Iterating over every VirtualRegister in the system is a common operation and
249 // is straightforward because (somewhat redundantly?) the LIRGraph knows the
250 // number of vregs, and more importantly because BacktrackingAllocator::vregs
251 // is a vector of all VirtualRegisters. By contrast iterating over every
252 // LiveBundle in the system is more complex because there is no top-level
253 // registry of them. It is still possible though. See ::dumpLiveRangesByVReg
254 // and ::dumpLiveRangesByBundle for example code.
255 //
256 // LiveRange
257 // ---------
258 // Fundamentally, a LiveRange (often written just "range") is a request for
259 // storage of a LIR vreg for some contiguous sequence of LIRs. A LiveRange
260 // generally covers only a fraction of a vreg's overall lifetime, so multiple
261 // LiveRanges are generally needed to cover the whole lifetime.
262 //
263 // A LiveRange contains (amongst other things):
264 //
265 // * the vreg for which it is for, as a VirtualRegister*
266 //
267 // * the range of CodePositions for which it is for, as a LiveRange::Range
268 //
269 // * auxiliary information:
270 //
271 // - a boolean that indicates whether this LiveRange defines a value for the
272 // vreg. If so, that definition is regarded as taking place at the first
273 // CodePoint of the range.
274 //
275 // - a linked list of uses of the vreg within this range. Each use is a pair
276 // of a CodePosition and an LUse*. (INVAR): the uses are maintained in
277 // increasing order of CodePosition. Multiple uses at the same
278 // CodePosition are permitted, since that is necessary to represent an LIR
279 // that uses the same vreg in more than one of its operand slots.
280 //
281 // Some important facts about LiveRanges are best illustrated with examples:
282 //
283 // v25 75-82 { 75_def:R 78_v25:A 82_v25:A }
284 //
285 // This LiveRange is for vreg v25. The value is defined at CodePosition 75,
286 // with the LIR requiring that it be in a register. It is used twice at
287 // positions 78 and 82, both with no constraints (A meaning "any"). The range
288 // runs from position 75 to 82 inclusive. Note however that LiveRange::Range
289 // uses non-inclusive range ends; hence its .to field would be 83, not 82.
290 //
291 // v26 84-85 { 85_v26:R }
292 //
293 // This LiveRange is for vreg v26. Here, there's only a single use of it at
294 // position 85. Presumably it is defined in some other LiveRange.
295 //
296 // v19 74-79 { }
297 //
298 // This LiveRange is for vreg v19. There is no def and no uses, so at first
299 // glance this seems redundant. But it isn't: it still expresses a request for
300 // storage for v19 across 74-79, because Phase 1 regards v19 as being live in
301 // this range (meaning: having a value that, if changed in this range, would
302 // cause the program to fail).
303 //
304 // Other points:
305 //
306 // * (INVAR) Each vreg/VirtualRegister has at least one LiveRange.
307 //
308 // * (INVAR) Exactly one LiveRange of a vreg gives a definition for the value.
309 // All other LiveRanges must consist only of uses (including zero uses, for a
310 // "flow-though" range as mentioned above). This requirement follows from
311 // the fact that LIR is in SSA form.
312 //
313 // * It follows from this, that the LiveRanges for a VirtualRegister must form
314 // a tree, where the parent-child relationship is "control flows directly
315 // from a parent LiveRange (anywhere in the LiveRange) to a child LiveRange
316 // (start)". The entire tree carries only one value. This is a use of
317 // SSAness in the allocator which is fundamental: without SSA input, this
318 // design would not work.
319 //
320 // The root node (LiveRange) in the tree must be one that defines the value,
321 // and all other nodes must only use or be flow-throughs for the value. It's
322 // OK for LiveRanges in the tree to overlap, providing that there is a unique
323 // root node -- otherwise it would be unclear which LiveRange provides the
324 // value.
325 //
326 // The function ::createMoveGroupsFromLiveRangeTransitions runs after all
327 // LiveBundles have been allocated. It visits each VirtualRegister tree in
328 // turn. For every parent->child edge in a tree, it creates a MoveGroup that
329 // copies the value from the parent into the child -- this is how the
330 // allocator decides where to put MoveGroups. There are various other
331 // details not described here.
332 //
333 // * It's important to understand that a LiveRange carries no meaning about
334 // control flow beyond that implied by the SSA (hence, dominance)
335 // relationship between a def and its uses. In particular, there's no
336 // implication that execution "flowing into" the start of the range implies
337 // that it will "flow out" of the end. Or that any particular use will or
338 // will not be executed.
339 //
340 // * (very SPEC) Indeed, even if a range has a def, there's no implication that
341 // a use later in the range will have been immediately preceded by execution
342 // of the def. It could be that the def is executed, flow jumps somewhere
343 // else, and later jumps back into the middle of the range, where there are
344 // then some uses.
345 //
346 // * Uses of a vreg by a phi node are not mentioned in the use list of a
347 // LiveRange. The reasons for this are unknown, but it is speculated that
348 // this is because we don't need to know about phi uses where we use the list
349 // of positions. See comments on VirtualRegister::usedByPhi_.
350 //
351 // * Similarly, a definition of a vreg by a phi node is not regarded as being a
352 // definition point (why not?), at least as the view of
353 // LiveRange::hasDefinition_.
354 //
355 // * LiveRanges that nevertheless include a phi-defined value have their first
356 // point set to the first of the block of phis, even if the var isn't defined
357 // by that specific phi. Eg:
358 //
359 // Block 6 [successor 7] [successor 8]
360 // 56-59 Phi [def v19<o>] [use v2:A] [use v5:A] [use v13:A]
361 // 56-59 Phi [def v20<o>] [use v7:A] [use v14:A] [use v12:A]
362 // 60-61 WasmLoadSlot [def v21<o>] [use v1:R]
363 // 62-63 Compare [def v22<i>] [use v20:R] [use v21:A]
364 //
365 // The relevant live range for v20 is
366 //
367 // v20 56-65 { 63_v20:R }
368 //
369 // Observe that it starts at 56, not 58.
370 //
371 // VirtualRegister
372 // ---------------
373 // Each VirtualRegister is associated with an SSA value created by the LIR.
374 // Fundamentally it is a container to hold all of the LiveRanges that together
375 // indicate where the value must be kept live. This is a linked list beginning
376 // at VirtualRegister::ranges_, and which, as described above, is chained
377 // through LiveRange::registerLink. The set of LiveRanges must logically form
378 // a tree, rooted at the LiveRange which defines the value.
379 //
380 // For adminstrative convenience, the linked list must contain the LiveRanges
381 // in order of increasing start point.
382 //
383 // There are various auxiliary fields, most importantly the LIR node and the
384 // associated LDefinition that define the value.
385 //
386 // It is OK, and quite common, for LiveRanges of a VirtualRegister to overlap.
387 // The effect will be that, in an overlapped area, there are two storage
388 // locations holding the value. This is OK -- although wasteful of storage
389 // resources -- because the SSAness means the value must be the same in both
390 // locations. Hence there's no questions like "which LiveRange holds the most
391 // up-to-date value?", since it's all just one value anyway.
392 //
393 // Note by contrast, it is *not* OK for the LiveRanges of a LiveBundle to
394 // overlap.
395 //
396 // LiveBundle
397 // ----------
398 // Similar to VirtualRegister, a LiveBundle is also, fundamentally, a container
399 // for a set of LiveRanges. The set is stored as a linked list, rooted at
400 // LiveBundle::ranges_ and chained through LiveRange::bundleLink.
401 //
402 // However, the similarity ends there:
403 //
404 // * The LiveRanges in a LiveBundle absolutely must not overlap. They must
405 // indicate disjoint sets of CodePositions, and must be stored in the list in
406 // order of increasing CodePosition. Because of the no-overlap requirement,
407 // these ranges form a total ordering regardless of whether one uses the
408 // LiveRange::Range::from_ or ::to_ fields for comparison.
409 //
410 // * The LiveRanges in a LiveBundle can otherwise be entirely arbitrary and
411 // unrelated. They can be from different VirtualRegisters and can have no
412 // particular mutual significance w.r.t. the SSAness or structure of the
413 // input LIR.
414 //
415 // LiveBundles are the fundamental unit of allocation. The allocator attempts
416 // to find a single storage location that will work for all LiveRanges in the
417 // bundle. That's why the ranges must not overlap. If no such location can be
418 // found, the allocator may decide to split the bundle into multiple smaller
419 // bundles. Each of those may be allocated independently.
420 //
421 // The other really important field is LiveBundle::alloc_, indicating the
422 // chosen storage location.
