[webkit-changes] [WebKit/WebKit] 350878: Reduce String ref/deref churn in JSC by 60% on Jet...

Keith Miller noreply at github.com
Mon May 13 08:39:53 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 350878c832f8c798c309d5f28655bec537754fc0
      https://github.com/WebKit/WebKit/commit/350878c832f8c798c309d5f28655bec537754fc0
  Author: Keith Miller <keith_miller at apple.com>
  Date:   2024-05-13 (Mon, 13 May 2024)

  Changed paths:
    M Source/JavaScriptCore/CMakeLists.txt
    M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
    M Source/JavaScriptCore/bytecode/Repatch.cpp
    M Source/JavaScriptCore/dfg/DFGOperations.cpp
    M Source/JavaScriptCore/ftl/FTLOperations.cpp
    A Source/JavaScriptCore/heap/GCOwnedDataScope.h
    M Source/JavaScriptCore/inspector/InjectedScriptBase.cpp
    M Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp
    M Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp
    M Source/JavaScriptCore/interpreter/Interpreter.cpp
    M Source/JavaScriptCore/jit/ICStats.h
    M Source/JavaScriptCore/jit/JITArithmetic.cpp
    M Source/JavaScriptCore/jit/JITOperations.cpp
    M Source/JavaScriptCore/jsc.cpp
    M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
    M Source/JavaScriptCore/runtime/ArrayPrototype.cpp
    M Source/JavaScriptCore/runtime/CachedTypes.cpp
    M Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
    M Source/JavaScriptCore/runtime/DateConstructor.cpp
    M Source/JavaScriptCore/runtime/ErrorInstance.cpp
    M Source/JavaScriptCore/runtime/ErrorInstance.h
    M Source/JavaScriptCore/runtime/ExceptionHelpers.cpp
    M Source/JavaScriptCore/runtime/ExceptionScope.cpp
    M Source/JavaScriptCore/runtime/FunctionConstructor.cpp
    M Source/JavaScriptCore/runtime/HashMapImplInlines.h
    M Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp
    M Source/JavaScriptCore/runtime/IntlNumberFormatInlines.h
    M Source/JavaScriptCore/runtime/IntlSegmenter.cpp
    M Source/JavaScriptCore/runtime/JSBoundFunction.cpp
    M Source/JavaScriptCore/runtime/JSCJSValue.cpp
    M Source/JavaScriptCore/runtime/JSCJSValueInlines.h
    M Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h
    M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
    M Source/JavaScriptCore/runtime/JSImmutableButterfly.cpp
    M Source/JavaScriptCore/runtime/JSModuleLoader.cpp
    M Source/JavaScriptCore/runtime/JSONObject.cpp
    M Source/JavaScriptCore/runtime/JSObject.cpp
    M Source/JavaScriptCore/runtime/JSString.cpp
    M Source/JavaScriptCore/runtime/JSString.h
    M Source/JavaScriptCore/runtime/JSStringInlines.h
    M Source/JavaScriptCore/runtime/JSStringJoiner.h
    M Source/JavaScriptCore/runtime/NumberPrototype.cpp
    M Source/JavaScriptCore/runtime/Operations.h
    M Source/JavaScriptCore/runtime/ParseInt.h
    M Source/JavaScriptCore/runtime/PropertyName.h
    M Source/JavaScriptCore/runtime/RegExpConstructor.cpp
    M Source/JavaScriptCore/runtime/RegExpMatchesArray.h
    M Source/JavaScriptCore/runtime/RegExpObject.cpp
    M Source/JavaScriptCore/runtime/RegExpObjectInlines.h
    M Source/JavaScriptCore/runtime/RegExpPrototype.cpp
    M Source/JavaScriptCore/runtime/ShadowRealmPrototype.cpp
    M Source/JavaScriptCore/runtime/StringPrototype.cpp
    M Source/JavaScriptCore/runtime/StringPrototypeInlines.h
    M Source/JavaScriptCore/runtime/SymbolConstructor.cpp
    M Source/JavaScriptCore/runtime/TemporalCalendarPrototype.cpp
    M Source/JavaScriptCore/runtime/TemporalPlainTime.cpp
    M Source/JavaScriptCore/tools/JSDollarVM.cpp
    M Source/WTF/wtf/HashMap.h
    M Source/WTF/wtf/text/WTFString.h
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp
    M Source/WebCore/bridge/objc/WebScriptObject.mm
    M Source/WebKitLegacy/mac/WebView/WebView.mm

  Log Message:
  -----------
  Reduce String ref/deref churn in JSC by 60% on JetStream2
https://bugs.webkit.org/show_bug.cgi?id=274046
rdar://127946516

Reviewed by Yusuke Suzuki.

