[webkit-changes] [WebKit/WebKit] fa7db0: [JSC] Do not destroy VM after clearing AtomStringT...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: fa7db09c3bb2ba6f4263dce4b0d55aad85e02260 https://github.com/WebKit/WebKit/commit/fa7db09c3bb2ba6f4263dce4b0d55aad85e02260 Author: Yusuke Suzuki Date: 2024-01-30 (Tue, 30 Jan 2024) Changed paths: M Source/JavaScriptCore/runtime/JSLock.cpp Log Message: --- [JSC] Do not destroy VM after clearing AtomStringTable for current thread https://bugs.webkit.org/show_bug.cgi?id=268415 rdar://86151259 Reviewed by Michael Saboff. This patch changes the ordering of VM destruction and thread's AtomStringTable clearing. This happens when JSVirtualMachine gets destroyed during execution of microtasks. While this should not happen (because it is destroying VM while running code associated to this VM), we can alleviate this case by destroying VM under the right AtomStringTable. * Source/JavaScriptCore/runtime/JSLock.cpp: (JSC::JSLock::willReleaseLock): Canonical link: https://commits.webkit.org/273803@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] ef37e6: [JSC] Redesign DirectCall
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ef37e645ce878556343c35bf4c5ec721cd785a96 https://github.com/WebKit/WebKit/commit/ef37e645ce878556343c35bf4c5ec721cd785a96 Author: Yusuke Suzuki Date: 2024-02-01 (Thu, 01 Feb 2024) Changed paths: M Source/JavaScriptCore/bytecode/CallLinkInfo.cpp M Source/JavaScriptCore/bytecode/CallLinkInfo.h M Source/JavaScriptCore/bytecode/CallLinkInfoBase.cpp M Source/JavaScriptCore/bytecode/CallLinkInfoBase.h M Source/JavaScriptCore/bytecode/CallLinkStatus.cpp M Source/JavaScriptCore/bytecode/CodeBlock.cpp M Source/JavaScriptCore/bytecode/CodeBlock.h M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/bytecode/Repatch.cpp M Source/JavaScriptCore/bytecode/Repatch.h M Source/JavaScriptCore/bytecode/RepatchInlines.h M Source/JavaScriptCore/dfg/DFGCommonData.h M Source/JavaScriptCore/dfg/DFGJITCode.h M Source/JavaScriptCore/dfg/DFGJITCompiler.cpp M Source/JavaScriptCore/dfg/DFGJITCompiler.h M Source/JavaScriptCore/dfg/DFGOperations.cpp M Source/JavaScriptCore/dfg/DFGOperations.h M Source/JavaScriptCore/dfg/DFGPlan.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp M Source/JavaScriptCore/inspector/agents/InspectorDebuggerAgent.cpp M Source/JavaScriptCore/jit/JITCall.cpp M Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm M Source/JavaScriptCore/runtime/VM.h M Source/JavaScriptCore/wasm/js/WasmToJS.cpp Log Message: --- [JSC] Redesign DirectCall https://bugs.webkit.org/show_bug.cgi?id=268499 rdar://122042902 Reviewed by Justin Michaud. This patch redesigns DirectCall. We decouple DirectCallLinkInfo from CallLinkInfo since they are very different mechanism now. Right now, we continue using repatching DirectCalls since it seems that it is the fastest form from experiments. But instead, 1. For NativeExecutable, we attempt to inline call thunk into DFG / FTL directly and embed call targets / global objects if possible. We do not do it when debugger hook is injected (in this case, debugger hook injection once destroys all CodeBlock. So if we do not see this bool flag set when compiling, it is fine to continue). 2. For the other cases, we attempt to fill CodeBlock and CodePtr pair speculatively from compiler thread at link time to avoid repatching in the main thread. This can avoid repatching in most of cases. And then, in the main thread, we check whether this speculative values are the right ones, and if not, we repatch them. Otherwise, we will continue using them. We will chain DirectCallLinkInfo to CodeBlock in the main thread since this is main thread only operation. 