423 //
424 // Here's an example, for a LiveBundle before it has been allocated:
425 //
426 // LB2(parent=none v3 8-21 { 16_v3:A } ## v3 24-25 { 25_v3:F:xmm0 })
427 //
428 // LB merely indicates "LiveBundle", and the 2 is the debugId_ value (see
429 // below). This bundle has two LiveRanges
430 //
431 // v3 8-21 { 16_v3:A }
432 // v3 24-25 { 25_v3:F:xmm0 }
433 //
434 // both of which (coincidentally) are for the same VirtualRegister, v3.The
435 // second LiveRange has a fixed use in `xmm0`, whilst the first one doesn't
436 // care (A meaning "any location") so the allocator *could* choose `xmm0` for
437 // the bundle as a whole.
438 //
439 // One might ask: why bother with LiveBundle at all? After all, it would be
440 // possible to get correct allocations by allocating each LiveRange
441 // individually, then leaving ::createMoveGroupsFromLiveRangeTransitions to add
442 // MoveGroups to join up LiveRanges that form each SSA value tree (that is,
443 // LiveRanges belonging to each VirtualRegister).
444 //
445 // There are two reasons:
446 //
447 // (1) By putting multiple LiveRanges into each LiveBundle, we can end up with
448 // many fewer LiveBundles than LiveRanges. Since the cost of allocating a
449 // LiveBundle is substantially less than the cost of allocating each of its
450 // LiveRanges individually, the allocator will run faster.
451 //
452 // (2) It provides a crude form of move-coalescing. There are situations where
453 // it would be beneficial, although not mandatory, to have two LiveRanges
454 // assigned to the same storage unit. Most importantly: (a) LiveRanges
455 // that form all of the inputs, and the output, of a phi node. (b)
456 // LiveRanges for the output and first-operand values in the case where we
457 // are targetting Intel-style instructions.
458 //
459 // In such cases, if the bundle can be allocated as-is, then no extra moves
460 // are necessary. If not (and the bundle is split), then
461 // ::createMoveGroupsFromLiveRangeTransitions will later fix things up by
462 // inserting MoveGroups in the right places.
463 //
464 // Merging of LiveRanges into LiveBundles is done in Phase 1, by
465 // ::mergeAndQueueRegisters, after liveness analysis (which generates only
466 // LiveRanges).
467 //
468 // For the bundle mentioned above, viz
469 //
470 // LB2(parent=none v3 8-21 { 16_v3:A } ## v3 24-25 { 25_v3:F:xmm0 })
471 //
472 // the allocator did not in the end choose to allocate it to `xmm0`. Instead
473 // it was split into two bundles, LB6 (a "spill parent", or root node in the
474 // trees described above), and LB9, a leaf node, that points to its parent LB6:
475 //
476 // LB6(parent=none v3 8-21 %xmm1.s { 16_v3:A } ## v3 24-25 %xmm1.s { })
477 // LB9(parent=LB6 v3 24-25 %xmm0.s { 25_v3:F:rax })
478 //
479 // Note that both bundles now have an allocation, and that is printed,
480 // redundantly, for each LiveRange in the bundle -- hence the repeated
481 // `%xmm1.s` in the lines above. Since all LiveRanges in a LiveBundle must be
482 // allocated to the same storage location, we never expect to see output like
483 // this
484 //
485 // LB6(parent=none v3 8-21 %xmm1.s { 16_v3:A } ## v3 24-25 %xmm2.s { })
486 //
487 // and that is in any case impossible, since a LiveRange doesn't have an
488 // LAllocation field. Instead it has a pointer to its LiveBundle, and the
489 // LAllocation lives in the LiveBundle.
490 //
491 // For the resulting allocation (LB6 and LB9), all the LiveRanges are use-only
492 // or flow-through. There are no definitions. But they are all for the same
493 // VirtualReg, v3, so they all have the same value. An important question is
494 // where they "get their value from". The answer is that
495 // ::createMoveGroupsFromLiveRangeTransitions will have to insert suitable
496 // MoveGroups so that each LiveRange for v3 can "acquire" the value from a
497 // previously-executed LiveRange, except for the range that defines it. The
498 // defining LiveRange is not visible here; either it is in some other
499 // LiveBundle, not shown, or (more likely) the value is defined by a phi-node,
500 // in which case, as mentioned previously, it is not shown as having an
501 // explicit definition in any LiveRange.
502 //
503 // LiveBundles also have a `SpillSet* spill_` field (see below) and a
504 // `LiveBundle* spillParent_`. The latter is used to ensure that all bundles
505 // originating from an "original" bundle share the same spill slot. The
506 // `spillParent_` pointers can be thought of creating a 1-level tree, where
507 // each node points at its parent. Since the tree can be only 1-level, the
508 // following invariant (INVAR) must be maintained:
509 //
510 // * if a LiveBundle has a non-null spillParent_ field, then it is a leaf node,
511 // and no other LiveBundle can point at this one.
512 //
513 // * else (it has a null spillParent_ field) it is a root node, and so other
514 // LiveBundles may point at it.
515 //
516 // When compiled with JS_JITSPEW, LiveBundle has a 32-bit `debugId_` field.
517 // This is used only for debug printing, and makes it easier to see
518 // parent-child relationships induced by the `spillParent_` pointers.
519 //
520 // The "life cycle" of LiveBundles is described in Section 2 below.
521 //
522 //
523 // Secondary data structures: SpillSet, Requirement
524 // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
525 //
526 // SpillSet
527 // --------
528 // A SpillSet is a container for a set of LiveBundles that have been spilled,
529 // all of which are assigned the same spill slot. The set is represented as a
530 // vector of points to LiveBundles. SpillSet also contains the identity of the
531 // spill slot (its LAllocation).
532 //
533 // A LiveBundle, if it is to be spilled, has a pointer to the relevant
534 // SpillSet, and the SpillSet in turn has a pointer back to the LiveBundle in
535 // its vector thereof. So LiveBundles (that are to be spilled) and SpillSets
536 // point at each other.
537 //
538 // (SPEC) LiveBundles that are not to be spilled (or for which the decision has
539 // yet to be made, have their SpillSet pointers as null. (/SPEC)
540 //
541 // Requirement
542 // -----------
543 // Requirements are used transiently during the main allocation loop. It
544 // summarises the set of constraints on storage location (must be any register,
545 // must be this specific register, must be stack, etc) for a LiveBundle. This
546 // is so that the main allocation loop knows what kind of storage location it
547 // must choose in order to satisfy all of the defs and uses within the bundle.
548 //
549 // What Requirement provides is (a) a partially ordered set of locations, and
550 // (b) a constraint-merging method `merge`.
551 //
552 // Requirement needs a rewrite (and, in fact, that has already happened in
553 // un-landed code in bug 1758274) for the following reasons:
554 //
555 // * it's potentially buggy (bug 1761654), although that doesn't currently
556 // affect us, for reasons which are unclear.
557 //
558 // * the partially ordered set has a top point, meaning "no constraint", but it
559 // doesn't have a corresponding bottom point, meaning "impossible
560 // constraints". (So it's a partially ordered set, but not a lattice). This
561 // leads to awkward coding in some places, which would be simplified if there
562 // were an explicit way to indicate "impossible constraint".
563 //
564 //
565 // Some ASCII art
566 // ~~~~~~~~~~~~~~
567 //
568 // Here's some not-very-good ASCII art that tries to summarise the data
569 // structures that persist for the entire allocation of a function:
570 //
571 // BacktrackingAllocator
572 // |
573 // (vregs)
574 // |
575 // v
576 // |
577 // VirtualRegister -->--(ins)--> LNode
578 // | | `->--(def)--> LDefinition
579 // v ^
580 // | |
581 // (ranges) |
582 // | (vreg)
583 // `--v->--. | ,-->--v-->-------------->--v-->--. ,--NULL
584 // \ | / \ /
585 // LiveRange LiveRange LiveRange
586 // / | \ / \.
587 // ,--b->--' / `-->--b-->--' `--NULL
588 // | (bundle)
589 // ^ /
590 // | v
591 // (ranges) /
592 // | /
593 // LiveBundle --s-->- LiveBundle
594 // | \ / |
595 // | \ / |
596 // (spill) ^ ^ (spill)
597 // | \ / |
598 // v \ / ^
599 // | (list) |
600 // \ | /
601 // `--->---> SpillSet <--'
602 //
603 // --b-- LiveRange::bundleLink: links in the list of LiveRanges that belong to
604 // a LiveBundle
605 //
606 // --v-- LiveRange::registerLink: links in the list of LiveRanges that belong
607 // to a VirtualRegister
608 //
609 // --s-- LiveBundle::spillParent: a possible link to my "spill parent bundle"
610 //
611 //
612 // * LiveRange is in the center. Each LiveRange is a member of two different
613 // linked lists, the --b-- list and the --v-- list.
