[webkit-changes] [WebKit/WebKit] 33fbb4: [JSC] Extend ArraySpliceExtract to ArraySplice in ...
Yusuke Suzuki
noreply at github.com
Wed Sep 25 11:13:31 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 33fbb434f47ed422bdc1052f8fa030816e571ac1
https://github.com/WebKit/WebKit/commit/33fbb434f47ed422bdc1052f8fa030816e571ac1
Author: Yusuke Suzuki <ysuzuki at apple.com>
Date: 2024-09-25 (Wed, 25 Sep 2024)
Changed paths:
A JSTests/microbenchmarks/splice-to-remove-and-insert.js
M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGDoesGC.cpp
M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
M Source/JavaScriptCore/dfg/DFGNode.h
M Source/JavaScriptCore/dfg/DFGNodeType.h
M Source/JavaScriptCore/dfg/DFGOperations.cpp
M Source/JavaScriptCore/dfg/DFGOperations.h
M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
M Source/JavaScriptCore/dfg/DFGSafeToExecute.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
M Source/JavaScriptCore/ftl/FTLCapabilities.cpp
M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Log Message:
-----------
[JSC] Extend ArraySpliceExtract to ArraySplice in DFG / FTL
https://bugs.webkit.org/show_bug.cgi?id=280333
<rdar://problem/136662954>
Reviewed by Yijia Huang.
This patch extends ArraySpliceExtract DFG node to ArraySplice node,
which also supports insertion part of ArraySplice. We need to pass them
in scratch buffer and we need to keep them in MarkedArgumentBuffer since
we may re-enter the same function from operationArraySplice and use the
same scratch buffer again.
The key part of this optimization is that we can wipe returned array
creation if it is not used and analyzed well in DFG / FTL.
ToT Patched
splice-to-remove-and-insert 3.4618+-0.0224 ^ 3.1281+-0.0174 ^ definitely 1.1067x faster
* JSTests/microbenchmarks/splice-to-remove-and-insert.js: Added.
* Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* Source/JavaScriptCore/dfg/DFGNode.h:
(JSC::DFG::Node::hasHeapPrediction):
* Source/JavaScriptCore/dfg/DFGNodeType.h:
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/dfg/DFGOperations.h:
* Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* Source/JavaScriptCore/ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileArraySplice):
(JSC::FTL::DFG::LowerDFGToB3::compileArraySpliceExtract): Deleted.
Canonical link: https://commits.webkit.org/284229@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list