3. We repatch to the newer CodeBlock / CodePtr when unlinkOrUpgradeImpl happens to DirectCall. * Source/JavaScriptCore/bytecode/CallLinkInfo.cpp: (JSC::CallLinkInfo::doneLocation): (JSC::CallLinkInfo::setMonomorphicCallee): (JSC::CallLinkInfo::clearCallee): (JSC::CallLinkInfo::callee): (JSC::CallLinkInfo::setLastSeenCallee): (JSC::CallLinkInfo::lastSeenCallee const): (JSC::CallLinkInfo::haveLastSeenCallee const): (JSC::CallLinkInfo::visitWeak): (JSC::CallLinkInfo::revertCallToStub): (JSC::CallLinkInfo::reset): (JSC::CallLinkInfo::setVirtualCall): (JSC::DirectCallLinkInfo::reset): (JSC::DirectCallLinkInfo::unlinkOrUpgradeImpl): (JSC::DirectCallLinkInfo::visitWeak): (JSC::CallLinkInfo::emitFastPathImpl): (JSC::CallLinkInfo::emitDataICFastPath): (JSC::CallLinkInfo::emitTailCallDataICFastPath): (JSC::CallLinkInfo::setStub): (JSC::CallLinkInfo::emitSlowPathImpl): (JSC::CallLinkInfo::emitDataICSlowPath): (JSC::CallLinkInfo::emitFastPath): (JSC::CallLinkInfo::emitTailCallFastPath): (JSC::CallLinkInfo::emitSlowPath): (JSC::CallLinkInfo::emitTailCallSlowPath): (JSC::OptimizingCallLinkInfo::emitFastPath): (JSC::OptimizingCallLinkInfo::emitTailCallFastPath): (JSC::OptimizingCallLinkInfo::emitSlowPath): (JSC::OptimizingCallLinkInfo::emitTailCallSlowPath): (JSC::OptimizingCallLinkInfo::initializeFromDFGUnlinkedCallLinkInfo): (JSC::DirectCallLinkInfo::emitDirectFastPath): (JSC::DirectCallLinkInfo::emitDirectTailCallFastPath): (JSC::DirectCallLinkInfo::initialize): (JSC::DirectCallLinkInfo::setCallTarget): (JSC::DirectCallLinkInfo::setMaxArgumentCountIncludingThis): (JSC::DirectCallLinkInfo::retrieveCallInfo): (JSC::DirectCallLinkInfo::repatchSpeculatively): (JSC::DirectCallLinkInfo::validateSpeculativeRepatchOnMainThread): (JSC::CallLinkInfo::setCodeBlock): Deleted. (JSC::CallLinkInfo::clearCodeBlock): Deleted. (JSC::CallLinkInfo::codeBlock): Deleted. (JSC::CallLinkInfo::clearLastSeenCallee): Deleted. (JSC::CallLinkInfo::setExecutableDuringCompilation): Deleted. (JSC::CallLinkInfo::executable): Deleted. (JSC::OptimizingCallLinkInfo
[webkit-changes] [WebKit/WebKit] 802150: [WTF] Adopt adaptive string searching
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 802150baed8ddc888da813f8a5c076de17e152a3 https://github.com/WebKit/WebKit/commit/802150baed8ddc888da813f8a5c076de17e152a3 Author: Yusuke Suzuki Date: 2024-02-02 (Fri, 02 Feb 2024) Changed paths: A JSTests/stress/string-index-of-pathological.js A JSTests/stress/v8-string-indexof-1.js A JSTests/stress/v8-string-indexof-2.js M Source/JavaScriptCore/dfg/DFGOperations.cpp M Source/JavaScriptCore/runtime/StringPrototype.cpp M Source/JavaScriptCore/runtime/StringPrototypeInlines.h M Source/JavaScriptCore/runtime/VM.cpp M Source/JavaScriptCore/runtime/VM.h M Source/WTF/WTF.xcodeproj/project.pbxproj M Source/WTF/wtf/CMakeLists.txt M Source/WTF/wtf/text/ASCIIFastPath.h A Source/WTF/wtf/text/AdaptiveStringSearcher.h M Source/WTF/wtf/text/StringView.cpp M Source/WTF/wtf/text/StringView.h Log Message: --- [WTF] Adopt adaptive string searching https://bugs.webkit.org/show_bug.cgi?id=268635 rdar://121082299 Reviewed by Mark Lam. This patch adopts V8's StringSearch class. We tailor it to our use and name it AdaptiveStringSearcher. We add `StringView::find(AdaptiveStringSearcherTables&, ...)