[webkit-changes] [WebKit/WebKit] 1de12d: [JSC] Unroll zero-fill for `NewButterflyWithSize` ...

Sun, 03 May 2026 20:23:21 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1de12d99d9edd9ff4f5dfcc77b07f729c93267ac
      
https://github.com/WebKit/WebKit/commit/1de12d99d9edd9ff4f5dfcc77b07f729c93267ac
  Author: Sosuke Suzuki <[email protected]>
  Date:   2026-05-03 (Sun, 03 May 2026)

  Changed paths:
    A JSTests/microbenchmarks/new-array-constant-size-zero-fill-16.js
    A JSTests/microbenchmarks/new-array-constant-size-zero-fill-4.js
    A JSTests/microbenchmarks/new-array-constant-size-zero-fill-8.js
    A JSTests/stress/new-array-constant-size-zero-fill.js
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

  Log Message:
  -----------
  [JSC] Unroll zero-fill for `NewButterflyWithSize` with small constant length
https://bugs.webkit.org/show_bug.cgi?id=313825

Reviewed by Yusuke Suzuki.

`NewButterflyWithSize` is inserted by DFGConstantFoldingPhase from
`new Array(N)` where N is a small Int32 constant. Even though the length
is known at compile time, `compileNewButterflyWithSize` still emitted a
runtime hole-fill loop via `emitInitializeButterfly`.

This patch reuses `emitFillStorageWithJSEmpty` /
`emitFillStorageWithDoubleEmpty` (the same helpers the recently landed
`NewTypedArray` constant-size unroll uses) when `butterflyLength` is
within the unroll budget (16 words). On ARM64 the loop body collapses
into `stp xzr, xzr` pairs.

Microbenchmark (DFG only, JSC_useFTLJIT=false):

                                             baseline                  patched
new-array-constant-size-zero-fill-4    341.2569+-7.7353          
328.1310+-6.3353          might be 1.0400x faster
new-array-constant-size-zero-fill-8    504.6251+-6.3335     ^    
442.1297+-17.8307       ^ definitely 1.1414x faster
new-array-constant-size-zero-fill-16   844.2062+-22.6756    ^    
679.9115+-17.8603       ^ definitely 1.2416x faster

<geometric>                            525.7819+-3.3028     ^    
461.9929+-5.6665        ^ definitely 1.1381x faster

Tests: JSTests/microbenchmarks/new-array-constant-size-zero-fill-16.js
       JSTests/microbenchmarks/new-array-constant-size-zero-fill-4.js
       JSTests/microbenchmarks/new-array-constant-size-zero-fill-8.js
       JSTests/stress/new-array-constant-size-zero-fill.js

* JSTests/microbenchmarks/new-array-constant-size-zero-fill-16.js: Added.
(foo):
(bar):
* JSTests/microbenchmarks/new-array-constant-size-zero-fill-4.js: Added.
(foo):
(bar):
* JSTests/microbenchmarks/new-array-constant-size-zero-fill-8.js: Added.
(foo):
(bar):
* JSTests/stress/new-array-constant-size-zero-fill.js: Added.
(shouldBe):
(shouldBeArrayOfHoles):
(make0):
(make1):
(make2):
(make3):
(make7):
(make8):
(make15):
(make16):
(make17):
(make32):
(make100):
(make999):
(makeProfiled):
(freshAfterDoubleProfile):
(mutate):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:

Canonical link: https://commits.webkit.org/312496@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to