[webkit-changes] [WebKit/WebKit] e28cee: [JSC] Introduce MakeAtomString DFG node

Yusuke Suzuki noreply at github.com
Fri May 19 19:01:26 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e28cee6cd730b374c4fa86a91d238b5f0b9bb69e
      https://github.com/WebKit/WebKit/commit/e28cee6cd730b374c4fa86a91d238b5f0b9bb69e
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-05-19 (Fri, 19 May 2023)

  Changed paths:
    A JSTests/stress/make-atom-string.js
    M Source/JavaScriptCore/CMakeLists.txt
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
    M Source/JavaScriptCore/dfg/DFGClobberize.h
    M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
    M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
    M Source/JavaScriptCore/dfg/DFGNodeType.h
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/dfg/DFGOperations.h
    M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
    M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp
    M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp
    M Source/JavaScriptCore/dfg/DFGValidate.cpp
    M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/heap/Heap.cpp
    M Source/JavaScriptCore/runtime/JSCJSValue.cpp
    M Source/JavaScriptCore/runtime/JSString.cpp
    M Source/JavaScriptCore/runtime/JSString.h
    M Source/JavaScriptCore/runtime/JSStringInlines.h
    A Source/JavaScriptCore/runtime/KeyAtomStringCache.h
    A Source/JavaScriptCore/runtime/KeyAtomStringCacheInlines.h
    M Source/JavaScriptCore/runtime/NumberPrototype.cpp
    M Source/JavaScriptCore/runtime/NumericStrings.h
    M Source/JavaScriptCore/runtime/VM.h
    M Source/WTF/wtf/text/AtomStringImpl.cpp
    M Source/WTF/wtf/text/AtomStringImpl.h

  Log Message:
  -----------
  [JSC] Introduce MakeAtomString DFG node
https://bugs.webkit.org/show_bug.cgi?id=256821
rdar://109383731

Reviewed by Justin Michaud.

This is common pattern that GetByVal / PutByVal / InByVal gets concatnated strings.

    object["property-" + name]

Normally we create rope string, and GetByVal will resolve it to Identifier. This is nice in general
since we do not know whether this string will be resolved when creating a string. But in DFG / FTL,
we can do block local strength reduction analysis and we can identify very common pattern like the above: after
creating rope string, passing it to GetByVal etc. so immediately resolves it to non-rope atom string.

This patch adds strength reduction which does pattern matching GetByVal(MakeRope(...)) and change it to
GetByVal(MakeAtomString(...)). Instead of creating a rope, MakeAtomString resolves all strings, concatenate, atomize
and create normal JSString with this. Furhter we add quick KeyAtomStringCache since it can be possible that this
generated strings are already created before. This quick cache can reduce allocation of JSStrings significantly.

Block locality is conservative, but important since,

    var string = x + y + z;
    if (unlikely) {
        GetByVal(string);
    }

currently we do not want to resolve this case eagerly.

Further, we also refine NumericStrings cache to put JSString* for integer string caches. Both these caches are cleared
when GC happens. But still we can reduce # of allocated JSStrings for common cases.

* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp:
* Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp:
(JSC::DFG::StrengthReductionPhase::handleNode):
* Source/JavaScriptCore/dfg/DFGValidate.cpp:
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileMakeAtomString):
* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::finalize):
* Source/JavaScriptCore/runtime/JSString.cpp:
(JSC::JSRopeString::convertToNonRope const): Deleted.
* Source/JavaScriptCore/runtime/JSString.h:
* Source/JavaScriptCore/runtime/JSStringInlines.h:
(JSC::JSRopeString::convertToNonRope const):
(JSC::stringResolveToBufferSlow):
(JSC::stringResolveToBuffer):
(JSC::jsAtomString):
* Source/JavaScriptCore/runtime/KeyAtomStringCache.h: Added.
(JSC::KeyAtomStringCache::clear):
(JSC::KeyAtomStringCache::cacheSlot):
* Source/JavaScriptCore/runtime/KeyAtomStringCacheInlines.h: Added.
(JSC::KeyAtomStringCache::make):
* Source/JavaScriptCore/runtime/VM.h:

Canonical link: https://commits.webkit.org/264283@main

More information about the webkit-changes mailing list