` function which uses `AdaptiveStringSearcher`, when the table is attached. In this way, we can use this function even without JSC VM for example. The mechanism of this class is that, it requires additional space for large table (AdaptiveStringSearcherTables). And it *adaptively* switches string searching algorithm: linearSearch -> boyerMooreHorspoolSearch -> boyerMooreSearch. The reason is that the latter requires more costly preprocess to populate table data. For very simple case, linearSearch suffice, but for more complex cases, the preprocess gets paid, and boyerMooreHorspoolSearch / boyerMooreSearch works better for performance. * Source/JavaScriptCore/dfg/DFGOperations.cpp: (JSC::DFG::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/runtime/StringPrototype.cpp: (JSC::stringIndexOfImpl): (JSC::JSC_DEFINE_HOST_FUNCTION): (JSC::stringIncludesImpl): * Source/JavaScriptCore/runtime/StringPrototypeInlines.h: (JSC::stringReplaceStringString): (JSC::replaceUsingStringSearch): * Source/JavaScriptCore/runtime/VM.cpp: (JSC::VM::VM): * Source/JavaScriptCore/runtime/VM.h: (JSC::VM::adaptiveStringSearcherTables): * Source/WTF/WTF.xcodeproj/project.pbxproj: * Source/WTF/wtf/CMakeLists.txt: * Source/WTF/wtf/text/ASCIIFastPath.h: (WTF::charactersAreAllLatin1): * Source/WTF/wtf/text/AdaptiveStringSearcher.h: Added. (WTF::AdaptiveStringSearcherBase::exceedsOneByte): (WTF::AdaptiveStringSearcherBase::alignDown): (WTF::AdaptiveStringSearcherBase::getHighestValueByte): (WTF::AdaptiveStringSearcherBase::findFirstCharacter): (WTF::AdaptiveStringSearcherTables::badCharShiftTable): (WTF::AdaptiveStringSearcherTables::goodSuffixShiftTable): (WTF::AdaptiveStringSearcherTables::suffixTable): (WTF::AdaptiveStringSearcher::AdaptiveStringSearcher): (WTF::AdaptiveStringSearcher::search): (WTF::AdaptiveStringSearcher::alphabetSize): (WTF::AdaptiveStringSearcher::failSearch): (WTF::AdaptiveStringSearcher::charOccurrence): (WTF::AdaptiveStringSearcher::badCharTable): (WTF::AdaptiveStringSearcher::goodSuffixShiftTable): (WTF::AdaptiveStringSearcher::suffixTable): (WTF::SubjectChar>::singleCharSearch): (WTF::SubjectChar>::linearSearch): (WTF::SubjectChar>::boyerMooreSearch): (WTF::SubjectChar>::populateBoyerMooreTable): (WTF::SubjectChar>::boyerMooreHorspoolSearch): (WTF::SubjectChar>::populateBoyerMooreHorspoolTable): (WTF::SubjectChar>::initialSearch): (WTF::searchString): (WTF::searchStringRaw): * Source/WTF/wtf/text/StringView.cpp: (WTF::StringView::find const): * Source/WTF/wtf/text/StringView.h: Canonical link: https://commits.webkit.org/274033@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] bacdbd: [JSC] Micro-optimize String equal operation with U...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: bacdbdaaf1824b08dc7ad35035d5d8358be623c5 https://github.com/WebKit/WebKit/commit/bacdbdaaf1824b08dc7ad35035d5d8358be623c5 Author: Yusuke Suzuki Date: 2024-02-03 (Sat, 03 Feb 2024) Changed paths: M Source/WTF/wtf/text/StringCommon.h Log Message: --- [JSC] Micro-optimize String equal operation with UChar / LChar https://bugs.webkit.org/show_bug.cgi?id=268684 rdar://14476 Reviewed by Ryosuke Niwa. This patch micro-optimizes String equal operation with different characters (UChar* and LChar*). ToT Patched todomvc-javascript-es5-json-parse 37.6466+-0.1862 ^ 37.1991+-0.1560^ definitely 1.0120x faster todomvc-javascript-es6-webpack-json-parse 58.9239+-0.3310 ^ 58.2251+-0.1931^ definitely 1.0120x faster * Source/WTF/wtf/text/StringCommon.h: Canonical link: https://commits.webkit.org/274064@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] dd1c09: [JSC] Suppress broken assertion in DFG register al...