[webkit-changes] [WebKit/WebKit] d99a52: [JSC] Optimize bound function calls
Yusuke Suzuki
noreply at github.com
Wed Feb 15 01:31:08 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d99a52c875990a31eac613edd3c1462905159ebc
https://github.com/WebKit/WebKit/commit/d99a52c875990a31eac613edd3c1462905159ebc
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-02-15 (Wed, 15 Feb 2023)
Changed paths:
A JSTests/stress/bound-function-inlining.js
M JSTests/stress/bound-function-stack-overflow.js
A JSTests/stress/bound-function-strength-reduction-this.js
A JSTests/stress/bound-function-strength-reduction.js
A JSTests/stress/function-bind-call-frame.js
A JSTests/stress/function-bind-caller.js
A JSTests/stress/function-bind-do-not-miss-already-bound-args.js
A JSTests/stress/function-bind-double-wrap-throw-more.js
A JSTests/stress/function-bind-double-wrap-throw.js
A JSTests/stress/function-bind-getter-call-osr-exit.js
A JSTests/stress/function-bind-inlined-osr-exit.js
A JSTests/stress/function-bind-setter-call-osr-exit.js
A JSTests/stress/function-bind-tail-call-osr-exit.js
A JSTests/stress/function-bind-throw.js
M JSTests/stress/sampling-profiler-bound-function-name.js
M JSTests/stress/stack-overflow-in-custom-hasInstance.js
M Source/JavaScriptCore/builtins/FunctionPrototype.js
M Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
M Source/JavaScriptCore/bytecode/BytecodeList.rb
M Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp
M Source/JavaScriptCore/bytecode/InlineCallFrame.cpp
M Source/JavaScriptCore/bytecode/InlineCallFrame.h
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGGraph.cpp
M Source/JavaScriptCore/dfg/DFGGraph.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
M Source/JavaScriptCore/dfg/DFGOperations.cpp
M Source/JavaScriptCore/dfg/DFGOperations.h
M Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp
M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
M Source/JavaScriptCore/interpreter/Interpreter.cpp
M Source/JavaScriptCore/jit/JIT.cpp
M Source/JavaScriptCore/jit/JITOperations.cpp
M Source/JavaScriptCore/jit/ThunkGenerators.cpp
M Source/JavaScriptCore/llint/LowLevelInterpreter.asm
M Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
M Source/JavaScriptCore/runtime/CommonSlowPaths.h
M Source/JavaScriptCore/runtime/JSBoundFunction.cpp
M Source/JavaScriptCore/runtime/JSBoundFunction.h
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M Source/JavaScriptCore/runtime/VM.cpp
M Source/JavaScriptCore/tools/JSDollarVM.cpp
Log Message:
-----------
[JSC] Optimize bound function calls
https://bugs.webkit.org/show_bug.cgi?id=225135
rdar://77539823
Reviewed by Mark Lam.
This patch allows inlining JSBoundFunction calls from DFG and FTL.
1. We should not report bound function in the stack trace. But we were doing that. This patch fixes it by making it ImplementationVisibility::Private.
This also aligns JSC with V8 and this also makes this patch simpler because we do not need to care about the stack trace when inlining bound function calls.
2. We optimize double-bound functions. (func.bind(...).bind(...)) by folding captured arguments into one, so effectively unwrapping it.
3. DFG ByteCodeParser attempts to inline bound function calls from CallVariant data & intrinsic marking. Even though we failed to do that, we attempt to unwrapping
the call in DFG strength reduction further.
Bound function calls get much faster with this patch by inlining / unwrapping.
ToT Patched
bound-function-call 5.2044+-0.0275 ^ 1.9831+-0.0342 ^ definitely 2.6244x faster
function-bind-no-inlining-repeat-call 47.4999+-0.2317 ^ 43.0725+-0.1098 ^ definitely 1.1028x faster
* JSTests/stress/bound-function-inlining.js: Added.
