Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2db0579187cb8667dbc63e3e9b33480d340b512d
https://github.com/WebKit/WebKit/commit/2db0579187cb8667dbc63e3e9b33480d340b512d
Author: Yusuke Suzuki <[email protected]>
Date: 2025-10-22 (Wed, 22 Oct 2025)
Changed paths:
A JSTests/wasm/stress/wasm-call-indirect-megamorphic.js
A JSTests/wasm/stress/wasm-call-indirect-polymorphic.js
A JSTests/wasm/stress/wasm-call-ref-megamorphic.js
A JSTests/wasm/stress/wasm-call-ref-polymorphic.js
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/runtime/NativeCallee.h
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
A Source/JavaScriptCore/wasm/WasmCallProfile.cpp
M Source/JavaScriptCore/wasm/WasmCallProfile.h
M Source/JavaScriptCore/wasm/WasmMergedProfile.cpp
M Source/JavaScriptCore/wasm/WasmMergedProfile.h
M Source/JavaScriptCore/wasm/WasmModule.cpp
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmOperations.h
M Source/JavaScriptCore/wasm/WasmThunks.cpp
M Source/JavaScriptCore/wasm/WasmThunks.h
Log Message:
-----------
[JSC] Profile polymorphic callees in Wasm
https://bugs.webkit.org/show_bug.cgi?id=301236
rdar://163153817
Reviewed by Keith Miller.
This patch adds a mechanism collecting polymorphic callees in wasm
CallProfile. Previously, whenever we observe multiple callees, we mark
it as megamorphic. But this patch extends a mechanism to collect up to 3
callees. This is a preparation for more sophisticated inlining mechanism
for OMG which prioritizes frequently called one first for inlining.
1. We extend IPInt and BBQ to collect polymoprhic calles. For
polymorphic callee cases, we use a shared thunk and this thunk counts
which callee is called. And if we observe more than 3 callees, we
mark it as megamorphic and stop using polymorphic callees.
From collecting some information, we found 1, 2, or many callees are
pretty common pattern. We are picking "3", which is not wasting so
much for unuseful cases, but still covering what we can see in many
wasm code.
2. Collected callees & call counts are stored in CallProfile::PolymorphicCallee.
And MergedProfile read this concurrently to offer profiled
information to OMG compiler.
3. In this patch, OMG is not leveraging this information so much yet. Only
use of this information is sorting all call frequency and selecting the
most frequently called one as an inlining target. In a subsequent patch,
we will construct global InliningDecision data structure which views all
call frequencies and decides which one should be inlined, and inlines
multiple callees in one callsite when it is polymorphic callees and
it has enough call counts for each case.
* JSTests/wasm/stress/wasm-call-indirect-megamorphic.js: Added.
(Initialize.table.with.the.eight.functions.async test.computeExpected):
(Initialize.table.with.the.eight.functions.async test):
* JSTests/wasm/stress/wasm-call-indirect-polymorphic.js: Added.
(Initialize.table.with.the.three.functions.async test):
* JSTests/wasm/stress/wasm-call-ref-megamorphic.js: Added.
(async test.computeExpected):
(async test):
* JSTests/wasm/stress/wasm-call-ref-polymorphic.js: Added.
(async test):
* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/Sources.txt:
* Source/JavaScriptCore/runtime/NativeCallee.h:
(JSC::NativeCallee::category const): Deleted.
(JSC::NativeCallee::implementationVisibility const): Deleted.
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::emitIndirectCall):
* Source/JavaScriptCore/wasm/WasmCallProfile.cpp: Copied from
Source/JavaScriptCore/wasm/WasmMergedProfile.cpp.
(JSC::Wasm::CallProfile::~CallProfile):
(JSC::Wasm::CallProfile::makePolymorphic):
* Source/JavaScriptCore/wasm/WasmCallProfile.h:
(JSC::Wasm::CallProfile::observeCrossInstanceCall):
(JSC::Wasm::CallProfile::observeCallIndirect):
(JSC::Wasm::CallProfile::isMegamorphic):
(JSC::Wasm::CallProfile::monomorphic):
(JSC::Wasm::CallProfile::polymorphic):
(JSC::Wasm::CallProfile::makeMegamorphic):
* Source/JavaScriptCore/wasm/WasmMergedProfile.cpp:
(JSC::Wasm::MergedProfile::Candidates::markAsMegamorphic):
(JSC::Wasm::MergedProfile::Candidates::add):
(JSC::Wasm::MergedProfile::Candidates::merge):
(JSC::Wasm::MergedProfile::Candidates::finalize const):
(JSC::Wasm::MergedProfile::merge):
(JSC::Wasm::MergedProfile::CallSite::merge): Deleted.
* Source/JavaScriptCore/wasm/WasmMergedProfile.h:
(JSC::Wasm::MergedProfile::Candidates::isCalled const):
(JSC::Wasm::MergedProfile::Candidates::isEmpty const):
(JSC::Wasm::MergedProfile::Candidates::isMegamorphic const):
(JSC::Wasm::MergedProfile::Candidates::totalCount const):
(JSC::Wasm::MergedProfile::isCalled const):
(JSC::Wasm::MergedProfile::candidates const):
(JSC::Wasm::MergedProfile::CallSite::count const): Deleted.
(JSC::Wasm::MergedProfile::CallSite::callee const): Deleted.
(JSC::Wasm::MergedProfile::CallSite::isMegamorphic const): Deleted.
(JSC::Wasm::MergedProfile::callee const): Deleted.
(JSC::Wasm::MergedProfile::mutableSpan): Deleted.
(JSC::Wasm::MergedProfile::span const): Deleted.
* Source/JavaScriptCore/wasm/WasmModule.cpp:
(JSC::Wasm::Module::createMergedProfile):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::addCallIndirect):
(JSC::Wasm::OMGIRGenerator::addCallRef):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp:
(JSC::Wasm::OMGIRGenerator::addCallIndirect):
(JSC::Wasm::OMGIRGenerator::addCallRef):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmThunks.cpp:
(JSC::Wasm::callPolymorphicCalleeGenerator):
* Source/JavaScriptCore/wasm/WasmThunks.h:
Canonical link: https://commits.webkit.org/301972@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