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: dd1c094a5f04ea5a5f93e236ff3b4db43d85a226 https://github.com/WebKit/WebKit/commit/dd1c094a5f04ea5a5f93e236ff3b4db43d85a226 Author: Yusuke Suzuki Date: 2024-02-05 (Mon, 05 Feb 2024) Changed paths: M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp Log Message: --- [JSC] Suppress broken assertion in DFG register allocation https://bugs.webkit.org/show_bug.cgi?id=268727 rdar://122279383 Reviewed by Mark Lam. DFG register allocation check's assertion is broken. It records register-allocation offset, and attempt to do assert when jump is going over it. But this does not work at all if register allocation does not emit any instructions. In that case, the offset can be valid instruction' one after the register allocation is done. And this is what is happening here. We workaround this silly bug by reordering instruction and jump target a bit. emitStoreCallSiteIndex always emits some instructions, so it distinguishes register allocation offset from the actual one. And when retrying (jumping to mainPath), we do not need to perform emitStoreCallSiteIndex again. * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::emitCall): Canonical link: https://commits.webkit.org/274116@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] aaf9fe: WebGLExtensionBase's derived classes are wrongly d...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: aaf9fecff4bd3457d17e16e5dd61afdbd2ca6ba6 https://github.com/WebKit/WebKit/commit/aaf9fecff4bd3457d17e16e5dd61afdbd2ca6ba6 Author: Yusuke Suzuki Date: 2024-02-06 (Tue, 06 Feb 2024) Changed paths: M Source/WebCore/html/canvas/WebGLExtension.h M Source/WebCore/platform/animation/AcceleratedEffectStack.h Log Message: --- WebGLExtensionBase's derived classes are wrongly deleted https://bugs.webkit.org/show_bug.cgi?id=268868 rdar://121954439 Reviewed by Mark Lam. While WebGLExtensionBase has RefCounted and it has many derived classes, it does not have virtual destructor. This is completely wrong since Ref will only invoke ~WebGLExtensionBase() since RefCounted::deref() can only invoke it. This is totally breaking IsoHeap since we need to call and dispatch derived classes' delete / destructor, but now it is not. As a result, we are observing IsoHeap related crashes with this. This adds virtual destructor for WebGLExtensionBase. Also RemoteAcceleratedEffectStack has the exact same bug too. This patch also fixes it. * Source/WebCore/html/canvas/WebGLExtension.h: Canonical link: https://commits.webkit.org/274198@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] dde576: [Perf Dashboard] AsyncTaskWorker is buggy
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: dde5760b8dbf355dc9e872edd85a14be5a96313c https://github.com/WebKit/WebKit/commit/dde5760b8dbf355dc9e872edd85a14be5a96313c Author: Yusuke Suzuki Date: 2024-02-07 (Wed, 07 Feb 2024) Changed paths: M PerformanceTests/JetStream2/worker/async-task.js M PerformanceTests/JetStream2/worker/segmentation.js M Websites/perf.webkit.org/public/v3/async-task.js Log Message: --- [Perf Dashboard] AsyncTaskWorker is buggy https://bugs.webkit.org/show_bug.cgi?id=268962 rdar://121879117 Reviewed by Ryosuke Niwa. There are two issues. 1. Even we found a worker and calling a callback, we are still pushing it into the queue. This makes scheduling this callback twice. 2. In setTimeout's task, we are not checking length of the _queue. This may be zero since existing workers are continuously consuming tasks. So we should first check the length before popping the task from that. * PerformanceTests/JetStream2/worker/async-task.js: (AsyncTaskWorker.waitForAvailableWorker): (AsyncTaskWorker._makeWorkerEventuallyAvailable): * PerformanceTests/JetStream2/worker/segmentation.js: (AsyncTaskWorker.waitForAvailableWorker): (AsyncTaskWorker._makeWorkerEventuallyAvailable): * Websites/perf.webkit.org/public/v3/async-task.js: (AsyncTaskWorker.waitForAvailableWorker): (AsyncTaskWorker._makeWorkerEventuallyAvailable): Canonical link: https://commits.webkit.org/274265@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 35a17a: [JSC] Accelerate JSONAtomStringCache
