[webkit-changes] [WebKit/WebKit] 109405: [JSC] Optimize Function#bind further

Wed, 22 Mar 2023 15:14:41 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 109405481c53542efeb133a5960a9f5c6255bad4
      
https://github.com/WebKit/WebKit/commit/109405481c53542efeb133a5960a9f5c6255bad4
  Author: Yusuke Suzuki <[email protected]>
  Date:   2023-03-22 (Wed, 22 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
    M Source/JavaScriptCore/dfg/DFGClobberize.h
    M Source/JavaScriptCore/dfg/DFGClobbersExitState.cpp
    M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
    M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
    M Source/JavaScriptCore/dfg/DFGGraph.cpp
    M Source/JavaScriptCore/dfg/DFGMayExit.cpp
    M Source/JavaScriptCore/dfg/DFGNode.cpp
    M Source/JavaScriptCore/dfg/DFGNode.h
    M Source/JavaScriptCore/dfg/DFGNodeType.h
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/dfg/DFGOperations.h
    M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
    M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp
    M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
    M Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
    M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp
    M Source/JavaScriptCore/interpreter/Interpreter.cpp
    M Source/JavaScriptCore/interpreter/ProtoCallFrame.h
    M Source/JavaScriptCore/interpreter/ProtoCallFrameInlines.h
    M Source/JavaScriptCore/jit/ThunkGenerators.cpp
    M Source/JavaScriptCore/runtime/ArgList.h
    M Source/JavaScriptCore/runtime/FunctionPrototype.cpp
    M Source/JavaScriptCore/runtime/InternalFunction.cpp
    M Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp
    M Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp
    M Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp
    M Source/JavaScriptCore/runtime/Intrinsic.h
    M Source/JavaScriptCore/runtime/JSBoundFunction.cpp
    M Source/JavaScriptCore/runtime/JSBoundFunction.h
    M Source/JavaScriptCore/runtime/JSFunction.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h
    M Source/JavaScriptCore/runtime/VM.cpp
    M Source/JavaScriptCore/runtime/VM.h
    M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp
    M Source/WebCore/bindings/js/JSDOMAsyncIterator.h

  Log Message:
  -----------
  [JSC] Optimize Function#bind further
https://bugs.webkit.org/show_bug.cgi?id=254242
rdar://107026972

Reviewed by Justin Michaud.

This patch makes Function#bind faster.

1. Now, JSBoundFunction has embedded bound arguments up to 3. So we can avoid 
allocating JSImmutableButterfly
   for small # of bound arguments, which is super common in practice.
2. Many JSBoundFunction properties materialization gets lazily done. "name", 
"length", and construct-ability too.
3. Simplify JSBoundFunction. We remove flattening since it is too complicated 
and performance gain was not much.
   Also, we remove complicated NativeExecutable for JSBoundFunction to make 
JSBoundFunction allocation simple.
4. Introduce FunctionBind node into DFG / FTL and handling it, which improves 
performance for generic case.
5. Furthermore, we lower FunctionBind into NewBoundFunction is input's 
structure meets invariant. This inlines
   JSBoundFunction allocation completely (and due to (2) and (3), the code 
becomes super simple) and offers massive
   performance boost.

                                       ToT                     Patched

    function-bind-creation        9.6877+-0.0297     ^      4.0682+-0.0563      
  ^ definitely 2.3814x faster
    function-bind                46.4667+-0.1078     ^     14.9119+-0.0942      
  ^ definitely 3.1161x faster

* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGClobbersExitState.cpp:
(JSC::DFG::clobbersExitState):
* Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* Source/JavaScriptCore/dfg/DFGMayExit.cpp:
* Source/JavaScriptCore/dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToNewBoundFunction):
* Source/JavaScriptCore/dfg/DFGNode.h:
(JSC::DFG::Node::hasCellOperand):
(JSC::DFG::Node::isFunctionAllocation):
(JSC::DFG::Node::numberOfBoundArguments):
(JSC::DFG::Node::hasNumberOfBoundArguments):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileFunctionBind):
(JSC::DFG::SpeculativeJIT::compileNewBoundFunction):
* Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp:
* Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h:
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewBoundFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileFunctionBind):
* Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::getInternalProperties):
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
(JSC::Interpreter::executeBoundCall):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeModuleProgram):
* Source/JavaScriptCore/interpreter/ProtoCallFrame.h:
* Source/JavaScriptCore/interpreter/ProtoCallFrameInlines.h:
(JSC::ProtoCallFrame::init):
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::boundFunctionCallGenerator):
* Source/JavaScriptCore/runtime/ArgList.h:
(JSC::ArgList::ArgList):
(JSC::ArgList::at const):
(JSC::ArgList::data const):
* Source/JavaScriptCore/runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::addFunctionProperties):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/InternalFunction.cpp:
(JSC::getFunctionRealm):
* Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* Source/JavaScriptCore/runtime/Intrinsic.h:
* Source/JavaScriptCore/runtime/JSBoundFunction.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::JSBoundFunction):
(JSC::JSBoundFunction::boundArgsCopy):
(JSC::JSBoundFunction::lengthSlow):
(JSC::JSBoundFunction::canConstructSlow):
(JSC::JSBoundFunction::canSkipNameAndLengthMaterialization):
(JSC::JSBoundFunction::visitChildrenImpl):
* Source/JavaScriptCore/runtime/JSBoundFunction.h:
* Source/JavaScriptCore/runtime/JSFunction.cpp:
(JSC::JSFunction::getConstructData):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::boundFunctionStructureConcurrently const):
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::getBoundFunction):
* Source/JavaScriptCore/runtime/VM.h:
* Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/WebCore/bindings/js/JSDOMAsyncIterator.h:
(WebCore::IteratorTraits>::createOnSettledFunction):
(WebCore::IteratorTraits>::createOnFulfilledFunction):
(WebCore::IteratorTraits>::createOnRejectedFunction):

Canonical link: https://commits.webkit.org/261993@main


_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to