Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b45d2e9c3d34a09f74191f07275eef8cf57f6f4d https://github.com/WebKit/WebKit/commit/b45d2e9c3d34a09f74191f07275eef8cf57f6f4d Author: Alexey Shvayka <ashva...@apple.com> Date: 2023-02-24 (Fri, 24 Feb 2023)
Changed paths: A JSTests/microbenchmarks/proxy-set-miss-handler.js A JSTests/microbenchmarks/proxy-set.js A JSTests/stress/proxy-set-failure-inline-cache.js M Source/JavaScriptCore/builtins/BuiltinNames.h M Source/JavaScriptCore/builtins/ProxyHelpers.js M Source/JavaScriptCore/bytecode/AccessCase.cpp M Source/JavaScriptCore/bytecode/AccessCase.h M Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h M Source/JavaScriptCore/bytecode/LinkTimeConstant.h M Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp M Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp M Source/JavaScriptCore/bytecode/Repatch.cpp M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp M Source/JavaScriptCore/runtime/CacheableIdentifier.h M Source/JavaScriptCore/runtime/CacheableIdentifierInlines.h M Source/JavaScriptCore/runtime/JSGlobalObject.cpp M Source/JavaScriptCore/runtime/JSGlobalObject.h M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.h M Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h M Source/JavaScriptCore/runtime/ProxyObject.cpp M Source/JavaScriptCore/runtime/ProxyObject.h Log Message: ----------- [JSC] Add ProxyObjectStore IC to optimize "set" trap https://bugs.webkit.org/show_bug.cgi?id=252602 <rdar://problem/105692284> Reviewed by Yusuke Suzuki. This change adds ProxyObjectLoad IC for Proxy "set" trap, which detects ProxyObject and calls a variant of @performProxyObjectSet JS function, ensuring that errors for both reflection in case of missing trap and falsy trap result are thrown only in strict mode. Results in 1.7-6.6x speed-up on provided microbenchmarks, while JetStream3 Proxy tests are neutral due to very modest usage of Proxy "set" trap (MobX doesn't call it at all, only setters). Also, factors out a few helpers as CacheableIdentifier instance methods and extracts ProxyObject::validateSetTrapResult() method to allow for maximum code reuse. ToT patch proxy-set-miss-handler 129.6017+-0.8690 ^ 19.7623+-0.1588 ^ definitely 6.5580x faster proxy-set 57.8925+-0.4492 ^ 33.9117+-0.2406 ^ definitely 1.7072x faster * JSTests/microbenchmarks/proxy-set-miss-handler.js: Added. * JSTests/microbenchmarks/proxy-set.js: Added. * JSTests/stress/proxy-set-failure-inline-cache.js: Added. * Source/JavaScriptCore/builtins/BuiltinNames.h: * Source/JavaScriptCore/builtins/ProxyHelpers.js: (linkTimeConstant.performProxyObjectSetSloppy): (linkTimeConstant.performProxyObjectSetStrict): * Source/JavaScriptCore/bytecode/AccessCase.cpp: (JSC::AccessCase::create): (JSC::AccessCase::guardedByStructureCheckSkippingConstantIdentifierCheck const): (JSC::AccessCase::requiresIdentifierNameMatch const): (JSC::AccessCase::requiresInt32PropertyCheck const): (JSC::AccessCase::needsScratchFPR const): (JSC::AccessCase::forEachDependentCell const): (JSC::AccessCase::doesCalls const): (JSC::AccessCase::canReplace const): (JSC::AccessCase::generateWithGuard): (JSC::AccessCase::generateImpl): (JSC::AccessCase::runWithDowncast): (JSC::AccessCase::canBeShared): * Source/JavaScriptCore/bytecode/AccessCase.h: * Source/JavaScriptCore/bytecode/BytecodeIntrinsicRegistry.h: * Source/JavaScriptCore/bytecode/LinkTimeConstant.h: * Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp: (JSC::PolymorphicAccess::regenerate): * Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp: (JSC::ProxyObjectAccessCase::emit): * Source/JavaScriptCore/bytecode/Repatch.cpp: (JSC::tryCacheGetBy): (JSC::tryCachePutBy): * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitPutByVal): * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h: * Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp: (JSC::emitIntrinsicPutByValWithThis): (JSC::BytecodeIntrinsicNode::emit_intrinsic_putByValWithThisSloppy): (JSC::BytecodeIntrinsicNode::emit_intrinsic_putByValWithThisStrict): * Source/JavaScriptCore/runtime/CacheableIdentifier.h: (JSC::CacheableIdentifier::isPrivateName const): * Source/JavaScriptCore/runtime/CacheableIdentifierInlines.h: (JSC::CacheableIdentifier::ensureIsCell): * Source/JavaScriptCore/runtime/JSGlobalObject.cpp: (JSC::globalFuncHandleProxySetTrapResult): (JSC::JSC_DEFINE_HOST_FUNCTION): (JSC::JSGlobalObject::init): * Source/JavaScriptCore/runtime/JSGlobalObject.h: * Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h: (JSC::JSGlobalObject::performProxyObjectSetSloppyFunction const): (JSC::JSGlobalObject::performProxyObjectSetStrictFunction const): * Source/JavaScriptCore/runtime/ProxyObject.cpp: (JSC::ProxyObject::performPut): (JSC::ProxyObject::validateSetTrapResult): * Source/JavaScriptCore/runtime/ProxyObject.h: Canonical link: https://commits.webkit.org/260803@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes