[webkit-changes] [WebKit/WebKit] 1d89fd: [JSC] Inline Proxy [[Set]] trap in DFG / FTL

Yusuke Suzuki noreply at github.com
Thu Mar 2 01:58:53 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 1d89fdbdb2bae963b88585f0b94091cc2e3e590c
      https://github.com/WebKit/WebKit/commit/1d89fdbdb2bae963b88585f0b94091cc2e3e590c
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-03-02 (Thu, 02 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/bytecode/InlineCallFrame.cpp
    M Source/JavaScriptCore/bytecode/InlineCallFrame.h
    M Source/JavaScriptCore/bytecode/PutByStatus.cpp
    M Source/JavaScriptCore/bytecode/PutByVariant.cpp
    M Source/JavaScriptCore/bytecode/PutByVariant.h
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
    M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h
    M Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h

  Log Message:
  -----------
  [JSC] Inline Proxy [[Set]] trap in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=253179
rdar://106097171

Reviewed by Alexey Shvayka.

This patch implements inlining of Proxy [[Set]] trap as the similar way to https://commits.webkit.org/260282@main.
The approach is that we set Proxy PutByVariant, and handle it in DFG handlePutById. This offers 20% improvement in
proxy-set microbenchmarks.

                                       ToT                     Patched

    proxy-set-miss-handler       17.5355+-0.0455     ^     14.6011+-0.0285        ^ definitely 1.2010x faster
    proxy-set                    14.6974+-0.0503     ^     11.9129+-0.0726        ^ definitely 1.2337x faster

* Source/JavaScriptCore/bytecode/InlineCallFrame.cpp:
(WTF::printInternal):
* Source/JavaScriptCore/bytecode/InlineCallFrame.h:
(JSC::InlineCallFrame::callModeFor):
(JSC::InlineCallFrame::specializationKindFor):
* Source/JavaScriptCore/bytecode/PutByStatus.cpp:
(JSC::PutByStatus::computeForStubInfo):
* Source/JavaScriptCore/bytecode/PutByVariant.cpp:
(JSC::PutByVariant::proxy):
(JSC::PutByVariant::writesStructures const):
(JSC::PutByVariant::reallocatesStorage const):
(JSC::PutByVariant::makesCalls const):
(JSC::PutByVariant::attemptToMerge):
(JSC::PutByVariant::dumpInContext const):
* Source/JavaScriptCore/bytecode/PutByVariant.h:
(JSC::PutByVariant::structure const):
(JSC::PutByVariant::oldStructure const):
(JSC::PutByVariant::oldStructure):
(JSC::PutByVariant::callLinkStatus const):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::inlineCall):
(JSC::DFG::ByteCodeParser::handlePutById):
* Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::callerReturnPC):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
* Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h:
(JSC::JSGlobalObject::performProxyObjectSetSloppyFunctionConcurrently const):
(JSC::JSGlobalObject::performProxyObjectSetStrictFunctionConcurrently const):

Canonical link: https://commits.webkit.org/261058@main

More information about the webkit-changes mailing list