[webkit-changes] [WebKit/WebKit] 4a9538: [JSC] Handle reallocating transitions in megamorph...

Yusuke Suzuki noreply at github.com
Thu Feb 29 13:29:49 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 4a95386068f39d13b9db69c0e34056ee3dfe2219
      https://github.com/WebKit/WebKit/commit/4a95386068f39d13b9db69c0e34056ee3dfe2219
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-02-29 (Thu, 29 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/bytecode/AccessCase.cpp
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.cpp
    M Source/JavaScriptCore/jit/AssemblyHelpers.h
    M Source/JavaScriptCore/jit/JITOperations.cpp
    M Source/JavaScriptCore/jit/JITOperations.h
    M Source/JavaScriptCore/runtime/MegamorphicCache.h

  Log Message:
  -----------
  [JSC] Handle reallocating transitions in megamorphic store cache
https://bugs.webkit.org/show_bug.cgi?id=270279
rdar://123806842

Reviewed by Justin Michaud.

This patch extends megamorphic store cache with Transition case which reallocates butterfly.
Previously we skipped this case since it is a bit complex. But this is very frequently seen so we must need to handle it well.
Now megamorphic store cache accepts Transition with reallocating. And then, when using this in the megamorphic store cache,
we call a function which does very similar thing to what AccessCase Transition with reallocation is doing.

* Source/JavaScriptCore/bytecode/AccessCase.cpp:
(JSC::AccessCase::doesCalls const):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateWithGuard):
(JSC::InlineCacheCompiler::regenerate):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compilePutByIdMegamorphic):
(JSC::DFG::SpeculativeJIT::compilePutByValMegamorphic):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compilePutByValMegamorphic):
(JSC::FTL::DFG::LowerDFGToB3::compilePutByIdMegamorphic):
* Source/JavaScriptCore/jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::storeMegamorphicProperty):
* Source/JavaScriptCore/jit/AssemblyHelpers.h:
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::putByIdMegamorphic):
(JSC::JSC_DEFINE_JIT_OPERATION):
(JSC::putByValMegamorphic):
* Source/JavaScriptCore/jit/JITOperations.h:
* Source/JavaScriptCore/runtime/MegamorphicCache.h:
(JSC::MegamorphicCache::StoreEntry::offsetOfReallocating):
(JSC::MegamorphicCache::StoreEntry::init):
(JSC::MegamorphicCache::initAsTransition):
(JSC::MegamorphicCache::initAsReplace):

Canonical link: https://commits.webkit.org/275510@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list