614 //
615 // * VirtualRegister has a pointer `ranges` that points to the start of its
616 // --v-- list of LiveRanges.
617 //
618 // * LiveBundle has a pointer `ranges` that points to the start of its --b--
619 // list of LiveRanges.
620 //
621 // * LiveRange points back at both its owning VirtualRegister (`vreg`) and its
622 // owning LiveBundle (`bundle`).
623 //
624 // * LiveBundle has a pointer --s-- `spillParent`, which may be null, to its
625 // conceptual "spill parent bundle", as discussed in detail above.
626 //
627 // * LiveBundle has a pointer `spill` to its SpillSet.
628 //
629 // * SpillSet has a vector `list` of pointers back to the LiveBundles that
630 // point at it.
631 //
632 // * VirtualRegister has pointers `ins` to the LNode that defines the value and
633 // `def` to the LDefinition within that LNode.
634 //
635 // * BacktrackingAllocator has a vector `vregs` of pointers to all the
636 // VirtualRegisters for the function. There is no equivalent top-level table
637 // of all the LiveBundles for the function.
638 //
639 // Note that none of these pointers are "owning" in the C++-storage-management
640 // sense. Rather, everything is stored in single arena which is freed when
641 // compilation of the function is complete. For this reason,
642 // BacktrackingAllocator.{h,cpp} is almost completely free of the usual C++
643 // storage-management artefacts one would normally expect to see.
644 //
645 //
646 // ========================================================================
647 // ==== ====
648 // ==== Section 2: The core allocation loop, and bundle splitting ====
649 // ==== ====
650 // ========================================================================
651 //
652 // Phase 1 of the allocator (described at the start of this SMDOC) computes
653 // live ranges, merges them into bundles, and places the bundles in a priority
654 // queue ::allocationQueue, ordered by what ::computePriority computes.
655 //
656 //
657 // The allocation loops
658 // ~~~~~~~~~~~~~~~~~~~~
659 // The core of the allocation machinery consists of two loops followed by a
660 // call to ::pickStackSlots. The latter is uninteresting. The two loops live
661 // in ::go and are documented in detail there.
662 //
663 //
664 // Bundle splitting
665 // ~~~~~~~~~~~~~~~~
666 // If the first of the two abovementioned loops cannot find a register for a
667 // bundle, either directly or as a result of evicting conflicting bundles, then
668 // it will have to either split or spill the bundle. The entry point to the
669 // split/spill subsystem is ::chooseBundleSplit. See comments there.
671 ///////////////////////////////////////////////////////////////////////////////
672 // //
673 // End of documentation //
674 // //
675 ///////////////////////////////////////////////////////////////////////////////
679 #include <algorithm>
690 // This is a big, complex file. Code is grouped into various sections, each
691 // preceded by a box comment. Sections not marked as "Misc helpers" are
692 // pretty much the top level flow, and are presented roughly in the same order
693 // in which the allocation pipeline operates. BacktrackingAllocator::go,
694 // right at the end of the file, is a good starting point.
696 ///////////////////////////////////////////////////////////////////////////////
697 // //
698 // Misc helpers: linked-list management //
699 // //
700 ///////////////////////////////////////////////////////////////////////////////
704 }
712 }
717 }
724 }
729 }
735 }
737 }
743 }
744 }
746 ///////////////////////////////////////////////////////////////////////////////
747 // //
748 // Misc helpers: methods for class SpillSet //
749 // //
750 ///////////////////////////////////////////////////////////////////////////////
755 }
756 }
758 ///////////////////////////////////////////////////////////////////////////////
759 // //
760 // Misc helpers: methods for class LiveRange //
761 // //
762 ///////////////////////////////////////////////////////////////////////////////
775 }
776 }
783 }
784 }
791 }
793 }
799 }
805 }
811 // Move over all uses which fit in |other|'s boundaries.
819 iter++;
820 }
821 }
823 // Distribute the definition to |other| as well, if possible.
826 }
827 }
831 }
842 }
845 }
852 }
855 }
859 }
860 }
866 }
868 ///////////////////////////////////////////////////////////////////////////////
869 // //
870 // Misc helpers: methods for class LiveBundle //
871 // //
872 ///////////////////////////////////////////////////////////////////////////////
874 #ifdef DEBUG
878 count++;
879 }
881 }
882 #endif
889 }
890 }
892 }
898 }
905 }
908 }
916 }
920 }
926 }
933 }
941 }
942 }
944 }
946 ///////////////////////////////////////////////////////////////////////////////
947 // //
948 // Misc helpers: methods for class VirtualRegister //
949 // //
950 ///////////////////////////////////////////////////////////////////////////////
956 // Mark [from,to) as a live range for this register during the initial
957 // liveness analysis, coalescing with any existing overlapping ranges.
959 // On some pathological graphs there might be a huge number of different
960 // live ranges. Allow non-overlapping live range to be merged if the
961 // number of ranges exceeds the cap below.
970 // The new range should go after this one.
972 iter++;
974 }
977 // The new range should go before this one.
979 }
982 // This is the first old range we've found that overlaps the new
983 // range. Extend this one to cover its union with the new range.
988 }
991 }
993 // Continue searching to see if any other old ranges can be
994 // coalesced with the new merged range.
995 iter++;
997 }
999 // Coalesce this range into the previous range we merged into.
1003 }
1010 }
1013 // The new range does not overlap any existing range for the vreg.
1017 }
1023 }
1026 }
1029 }
1033 }
1040 }
1050 }
1053 }
1054 }
1055 }
1057 }
1061 }
1069 }
1070 }
1072 }
1074 ///////////////////////////////////////////////////////////////////////////////
1075 // //
1076 // Misc helpers: queries about uses //
1077 // //
1078 ///////////////////////////////////////////////////////////////////////////////
1087 }
1096 }
1097 }
1103 }
1104 }
1106 }
1112 }
1114 }
1128 }
1129 }
1134 }
1139 }
1144 }
1147 }
1149 ///////////////////////////////////////////////////////////////////////////////
1150 // //
1151 // Misc helpers: atomic LIR groups //
1152 // //
1153 ///////////////////////////////////////////////////////////////////////////////
1155 // The following groupings contain implicit (invisible to ::buildLivenessInfo)
1156 // value flows, and therefore no split points may be requested inside them.
1157 // This is an otherwise unstated part of the contract between LIR generation
1158 // and the allocator.
1159 //
1160 // (1) (any insn) ; OsiPoint
1161 //
1162 // [Further group definitions and supporting code to come, pending rework
1163 // of the wasm atomic-group situation.]
1166 // Compute the shortest interval that captures vregs defined by ins.
1167 // Watch for instructions that are followed by an OSI point.
1168 // If moves are introduced between the instruction and the OSI point then
1169 // safepoint information for the instruction may be incorrect.
1174 }
1176 }
1179 }
1181 ///////////////////////////////////////////////////////////////////////////////
1182 // //
1183 // Misc helpers: computation of bundle priorities and spill weights //
1184 // //
1185 ///////////////////////////////////////////////////////////////////////////////
1188 // The priority of a bundle is its total length, so that longer lived
1189 // bundles will be processed before shorter ones (even if the longer ones
1190 // have a low spill weight). See processBundle().
1194 iter++) {
1197 }
1200 }
1203 // Whether this is a minimal range capturing a definition at ins.
1207 }
1210 // Whether this is a minimal range capturing |use|.
1215 }
1224 }
1226 // If a bundle contains multiple ranges, splitAtAllRegisterUses will split
1227 // each range into a separate bundle.
1230 }
1237 }
1239 }
1246 }
1252 }
1256 }
1262 }
1267 }
1268 }
1270 // If a range contains a fixed use and at least one other use,
1271 // splitAtAllRegisterUses will split each use into a different bundle.
1274 }
1278 }
1280 }
1283 // Minimal bundles have an extremely high spill weight, to ensure they
1284 // can evict any other bundles and be allocated to a register.
1288 }
1294 iter++) {
1305 }
1306 }
1311 }
1312 }
1314 // Bundles with fixed uses are given a higher spill weight, since they must
1315 // be allocated to a specific register.
1318 }
1320 // Compute spill weight as a use density, lowering the weight for long
1321 // lived bundles with relatively few uses.