This patch reduces the number of refs in JSC on JetStream2 by ~60% from 407831951 to 168560273,
which seems to be ~.3% speedup on that benchmark.

Mostly this is done by introducing a new class `GCOwnedDataScope` this class holds some data
owned by a GCed object and ensures that GCed object is retained by the C++ compiler at least
as long as the scope. This makes it easy to provide access to GC object owned data safely.
The only requirement is that people **DO NOT** do `Data&/* data = gcType->getData()`. However,
this is the problem with the current accessors used throughout JSC anyway. Over time we should
start migrating more and more JSC accessor member functions to `GCOwnedDataScope`.

The main functions updated in this patch are `JSString::value` and
`JSString::viewWithUnderlyingString` the latter of which is now JSString::view. These now
return a `GCOwnedDataScope<const String&>` and `GCOwnedDataScope<StringView>`, respectively.
Additionally, PropertyName now takes a CacheableIdentifier for the various `operationGetBy<Op>`
JIT operations instead of converting to a true Identifier (incurring a ref/deref).

Also, add some extra logging to our scope checking code.

* Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj:
* Source/JavaScriptCore/bytecode/Repatch.cpp:
(JSC::tryCacheGetBy):
(JSC::tryCacheArrayGetByVal):
(JSC::tryCachePutBy):
(JSC::tryCacheArrayPutByVal):
(JSC::tryCacheDeleteBy):
(JSC::repatchDeleteBy):
(JSC::tryCacheInBy):
(JSC::repatchInBy):
(JSC::tryCacheHasPrivateBrand):
(JSC::tryCacheCheckPrivateBrand):
(JSC::tryCacheSetPrivateBrand):
(JSC::tryCacheInstanceOf):
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/ftl/FTLOperations.cpp:
(JSC::FTL::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
* Source/JavaScriptCore/heap/GCOwnedDataScope.h: Added.
(JSC::GCOwnedDataScope::GCOwnedDataScope):
(JSC::GCOwnedDataScope::~GCOwnedDataScope):
(JSC::GCOwnedDataScope::operator const T const):
(JSC::GCOwnedDataScope::operator T):
(JSC::GCOwnedDataScope::requires):
(JSC::GCOwnedDataScope::operator[] const):
* Source/JavaScriptCore/inspector/InjectedScriptBase.cpp:
(Inspector::jsToInspectorValue):
* Source/JavaScriptCore/inspector/JSInjectedScriptHost.cpp:
(Inspector::JSInjectedScriptHost::evaluateWithScopeExtension):
* Source/JavaScriptCore/inspector/JSJavaScriptCallFrame.cpp:
(Inspector::JSJavaScriptCallFrame::evaluateWithScopeExtension):
* Source/JavaScriptCore/interpreter/Interpreter.cpp:
(JSC::eval):
* Source/JavaScriptCore/jit/ICStats.h:
(JSC::ICEvent::ICEvent):
* Source/JavaScriptCore/jit/JITArithmetic.cpp:
(JSC::JIT::emit_compareImpl):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::JSC_DEFINE_JIT_OPERATION):
(JSC::setPrivateField):
(JSC::definePrivateField):
(JSC::getPrivateName):
(JSC::deleteById):
(JSC::deleteByIdOptimize):
* Source/JavaScriptCore/jsc.cpp:
(GlobalObject::moduleLoaderImportModule):
(printInternal):
(JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
(JSC::LLInt::LLINT_SLOW_PATH_DECL):
* Source/JavaScriptCore/runtime/ArrayPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/CachedTypes.cpp:
(JSC::CachedJSValue::encode):
* Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:
(JSC::JSC_DEFINE_COMMON_SLOW_PATH):
* Source/JavaScriptCore/runtime/DateConstructor.cpp:
(JSC::constructDate):
* Source/JavaScriptCore/runtime/ExceptionHelpers.cpp:
(JSC::errorDescriptionForValue):
* Source/JavaScriptCore/runtime/FunctionConstructor.cpp:
(JSC::stringifyFunction):
* Source/JavaScriptCore/runtime/HashMapImplInlines.h:
(JSC::jsMapHashImpl):
* Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/IntlNumberFormatInlines.h:
(JSC::toIntlMathematicalValue):
* Source/JavaScriptCore/runtime/IntlSegmenter.cpp:
