Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: babcb2b118a830294337bdfb5008cc70ae0a6632
https://github.com/WebKit/WebKit/commit/babcb2b118a830294337bdfb5008cc70ae0a6632
Author: Yusuke Suzuki <[email protected]>
Date: 2024-07-26 (Fri, 26 Jul 2024)
Changed paths:
A JSTests/microbenchmarks/global-this-access-get.js
A JSTests/microbenchmarks/global-this-access-put.js
M Source/JavaScriptCore/bytecode/GetByStatus.cpp
M Source/JavaScriptCore/bytecode/GetByStatus.h
M Source/JavaScriptCore/bytecode/GetByVariant.cpp
M Source/JavaScriptCore/bytecode/GetByVariant.h
M Source/JavaScriptCore/bytecode/PutByStatus.cpp
M Source/JavaScriptCore/bytecode/PutByStatus.h
M Source/JavaScriptCore/bytecode/PutByVariant.cpp
M Source/JavaScriptCore/bytecode/PutByVariant.h
M Source/JavaScriptCore/bytecode/SpeculatedType.cpp
M Source/JavaScriptCore/bytecode/SpeculatedType.h
M Source/JavaScriptCore/dfg/DFGAbstractHeap.h
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGHeapLocation.cpp
M Source/JavaScriptCore/dfg/DFGHeapLocation.h
M Source/JavaScriptCore/dfg/DFGNode.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
M Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/dfg/DFGUseKind.cpp
M Source/JavaScriptCore/dfg/DFGUseKind.h
M Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/runtime/JSType.h
Log Message:
-----------
[JSC] Add UnwrapGlobalProxy
https://bugs.webkit.org/show_bug.cgi?id=277066
rdar://132459011
Reviewed by Yijia Huang.
This patch adds GlobalProxy property access handling in DFG / FTL. Previously,
we gave up completely and offloading it to IC in DFG / FTL.
But this patch collects viaGlobalProxy information in GetByStatus and
PutByStatus and use this bit to emit `UnwrapGlobalProxy` DFG node with various
access optimization like GetByOffset etc. so that we can (1) model side effect
of accesses better, (2) generate more efficient code inline, and (3) do
not need to use IC for obviously optimization simple cases in DFG / FTL.
Attached microbenchmarks showed 24% improvement for Get and 19% improvement for
Put.
ToT Patched
global-this-access-get 183.9786+-0.3290 ^ 148.3344+-1.2277 ^
definitely 1.2403x faster
global-this-access-put 215.5170+-0.9235 ^ 181.2201+-0.5363 ^
definitely 1.1893x faster
* JSTests/microbenchmarks/global-this-access-get.js: Added.
(test):
* JSTests/microbenchmarks/global-this-access-put.js: Added.
(test):
* Source/JavaScriptCore/bytecode/GetByStatus.cpp:
(JSC::GetByStatus::computeFromLLInt):
(JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
(JSC::GetByStatus::computeFor):
* Source/JavaScriptCore/bytecode/GetByStatus.h:
* Source/JavaScriptCore/bytecode/GetByVariant.cpp:
(JSC::GetByVariant::GetByVariant):
(JSC::GetByVariant::operator=):
(JSC::GetByVariant::attemptToMerge):
(JSC::GetByVariant::dumpInContext const):
* Source/JavaScriptCore/bytecode/GetByVariant.h:
(JSC::GetByVariant::overlaps):
(JSC::GetByVariant::viaGlobalProxy const):
* Source/JavaScriptCore/bytecode/PutByStatus.cpp:
(JSC::PutByStatus::computeFromLLInt):
(JSC::PutByStatus::computeForStubInfo):
(JSC::PutByStatus::computeFor):
* Source/JavaScriptCore/bytecode/PutByStatus.h:
* Source/JavaScriptCore/bytecode/PutByVariant.cpp:
(JSC::PutByVariant::operator=):
(JSC::PutByVariant::replace):
(JSC::PutByVariant::setter):
(JSC::PutByVariant::customSetter):
(JSC::PutByVariant::attemptToMerge):
(JSC::PutByVariant::attemptToMergeTransitionWithReplace):
(JSC::PutByVariant::dumpInContext const):
* Source/JavaScriptCore/bytecode/PutByVariant.h:
(JSC::PutByVariant::overlaps):
(JSC::PutByVariant::viaGlobalProxy const):
* Source/JavaScriptCore/bytecode/SpeculatedType.cpp:
(JSC::dumpSpeculation):
(JSC::speculationFromClassInfoInheritance):
(JSC::speculationFromJSType):
(JSC::speculationFromString):
* Source/JavaScriptCore/bytecode/SpeculatedType.h:
(JSC::isGlobalProxySpeculation):
* Source/JavaScriptCore/dfg/DFGAbstractHeap.h:
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
(JSC::DFG::ByteCodeParser::handleDOMJITGetter):
(JSC::DFG::ByteCodeParser::load):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::handleGetPrivateNameById):
(JSC::DFG::ByteCodeParser::handlePutById):
(JSC::DFG::ByteCodeParser::parseBlock):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
(JSC::DFG::FixupPhase::fixupIsCellWithType):
* Source/JavaScriptCore/dfg/DFGHeapLocation.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/dfg/DFGHeapLocation.h:
* Source/JavaScriptCore/dfg/DFGNode.h:
(JSC::DFG::Node::shouldSpeculateGlobalProxy):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::SafeToExecuteEdge::operator()):
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGUseKind.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/dfg/DFGUseKind.h:
(JSC::DFG::typeFilterFor):
(JSC::DFG::isCell):
* Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h:
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileUnwrapGlobalProxy):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/runtime/JSType.h:
Canonical link: https://commits.webkit.org/281406@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
