Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e6f31f64c264e758f2f357b83e71dd404d6c8f73
https://github.com/WebKit/WebKit/commit/e6f31f64c264e758f2f357b83e71dd404d6c8f73
Author: Yijia Huang <[email protected]>
Date: 2025-03-11 (Tue, 11 Mar 2025)
Changed paths:
A JSTests/microbenchmarks/dataview-byte-length-small-array.js
A JSTests/stress/dataview-byte-length-large-array-oob-baseline.js
A JSTests/stress/dataview-byte-length-large-array-oob.js
A JSTests/stress/dataview-byte-length-large-array.js
A JSTests/stress/dataview-byte-length-small-array-oob-baseline.js
A JSTests/stress/dataview-byte-length-small-array-oob.js
A JSTests/stress/dataview-byte-length-small-array.js
M LayoutTests/inspector/model/remote-object/object-expected.txt
M Source/JavaScriptCore/bytecode/GetByVariant.cpp
M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
M Source/JavaScriptCore/bytecode/IntrinsicGetterAccessCase.cpp
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGHeapLocation.h
M Source/JavaScriptCore/dfg/DFGIntegerRangeOptimizationPhase.cpp
M Source/JavaScriptCore/dfg/DFGNode.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
M Source/JavaScriptCore/jit/AssemblyHelpers.h
M Source/JavaScriptCore/runtime/Intrinsic.h
M Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp
M Source/JavaScriptCore/runtime/JSDataViewPrototype.h
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Log Message:
-----------
[JSC] Optimize DataView.prototype.byteLength handling in JIT
https://bugs.webkit.org/show_bug.cgi?id=289365
rdar://146511506
Reviewed by Yusuke Suzuki.
Introduced DataViewByteLengthIntrinsic to improve inline caching and JIT
optimizations for DataView.prototype.byteLength. With this change, the
byteLength property’s order is rearranged in the DataView property table.
Consequently, object-expected.txt has been updated accordingly.
MicroBenchmarks Results:
without with
dataview-byte-length-small-array 14.7764+-0.0405 ^
4.6604+-0.0182 ^ definitely 2.8164x faster
* JSTests/microbenchmarks/dataview-byte-length-small-array.js: Added.
(test):
* JSTests/stress/dataview-byte-length-large-array-oob.js: Added.
(test):
(i.i.testLoopCount.1.catch):
* JSTests/stress/dataview-byte-length-large-array.js: Added.
(test):
* JSTests/stress/dataview-byte-length-small-array-oob.js: Added.
(test):
(i.i.testLoopCount.1.catch):
* JSTests/stress/dataview-byte-length-small-array.js: Added.
(test):
* Source/JavaScriptCore/assembler/AbortReason.h:
* Source/JavaScriptCore/bytecode/GetByVariant.cpp:
(JSC::GetByVariant::canMergeIntrinsicStructures const):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::canEmitIntrinsicGetter):
(JSC::InlineCacheCompiler::emitIntrinsicGetter):
* Source/JavaScriptCore/bytecode/IntrinsicGetterAccessCase.cpp:
(JSC::IntrinsicGetterAccessCase::doesCalls const):
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGArrayMode.cpp:
(JSC::DFG::ArrayMode::alreadyChecked const):
(JSC::DFG::toTypedArrayType):
(JSC::DFG::toArrayType):
* Source/JavaScriptCore/dfg/DFGArrayMode.h:
(JSC::DFG::ArrayMode::isSomeTypedArrayViewOrDataView const):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicGetter):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileGetByVal):
(JSC::DFG::SpeculativeJIT::compileGetTypedArrayLengthAsInt52):
(JSC::DFG::SpeculativeJIT::compilePutByVal):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::typedArrayLength):
(JSC::FTL::DFG::LowerDFGToB3::compileGetArrayLength):
(JSC::FTL::DFG::LowerDFGToB3::compileGetTypedArrayLengthAsInt52):
(JSC::FTL::DFG::LowerDFGToB3::compileGetByValImpl):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByVal):
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::loadTypedArrayByteLengthImpl):
(JSC::AssemblyHelpers::loadTypedArrayByteLengthCommonImpl):
(JSC::AssemblyHelpers::loadTypedArrayByteLength):
(JSC::AssemblyHelpers::loadDataViewByteLength):
(JSC::AssemblyHelpers::loadTypedArrayLength):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::loadDataViewByteLength):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/jit/JITOperations.h:
* Source/JavaScriptCore/runtime/Intrinsic.h:
* Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp:
(JSC::JSDataViewPrototype::create):
(JSC::JSDataViewPrototype::finishCreation):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/JSDataViewPrototype.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
Canonical link: https://commits.webkit.org/291993@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
