Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 3ba3be2ff84e7ef4904eecc5d1e757d9f45bff3e
https://github.com/WebKit/WebKit/commit/3ba3be2ff84e7ef4904eecc5d1e757d9f45bff3e
Author: Yusuke Suzuki <[email protected]>
Date: 2026-04-01 (Wed, 01 Apr 2026)
Changed paths:
A JSTests/stress/get-by-val-constant-key-ic.js
A JSTests/stress/put-by-val-constant-key-ic.js
M Source/JavaScriptCore/bytecode/AccessCase.cpp
M Source/JavaScriptCore/bytecode/AccessCase.h
M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h
M Source/JavaScriptCore/bytecode/InlineCacheHandler.cpp
M Source/JavaScriptCore/bytecode/Repatch.cpp
M Source/JavaScriptCore/bytecode/Repatch.h
M Source/JavaScriptCore/jit/AssemblyHelpers.h
M Source/JavaScriptCore/jit/JITOperations.cpp
M Source/JavaScriptCore/jit/JITThunks.h
Log Message:
-----------
[JSC] Add IC with undefined/false/true/null property key
https://bugs.webkit.org/show_bug.cgi?id=311247
rdar://173840588
Reviewed by Justin Michaud.
In the real world code, we found that there are many code like this.
object[v]
where v is `undefined`, `false`, `true`, `null`.
Right now, our IC only handles Int32 for non-string / non-symbol
property. But handling the above primitives are not so hard. So let's do
it.
This patch adds various IC types which are corresponding to Load, Miss,
Transition, Replace with the above. Concept is super simple: instead of
checking incoming UniquedStringImpl, we should just emit `isUndefined()`
check for the property for example. And the rest of the things are
pretty much the same. Using structure check, loading a property.
We implement normal and handler IC for them. And implement the above new
types in repatchGetBy / repatchPutBy. Approach is, just doing the normal
thing, and at the end, when our key is coming from the above primitives,
let's convert Load => IndexedUndefinedKeyLoad etc. This minimizes the
changes we need to have.
Tests: JSTests/stress/get-by-val-constant-key-ic.js
JSTests/stress/put-by-val-constant-key-ic.js
* JSTests/stress/get-by-val-constant-key-ic.js: Added.
(getUndefined):
(getTrue):
(getFalse):
(getNull):
(Proto):
* JSTests/stress/put-by-val-constant-key-ic.js: Added.
(putUndefined):
(putTrue):
(putFalse):
(putNull):
(putUndefined2):
(putTrue2):
(putFalse2):
(putNull2):
(putUndefined3):
(putUndefined4):
* Source/JavaScriptCore/bytecode/AccessCase.cpp:
(JSC::AccessCase::create):
(JSC::AccessCase::convertToNonStringPrimitiveKeyAccessType):
(JSC::AccessCase::tryGetAlternateBaseImpl const):
(JSC::AccessCase::guardedByStructureCheckSkippingConstantIdentifierCheck const):
(JSC::AccessCase::requiresIdentifierNameMatch const):
(JSC::AccessCase::requiresInt32PropertyCheck const):
(JSC::AccessCase::forEachDependentCell const):
(JSC::AccessCase::doesCalls const):
(JSC::AccessCase::canReplace const):
(JSC::AccessCase::propagateTransitions const):
(JSC::AccessCase::runWithDowncast):
(JSC::AccessCase::canBeShared):
* Source/JavaScriptCore/bytecode/AccessCase.h:
(JSC::AccessCase::structure const):
(JSC::AccessCase::newStructure const):
(JSC::AccessCase::newStructureID const):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::needsScratchFPR):
(JSC::forInBy):