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 35a17ac7fc544202144f2d0f1e93be9ee8402ad4 https://github.com/WebKit/WebKit/commit/35a17ac7fc544202144f2d0f1e93be9ee8402ad4 Author: Yusuke Suzuki Date: 2024-02-09 (Fri, 09 Feb 2024) Changed paths: M Source/JavaScriptCore/runtime/JSONAtomStringCache.h M Source/JavaScriptCore/runtime/JSONAtomStringCacheInlines.h M Source/WTF/wtf/text/StringCommon.h Log Message: --- [JSC] Accelerate JSONAtomStringCache https://bugs.webkit.org/show_bug.cgi?id=269027 rdar://122590409 Reviewed by Mark Lam. This patch makes JSON parsing faster by embedding small string content itself into the cache. AtomString is stored in the per-thread hash table. And to get that, we need to do hash-table lookup, which is costly. These cache can avoid doing that. But still, to check the cache validity, we are still accessing to the string content of the AtomString. While the input string content is almost always already in CPU cache since we created this input string, AtomString content is very unlikely in the CPU cache. So if we can put this content in much more CPU friendly place, we can avoid cache miss much. In this patch, we leverage the fact that this cache only stores very small strings. So instead of using content inside AtomString, we also copy the string content into the cache's slot itself. So string comparison does not encounter cache miss and accelerate the lookup performance. Good part of AtomString is that, after getting this pointer, we rarely access to the string content of AtomString, so now, we can avoid access to this string content in majority of cases. * Source/JavaScriptCore/runtime/JSONAtomStringCache.h: (JSC::JSONAtomStringCache::makeIdentifier): (JSC::JSONAtomStringCache::clear): (JSC::JSONAtomStringCache::cacheSlot): (JSC::JSONAtomStringCache::cache): Deleted. * Source/JavaScriptCore/runtime/JSONAtomStringCacheInlines.h: (JSC::JSONAtomStringCache::make): * Source/WTF/wtf/text/StringCommon.h: Canonical link: https://commits.webkit.org/274348@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 17e76f: [JSC] Skip notifyOne when all JIT threads are running
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 17e76f594e5e272dd97df44490f16d5079daa273 https://github.com/WebKit/WebKit/commit/17e76f594e5e272dd97df44490f16d5079daa273 Author: Yusuke Suzuki Date: 2024-02-09 (Fri, 09 Feb 2024) Changed paths: M Source/JavaScriptCore/jit/JITWorklist.cpp M Source/JavaScriptCore/jit/JITWorklist.h M Source/JavaScriptCore/jit/JITWorklistThread.cpp M Source/JavaScriptCore/jit/JITWorklistThread.h Log Message: --- [JSC] Skip notifyOne when all JIT threads are running https://bugs.webkit.org/show_bug.cgi?id=269111 rdar://122677279 Reviewed by Mark Lam. Let's avoid calling notifyOne when all JIT threads are currently running. In that case, they will pick the enqueued plan without notifying anyway. This can skip some of costly syscalls like pthread_condvar related ones. We also change JITWorklist::suspendAllThreads to first use tryLock for all threads. So then, we can eagerly suspend currently-not-running-threads. And after that, we eventually ensure all threads are not running. This avoids starting JIT compilation in the latter thread while it was not having that when