[webkit-changes] [WebKit/WebKit] 32a1d5: [JSC] Track active replacement WatchpointSets as a...

Yusuke Suzuki noreply at github.com
Wed May 10 12:46:41 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 32a1d510d466fba92cfd5b32bc6ca266af206431
      https://github.com/WebKit/WebKit/commit/32a1d510d466fba92cfd5b32bc6ca266af206431
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-05-10 (Wed, 10 May 2023)

  Changed paths:
    M Source/JavaScriptCore/bytecode/PropertyCondition.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/jit/JITPropertyAccess.cpp
    M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm
    M Source/JavaScriptCore/runtime/CommonSlowPathsInlines.h
    M Source/JavaScriptCore/runtime/Structure.cpp
    M Source/JavaScriptCore/runtime/Structure.h
    M Source/JavaScriptCore/runtime/StructureInlines.h
    M Source/JavaScriptCore/runtime/StructureRareData.h

  Log Message:
  -----------
  [JSC] Track active replacement WatchpointSets as a preparation for megamorphic store cache
https://bugs.webkit.org/show_bug.cgi?id=256568
rdar://109129404

Reviewed by Justin Michaud.

When integrating megamorphic store cache, we would like to make it work only for very simple Structures, which
do not need to consider about replacement WatchpointSet firing. This means that Structure should know whether
it has active (not invalidated) replacement WatchpointSet quickly. Previously we have didWatchReplacement bit,
but it turned out that this becomes true so frequently because any kind of replacement IC will insert *already-invalidated*
WatchpointSet for this Structure to keep this property replacement not firing WatchpointSet.

So, let's track actual active # of replacement WatchpointSets and flip a bit of Structure. We rename didWatchReplacement
to isWatchingReplacement bit, which tells whether a Structure is *right now* watching replacement. We track # of replacement
WatchpointSets, and flip this bit based on this. These work should be done in the main thread, and this invariant is kept well
since replacement Watchpoint creation and firing only happen in the main thread.

* Source/JavaScriptCore/bytecode/PropertyCondition.cpp:
(JSC::PropertyCondition::isWatchableWhenValid const):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compileEnumeratorPutByVal):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
* Source/JavaScriptCore/jit/JITPropertyAccess.cpp:
(JSC::JIT::emit_op_enumerator_put_by_val):
* Source/JavaScriptCore/llint/LowLevelInterpreter64.asm:
* Source/JavaScriptCore/runtime/CommonSlowPathsInlines.h:
(JSC::CommonSlowPaths::opEnumeratorPutByVal):
* Source/JavaScriptCore/runtime/Structure.cpp:
(JSC::Structure::ensurePropertyReplacementWatchpointSet):
(JSC::Structure::firePropertyReplacementWatchpointSet):
(JSC::Structure::didCachePropertyReplacement):
* Source/JavaScriptCore/runtime/Structure.h:
* Source/JavaScriptCore/runtime/StructureInlines.h:
(JSC::Structure::didReplaceProperty):
* Source/JavaScriptCore/runtime/StructureRareData.h:

Canonical link: https://commits.webkit.org/263924@main

More information about the webkit-changes mailing list