[webkit-changes] [WebKit/WebKit] dcc2ae: [JSC] DFG `NewTypedArrayWithSize` should zero-fill...

Sun, 31 May 2026 20:04:40 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: dcc2aea406e0e9a99e44813a9f15e536f0fe8806
      
https://github.com/WebKit/WebKit/commit/dcc2aea406e0e9a99e44813a9f15e536f0fe8806
  Author: Sosuke Suzuki <[email protected]>
  Date:   2026-05-31 (Sun, 31 May 2026)

  Changed paths:
    A JSTests/microbenchmarks/typed-array-allocate-float64-variable-length.js
    A JSTests/microbenchmarks/typed-array-allocate-int32-constant-512.js
    A JSTests/microbenchmarks/typed-array-allocate-uint8-variable-length.js
    A JSTests/stress/dfg-new-typed-array-with-size-zero-fill.js
    M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

  Log Message:
  -----------
  [JSC] DFG `NewTypedArrayWithSize` should zero-fill the storage 8 bytes at a 
time
https://bugs.webkit.org/show_bug.cgi?id=315818

Reviewed by Yusuke Suzuki.

The DFG fast path for NewTypedArrayWithSize zero-fills the storage with a
store32 loop unless the size is a small constant, while the FTL already
fills one 64-bit word per iteration via splatWords. Since the storage size
is rounded up to a multiple of 8 bytes, the DFG can do the same: compute
the number of 8-byte words and fill with store64, halving the loop
iterations on 64-bit targets. 32-bit targets keep the store32 loop.

Microbenchmark results with JSC_useFTLJIT=false:

                                                  TipOfTree                  
Patched

typed-array-allocate-float64-variable-length
                                               21.8137+-0.3112     ^     
16.5516+-0.2430        ^ definitely 1.3179x faster
typed-array-allocate-uint8-variable-length
                                               18.1906+-0.4245     ^     
12.2229+-0.2481        ^ definitely 1.4882x faster
typed-array-allocate-int32-constant-512        18.0384+-0.2828     ^     
13.4179+-0.2017        ^ definitely 1.3444x faster

<geometric>                                    19.2619+-0.1634     ^     
13.9444+-0.1445        ^ definitely 1.3813x faster

* JSTests/microbenchmarks/typed-array-allocate-float64-variable-length.js: 
Added.
(allocate):
* JSTests/microbenchmarks/typed-array-allocate-int32-constant-512.js: Added.
(allocate):
* JSTests/microbenchmarks/typed-array-allocate-uint8-variable-length.js: Added.
(allocate):
* JSTests/stress/dfg-new-typed-array-with-size-zero-fill.js: Added.
(makeUint8):
(makeInt16):
(makeInt32):
(makeFloat32):
(makeFloat64):
(makeBigInt64):
(makeConstantSizes):
(check):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:

Canonical link: https://commits.webkit.org/314262@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to