(JSC::IntlSegmenter::segment const):
* Source/JavaScriptCore/runtime/JSBoundFunction.cpp:
(JSC::JSBoundFunction::nameSlow):
* Source/JavaScriptCore/runtime/JSCJSValue.cpp:
(JSC::JSValue::toWTFStringForConsole const):
* Source/JavaScriptCore/runtime/JSCJSValueInlines.h:
(JSC::toPreferredPrimitiveType):
(JSC::JSValue::equalSlowCaseInline):
* Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeFunctions.h:
(JSC::genericTypedArrayViewProtoFuncJoin):
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/JSImmutableButterfly.cpp:
(JSC::JSImmutableButterfly::createFromString):
* Source/JavaScriptCore/runtime/JSModuleLoader.cpp:
(JSC::JSModuleLoader::importModule):
* Source/JavaScriptCore/runtime/JSONObject.cpp:
(JSC::Stringifier::appendStringifiedValue):
(JSC::FastStringifier<CharType>::append):
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/JSObject.cpp:
(JSC::JSObject::calculatedClassName):
* Source/JavaScriptCore/runtime/JSString.cpp:
(JSC::JSString::toNumber const):
* Source/JavaScriptCore/runtime/JSString.h:
(JSC:: const):
(JSC::JSString::getIndex):
(JSC::JSRopeString::view const):
(JSC::JSString::view const):
(JSC::JSString::value const): Deleted.
(JSC::JSString::tryGetValue const): Deleted.
(JSC::JSRopeString::unsafeView const): Deleted.
(JSC::JSRopeString::viewWithUnderlyingString const): Deleted.
(JSC::JSString::unsafeView const): Deleted.
(JSC::JSString::viewWithUnderlyingString const): Deleted.
* Source/JavaScriptCore/runtime/JSStringInlines.h:
(JSC::JSString::equalInline const):
* Source/JavaScriptCore/runtime/JSStringJoiner.h:
(JSC::JSStringJoiner::appendWithoutSideEffects):
(JSC::JSStringJoiner::append):
* Source/JavaScriptCore/runtime/NumberPrototype.cpp:
(JSC::throwVMToThisNumberError):
* Source/JavaScriptCore/runtime/Operations.h:
(JSC::jsString):
(JSC::compareBigIntToOtherPrimitive):
(JSC::compareBigInt32ToOtherPrimitive):
(JSC::jsLess):
(JSC::jsLessEq):
* Source/JavaScriptCore/runtime/ParseInt.h:
(JSC::toStringView):
* Source/JavaScriptCore/runtime/PropertyName.h:
(JSC::PropertyName::PropertyName):
* Source/JavaScriptCore/runtime/RegExpConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/RegExpMatchesArray.h:
(JSC::createRegExpMatchesArray):
* Source/JavaScriptCore/runtime/RegExpObject.cpp:
(JSC::RegExpObject::matchGlobal):
* Source/JavaScriptCore/runtime/RegExpObjectInlines.h:
(JSC::RegExpObject::execInline):
(JSC::RegExpObject::matchInline):
* Source/JavaScriptCore/runtime/RegExpPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/ShadowRealmPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/StringPrototype.cpp:
(JSC::replaceUsingRegExpSearch):
(JSC::JSC_DEFINE_JIT_OPERATION):
(JSC::JSC_DEFINE_HOST_FUNCTION):
(JSC::replace):
(JSC::stringIndexOfImpl):
(JSC::toLocaleCase):
(JSC::normalize):
* Source/JavaScriptCore/runtime/StringPrototypeInlines.h:
(JSC::stringReplaceStringString):
(JSC::replaceUsingStringSearch):
* Source/JavaScriptCore/runtime/SymbolConstructor.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/TemporalCalendarPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/TemporalPlainTime.cpp:
(JSC::TemporalPlainTime::from):
* Source/JavaScriptCore/tools/JSDollarVM.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/WTF/wtf/HashMap.h:
* Source/WTF/wtf/text/WTFString.h:
* Source/WebCore/bindings/js/SerializedScriptValue.cpp:
(WebCore::CloneSerializer::dumpIfTerminal):
* Source/WebCore/bridge/objc/WebScriptObject.mm:
(+[WebScriptObject _convertValueToObjcValue:originRootObject:rootObject:]):
* Source/WebKitLegacy/mac/WebView/WebView.mm:
(aeDescFromJSValue):

Canonical link: https://commits.webkit.org/278691@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list