1324 }
1331 }
1333 }
1335 ///////////////////////////////////////////////////////////////////////////////
1336 // //
1337 // Initialization of the allocator //
1338 // //
1339 ///////////////////////////////////////////////////////////////////////////////
1341 // This function pre-allocates and initializes as much global state as possible
1342 // to avoid littering the algorithms with memory management cruft.
1346 }
1351 }
1356 }
1359 }
1361 // Build virtual register objects.
1365 }
1369 ins++) {
1372 }
1378 }
1380 }
1386 }
1388 }
1389 }
1394 }
1395 }
1401 }
1403 AnyRegister reg =
1406 }
1412 }
1417 // Partition the graph into hot and cold sections, for helping to make
1418 // splitting decisions. Since we don't have any profiling data this is a
1419 // crapshoot, so just mark the bodies of inner loops as hot and everything
1420 // else as cold.
1426 // If we see a loop header, mark the backedge so we know when we have
1427 // hit the end of the loop. Don't process the loop immediately, so that
1428 // if there is an inner loop we will ignore the outer backedge.
1431 }
1439 }
1440 }
1441 }
1444 }
1446 ///////////////////////////////////////////////////////////////////////////////
1447 // //
1448 // Liveness analysis //
1449 // //
1450 ///////////////////////////////////////////////////////////////////////////////
1452 // Helper for ::buildLivenessInfo
1454 CodePosition from,
1455 CodePosition to) {
1459 }
1462 }
1464 // Helper for ::buildLivenessInfo
1465 #ifdef DEBUG
1466 // Returns true iff ins has a def/temp reusing the input allocation.
1472 }
1473 }
1479 }
1480 }
1483 }
1484 #endif
1486 /*
1487 * This function builds up liveness ranges for all virtual registers
1488 * defined in the function.
1489 *
1490 * The algorithm is based on the one published in:
1491 *
1492 * Wimmer, Christian, and Michael Franz. "Linear Scan Register Allocation on
1493 * SSA Form." Proceedings of the International Symposium on Code Generation
1494 * and Optimization. Toronto, Ontario, Canada, ACM. 2010. 170-79. PDF.
1495 *
1496 * The algorithm operates on blocks ordered such that dominators of a block
1497 * are before the block itself, and such that all blocks of a loop are
1498 * contiguous. It proceeds backwards over the instructions in this order,
1499 * marking registers live at their uses, ending their live ranges at
1500 * definitions, and recording which registers are live at the top of every
1501 * block. To deal with loop backedges, registers live at the beginning of
1502 * a loop gain a range covering the entire loop.
1503 */
1511 }
1518 }
1527 }
1529 // Propagate liveIn from our successors to us.
1532 // Skip backedges, as we fix them up at the loop header.
1535 }
1536 }
1538 // Add successor phis.
1547 }
1548 }
1550 // Registers are assumed alive for the entire block, a define shortens
1551 // the range to the point of definition.
1556 }
1558 // Shorten the front end of ranges for live variables to their point of
1559 // definition, if found.
1562 // Calls may clobber registers, so force a spill and reload around the
1563 // callsite.
1573 }
1574 }
1575 // If this register doesn't have an explicit def above, mark
1576 // it as clobbered by the call unless it is actually
1577 // call-preserved.
1582 }
1583 }
1584 }
1590 }
1595 }
1596 }
1602 }
1607 // MUST_REUSE_INPUT is implemented by allocating an output
1608 // register and moving the input to it. Register hints are
1609 // used to avoid unnecessary moves. We give the input an
1610 // LUse::ANY policy to avoid allocating a register for the
1611 // input.
1617 }
1622 }
1625 }
1631 }
1633 // Normally temps are considered to cover both the input
1634 // and output of the associated instruction. In some cases
1635 // though we want to use a fixed register as both an input
1636 // and clobbered register in the instruction, so watch for
1637 // this and shorten the temp to cover only the output.
1648 }
1649 }
1650 }
1651 }
1652 }
1654 // * For non-call instructions, temps cover both the input and output,
1655 // so temps never alias uses (even at-start uses) or defs.
1656 // * For call instructions, temps only cover the input (the output is
1657 // used for the force-spill ranges added above). This means temps
1658 // still don't alias uses but they can alias the (fixed) defs. For now
1659 // we conservatively require temps to have a fixed register for call
1660 // instructions to prevent a footgun.
1662 CodePosition to =
1667 }
1669 }
1679 // Call uses should always be at-start, since calls use all
1680 // registers.
1684 #ifdef DEBUG
1685 // If there are both useRegisterAtStart(x) and useRegister(y)
1686 // uses, we may assign the same register to both operands
1687 // (bug 772830). Don't allow this for now.
1692 }
1695 }
1696 }
1698 #endif
1700 // Don't treat RECOVERED_INPUT uses as keeping the vreg alive.
1703 }
1713 }
1714 }
1715 }
1720 }
1725 }
1728 }
1729 }
1730 }
1732 // Phis have simultaneous assignment semantics at block begin, so at
1733 // the beginning of the block we can be sure that liveIn does not
1734 // contain any phi outputs.
1740 // This is a dead phi, so add a dummy range over all phis. This
1741 // can go away if we have an earlier dead code elimination pass.
1746 }
1747 }
1748 }
1751 // A divergence from the published algorithm is required here, as
1752 // our block order does not guarantee that blocks of a loop are
1753 // contiguous. As a result, a single live range spanning the
1754 // loop is not possible. Additionally, we require liveIn in a later
1755 // pass for resolution, so that must also be fixed up here.
1758 // Blocks must already have been visited to have a liveIn set.
1761 // Add a range for this entire loop block
1769 }
1770 }
1772 // Fix up the liveIn set.
1775 // Make sure we don't visit this node again
1778 // If this is the loop header, any predecessors are either the
1779 // backedge or out of the loop, so skip any predecessors of
1780 // this block
1786 }
1789 }
1790 }
1791 }
1793 // Terminate loop if out of work.
1796 }
1798 // Grab the next block off the work list, skipping any OSR block.
1804 }
1805 }
1807 // If end is reached without finding a non-OSR block, then no more work
1808 // items were found.
1812 }
1813 }
1815 // Clear the done set for other loops
1817 }
1820 }
1824 }
1826 ///////////////////////////////////////////////////////////////////////////////
1827 // //
1828 // Merging and queueing of LiveRange groups //
1829 // //
1830 ///////////////////////////////////////////////////////////////////////////////
1832 // Helper for ::tryMergeBundles
1835 }
1837 // Helper for ::tryMergeBundles
1842 }
1844 // Helper for ::tryMergeBundles
1847 }
1849 // Helper for ::tryMergeBundles
1851 // Fast path for the common case.
1854 }
1856 // Only merge if the sizes match, so that we don't get confused about the
1857 // width of spill slots.
1859 }
1861 // Helper for ::tryMergeReusedRegister
1864 // See if bundle0 and bundle1 can be merged together.
1867 }
1869 // Get a representative virtual register from each bundle.
1876 // Registers which might spill to the frame's |this| slot can only be
1877 // grouped with other such registers. The frame's |this| slot must always
1878 // hold the |this| value, as required by JitFrame tracing and by the Ion
1879 // constructor calling convention.
1883 }
1884 }
1886 // Registers which might spill to the frame's argument slots can only be
1887 // grouped with other such registers if the frame might access those
1888 // arguments through a lazy arguments object or rest parameter.
1894 }
1895 }
1896 }
1898 // When we make a call to a WebAssembly function that returns multiple
1899 // results, some of those results can go on the stack. The callee is passed a
1900 // pointer to this stack area, which is represented as having policy
1901 // LDefinition::STACK (with type LDefinition::STACKRESULTS). Individual
1902 // results alias parts of the stack area with a value-appropriate type, but
1903 // policy LDefinition::STACK. This aliasing between allocations makes it
1904 // unsound to merge anything with a LDefinition::STACK policy.
1907 }
1909 // Limit the number of times we compare ranges if there are many ranges in
1910 // one of the bundles, to avoid quadratic behavior.
1913 // Make sure that ranges in the bundles do not overlap.
1920 }
1926 iter1++;
1928 iter0++;
1931 }
1932 }
1934 // Move all ranges from bundle1 into bundle0.
1937 }
1940 }
1942 // Helper for ::mergeAndQueueRegisters
1950 // Because the definitions are visited in order, the area has been allocated
1951 // before we reach this result, so we know the operand is an LStackArea.
