[webkit-changes] [WebKit/WebKit] e7aeca: [JSC] Check if the species watchpoint is valid bef...

SUZUKI Sosuke noreply at github.com
Thu Sep 26 21:06:44 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e7aeca7171e3be024a2efdc2eeddb55a9d9ba82b
      https://github.com/WebKit/WebKit/commit/e7aeca7171e3be024a2efdc2eeddb55a9d9ba82b
  Author: Sosuke Suzuki <aosukeke at gmail.com>
  Date:   2024-09-26 (Thu, 26 Sep 2024)

  Changed paths:
    A JSTests/stress/array-prototype-concat-species.js
    M Source/JavaScriptCore/builtins/ArrayPrototype.js
    M Source/JavaScriptCore/builtins/BuiltinNames.h
    M Source/JavaScriptCore/bytecode/LinkTimeConstant.h
    M Source/JavaScriptCore/runtime/ArrayPrototype.cpp
    M Source/JavaScriptCore/runtime/ArrayPrototype.h
    M Source/JavaScriptCore/runtime/JSGlobalObject.cpp

  Log Message:
  -----------
  [JSC] Check if the species watchpoint is valid before `array.concat()` fast path
https://bugs.webkit.org/show_bug.cgi?id=280381

Reviewed by Yusuke Suzuki.

The Array.prototype.concat test262 started failing due to https://commits.webkit.org/284060@main.
This was because the species check was not performed before entering the fast path.

This patch changes to check whether the Array's species watchpoint is valid before entering the fast
path.

According to microbenchmarks, there seems to be no performance regression caused by this patch:

                                                  TipOfTree                  Patched

array-prototype-concat-copy-obj                 1.2244+-0.2875     ?      1.2272+-0.2899        ?
array-prototype-concat-copy-double-and-int32
                                                1.2631+-0.1158     ?      1.3107+-0.0959        ? might be 1.0377x slower
array-prototype-concat-copy-double              1.2239+-0.2762            1.0875+-0.1126          might be 1.1254x faster
array-prototype-concat-copy-int32               1.1629+-0.2731            1.1406+-0.2677          might be 1.0196x faster

<geometric>                                     1.2119+-0.1094            1.1832+-0.0463          might be 1.0243x faster

* JSTests/stress/array-prototype-concat-species.js: Added.
(shouldBe):
(Constructor):
* Source/JavaScriptCore/builtins/ArrayPrototype.js:
(concat):
* Source/JavaScriptCore/builtins/BuiltinNames.h:
* Source/JavaScriptCore/bytecode/LinkTimeConstant.h:
* Source/JavaScriptCore/runtime/ArrayPrototype.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/ArrayPrototype.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):

Canonical link: https://commits.webkit.org/284330@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list