JITWorklist::suspendAllThreads started. * Source/JavaScriptCore/jit/JITWorklist.cpp: (JSC::JITWorklist::JITWorklist): (JSC::JITWorklist::enqueue): (JSC::JITWorklist::removeDeadPlans): (JSC::JITWorklist::visitWeakReferences): * Source/JavaScriptCore/jit/JITWorklist.h: * Source/JavaScriptCore/jit/JITWorklistThread.cpp: (JSC::JITWorklistThread::work): * Source/JavaScriptCore/jit/JITWorklistThread.h: Canonical link: https://commits.webkit.org/274407@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 25af45: [WTF] Define ENABLE(WYHASH_STRING_HASHER)
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 25af4548095896bc7fcb7cc232bcfd9f40cb4913 https://github.com/WebKit/WebKit/commit/25af4548095896bc7fcb7cc232bcfd9f40cb4913 Author: Yusuke Suzuki Date: 2024-02-09 (Fri, 09 Feb 2024) Changed paths: M Source/JavaScriptCore/create_hash_table M Source/JavaScriptCore/tools/JSDollarVM.cpp M Source/JavaScriptCore/yarr/hasher.py M Source/WTF/wtf/PlatformEnable.h M Source/WTF/wtf/text/StringHasher.h M Source/WTF/wtf/text/StringHasherInlines.h M Source/WebCore/bindings/scripts/CodeGeneratorJS.pm M Source/WebCore/bindings/scripts/Hasher.pm M Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.cpp Log Message: --- [WTF] Define ENABLE(WYHASH_STRING_HASHER) https://bugs.webkit.org/show_bug.cgi?id=269130 rdar://122690122 Reviewed by Alexey Shvayka. Let's define ENABLE(WYHASH_STRING_HASHER) and use it instead of PLATFORM(MAC). It allows us to easily enable / disable WYHash-based StringHasher by just flipping this flag. And it is also super easy to read (And allows the other platforms to enable it easily). * Source/JavaScriptCore/create_hash_table: * Source/JavaScriptCore/tools/JSDollarVM.cpp: * Source/JavaScriptCore/yarr/hasher.py: (stringHash): (createHashTable.createHashTableHelper): (createHashTable): * Source/WTF/wtf/PlatformEnable.h: * Source/WTF/wtf/text/StringHasher.h: * Source/WTF/wtf/text/StringHasherInlines.h: (WTF::StringHasher::computeHashAndMaskTop8Bits): (WTF::StringHasher::computeLiteralHashAndMaskTop8Bits): (WTF::StringHasher::addCharacter): (WTF::StringHasher::hashWithTop8BitsMasked): * Source/WebCore/bindings/scripts/CodeGeneratorJS.pm: (GenerateHashTable): * Source/WebCore/bindings/scripts/Hasher.pm: * Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.cpp: Canonical link: https://commits.webkit.org/274416@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] a36c25: [JSC] Spew strict-eq Baseline JIT code with consta...
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a36c2519d4eed1a1764f6f050ee77e30dfa58b8c
https://github.com/WebKit/WebKit/commit/a36c2519d4eed1a1764f6f050ee77e30dfa58b8c
Author: Yusuke Suzuki
Date: 2024-02-10 (Sat, 10 Feb 2024)
Changed paths:
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M Source/JavaScriptCore/jit/JITOpcodes.cpp
Log Message:
---
[JSC] Spew strict-eq Baseline JIT code with constant strings
https://bugs.webkit.org/show_bug.cgi?id=269106
rdar://122674588
Reviewed by Alexey Shvayka.
Let's leverage the fact that there are many `"string" === x` comparisons.
In that case, we can emit very specific optimized code even in Baseline JIT
easily.
This patch adds `StringIdent === x` case optimizations in Baseline JIT.
Furthermore, we found that
```
switch (expr) {
case "string1":
...
case "string2":
...
case variable:
...
}
```
case is emitting very inefficient bytecode, which does not use constant
register directly with `jstricteq`.
As a result, my new optimization does not kick in with this. This patch also
fixes BytecodeGenerator to make
this new optimization work well by emitting `jstricteq constant, x`.