1956 }
1957 }
1959 // Helper for ::mergeAndQueueRegisters
1962 // def is a vreg which reuses input for its output physical register. Try
1963 // to merge ranges for def with those of input if possible, as avoiding
1964 // copies before def's instruction is crucial for generated code quality
1965 // (MUST_REUSE_INPUT is used for all arithmetic on x86/x64).
1971 }
1976 }
1980 // The input is not live after the instruction, either in a safepoint
1981 // for the instruction or in subsequent code. The input and output
1982 // can thus be in the same group.
1984 }
1986 // Avoid merging in very large live ranges as merging has non-linear
1987 // complexity. The cutoff value is hard to gauge. 1M was chosen because it
1988 // is "large" and yet usefully caps compile time on AutoCad-for-the-web to
1989 // something reasonable on a 2017-era desktop system.
1994 }
1996 // The input is live afterwards, either in future instructions or in a
1997 // safepoint for the reusing instruction. This is impossible to satisfy
1998 // without copying the input.
1999 //
2000 // It may or may not be better to split the input into two bundles at the
2001 // point of the definition, which may permit merging. One case where it is
2002 // definitely better to split is if the input never has any register uses
2003 // after the instruction. Handle this splitting eagerly.
2007 // The input's lifetime must end within the same block as the definition,
2008 // otherwise it could live on in phis elsewhere.
2012 }
2014 // If we already split the input for some other register, don't make a
2015 // third bundle.
2019 }
2021 // If the input will start out in memory then adding a separate bundle for
2022 // memory uses after the def won't help.
2026 }
2028 // The input cannot have register or reused uses after the definition.
2032 }
2038 }
2043 }
2044 }
2050 }
2052 // The new range starts at reg's input position, which means it overlaps
2053 // with the old range at one position. This is what we want, because we
2054 // need to copy the input before the instruction.
2059 }
2077 // The new range goes in a separate bundle, where it will be spilled during
2078 // allocation.
2082 }
2086 }
2091 // Create a bundle for each register containing all its ranges.
2096 }
2101 }
2103 iter++) {
2106 }
2107 }
2109 // If there is an OSR block, merge parameters in that block with the
2110 // corresponding parameters in the initial block.
2126 }
2129 }
2130 }
2132 }
2133 }
2134 }
2135 }
2137 // Try to merge registers with their reused inputs.
2142 }
2151 }
2152 }
2153 }
2155 // Try to merge phis with their inputs.
2166 }
2167 }
2168 }
2169 }
2171 // Add all bundles to the allocation queue, and create spill sets for them.
2175 // Eagerly allocate stack result areas and their component stack results.
2178 }
2181 iter++) {
2187 }
2192 }
2198 }
2199 }
2200 }
2201 }
2204 }
2206 ///////////////////////////////////////////////////////////////////////////////
2207 // //
2208 // Code for the splitting/spilling subsystem begins here. //
2209 // //
2210 // The code that follows is structured in the following sequence: //
2211 // //
2212 // (1) Routines that are helpers for ::splitAt. //
2213 // (2) ::splitAt itself, which implements splitting decisions. //
2214 // (3) heuristic routines (eg ::splitAcrossCalls), which decide where //
2215 // splits should be made. They then call ::splitAt to perform the //
2216 // chosen split. //
2217 // (4) The top level driver, ::chooseBundleSplit. //
2218 // //
2219 // There are further comments on ::splitAt and ::chooseBundleSplit below. //
2220 // //
2221 ///////////////////////////////////////////////////////////////////////////////
2223 ///////////////////////////////////////////////////////////////////////////////
2224 // //
2225 // Implementation of splitting decisions, but not the making of those //
2226 // decisions: various helper functions //
2227 // //
2228 ///////////////////////////////////////////////////////////////////////////////
2232 #ifdef DEBUG
2247 }
2248 oldRanges++;
2249 newRanges++;
2250 }
2252 // This is likely to trigger an infinite loop in register allocation. This
2253 // can be the result of invalid register constraints, making regalloc
2254 // impossible; consider relaxing those.
2257 }
2258 }
2259 #endif
2265 }
2266 }
2268 // Remove all ranges in the old bundle from their register's list.
2270 iter++) {
2273 }
2275 // Add all ranges in the new bundles to their register's list.
2279 iter++) {
2282 }
2283 }
2285 // Queue the new bundles for register assignment.
2291 }
2292 }
2295 }
2297 // Helper for ::splitAt
2298 // When splitting a bundle according to a list of split positions, return
2299 // whether a use or range at |pos| should use a different bundle than the last
2300 // position this was called for.
2304 // When the split positions are empty we are splitting at all uses.
2306 }
2309 // We've advanced past all split positions.
2311 }
2314 // We haven't gotten to the next split position yet.
2316 }
2318 // We've advanced past the next split position, find the next one which we
2319 // should split at.
2323 }
2325 }
2327 // Helper for ::splitAt
2332 iter++) {
2336 }
2339 }
2340 }
2343 }
2345 // Helper for ::splitAt
2351 iter++) {
2355 }
2358 }
2359 }
2363 }
2365 ///////////////////////////////////////////////////////////////////////////////
2366 // //
2367 // Implementation of splitting decisions, but not the making of those //
2368 // decisions: //
2369 // ::splitAt //
2370 // //
2371 ///////////////////////////////////////////////////////////////////////////////
2373 // ::splitAt
2374 // ---------
2375 // It would be nice to be able to interpret ::splitAt as simply performing
2376 // whatever split the heuristic routines decide on. Unfortunately it
2377 // tries to "improve" on the initial locations, which as
2378 // https://bugzilla.mozilla.org/show_bug.cgi?id=1758274#c17 shows, often
2379 // leads to excessive spilling. So there is no clean distinction between
2380 // policy (where to split, computed by the heuristic routines) and
2381 // implementation (done by ::splitAt).
2382 //
2383 // ::splitAt -- creation of spill parent bundles
2384 // ---------------------------------------------
2385 // To understand what ::splitAt does, we must refer back to Section 1's
2386 // description of LiveBundle::spillParent_.
2387 //
2388 // Initially (as created by Phase 1), all bundles have `spillParent_` being
2389 // NULL. If ::splitAt is asked to split such a bundle, it will first create a
2390 // "spill bundle" or "spill parent" bundle. This is a copy of the original,
2391 // with two changes:
2392 //
2393 // * all register uses have been removed, so that only stack-compatible uses
2394 // remain.
2395 //
2396 // * for all LiveRanges in the bundle that define a register, the start point
2397 // of the range is moved one CodePosition forwards, thusly:
2398 //
2399 // from = minimalDefEnd(insData[from]).next();
2400 //
2401 // The reason for the latter relates to the idea described in Section 1, that
2402 // all LiveRanges for any given VirtualRegister must form a tree rooted at the
2403 // defining LiveRange. If the spill-bundle definition range start points are
2404 // the same as those in the original bundle, then we will end up with two roots
2405 // for the tree, and it is then unclear which one should supply "the value".
2406 //
2407 // Putting the spill-bundle start point one CodePosition further along causes
2408 // the range containing the register def (after splitting) to still be the
2409 // defining point. ::createMoveGroupsFromLiveRangeTransitions will observe the
2410 // equivalent spill-bundle range starting one point later and add a MoveGroup
2411 // to move the value into it. Since the spill bundle is intended to be stack
2412 // resident, the effect is to force creation of the MoveGroup that will
2413 // actually spill this value onto the stack.
2414 //
2415 // If the bundle provided to ::splitAt already has a spill parent, then
2416 // ::splitAt doesn't create a new spill parent. This situation will happen
2417 // when the bundle to be split was itself created by splitting. The effect is
2418 // that *all* bundles created from an "original bundle" share the same spill
2419 // parent, and hence they will share the same spill slot, which guarantees that
2420 // all the spilled fragments of a VirtualRegister share the same spill slot,
2421 // which means we'll never have to move a VirtualRegister between different
2422 // spill slots during its lifetime.
2423 //
2424 // ::splitAt -- creation of other bundles
2425 // --------------------------------------
2426 // With the spill parent bundle question out of the way, ::splitAt then goes on
2427 // to create the remaining new bundles, using near-incomprehensible logic
2428 // steered by `UseNewBundle`.
2429 //
2430 // This supposedly splits the bundle at the positions given by the
2431 // `SplitPositionVector` parameter to ::splitAt, putting them in a temporary
2432 // vector `newBundles`. Whether it really splits at the requested positions or
2433 // not is hard to say; more important is what happens next.
