[webkit-changes] [WebKit/WebKit] b45d2e: [JSC] Add ProxyObjectStore IC to optimize "set" trap
EWS
noreply at github.com
Fri Feb 24 11:47:05 PST 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: b45d2e9c3d34a09f74191f07275eef8cf57f6f4d
https://github.com/WebKit/WebKit/commit/b45d2e9c3d34a09f74191f07275eef8cf57f6f4d
Author: Alexey Shvayka <ashvayka at apple.com>
Date: 2023-02-24 (Fri, 24 Feb 2023)
Changed paths:
A JSTests/microbenchmarks/proxy-set-miss-handler.js
A JSTests/microbenchmarks/proxy-set.js
A JSTests/stress/proxy-set-failure-inline-cache.js
M Source/JavaScriptCore/builtins/BuiltinNames.h
M Source/JavaScriptCore/builtins/ProxyHelpers.js
M Source/JavaScriptCore/bytecode/AccessCase.cpp
M Source/JavaScriptCore/bytecode/AccessCase.h
M Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h
M Source/JavaScriptCore/bytecode/LinkTimeConstant.h
M Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp
M Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp
M Source/JavaScriptCore/bytecode/Repatch.cpp
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M Source/JavaScriptCore/runtime/CacheableIdentifier.h
M Source/JavaScriptCore/runtime/CacheableIdentifierInlines.h
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M Source/JavaScriptCore/runtime/JSGlobalObject.h
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.h
M Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h
M Source/JavaScriptCore/runtime/ProxyObject.cpp
M Source/JavaScriptCore/runtime/ProxyObject.h
Log Message:
-----------
[JSC] Add ProxyObjectStore IC to optimize "set" trap
https://bugs.webkit.org/show_bug.cgi?id=252602
<rdar://problem/105692284>
Reviewed by Yusuke Suzuki.
This change adds ProxyObjectLoad IC for Proxy "set" trap, which detects ProxyObject and calls
a variant of @performProxyObjectSet JS function, ensuring that errors for both reflection
in case of missing trap and falsy trap result are thrown only in strict mode.
Results in 1.7-6.6x speed-up on provided microbenchmarks, while JetStream3 Proxy tests are neutral
due to very modest usage of Proxy "set" trap (MobX doesn't call it at all, only setters).
Also, factors out a few helpers as CacheableIdentifier instance methods and extracts
ProxyObject::validateSetTrapResult() method to allow for maximum code reuse.
ToT patch
proxy-set-miss-handler 129.6017+-0.8690 ^ 19.7623+-0.1588 ^ definitely 6.5580x faster
proxy-set 57.8925+-0.4492 ^ 33.9117+-0.2406 ^ definitely 1.7072x faster
* JSTests/microbenchmarks/proxy-set-miss-handler.js: Added.
* JSTests/microbenchmarks/proxy-set.js: Added.
* JSTests/stress/proxy-set-failure-inline-cache.js: Added.
* Source/JavaScriptCore/builtins/BuiltinNames.h:
* Source/JavaScriptCore/builtins/ProxyHelpers.js:
(linkTimeConstant.performProxyObjectSetSloppy):
(linkTimeConstant.performProxyObjectSetStrict):
* Source/JavaScriptCore/bytecode/AccessCase.cpp:
(JSC::AccessCase::create):
(JSC::AccessCase::guardedByStructureCheckSkippingConstantIdentifierCheck const):
(JSC::AccessCase::requiresIdentifierNameMatch const):
(JSC::AccessCase::requiresInt32PropertyCheck const):
(JSC::AccessCase::needsScratchFPR const):
(JSC::AccessCase::forEachDependentCell const):
(JSC::AccessCase::doesCalls const):
(JSC::AccessCase::canReplace const):
(JSC::AccessCase::generateWithGuard):
(JSC::AccessCase::generateImpl):
(JSC::AccessCase::runWithDowncast):
(JSC::AccessCase::canBeShared):
* Source/JavaScriptCore/bytecode/AccessCase.h:
* Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h:
* Source/JavaScriptCore/bytecode/LinkTimeConstant.h:
* Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp:
(JSC::PolymorphicAccess::regenerate):
* Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp:
(JSC::ProxyObjectAccessCase::emit):
* Source/JavaScriptCore/bytecode/Repatch.cpp:
(JSC::tryCacheGetBy):
(JSC::tryCachePutBy):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitPutByVal):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::emitIntrinsicPutByValWithThis):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_putByValWithThisSloppy):
(JSC::BytecodeIntrinsicNode::emit_intrinsic_putByValWithThisStrict):
* Source/JavaScriptCore/runtime/CacheableIdentifier.h:
(JSC::CacheableIdentifier::isPrivateName const):
* Source/JavaScriptCore/runtime/CacheableIdentifierInlines.h:
(JSC::CacheableIdentifier::ensureIsCell):
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::globalFuncHandleProxySetTrapResult):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSGlobalObject::init):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
* Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h:
(JSC::JSGlobalObject::performProxyObjectSetSloppyFunction const):
(JSC::JSGlobalObject::performProxyObjectSetStrictFunction const):
* Source/JavaScriptCore/runtime/ProxyObject.cpp:
(JSC::ProxyObject::performPut):
(JSC::ProxyObject::validateSetTrapResult):
* Source/JavaScriptCore/runtime/ProxyObject.h:
Canonical link: https://commits.webkit.org/260803@main
More information about the webkit-changes
mailing list