Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 93a4fbeda18317d134d83ccabc3abc7abc2ae12f
https://github.com/WebKit/WebKit/commit/93a4fbeda18317d134d83ccabc3abc7abc2ae12f
Author: Sosuke Suzuki <[email protected]>
Date: 2026-05-21 (Thu, 21 May 2026)
Changed paths:
A JSTests/microbenchmarks/string-from-code-point.js
A JSTests/stress/string-from-code-point-intrinsic.js
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGCloneHelper.h
M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGLoopUnrollingPhase.cpp
M Source/JavaScriptCore/dfg/DFGNodeType.h
M Source/JavaScriptCore/dfg/DFGOperations.cpp
M Source/JavaScriptCore/dfg/DFGOperations.h
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/dfg/DFGValidate.cpp
M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/jit/ThunkGenerators.cpp
M Source/JavaScriptCore/jit/ThunkGenerators.h
M Source/JavaScriptCore/runtime/Intrinsic.h
M Source/JavaScriptCore/runtime/StringConstructor.cpp
M Source/JavaScriptCore/runtime/StringConstructor.h
M Source/JavaScriptCore/runtime/VM.cpp
Log Message:
-----------
[JSC] Add DFG node for `String.fromCodePoint`
https://bugs.webkit.org/show_bug.cgi?id=315201
Reviewed by Yusuke Suzuki.
This patch adds a new StringFromCodePoint DFG node and
FromCodePointIntrinsic for String.fromCodePoint().
When the argument is an Int32 in [0, 0xFF], the result is identical to
StringFromCharCode, so the DFG/FTL fast path is shared with it
(compileStringFromCharCodeOrCodePoint): an inline lookup of the
small-string table, falling back to a runtime call for larger code
points, surrogate pairs, and the out-of-range RangeError.
Unlike StringFromCharCode, this can throw a RangeError even for an Int32
argument, so NodeMustGenerate is never cleared in fixup, and clobberize
models it as write(SideState).
TipOfTree Patched
string-from-code-point 97.3232+-1.5882 ^ 18.6356+-0.2575 ^
definitely 5.2224x faster
* JSTests/microbenchmarks/string-from-code-point.js: Added.
(fromCodePointLatin1):
(fromCodePointBMP):
(fromCodePointMixed):
* JSTests/stress/string-from-code-point-intrinsic.js: Added.
(shouldBe):
(fromCodePointBMP):
(fromCodePointSupplementary):
(fromCodePointMaybeThrows):
(fromCodePointDouble):
(fromCodePointObject):
(const.obj.valueOf):
(fromCodePointMulti):
(fromCodePointDead):
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGCloneHelper.h:
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGLoopUnrollingPhase.cpp:
(JSC::DFG::LoopUnrollingPhase::isLoopBodyUnrollable):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStringFromCharCodeOrCodePoint):
(JSC::DFG::SpeculativeJIT::compileFromCharCode): Deleted.
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGValidate.cpp:
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileStringFromCharCodeOrCodePoint):
(JSC::FTL::DFG::LowerDFGToB3::compileStringFromCharCode): Deleted.
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::fromCodePointThunkGenerator):
* Source/JavaScriptCore/jit/ThunkGenerators.h:
* Source/JavaScriptCore/runtime/Intrinsic.h:
* Source/JavaScriptCore/runtime/StringConstructor.cpp:
(JSC::stringFromCodePoint):
* Source/JavaScriptCore/runtime/StringConstructor.h:
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::thunkGeneratorForIntrinsic):
Canonical link: https://commits.webkit.org/313696@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