2434 //
2435 // ::splitAt -- "improvement" ("filtering") of the split bundles
2436 // -------------------------------------------------------------
2437 // ::splitAt now tries to reduce the length of the LiveRanges that make up the
2438 // new bundles (not including the "spill parent"). I assume this is to remove
2439 // sections of the bundles that carry no useful value (eg, extending after the
2440 // last using a range), thereby removing the demand for registers in those
2441 // parts. This does however mean that ::splitAt is no longer really splitting
2442 // where the heuristic routines wanted, and that can lead to a big increase in
2443 // spilling in loops, as
2444 // https://bugzilla.mozilla.org/show_bug.cgi?id=1758274#c17 describes.
2445 //
2446 // ::splitAt -- meaning of the incoming `SplitPositionVector`
2447 // ----------------------------------------------------------
2448 // ::splitAt has one last mystery which is important to document. The split
2449 // positions are specified as CodePositions, but this leads to ambiguity
2450 // because, in a sequence of N (LIR) instructions, there are 2N valid
2451 // CodePositions. For example:
2452 //
2453 // 6-7 WasmLoadTls [def v2<o>] [use v1:R]
2454 // 8-9 WasmNullConstant [def v3<o>]
2455 //
2456 // Consider splitting the range for `v2`, which starts at CodePosition 7.
2457 // What's the difference between saying "split it at 7" and "split it at 8" ?
2458 // Not much really, since in both cases what we intend is for the range to be
2459 // split in between the two instructions.
2460 //
2461 // Hence I believe the semantics is:
2462 //
2463 // * splitting at an even numbered CodePosition (eg, 8), which is an input-side
2464 // position, means "split before the instruction containing this position".
2465 //
2466 // * splitting at an odd numbered CodePositin (eg, 7), which is an output-side
2467 // position, means "split after the instruction containing this position".
2468 //
2469 // Hence in the example, we could specify either 7 or 8 to mean the same
2470 // placement of the split. Well, almost true, but actually:
2471 //
2472 // (SPEC) specifying 8 means
2473 //
2474 // "split between these two insns, and any resulting MoveGroup goes in the
2475 // list to be emitted before the start of the second insn"
2476 //
2477 // (SPEC) specifying 7 means
2478 //
2479 // "split between these two insns, and any resulting MoveGroup goes in the
2480 // list to be emitted after the end of the first insn"
2481 //
2482 // In most cases we don't care on which "side of the valley" the MoveGroup ends
2483 // up, in which case we can use either convention.
2484 //
2485 // (SPEC) I believe these semantics are implied by the logic in
2486 // ::createMoveGroupsFromLiveRangeTransitions. They are certainly not
2487 // documented anywhere in the code.
2491 // Split the bundle at the given split points. Register uses which have no
2492 // intervening split points are consolidated into the same bundle. If the
2493 // list of split points is empty, then all register uses are placed in
2494 // minimal bundles.
2496 // splitPositions should be sorted.
2499 }
2501 // We don't need to create a new spill bundle if there already is one.
2508 }
2512 iter++) {
2518 }
2524 }
2528 }
2529 }
2530 }
2531 }
2533 LiveBundleVector newBundles;
2535 // The bundle which ranges are currently being added to.
2540 }
2542 // State for use by UseNewBundle.
2545 // Make new bundles according to the split positions, and distribute ranges
2546 // and uses to them.
2548 iter++) {
2552 activeBundle =
2556 }
2557 }
2563 }
2568 }
2574 // Any uses of a register that appear before its definition has
2575 // finished must be associated with the range for that definition.
2580 // Place this register use into a different bundle from the
2581 // last one if there are any split points between the two uses.
2582 // UseNewBundle always returns true if we are splitting at all
2583 // register uses, but we can still reuse the last range and
2584 // bundle if they have uses at the same position, except when
2585 // either use is fixed (the two uses might require incompatible
2586 // registers.)
2592 activeBundle =
2596 }
2601 }
2603 }
2609 }
2610 }
2611 }
2613 LiveBundleVector filteredBundles;
2615 // Trim the ends of ranges in each new bundle when there are no other
2616 // earlier or later ranges in the same bundle with the same vreg.
2631 }
2632 }
2633 }
2644 }
2645 }
2647 iter++;
2648 }
2652 }
2653 }
2657 }
2660 }
2662 ///////////////////////////////////////////////////////////////////////////////
2663 // //
2664 // Creation of splitting decisions, but not their implementation: //
2665 // ::splitAcrossCalls //
2666 // ::trySplitAcrossHotcode //
2667 // ::trySplitAfterLastRegisterUse //
2668 // ::trySplitBeforeFirstRegisterUse //
2669 // //
2670 ///////////////////////////////////////////////////////////////////////////////
2673 // Split the bundle to separate register uses and non-register uses and
2674 // allow the vreg to be spilled across its range.
2676 // Find the locations of all calls in the bundle's range.
2677 SplitPositionVector callPositions;
2679 iter++) {
2684 // There are no calls inside this range.
2686 }
2689 // The search above returns an arbitrary call within the range. Walk
2690 // backwards to find the first call in the range.
2699 }
2700 }
2702 // Add all call positions within the range, by walking forwards.
2708 }
2710 // Calls at the beginning of the range are ignored; there is no splitting
2711 // to do.
2716 }
2717 }
2718 }
2719 }
2722 #ifdef JS_JITSPEW
2727 }
2729 #endif
2732 }
2736 // If this bundle has portions that are hot and portions that are cold,
2737 // split it at the boundaries between hot and cold code.
2742 iter++) {
2746 }
2747 }
2749 // Don't split if there is no hot code in the bundle.
2753 }
2755 // Don't split if there is no cold code in the bundle.
2758 iter++) {
2763 }
2764 }
2768 }
2773 // Tweak the splitting method when compiling wasm code to look at actual
2774 // uses within the hot/cold code. This heuristic is in place as the below
2775 // mechanism regresses several asm.js tests. Hopefully this will be fixed
2776 // soon and this special case removed. See bug 948838.
2778 SplitPositionVector splitPositions;
2782 }
2785 }
2791 }
2801 }
2802 }
2804 // Accumulate the ranges of hot and cold code in the bundle. Note that
2805 // we are only comparing with the single hot range found, so the cold code
2806 // may contain separate hot ranges.
2808 iter++) {
2817 }
2818 }
2825 }
2832 }
2833 }
2837 }
2838 }
2839 }
2846 }
2853 }
2854 }
2858 }
2859 }
2860 }
2861 }
2865 LiveBundleVector newBundles;
2868 }
2874 }
2879 }
2882 }
2883 }
2887 }
2892 // If this bundle's later uses do not require it to be in a register,
2893 // split it after the last use which does require a register. If conflict
2894 // is specified, only consider register uses before the conflict starts.
2899 iter++) {
2902 // If the range defines a register, consider that a register use for
2903 // our purposes here.
2909 }
2910 }
2915 // Uses in the bundle should be sorted.
2923 }
2924 }
2925 }
2926 }
2928 // Can't trim non-register uses off the end by splitting.
2932 }
2936 }
2941 SplitPositionVector splitPositions;
2944 }
2947 }
2952 // If this bundle's earlier uses do not require it to be in a register,
2953 // split it before the first use which does require a register. If conflict
2954 // is specified, only consider register uses after the conflict ends.
2959 }
2963 }
2965 CodePosition firstRegisterFrom;
2967 CodePosition conflictEnd;
2970 iter++) {
2974 }
2975 }
2976 }
2979 iter++) {
2986 }
2987 }
2996 }
2997 }
2998 }
3001 }
3002 }
3005 // Can't trim non-register uses off the beginning by splitting.
3008 }
3014 SplitPositionVector splitPositions;
3017 }
3020 }
3022 ///////////////////////////////////////////////////////////////////////////////
3023 // //
3024 // The top level driver for the splitting machinery //
3025 // //
3026 ///////////////////////////////////////////////////////////////////////////////
3028 // ::chooseBundleSplit
3029 // -------------------
3030 // If the first allocation loop (in ::go) can't allocate a bundle, it hands it
3031 // off to ::chooseBundleSplit, which is the "entry point" of the bundle-split
3032 // machinery. This tries four heuristics in turn, to see if any can split the
3033 // bundle:
3034 //
3035 // * ::trySplitAcrossHotcode
3036 // * ::splitAcrossCalls (in some cases)
3037 // * ::trySplitBeforeFirstRegisterUse
3038 // * ::trySplitAfterLastRegisterUse
3039 //
3040 // These routines have similar structure: they try to decide on one or more
3041 // CodePositions at which to split the bundle, using whatever heuristics they
3042 // have to hand. If suitable CodePosition(s) are found, they are put into a
3043 // `SplitPositionVector`, and the bundle and the vector are handed off to
3044 // ::splitAt, which performs the split (at least in theory) at the chosen
3045 // positions. It also arranges for the new bundles to be added to
3046 // ::allocationQueue.