* Source/JavaScriptCore/jit/JITOpcodes.cpp:
(JSC::JIT::compileOpStrictEq):
(JSC::JIT::compileOpStrictEqJump):
Canonical link: https://commits.webkit.org/274418@main
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] d077f1: [JSC] Enable Megamorphic Cache for enumerator_put_...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: d077f1d5c030fc13a7694db1a864539cc441862e https://github.com/WebKit/WebKit/commit/d077f1d5c030fc13a7694db1a864539cc441862e Author: Yusuke Suzuki Date: 2024-02-10 (Sat, 10 Feb 2024) Changed paths: M Source/JavaScriptCore/bytecode/PutByStatus.cpp M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp Log Message: --- [JSC] Enable Megamorphic Cache for enumerator_put_by_val / enumerator_get_by_val in upper tiers https://bugs.webkit.org/show_bug.cgi?id=269129 rdar://122689419 Reviewed by Mark Lam. This patch enables embedded DFG / FTL megamorphic cache for enumerator_put_by_val / enumerator_get_by_val. We obtain PutByStatus / GetByStatus, and if it says "this was megamorphic in lower tiers", then we use PutByValMegamorphic / GetByValMegamorphic. * Source/JavaScriptCore/bytecode/PutByStatus.cpp: (JSC::PutByStatus::computeFromLLInt): * Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): Canonical link: https://commits.webkit.org/274421@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e47ea0: [JSC] Adjust PerfLog mechanism a bit
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e47ea0079d3efadc839401a38a86d99a247d3144 https://github.com/WebKit/WebKit/commit/e47ea0079d3efadc839401a38a86d99a247d3144 Author: Yusuke Suzuki Date: 2024-02-13 (Tue, 13 Feb 2024) Changed paths: M Source/JavaScriptCore/assembler/PerfLog.cpp M Source/JavaScriptCore/assembler/PerfLog.h Log Message: --- [JSC] Adjust PerfLog mechanism a bit https://bugs.webkit.org/show_bug.cgi?id=269336 rdar://problem/122924560 Reviewed by Justin Michaud. This patch improves PerfLog.cpp a bit, 1. We use `./jit-%d.dump` format since some of tools are particularly caring about "./" 2. Stop doing flush for every call of logging, it is too slow. This patch adds flush function separately. * Source/JavaScriptCore/assembler/PerfLog.cpp: (JSC::PerfLog::PerfLog): (JSC::PerfLog::write): (JSC::PerfLog::flush): (JSC::PerfLog::log): * Source/JavaScriptCore/assembler/PerfLog.h: Canonical link: https://commits.webkit.org/274597@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 499d9e: [JSC] Simplify PerfLog
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 499d9e1e42cb4c8d2d5a70c9bf4c23863a777c60 https://github.com/WebKit/WebKit/commit/499d9e1e42cb4c8d2d5a70c9bf4c23863a777c60 Author: Yusuke Suzuki Date: 2024-02-14 (Wed, 14 Feb 2024) Changed paths: M Source/JavaScriptCore/assembler/LinkBuffer.cpp M Source/JavaScriptCore/assembler/LinkBuffer.h M Source/JavaScriptCore/assembler/PerfLog.cpp M Source/JavaScriptCore/assembler/testmasm.cpp M Source/JavaScriptCore/b3/B3Compile.cpp M Source/JavaScriptCore/b3/air/testair.cpp M Source/JavaScriptCore/b3/testb3_6.cpp M Source/JavaScriptCore/bytecode/CodeBlock.cpp M Source/JavaScriptCore/bytecode/CodeBlock.h M Source/JavaScriptCore/bytecode/InlineAccess.cpp M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/bytecode/Repatch.cpp M Source/JavaScriptCore/dfg/DFGOSRExit.cpp M Source/JavaScriptCore/dfg/DFGThunks.cpp M Source/JavaScriptCore/ftl/FTLLazySlowPath.cpp M Source/JavaScriptCore/ftl/FTLLink.cpp M Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp M Source/JavaScriptCore/ftl/FTLThunks.cpp M Source/JavaScriptCore/jit/ExecutableAllocator.cpp M