[webkit-changes] [WebKit/WebKit] 2280a9: [JSC] Add CallCustomAccessorGetter / CallCustomAcc...
Yusuke Suzuki
noreply at github.com
Tue Oct 31 14:39:01 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2280a97d2334cb16aa13cf8db9a01613d99366f9
https://github.com/WebKit/WebKit/commit/2280a97d2334cb16aa13cf8db9a01613d99366f9
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2023-10-31 (Tue, 31 Oct 2023)
Changed paths:
A JSTests/microbenchmarks/custom-accessor-thin-air-setter.js
M JSTests/stress/domjit-getter-complex-with-incorrect-object.js
M Source/JavaScriptCore/bytecode/GetByStatus.cpp
M Source/JavaScriptCore/bytecode/GetByStatus.h
M Source/JavaScriptCore/bytecode/GetByVariant.cpp
M Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp
M Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.h
M Source/JavaScriptCore/bytecode/PutByStatus.cpp
M Source/JavaScriptCore/bytecode/PutByStatus.h
M Source/JavaScriptCore/bytecode/PutByVariant.cpp
M Source/JavaScriptCore/bytecode/PutByVariant.h
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGGraph.h
M Source/JavaScriptCore/dfg/DFGMayExit.cpp
M Source/JavaScriptCore/dfg/DFGNode.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Log Message:
-----------
[JSC] Add CallCustomAccessorGetter / CallCustomAccessorSetter DFG nodes
https://bugs.webkit.org/show_bug.cgi?id=263745
rdar://117551452
Reviewed by Keith Miller.
When we see custom accessor getter and setter in DFG, we give up and use normal generic IC for this site.
We should not do that since
1. IC is costly. Its peak performance is fast, but setup is not free.
2. IC bloats more code.
3. Directly embedding IC's custom accessor getter / setter code into DFG / FTL is faster and more efficient.
This patch adds CallCustomAccessorGetter and CallCustomAccessorSetter. We appropriately start handling custom
accessor feedback from IC and starts putting these nodes instead of just putting GetById / PutById.
ToT Patched
custom-accessor 9.7385+-0.0277 ^ 9.4625+-0.0374 ^ definitely 1.0292x faster
custom-accessor-materialized 9.8093+-0.0166 ^ 9.5174+-0.0291 ^ definitely 1.0307x faster
custom-accessor-thin-air-setter 5.3423+-0.0150 ^ 4.7375+-0.0205 ^ definitely 1.1277x faster
custom-accessor-thin-air 19.8702+-0.0815 ^ 19.1854+-0.0327 ^ definitely 1.0357x faster
* JSTests/microbenchmarks/custom-accessor-thin-air-setter.js: Added.
(assert):
(test5.set const):
(test5.set for):
* Source/JavaScriptCore/bytecode/GetByStatus.cpp:
(JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
* Source/JavaScriptCore/bytecode/GetByStatus.h:
* Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.cpp:
(JSC::ObjectPropertyConditionSet::isStillValid const):
* Source/JavaScriptCore/bytecode/ObjectPropertyConditionSet.h:
* Source/JavaScriptCore/bytecode/PutByStatus.cpp:
(JSC::PutByStatus::computeForStubInfo):
(JSC::PutByStatus::makesCalls const):
(JSC::PutByStatus::merge):
(JSC::PutByStatus::dump const):
* Source/JavaScriptCore/bytecode/PutByStatus.h:
* Source/JavaScriptCore/bytecode/PutByVariant.cpp:
(JSC::PutByVariant::operator=):
(JSC::PutByVariant::customSetter):
(JSC::PutByVariant::writesStructures const):
(JSC::PutByVariant::reallocatesStorage const):
(JSC::PutByVariant::makesCalls const):
(JSC::PutByVariant::attemptToMerge):
(JSC::PutByVariant::dumpInContext const):
* Source/JavaScriptCore/bytecode/PutByVariant.h:
(JSC::PutByVariant::oldStructure const):
(JSC::PutByVariant::oldStructure):
(JSC::PutByVariant::customAccessorSetter const):
(JSC::PutByVariant::domAttribute const):
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::check):
(JSC::DFG::ByteCodeParser::handleGetById):
(JSC::DFG::ByteCodeParser::handlePutById):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGMayExit.cpp:
* Source/JavaScriptCore/dfg/DFGNode.h:
(JSC::DFG::Node::hasCacheableIdentifier):
(JSC::DFG::Node::cacheableIdentifier):
(JSC::DFG::Node::hasHeapPrediction):
(JSC::DFG::Node::hasCallCustomAccessorData const):
(JSC::DFG::Node::callCustomAccessorData):
(JSC::DFG::Node::customAccessor):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq):
Canonical link: https://commits.webkit.org/270028@main
More information about the webkit-changes
mailing list