3047 //
3048 // ::trySplitAcrossHotcode has a special case for JS -- it modifies the
3049 // bundle(s) itself, rather than using ::splitAt.
3050 //
3051 // If none of the heuristic routines apply, then ::splitAt is called with an
3052 // empty vector of split points. This is interpreted to mean "split at all
3053 // register uses". When combined with how ::splitAt works, the effect is to
3054 // spill the bundle.
3065 }
3068 }
3072 }
3076 }
3079 }
3083 }
3086 }
3088 // Split at all register uses.
3089 SplitPositionVector emptyPositions;
3091 }
3093 ///////////////////////////////////////////////////////////////////////////////
3094 // //
3095 // Bundle allocation //
3096 // //
3097 ///////////////////////////////////////////////////////////////////////////////
3104 // Set any requirement or hint on bundle according to its definition and
3105 // uses. Return false if there are conflicting requirements which will
3106 // require the bundle to be split.
3109 iter++) {
3114 // Deal with any definition constraints/hints.
3117 // Fixed and stack policies get a FIXED requirement. (In the stack
3118 // case, the allocation should have been performed already by
3119 // mergeAndQueueRegisters.)
3125 }
3127 // Phis don't have any requirements, but they should prefer their
3128 // input allocations. This is captured by the group hints above.
3130 // Non-phis get a REGISTER requirement.
3133 }
3134 }
3135 }
3137 // Search uses for requirements.
3146 // If there are multiple fixed registers which the bundle is
3147 // required to use, fail. The bundle will need to be split before
3148 // it can be allocated.
3151 }
3155 }
3157 // ANY differs from KEEPALIVE by actively preferring a register.
3160 }
3161 }
3163 // The only case of STACK use policies is individual stack results using
3164 // their containing stack result area, which is given a fixed allocation
3165 // above.
3170 }
3171 }
3174 }
3184 }
3186 LiveBundleVector aliasedConflicting;
3189 iter++) {
3193 // All ranges in the bundle must be compatible with the physical register.
3199 LiveRangePlus existingPlus;
3202 }
3211 }
3212 }
3215 }
3221 }
3223 }
3224 }
3227 // One or more aliased registers is allocated to another bundle
3228 // overlapping this one. Keep track of the conflicting set, and in the
3229 // case of multiple conflicting sets keep track of the set with the
3230 // lowest maximum spill weight.
3232 // The #ifdef guards against "unused variable 'existing'" bustage.
3233 #ifdef JS_JITSPEW
3247 }
3248 }
3249 }
3250 #endif
3258 }
3259 }
3261 }
3266 iter++) {
3270 }
3274 }
3275 }
3280 }
3285 // Search for any available register which the bundle can be allocated to.
3293 }
3295 conflicting)) {
3297 }
3300 }
3301 }
3303 }
3307 conflicting)) {
3309 }
3312 }
3313 }
3315 }
3328 iter++) {
3332 }
3338 }
3341 Requirement requirement,
3344 // Spill bundles which are required to be in a certain stack slot.
3350 }
3354 conflicting);
3355 }
3358 Requirement requirement,
3362 // If we want, but do not require a bundle to be in a specific register,
3363 // only look at that register for allocating and evict or spill if it is
3364 // not available. Picking a separate register may be even worse than
3365 // spilling, as it will still necessitate moves and will tie up more
3366 // registers than if we spilled.
3370 conflicting)) {
3372 }
3375 }
3376 }
3378 // Spill bundles which have no hint or register requirement.
3385 }
3388 }
3393 }
3396 }
3397 }
3399 // Spill bundles which have no register requirement if they didn't get
3400 // allocated.
3405 }
3408 }
3410 // We failed to allocate this bundle.
3413 }
3422 // A bundle can be processed by doing any of the following:
3423 //
3424 // - Assigning the bundle a register. The bundle cannot overlap any other
3425 // bundle allocated for that physical register.
3426 //
3427 // - Spilling the bundle, provided it has no register uses.
3428 //
3429 // - Splitting the bundle into two or more bundles which cover the original
3430 // one. The new bundles are placed back onto the priority queue for later
3431 // processing.
3432 //
3433 // - Evicting one or more existing allocated bundles, and then doing one
3434 // of the above operations. Evicted bundles are placed back on the
3435 // priority queue. Any evicted bundles must have a lower spill weight
3436 // than the bundle being processed.
3437 //
3438 // As long as this structure is followed, termination is guaranteed.
3439 // In general, we want to minimize the amount of bundle splitting (which
3440 // generally necessitates spills), so allocate longer lived, lower weight
3441 // bundles first and evict and split them later if they prevent allocation
3442 // for higher weight bundles.
3448 LiveBundleVector conflicting;
3452 }
3459 // Ok, let's try allocating for this bundle.
3462 conflicting)) {
3464 }
3467 conflicting)) {
3469 }
3470 }
3472 // If that worked, we're done!
3475 }
3477 // If that didn't work, but we have one or more non-fixed bundles
3478 // known to be conflicting, maybe we can evict them and try again.
3485 }
3486 }
3488 }
3489 }
3491 // A minimal bundle cannot be split any further. If we try to split it
3492 // it at this point we will just end up with the same bundle and will
3493 // enter an infinite loop. Weights and the initial live ranges must
3494 // be constructed so that any minimal bundle is allocatable.
3499 }
3500 }
3502 // Helper for ::tryAllocatingRegistersForSpillBundles
3510 iter++) {
3518 }
3520 }
3523 }
3528 LiveBundleVector conflicting;
3534 }
3541 }
3543 // If the bundle still has no register, spill the bundle.
3546 }
3547 }
3550 }
3552 ///////////////////////////////////////////////////////////////////////////////
3553 // //
3554 // Rewriting of the LIR after bundle processing is done: //
3555 // ::pickStackSlots //
3556 // ::createMoveGroupsFromLiveRangeTransitions //
3557 // ::installAllocationsInLIR //
3558 // ::populateSafepoints //
3559 // ::annotateMoveGroups //
3560 // //
3561 ///////////////////////////////////////////////////////////////////////////////
3563 // Helper for ::pickStackSlot
3567 iter++) {
3571 }
3575 }
3576 }
3578 }
3580 // Helper for ::pickStackSlots
3582 // Look through all ranges that have been spilled in this set for a
3583 // register definition which is fixed to a stack or argument slot. If we
3584 // find one, use it for all bundles that have been spilled. tryMergeBundles
3585 // makes sure this reuse is possible when an initial bundle contains ranges
3586 // from multiple virtual registers.
3590 iter++) {
3599 }
3600 }
3601 }
3602 }
3620 }
3622 // Maximum number of existing spill slots we will look at before giving up
3623 // and allocating a new slot.
3633 // We looked through every slot in the list.
3635 }
3641 iter++) {
3644 LiveRangePlus existingPlus;
3648 }
3649 }
3652 }
3653 }
3655 // We can reuse this physical stack slot for the new bundles.
3656 // Update the allocated ranges for the slot.
3661 }
3662 }
3665 }
3667 // On a miss, move the spill to the end of the list. This will cause us
3668 // to make fewer attempts to allocate from slots with a large and
3669 // highly contended range.
3675 }
3676 }
3678 // We need a new physical stack slot.
3685 }
3691 }
3692 }
3698 }
3706 }
3709 iter++) {
3716 }
3718 }
3719 }
3720 }
3723 }
3725 // Helper for ::createMoveGroupsFromLiveRangeTransitions
3732 }
3735 }
3737 // Helper for ::createMoveGroupsFromLiveRangeTransitions
3739 // Check for direct uses of this range.
3742 }
3748 }
3752 // Check if there are later ranges for this vreg.
3758 }
3759 }
3761 // Check if this range ends at a loop backedge.
3766 }
3768 // Check if there are phis which this vreg flows to.
3771 }
3774 }
3777 // Add moves to handle changing assignments for vregs over their lifetime.
3783 // Look for places where a register's assignment changes in the middle of a
3784 // basic block.
3792 }
3800 }
3802 // Remove ranges which will never be used.
3806 }
3808 // The range which defines the register does not have a predecessor
3809 // to add moves from.
3811 iter++;
3813 }
3815 // Ignore ranges that start at block boundaries. We will handle
3816 // these in the next phase.
3820 iter++;
3822 }
3824 // If we already saw a range which covers the start of this range
3825 // and has the same allocation, we don't need an explicit move at
3826 // the start of this range.