(JSC::isStateless):
(JSC::doesJSCalls):
(JSC::isMegamorphic):
(JSC::canBeViaGlobalProxy):
(JSC::InlineCacheCompiler::generateWithGuard):
(JSC::InlineCacheCompiler::generateAccessCase):
(JSC::emitNonStringPrimitiveKeyCheck):
(JSC::getByValNonStringPrimitiveKeyLoadHandlerImpl):
(JSC::getByValNonStringPrimitiveKeyMissHandlerImpl):
(JSC::putByValNonStringPrimitiveKeyReplaceHandlerImpl):
(JSC::putByValNonStringPrimitiveKeyTransitionHandlerImpl):
(JSC::InlineCacheCompiler::compileOneAccessCaseHandler):
(JSC::getByValWithUndefinedKeyLoadOwnPropertyHandler):
(JSC::getByValWithUndefinedKeyLoadPrototypePropertyHandler):
(JSC::getByValWithUndefinedKeyMissHandler):
(JSC::getByValWithNullKeyLoadOwnPropertyHandler):
(JSC::getByValWithNullKeyLoadPrototypePropertyHandler):
(JSC::getByValWithNullKeyMissHandler):
(JSC::getByValWithTrueKeyLoadOwnPropertyHandler):
(JSC::getByValWithTrueKeyLoadPrototypePropertyHandler):
(JSC::getByValWithTrueKeyMissHandler):
(JSC::getByValWithFalseKeyLoadOwnPropertyHandler):
(JSC::getByValWithFalseKeyLoadPrototypePropertyHandler):
(JSC::getByValWithFalseKeyMissHandler):
(JSC::putByValWithUndefinedKeyReplaceHandler):
(JSC::putByValWithUndefinedKeyTransitionNonAllocatingHandler):
(JSC::putByValWithUndefinedKeyTransitionNewlyAllocatingHandler):
(JSC::putByValWithUndefinedKeyTransitionReallocatingHandler):
(JSC::putByValWithUndefinedKeyTransitionReallocatingOutOfLineHandler):
(JSC::putByValWithNullKeyReplaceHandler):
(JSC::putByValWithNullKeyTransitionNonAllocatingHandler):
(JSC::putByValWithNullKeyTransitionNewlyAllocatingHandler):
(JSC::putByValWithNullKeyTransitionReallocatingHandler):
(JSC::putByValWithNullKeyTransitionReallocatingOutOfLineHandler):
(JSC::putByValWithTrueKeyReplaceHandler):
(JSC::putByValWithTrueKeyTransitionNonAllocatingHandler):
(JSC::putByValWithTrueKeyTransitionNewlyAllocatingHandler):
(JSC::putByValWithTrueKeyTransitionReallocatingHandler):
(JSC::putByValWithTrueKeyTransitionReallocatingOutOfLineHandler):
(JSC::putByValWithFalseKeyReplaceHandler):
(JSC::putByValWithFalseKeyTransitionNonAllocatingHandler):
(JSC::putByValWithFalseKeyTransitionNewlyAllocatingHandler):
(JSC::putByValWithFalseKeyTransitionReallocatingHandler):
(JSC::putByValWithFalseKeyTransitionReallocatingOutOfLineHandler):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.h:
* Source/JavaScriptCore/bytecode/InlineCacheHandler.cpp:
(JSC::InlineCacheHandler::createPreCompiled):
* Source/JavaScriptCore/bytecode/Repatch.cpp:
(JSC::nonStringPrimitiveKeyForSubscript):
(JSC::nonStringPrimitiveKeyInfoForUID):
(JSC::tryCacheGetBy):
(JSC::repatchGetBy):
(JSC::tryCachePutBy):
(JSC::repatchPutBy):
* Source/JavaScriptCore/bytecode/Repatch.h:
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::branchIfTrue):
(JSC::AssemblyHelpers::branchIfNotTrue):
(JSC::AssemblyHelpers::branchIfFalse):
(JSC::AssemblyHelpers::branchIfNotFalse):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
(JSC::putByValOptimize):
(JSC::directPutByValOptimize):
(JSC::putPrivateNameOptimize):
* Source/JavaScriptCore/jit/JITThunks.h:
Canonical link: https://commits.webkit.org/310410@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
