[webkit-changes] [WebKit/WebKit] c7d188: [JSC] Inline ClonedArguments allocation in DFG / FTL

Yusuke Suzuki noreply at github.com
Mon May 1 14:22:39 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c7d1888949f94118612536ffc3b7f58cf102114b
      https://github.com/WebKit/WebKit/commit/c7d1888949f94118612536ffc3b7f58cf102114b
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-05-01 (Mon, 01 May 2023)

  Changed paths:
    A JSTests/microbenchmarks/create-cloned-arguments.js
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/dfg/DFGOperations.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp
    M Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/ftl/FTLOperations.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.h
    M Source/JavaScriptCore/runtime/ClonedArguments.cpp
    M Source/JavaScriptCore/runtime/ClonedArguments.h

  Log Message:
  -----------
  [JSC] Inline ClonedArguments allocation in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=256129
rdar://108694519

Reviewed by Mark Lam and Keith Miller.

This patch adds ClonedArguments inlined allocation into DFG / FTL.
ClonedArguments is `arguments` object in strict mode, and we should make it super fast.
The approach is just allocating butterfly and object from JIT.

                                        ToT                     Patched

    create-cloned-arguments       17.9729+-0.3882     ^      7.8421+-0.0352        ^ definitely 2.2919x faster

* JSTests/microbenchmarks/create-cloned-arguments.js: Added.
(test):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileCreateClonedArguments):
* Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.cpp:
* Source/JavaScriptCore/ftl/FTLAbstractHeapRepository.h:
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCreateClonedArguments):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
(JSC::AssemblyHelpers::emitFillStorageWithJSEmpty):
* Source/JavaScriptCore/runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::getOwnPropertySlot):
* Source/JavaScriptCore/runtime/ClonedArguments.h:

Canonical link: https://commits.webkit.org/263558@main

More information about the webkit-changes mailing list