3835 }
3836 }
3838 iter++;
3840 }
3844 }
3855 }
3861 }
3862 }
3864 iter++;
3865 }
3866 }
3874 }
3880 }
3882 // Resolve phis to moves.
3902 }
3904 // Note: we have to use moveAtEdge both here and below (for edge
3905 // resolution) to avoid conflicting moves. See bug 1493900.
3909 }
3910 }
3911 }
3912 }
3917 // Add moves to resolve graph edges with different allocations at their
3918 // source and target.
3922 iter++) {
3927 firstBlockId++;
3928 }
3933 }
3938 }
3944 }
3948 }
3954 }
3955 }
3956 }
3957 }
3958 }
3962 }
3964 // Helper for ::addLiveRegistersForRange
3971 }
3972 }
3974 }
3976 // Helper for ::installAllocationsInLIR
3979 // Fill in the live register sets for all non-call safepoints.
3983 }
3985 // Don't add output registers to the safepoint.
3988 #ifdef CHECK_OSIPOINT_REGISTERS
3989 // We don't add the output register to the safepoint,
3990 // but it still might get added as one of the inputs.
3991 // So eagerly add this reg to the safepoint clobbered registers.
3995 }
3996 }
3997 #endif
3999 }
4006 // Safepoints are sorted, so we can shortcut out of this loop
4007 // if we go out of range.
4010 }
4017 #ifdef CHECK_OSIPOINT_REGISTERS
4020 }
4021 #endif
4022 }
4023 }
4025 // Helper for ::installAllocationsInLIR
4031 num++;
4032 }
4033 }
4035 }
4046 }
4049 iter++) {
4061 }
4062 }
4063 }
4064 }
4070 // For any uses which feed into MUST_REUSE_INPUT definitions,
4071 // add copies if the use and def have different allocations.
4081 }
4086 }
4091 }
4092 }
4094 }
4095 }
4096 }
4099 }
4100 }
4104 }
4106 // Helper for ::populateSafepoints
4114 }
4115 }
4117 }
4119 // Helper for ::populateSafepoints
4121 #ifdef JS_NUNBOX32
4123 #else
4125 #endif
4126 }
4128 // Helper for ::populateSafepoints
4131 }
4133 // Helper for ::populateSafepoints
4138 }
4139 #ifdef JS_PUNBOX64
4142 }
4143 #endif
4150 }
4151 }
4152 }
4154 }
4168 }
4173 }
4176 iter++) {
4185 }
4187 }
4189 // Include temps but not instruction outputs. Also make sure
4190 // MUST_REUSE_INPUT is not used with gcthings or nunboxes, or
4191 // we would have to add the input reg to this safepoint.
4201 }
4208 }
4214 }
4219 }
4224 }
4232 }
4233 }
4234 }
4236 }
4237 #ifdef JS_NUNBOX32
4241 }
4246 }
4248 #else
4252 }
4254 #endif
4257 }
4258 }
4259 }
4260 }
4263 }
4266 // Annotate move groups in the LIR graph with any register that is not
4267 // allocated at that point and can be used as a scratch register. This is
4268 // only required for x86, as other platforms always have scratch registers
4269 // available for use.
4270 #ifdef JS_CODEGEN_X86
4275 }
4280 }
4295 }
4297 // This register is unavailable for use if (a) it is in use
4298 // by some live range immediately before the move group,
4299 // or (b) it is an operand in one of the group's moves. The
4300 // latter case handles live ranges which end immediately
4301 // before the move group or start immediately after.
4302 // For (b) we need to consider move groups immediately
4303 // preceding or following this one.
4307 }
4315 }
4318 }
4319 }
4323 riter--;
4328 }
4331 }
4333 }
4337 }
4338 LiveRangePlus existingPlus;
4342 }
4346 }
4349 }
4350 }
4351 }
4352 #endif
4355 }
4357 ///////////////////////////////////////////////////////////////////////////////
4358 // //
4359 // Debug-printing support //
4360 // //
4361 ///////////////////////////////////////////////////////////////////////////////
4363 #ifdef JS_JITSPEW
4366 AutoEnterOOMUnsafeRegion oomUnsafe;
4374 }
4381 // If the definition has a fixed requirement, print it too.
4388 }
4389 }
4390 }
4391 }
4396 }
4402 }
4405 }
4408 AutoEnterOOMUnsafeRegion oomUnsafe;
4418 }
4419 }
4422 iter++) {
4427 }
4428 }
4432 }
4436 }
4439 }
4452 iter++) {
4455 }
4458 }
4460 }
4461 }
4472 baseIter++) {
4477 }
4478 }
4479 }
4480 }
4502 }
4504 }
4506 }
4507 }
4510 }
4514 ///////////////////////////////////////////////////////////////////////////////
4515 // //
4516 // Top level of the register allocation machinery //
4517 // //
4518 ///////////////////////////////////////////////////////////////////////////////
4527 }
4531 }
4535 }
4537 #ifdef JS_JITSPEW
4540 }
4541 #endif
4545 }
4551 }
4554 #ifdef JS_JITSPEW
4557 }
4558 #endif
4560 // There now follow two allocation loops, which are really the heart of the
4561 // allocator. First, the "main" allocation loop. This does almost all of
4562 // the allocation work, by repeatedly pulling bundles out of
4563 // ::allocationQueue and calling ::processBundle on it, until there are no
4564 // bundles left in the queue. Note that ::processBundle can add new smaller
4565 // bundles to the queue if it needs to split or spill a bundle.
4566 //
4567 // For each bundle in turn pulled out of ::allocationQueue, ::processBundle:
4568 //
4569 // * calls ::computeRequirement to discover the overall constraint for the
4570 // bundle.
4571 //
4572 // * tries to find a register for it, by calling either ::tryAllocateFixed or
4573 // ::tryAllocateNonFixed.
4574 //
4575 // * if that fails, but ::tryAllocateFixed / ::tryAllocateNonFixed indicate
4576 // that there is some other bundle with lower spill weight that can be
4577 // evicted, then that bundle is evicted (hence, put back into
4578 // ::allocationQueue), and we try again.
4579 //
4580 // * at most MAX_ATTEMPTS may be made.
4581 //
4582 // * If that still fails to find a register, then the bundle is handed off to
4583 // ::chooseBundleSplit. That will choose to either split the bundle,
4584 // yielding multiple pieces which are put back into ::allocationQueue, or
4585 // it will spill the bundle. Note that the same mechanism applies to both;
4586 // there's no clear boundary between splitting and spilling, because
4587 // spilling can be interpreted as an extreme form of splitting.
4588 //
4589 // ::processBundle and its callees contains much gnarly and logic which isn't
4590 // easy to understand, particularly in the area of how eviction candidates
4591 // are chosen. But it works well enough, and tinkering doesn't seem to
4592 // improve the resulting allocations. More important is the splitting logic,
4593 // because that controls where spill/reload instructions are placed.
4594 //
4595 // Eventually ::allocationQueue becomes empty, and each LiveBundle has either
4596 // been allocated a register or is marked for spilling. In the latter case
4597 // it will have been added to ::spilledBundles.
4603 // Allocate, spill and split bundles until finished.
4607 }
4612 }
4613 }
4615 // And here's the second allocation loop (hidden inside
4616 // ::tryAllocatingRegistersForSpillBundles). It makes one last attempt to
4617 // find a register for each spill bundle. There's no attempt to free up
4618 // registers by eviction. In at least 99% of cases this attempt fails, in
4619 // which case the bundle is handed off to ::spill. The lucky remaining 1%
4620 // get a register. Unfortunately this scheme interacts badly with the
4621 // splitting strategy, leading to excessive register-to-register copying in
4622 // some very simple cases. See bug 1752520.
4623 //
4624 // A modest but probably worthwhile amount of allocation time can be saved by
4625 // making ::tryAllocatingRegistersForSpillBundles use specialised versions of
4626 // ::tryAllocateAnyRegister and its callees, that don't bother to create sets
4627 // of conflicting bundles. Creating those sets is expensive and, here,
4628 // pointless, since we're not going to do any eviction based on them. This
4629 // refinement is implemented in the un-landed patch at bug 1758274 comment
4630 // 15.
4634 "Main allocation loop complete; "
4640 }
4648 }
4650 #ifdef JS_JITSPEW
4653 }
4654 #endif
4658 }
4662 }
4666 }
4670 }
4675 }
4680 }
4682 ///////////////////////////////////////////////////////////////////////////////
4683 // //
4684 ///////////////////////////////////////////////////////////////////////////////