Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d99a52c875990a31eac613edd3c1462905159ebc
https://github.com/WebKit/WebKit/commit/d99a52c875990a31eac613edd3c1462905159ebc
Author: Yusuke Suzuki <[email protected]>
Date: 2023-02-15 (Wed, 15 Feb 2023)
Changed paths:
A JSTests/stress/bound-function-inlining.js
M JSTests/stress/bound-function-stack-overflow.js
A JSTests/stress/bound-function-strength-reduction-this.js
A JSTests/stress/bound-function-strength-reduction.js
A JSTests/stress/function-bind-call-frame.js
A JSTests/stress/function-bind-caller.js
A JSTests/stress/function-bind-do-not-miss-already-bound-args.js
A JSTests/stress/function-bind-double-wrap-throw-more.js
A JSTests/stress/function-bind-double-wrap-throw.js
A JSTests/stress/function-bind-getter-call-osr-exit.js
A JSTests/stress/function-bind-inlined-osr-exit.js
A JSTests/stress/function-bind-setter-call-osr-exit.js
A JSTests/stress/function-bind-tail-call-osr-exit.js
A JSTests/stress/function-bind-throw.js
M JSTests/stress/sampling-profiler-bound-function-name.js
M JSTests/stress/stack-overflow-in-custom-hasInstance.js
M Source/JavaScriptCore/builtins/FunctionPrototype.js
M Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
M Source/JavaScriptCore/bytecode/BytecodeList.rb
M Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp
M Source/JavaScriptCore/bytecode/InlineCallFrame.cpp
M Source/JavaScriptCore/bytecode/InlineCallFrame.h
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGGraph.cpp
M Source/JavaScriptCore/dfg/DFGGraph.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
M Source/JavaScriptCore/dfg/DFGOperations.cpp
M Source/JavaScriptCore/dfg/DFGOperations.h
M Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp
M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/interpreter/Interpreter.cpp
M Source/JavaScriptCore/jit/JIT.cpp
M Source/JavaScriptCore/jit/JITOperations.cpp
M Source/JavaScriptCore/jit/ThunkGenerators.cpp
M Source/JavaScriptCore/llint/LowLevelInterpreter.asm
M Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
M Source/JavaScriptCore/runtime/CommonSlowPaths.h
M Source/JavaScriptCore/runtime/JSBoundFunction.cpp
M Source/JavaScriptCore/runtime/JSBoundFunction.h
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M Source/JavaScriptCore/runtime/VM.cpp
M Source/JavaScriptCore/tools/JSDollarVM.cpp
Log Message:
-----------
[JSC] Optimize bound function calls
https://bugs.webkit.org/show_bug.cgi?id=225135
rdar://77539823
Reviewed by Mark Lam.
This patch allows inlining JSBoundFunction calls from DFG and FTL.
1. We should not report bound function in the stack trace. But we were doing
that. This patch fixes it by making it ImplementationVisibility::Private.
This also aligns JSC with V8 and this also makes this patch simpler because
we do not need to care about the stack trace when inlining bound function calls.
2. We optimize double-bound functions. (func.bind(...).bind(...)) by folding
captured arguments into one, so effectively unwrapping it.
3. DFG ByteCodeParser attempts to inline bound function calls from CallVariant
data & intrinsic marking. Even though we failed to do that, we attempt to
unwrapping
the call in DFG strength reduction further.
Bound function calls get much faster with this patch by inlining / unwrapping.
ToT
Patched
bound-function-call 5.2044+-0.0275 ^
1.9831+-0.0342 ^ definitely 2.6244x faster
function-bind-no-inlining-repeat-call 47.4999+-0.2317 ^
43.0725+-0.1098 ^ definitely 1.1028x faster
* JSTests/stress/bound-function-inlining.js: Added.
(shouldBe):
(test):
(t):
* JSTests/stress/bound-function-stack-overflow.js:
* JSTests/stress/bound-function-strength-reduction.js: Added.
(shouldBe):
(test):
(t1):
(t2):
* JSTests/stress/function-bind-call-frame.js: Added.
(test):
(test1):
* JSTests/stress/function-bind-caller.js: Added.
(shouldBe):
(inlined):
(test):
* JSTests/stress/function-bind-do-not-miss-already-bound-args.js: Added.
(shouldBe):
(test):
* JSTests/stress/function-bind-double-wrap-throw-more.js: Added.
(shouldBe):
(throwable):
(test):
(catch):
* JSTests/stress/function-bind-double-wrap-throw.js: Added.
(shouldBe):
(throwable):
(test):
(catch):
* JSTests/stress/function-bind-getter-call-osr-exit.js: Added.
(bar):
(foo):
(test):
* JSTests/stress/function-bind-inlined-osr-exit.js: Added.
(shouldBe):
(mayExit):
(inlined):
(test):
* JSTests/stress/function-bind-setter-call-osr-exit.js: Added.
(bar):
(foo):
(test):
* JSTests/stress/function-bind-tail-call-osr-exit.js: Added.
(bar):
(foo):
(test):
* JSTests/stress/function-bind-throw.js: Added.
(shouldBe):
(throwable):
(inner):
(test):
(catch):
* JSTests/stress/sampling-profiler-bound-function-name.js:
(platformSupportsSamplingProfiler):
* JSTests/stress/stack-overflow-in-custom-hasInstance.js:
* LayoutTests/js/dom/function-bind-expected.txt:
* Source/JavaScriptCore/builtins/FunctionPrototype.js:
(bind):
* Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h:
* Source/JavaScriptCore/bytecode/BytecodeList.rb:
* Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp:
(JSC::computeUsesForBytecodeIndexImpl):
(JSC::computeDefsForBytecodeIndexImpl):
* Source/JavaScriptCore/bytecode/InlineCallFrame.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/bytecode/InlineCallFrame.h:
(JSC::InlineCallFrame::callModeFor):
(JSC::InlineCallFrame::specializationKindFor):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCreateArgumentsButterflyExcludingThis):
(JSC::BytecodeGenerator::emitCreateArgumentsButterfly): Deleted.
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_createArgumentsButterflyExcludingThis):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_createArgumentsButterfly): Deleted.
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inlineCall):
(JSC::DFG::ByteCodeParser::handleCallVariant):
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::handlePutById):
(JSC::DFG::ByteCodeParser::parseBlock):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetConstantGetter):
(JSC::DFG::Graph::tryGetConstantSetter):
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::callerReturnPC):
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp:
* Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateArgumentsButterflyExcludingThis):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateArgumentsButterfly): Deleted.
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
* Source/JavaScriptCore/jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* Source/JavaScriptCore/jit/JITOperations.cpp:
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::boundFunctionCallGenerator):
* Source/JavaScriptCore/llint/LowLevelInterpreter.asm:
* Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:
(JSC::JSC_DEFINE_COMMON_SLOW_PATH):
* Source/JavaScriptCore/runtime/CommonSlowPaths.h:
* Source/JavaScriptCore/runtime/JSBoundFunction.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSBoundFunction::boundArgsCopy):
* Source/JavaScriptCore/runtime/JSBoundFunction.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::VM::getBoundFunction):
* Source/JavaScriptCore/tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSDollarVM::finishCreation):
Canonical link: https://commits.webkit.org/260303@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
