[webkit-changes] [WebKit/WebKit] 53e0cd: [JSC] Stop eagerly emitting wide32 opcodes

Tadeu Zagallo noreply at github.com
Fri Mar 3 01:27:14 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 53e0cdd7040794989e4e7b87617e53b5e1c5b97e
      https://github.com/WebKit/WebKit/commit/53e0cdd7040794989e4e7b87617e53b5e1c5b97e
  Author: Tadeu Zagallo <tzagallo at apple.com>
  Date:   2023-03-03 (Fri, 03 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp
    M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h
    M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

  Log Message:
  -----------
  [JSC] Stop eagerly emitting wide32 opcodes
https://bugs.webkit.org/show_bug.cgi?id=252891
rdar://105876002

Reviewed by Yusuke Suzuki.

There were 3 cases where we emitted 32-bit wide opcodes:
- OpEnumeratorGetByVal and OpEnumeratorInByVal: we might need to de-optimize these
into OpGetByVal and OpInByVal respectively, and although the take the same arguments,
the metadata ID might overflow whatever size we picked when emitting the original
opcode. To address this, we allocate the metadataID upfront and ensure we emit a
size that will fit the metadataID. These operators are not super common, and worst
case scenario we'll get one extra wide OpGetByVal due to the eagerly allocated metadata.
- OpJneqPtr: similar optimization, we can optimize `o.hasOwnProperty(p)` to a no-op
if we can guarantee that the iterator hasn't been modified. Here we can guarantee that
will always be able to emit a narrow jump, since the jump is only over a OpEnumeratorHasOwnProperty +
the value we're iterating over, which is guaranteed to be a variable.

Additionally, make the deoptimization a little more precise by not deoptimizing
everything in the loop body if we assign to the iterator, but instead only the
operations after the assignment. We are still conservative with regards to loops,
and if there's any reassignment we'll deoptimize everything after the first
loop_hint we encountered.

* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::emitWideJumpIfNotFunctionHasOwnProperty):
(JSC::BytecodeGenerator::emitInByVal):
(JSC::BytecodeGenerator::emitGetByVal):
(JSC::rewriteOp):
(JSC::ForInContext::finalize):
* Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h:
(JSC::ForInContext::addGetInst):
(JSC::ForInContext::addInInst):

Canonical link: https://commits.webkit.org/261125@main

More information about the webkit-changes mailing list