Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: d00fbef294334b312fbffa54e9d07d96ab64fb08
https://github.com/WebKit/WebKit/commit/d00fbef294334b312fbffa54e9d07d96ab64fb08
Author: Yusuke Suzuki <[email protected]>
Date: 2026-05-07 (Thu, 07 May 2026)
Changed paths:
M Source/JavaScriptCore/runtime/FunctionRareData.cpp
Log Message:
-----------
[JSC] A bit better heuristics for create_this for class via public / private
fields
https://bugs.webkit.org/show_bug.cgi?id=314349
rdar://176499667
Reviewed by Yijia Huang.
When you have a class like this,
class A {
field0 = 42;
}
class B extends A {
field1 = 42;
field2 = 42;
constructor()
{
}
}
These field0-2 are instance fields and set to the created object.
However these are set in class' instanceFieldInitializer which is
separate from the normal constructor's CodeBlock. As a result,
BytecodeGenerator cannot notice existence of these properties, and
static-property-analyzer will report fewer number of properties for the
object. Which causes repeated wasteful allocation of butterfly as our
heuristics is not working well.
This patch improves this by adding a heuristics. When crafting
AllocationProfile, we traverse class heirarchy dynamically and collect
number of properties defined by these fields. This offers much better
heuristics while this is still not perfect.
* Source/JavaScriptCore/runtime/FunctionRareData.cpp:
(JSC::FunctionRareData::initializeObjectAllocationProfile):
Canonical link: https://commits.webkit.org/312849@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
