[webkit-changes] [WebKit/WebKit] 540d08: [JSC] Use handler IC for single stateless AccessCase

Yusuke Suzuki noreply at github.com
Tue Mar 5 17:32:41 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 540d08d37e29127fa5eeefa78d2b849561771fe8
      https://github.com/WebKit/WebKit/commit/540d08d37e29127fa5eeefa78d2b849561771fe8
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-03-05 (Tue, 05 Mar 2024)

  Changed paths:
    M Source/JavaScriptCore/bytecode/AccessCase.cpp
    M Source/JavaScriptCore/bytecode/AccessCase.h
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h
    M Source/JavaScriptCore/bytecode/Repatch.cpp
    M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
    M Source/JavaScriptCore/bytecode/StructureStubInfo.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
    M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
    M Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp
    M Source/JavaScriptCore/jit/JITInlineCacheGenerator.h
    M Source/JavaScriptCore/jit/JITPropertyAccess.cpp

  Log Message:
  -----------
  [JSC] Use handler IC for single stateless AccessCase
https://bugs.webkit.org/show_bug.cgi?id=270497
rdar://124047629

Reviewed by Keith Miller.

This patch enables Handler IC only for very specific case: single stateless AccessCase.
For example, ArrayLength, IndexedContiguousLoad etc. does not care about Structure. They
only care about the input's type. So the underlying code can be reused in different places completely.
And if AccessCase is only one, the generated code can be reused in various places. And surprisingly
this is relatively frequently happening.

1. This patch categorizes stateless AccessCases. They do not require Structure etc. state of the heap.
2. We clean up InlineCacheCompiler implementation about accessing to StructureStubInfo* to figure out
   what is the values changing the generated code from StructureStubInfo.
3. We clean up InlineCacheCompiler's information collection code from vector of AccessCase so that we
   can easily see what information is collected.
4. We extend SharedJITStubSet to store stateless stubs. Previously it was only storing megamorphic stubs
   since they are stateless. But now it gets extended to accept all stateless stubs.

* Source/JavaScriptCore/bytecode/AccessCase.h:
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::isStateless):
(JSC::InlineCacheCompiler::regenerate):
(WTF::printInternal):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.h:
* Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:
(JSC::SharedJITStubSet::getStatelessStub const):
(JSC::SharedJITStubSet::setStatelessStub):
(JSC::SharedJITStubSet::getMegamorphic const): Deleted.
(JSC::SharedJITStubSet::setMegamorphic): Deleted.
* Source/JavaScriptCore/bytecode/StructureStubInfo.h:

Canonical link: https://commits.webkit.org/275721@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list