(shouldBe):
(test):
(t):
* JSTests/stress/bound-function-stack-overflow.js:
* JSTests/stress/bound-function-strength-reduction.js: Added.
(shouldBe):
(test):
(t1):
(t2):
* JSTests/stress/function-bind-call-frame.js: Added.
(test):
(test1):
* JSTests/stress/function-bind-caller.js: Added.
(shouldBe):
(inlined):
(test):
* JSTests/stress/function-bind-do-not-miss-already-bound-args.js: Added.
(shouldBe):
(test):
* JSTests/stress/function-bind-double-wrap-throw-more.js: Added.
(shouldBe):
(throwable):
(test):
(catch):
* JSTests/stress/function-bind-double-wrap-throw.js: Added.
(shouldBe):
(throwable):
(test):
(catch):
* JSTests/stress/function-bind-getter-call-osr-exit.js: Added.
(bar):
(foo):
(test):
* JSTests/stress/function-bind-inlined-osr-exit.js: Added.
(shouldBe):
(mayExit):
(inlined):
(test):
* JSTests/stress/function-bind-setter-call-osr-exit.js: Added.
(bar):
(foo):
(test):
* JSTests/stress/function-bind-tail-call-osr-exit.js: Added.
(bar):
(foo):
(test):
* JSTests/stress/function-bind-throw.js: Added.
(shouldBe):
(throwable):
(inner):
(test):
(catch):
* JSTests/stress/sampling-profiler-bound-function-name.js:
(platformSupportsSamplingProfiler):
* JSTests/stress/stack-overflow-in-custom-hasInstance.js:
* LayoutTests/js/dom/function-bind-expected.txt:
* Source/JavaScriptCore/builtins/FunctionPrototype.js:
(bind):
* Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h:
* Source/JavaScriptCore/bytecode/BytecodeList.rb:
* Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp:
(JSC::computeUsesForBytecodeIndexImpl):
(JSC::computeDefsForBytecodeIndexImpl):
* Source/JavaScriptCore/bytecode/InlineCallFrame.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/bytecode/InlineCallFrame.h:
(JSC::InlineCallFrame::callModeFor):
(JSC::InlineCallFrame::specializationKindFor):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitCreateArgumentsButterflyExcludingThis):
(JSC::BytecodeGenerator::emitCreateArgumentsButterfly): Deleted.
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::BytecodeIntrinsicNode::emit_intrinsic_createArgumentsButterflyExcludingThis):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_createArgumentsButterfly): Deleted.
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inlineCall):
(JSC::DFG::ByteCodeParser::handleCallVariant):
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::handlePutById):
(JSC::DFG::ByteCodeParser::parseBlock):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::tryGetConstantGetter):
(JSC::DFG::Graph::tryGetConstantSetter):
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::callerReturnPC):
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::PreciseLocalClobberizeAdaptor::readTop):
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp:
* Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateArgumentsButterflyExcludingThis):
(JSC::FTL::DFG::LowerDFGToB3::compileCreateArgumentsButterfly): Deleted.
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
* Source/JavaScriptCore/jit/JIT.cpp:
(JSC::JIT::privateCompileMainPass):
* Source/JavaScriptCore/jit/JITOperations.cpp:
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::boundFunctionCallGenerator):
* Source/JavaScriptCore/llint/LowLevelInterpreter.asm:
* Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:
(JSC::JSC_DEFINE_COMMON_SLOW_PATH):
* Source/JavaScriptCore/runtime/CommonSlowPaths.h:
* Source/JavaScriptCore/runtime/JSBoundFunction.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSBoundFunction::boundArgsCopy):
* Source/JavaScriptCore/runtime/JSBoundFunction.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::VM::getBoundFunction):
* Source/JavaScriptCore/tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSDollarVM::finishCreation):
Canonical link: https://commits.webkit.org/260303@main
More information about the webkit-changes
mailing list