[webkit-changes] [WebKit/WebKit] fbc9cd: [JSC] Inline Proxy get trap
Yusuke Suzuki
noreply at github.com
Tue Feb 14 15:24:06 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: fbc9cd14c68a3a4f93790bf31543dcf5180da4f3
https://github.com/WebKit/WebKit/commit/fbc9cd14c68a3a4f93790bf31543dcf5180da4f3
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-02-14 (Tue, 14 Feb 2023)
Changed paths:
M Source/JavaScriptCore/builtins/ProxyHelpers.js
M Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
M Source/JavaScriptCore/bytecode/GetByStatus.cpp
M Source/JavaScriptCore/bytecode/GetByStatus.h
M Source/JavaScriptCore/bytecode/InlineCallFrame.cpp
M Source/JavaScriptCore/bytecode/InlineCallFrame.h
M Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
M Source/JavaScriptCore/runtime/JSGlobalObject.h
M Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h
M Source/JavaScriptCore/runtime/ProxyObject.cpp
M Source/JavaScriptCore/runtime/ProxyObject.h
Log Message:
-----------
[JSC] Inline Proxy get trap
https://bugs.webkit.org/show_bug.cgi?id=252229
Reviewed by Alexey Shvayka.
This patch teaches DFG to allow inlining of Proxy [[Get]] traps.
GetByStatus now can successfully recognize ProxyObjectAccessCase, and it reports
this inlining's availability to DFG. We get handler and target from ProxyObject
in performProxyObjectGet so that we can just pass ProxyObject from the caller side,
which can be easily checked in DFG layer (by using ProxyObjectUse edge).
We add ProxyObjectLoadCall call types to InlineCallFrame to handle this inlined call frame
correctly for DFG / FTL OSR exit.
This offers Proxy [[Get]] trap performance improvement.
ToT Patched
put-slow-no-cache-js-proxy 13.5997+-0.1658 ^ 13.3062+-0.0542 ^ definitely 1.0221x faster
proxy-get 146.0271+-0.4420 ^ 106.2325+-2.4139 ^ definitely 1.3746x faster
proxy-get-miss-handler 48.6311+-0.1538 ^ 16.5862+-0.0612 ^ definitely 2.9320x faster
* Source/JavaScriptCore/builtins/ProxyHelpers.js:
(linkTimeConstant.performProxyObjectGet):
* Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h:
* Source/JavaScriptCore/bytecode/GetByStatus.cpp:
(JSC::GetByStatus::GetByStatus):
(JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
(JSC::GetByStatus::makesCalls const):
(JSC::GetByStatus::merge):
(JSC::GetByStatus::dump const):
* Source/JavaScriptCore/bytecode/GetByStatus.h:
* Source/JavaScriptCore/bytecode/InlineCallFrame.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/bytecode/InlineCallFrame.h:
(JSC::InlineCallFrame::callModeFor):
(JSC::InlineCallFrame::specializationKindFor):
(JSC::InlineCallFrame::InlineCallFrame): Deleted.
* Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp:
(JSC::ProxyObjectAccessCase::emit):
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::proxyInternalFieldIndex):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_getProxyInternalField):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inlineCall):
(JSC::DFG::ByteCodeParser::handleProxyObjectLoad):
(JSC::DFG::ByteCodeParser::handleGetById):
* Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::callerReturnPC):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::linkTimeConstantConcurrently const):
* Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h:
(JSC::JSGlobalObject::performProxyObjectGetFunction const):
(JSC::JSGlobalObject::performProxyObjectGetFunctionConcurrently const):
* Source/JavaScriptCore/runtime/ProxyObject.cpp:
(JSC::ProxyObject::finishCreation):
(JSC::ProxyObject::revoke):
(JSC::ProxyObject::visitChildrenImpl):
* Source/JavaScriptCore/runtime/ProxyObject.h:
Canonical link: https://commits.webkit.org/260282@main
More information about the webkit-changes
mailing list