[webkit-changes] [WebKit/WebKit] 109405: [JSC] Optimize Function#bind further

Yusuke Suzuki noreply at github.com
Wed Mar 22 15:14:28 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 109405481c53542efeb133a5960a9f5c6255bad4
      https://github.com/WebKit/WebKit/commit/109405481c53542efeb133a5960a9f5c6255bad4
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-03-22 (Wed, 22 Mar 2023)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
    M Source/JavaScriptCore/dfg/DFGClobberize.h
    M Source/JavaScriptCore/dfg/DFGClobbersExitState.cpp
    M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
    M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
    M Source/JavaScriptCore/dfg/DFGGraph.cpp
    M Source/JavaScriptCore/dfg/DFGMayExit.cpp
    M Source/JavaScriptCore/dfg/DFGNode.cpp
    M Source/JavaScriptCore/dfg/DFGNode.h
    M Source/JavaScriptCore/dfg/DFGNodeType.h
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/dfg/DFGOperations.h
    M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
    M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp
    M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
    M Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
    M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp
    M Source/JavaScriptCore/interpreter/Interpreter.cpp
    M Source/JavaScriptCore/interpreter/ProtoCallFrame.h
    M Source/JavaScriptCore/interpreter/ProtoCallFrameInlines.h
    M Source/JavaScriptCore/jit/ThunkGenerators.cpp
    M Source/JavaScriptCore/runtime/ArgList.h
    M Source/JavaScriptCore/runtime/FunctionPrototype.cpp
    M Source/JavaScriptCore/runtime/InternalFunction.cpp
    M Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp
    M Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp
    M Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp
    M Source/JavaScriptCore/runtime/Intrinsic.h
    M Source/JavaScriptCore/runtime/JSBoundFunction.cpp
    M Source/JavaScriptCore/runtime/JSBoundFunction.h
    M Source/JavaScriptCore/runtime/JSFunction.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
    M Source/JavaScriptCore/runtime/JSGlobalObject.h
    M Source/JavaScriptCore/runtime/VM.cpp
    M Source/JavaScriptCore/runtime/VM.h
    M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp
    M Source/WebCore/bindings/js/JSDOMAsyncIterator.h

  Log Message:
  -----------
  [JSC] Optimize Function#bind further
https://bugs.webkit.org/show_bug.cgi?id=254242
rdar://107026972

Reviewed by Justin Michaud.

This patch makes Function#bind faster.

1. Now, JSBoundFunction has embedded bound arguments up to 3. So we can avoid allocating JSImmutableButterfly
   for small # of bound arguments, which is super common in practice.
2. Many JSBoundFunction properties materialization gets lazily done. "name", "length", and construct-ability too.
3. Simplify JSBoundFunction. We remove flattening since it is too complicated and performance gain was not much.
   Also, we remove complicated NativeExecutable for JSBoundFunction to make JSBoundFunction allocation simple.
4. Introduce FunctionBind node into DFG / FTL and handling it, which improves performance for generic case.
5. Furthermore, we lower FunctionBind into NewBoundFunction is input's structure meets invariant. This inlines
   JSBoundFunction allocation completely (and due to (2) and (3), the code becomes super simple) and offers massive
   performance boost.

                                       ToT                     Patched

    function-bind-creation        9.6877+-0.0297     ^      4.0682+-0.0563        ^ definitely 2.3814x faster
    function-bind                46.4667+-0.1078     ^     14.9119+-0.0942        ^ definitely 3.1161x faster

* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGClobbersExitState.cpp:
(JSC::DFG::clobbersExitState):
* Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
* Source/JavaScriptCore/dfg/DFGMayExit.cpp:
* Source/JavaScriptCore/dfg/DFGNode.cpp:
(JSC::DFG::Node::convertToNewBoundFunction):
* Source/JavaScriptCore/dfg/DFGNode.h:
(JSC::DFG::Node::hasCellOperand):
(JSC::DFG::Node::isFunctionAllocation):
(JSC::DFG::Node::numberOfBoundArguments):
(JSC::DFG::Node::hasNumberOfBoundArguments):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
(JSC::DFG::SpeculativeJIT::compileFunctionBind):
(JSC::DFG::SpeculativeJIT::compileNewBoundFunction):
* Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp:
* Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h:
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileNewBoundFunction):
(JSC::FTL::DFG::LowerDFGToB3::compileFunctionBind):
* Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::getInternalProperties):
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
(JSC::Interpreter::executeBoundCall):
(JSC::Interpreter::executeCall):
(JSC::Interpreter::executeModuleProgram):
* Source/JavaScriptCore/interpreter/ProtoCallFrame.h:
* Source/JavaScriptCore/interpreter/ProtoCallFrameInlines.h:
(JSC::ProtoCallFrame::init):
* Source/JavaScriptCore/jit/ThunkGenerators.cpp:
(JSC::boundFunctionCallGenerator):
* Source/JavaScriptCore/runtime/ArgList.h:
(JSC::ArgList::ArgList):
(JSC::ArgList::at const):
(JSC::ArgList::data const):
* Source/JavaScriptCore/runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::addFunctionProperties):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/InternalFunction.cpp:
(JSC::getFunctionRealm):
* Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp:
(JSC::JSC_DEFINE_CUSTOM_GETTER):
* Source/JavaScriptCore/runtime/Intrinsic.h:
* Source/JavaScriptCore/runtime/JSBoundFunction.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::JSBoundFunction::create):
(JSC::JSBoundFunction::JSBoundFunction):
(JSC::JSBoundFunction::boundArgsCopy):
(JSC::JSBoundFunction::lengthSlow):
(JSC::JSBoundFunction::canConstructSlow):
(JSC::JSBoundFunction::canSkipNameAndLengthMaterialization):
(JSC::JSBoundFunction::visitChildrenImpl):
* Source/JavaScriptCore/runtime/JSBoundFunction.h:
* Source/JavaScriptCore/runtime/JSFunction.cpp:
(JSC::JSFunction::getConstructData):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::boundFunctionStructureConcurrently const):
* Source/JavaScriptCore/runtime/VM.cpp:
(JSC::VM::VM):
(JSC::VM::getBoundFunction):
* Source/JavaScriptCore/runtime/VM.h:
* Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/WebCore/bindings/js/JSDOMAsyncIterator.h:
(WebCore::IteratorTraits>::createOnSettledFunction):
(WebCore::IteratorTraits>::createOnFulfilledFunction):
(WebCore::IteratorTraits>::createOnRejectedFunction):

Canonical link: https://commits.webkit.org/261993@main

More information about the webkit-changes mailing list