[webkit-changes] [WebKit/WebKit] 4a9538: [JSC] Handle reallocating transitions in megamorph...

Thu, 29 Feb 2024 13:29:57 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 4a95386068f39d13b9db69c0e34056ee3dfe2219
      
https://github.com/WebKit/WebKit/commit/4a95386068f39d13b9db69c0e34056ee3dfe2219
  Author: Yusuke Suzuki <[email protected]>
  Date:   2024-02-29 (Thu, 29 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/bytecode/AccessCase.cpp
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.h
    M Source/JavaScriptCore/jit/JITOperations.cpp
    M Source/JavaScriptCore/jit/JITOperations.h
    M Source/JavaScriptCore/runtime/MegamorphicCache.h

  Log Message:
  -----------
  [JSC] Handle reallocating transitions in megamorphic store cache
https://bugs.webkit.org/show_bug.cgi?id=270279
rdar://123806842

Reviewed by Justin Michaud.

This patch extends megamorphic store cache with Transition case which 
reallocates butterfly.
Previously we skipped this case since it is a bit complex. But this is very 
frequently seen so we must need to handle it well.
Now megamorphic store cache accepts Transition with reallocating. And then, 
when using this in the megamorphic store cache,
we call a function which does very similar thing to what AccessCase Transition 
with reallocation is doing.

* Source/JavaScriptCore/bytecode/AccessCase.cpp:
(JSC::AccessCase::doesCalls const):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateWithGuard):
(JSC::InlineCacheCompiler::regenerate):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compilePutByIdMegamorphic):
(JSC::DFG::SpeculativeJIT::compilePutByValMegamorphic):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compilePutByValMegamorphic):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByIdMegamorphic):
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::storeMegamorphicProperty):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::putByIdMegamorphic):
(JSC::JSC_DEFINE_JIT_OPERATION):
(JSC::putByValMegamorphic):
* Source/JavaScriptCore/jit/JITOperations.h:
* Source/JavaScriptCore/runtime/MegamorphicCache.h:
(JSC::MegamorphicCache::StoreEntry::offsetOfReallocating):
(JSC::MegamorphicCache::StoreEntry::init):
(JSC::MegamorphicCache::initAsTransition):
(JSC::MegamorphicCache::initAsReplace):

Canonical link: https://commits.webkit.org/275510@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to