Source/JavaScriptCore/jit/JIT.cpp M Source/JavaScriptCore/jit/JITMathIC.h M Source/JavaScriptCore/jit/JITOpcodes.cpp M Source/JavaScriptCore/jit/JITPropertyAccess.cpp M Source/JavaScriptCore/jit/JITStubRoutine.h M Source/JavaScriptCore/jit/SlowPathCall.cpp M Source/JavaScriptCore/jit/SpecializedThunkJIT.h M Source/JavaScriptCore/jit/ThunkGenerator.h M Source/JavaScriptCore/jit/ThunkGenerators.cpp M Source/JavaScriptCore/llint/LLIntThunks.cpp M Source/JavaScriptCore/runtime/OptionsList.h M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp M Source/JavaScriptCore/wasm/WasmBinding.cpp M Source/JavaScriptCore/wasm/WasmIPIntPlan.cpp M Source/JavaScriptCore/wasm/WasmLLIntPlan.cpp M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp M Source/JavaScriptCore/wasm/WasmThunks.cpp M Source/JavaScriptCore/wasm/js/WasmToJS.cpp M Source/JavaScriptCore/wasm/js/WebAssemblyFunction.cpp M Source/JavaScriptCore/yarr/YarrJIT.cpp M Source/WTF/wtf/text/ASCIILiteral.h M Source/WebCore/cssjit/SelectorCompiler.cpp Log Message: --- [JSC] Simplify PerfLog https://bugs.webkit.org/show_bug.cgi?id=269352 rdar://122939072 Reviewed by Justin Michaud. This patch simplifies PerfLog's content. 1. We should emit very simple name for each logging 2. We use LinkBuffer::Profile as a prefix (like, "FTL: function#") 3. Add option to specify the directory for JITDump. "/tmp" is the default. * Source/JavaScriptCore/assembler/LinkBuffer.cpp: (JSC::profileName): (JSC::LinkBuffer::finalizeCodeWithoutDisassemblyImpl): (JSC::LinkBuffer::logJITCodeForPerf): (JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl): (JSC::LinkBuffer::dumpProfileStatistics): * Source/JavaScriptCore/assembler/LinkBuffer.h: (JSC::LinkBuffer::LinkBuffer): (JSC::LinkBuffer::finalizeCodeWithoutDisassembly): (JSC::LinkBuffer::finalizeCodeWithDisassembly): * Source/JavaScriptCore/assembler/PerfLog.cpp: (JSC::PerfLog::PerfLog): * Source/JavaScriptCore/assembler/testmasm.cpp: (JSC::compile): * Source/JavaScriptCore/b3/B3Compile.cpp: (JSC::B3::compile): * Source/JavaScriptCore/b3/air/testair.cpp: * Source/JavaScriptCore/b3/testb3_6.cpp: (testEntrySwitchSimple): (testEntrySwitchNoEntrySwitch): (testEntrySwitchWithCommonPaths): (testEntrySwitchWithCommonPathsAndNonTrivialEntrypoint): (testEntrySwitchLoop): * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::dumpSimpleName const): * Source/JavaScriptCore/bytecode/CodeBlock.h: * Source/JavaScriptCore/bytecode/InlineAccess.cpp: (JSC::linkCodeInline): * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::getByIdSlowPathCodeGenerator): (JSC::getByIdWithThisSlowPathCodeGenerator): (JSC::getByValSlowPathCodeGenerator): (JSC::getPrivateNameSlowPathCodeGenerator): (JSC::getByValWithThisSlowPathCodeGenerator): (JSC::putByIdSlowPathCodeGenerator): (JSC::putByValSlowPathCodeGenerator): (JSC::instanceOfSlowPathCodeGenerator): (JSC::delByIdSlowPathCodeGenerator): (JSC::delByValSlowPathCodeGenerator): (JSC::categoryName): (JSC::InlineCacheCompiler::regenerate): * Source/JavaScriptCore/bytecode/Repatch.cpp: (JSC::linkPolymorphicCall): * Source/JavaScriptCore/dfg/DFGOSRExit.cpp: (JSC::DFG::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/dfg/DFGThunks.cpp: (JSC::DFG::osrExitGenerationThunkGenerator): (JSC::DFG::osrEntryThunkGenerator): * Source/JavaScriptCore/ftl/FTLLazySlowPath.cpp: (JSC::FTL::LazySlowPath::generate): * Source/JavaScriptCore/ftl/FTLLink.cpp: (JSC::FTL::link): * Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp: (JSC::FTL::compileStub): * Source/JavaScriptCore/ftl/FTLThunks.cpp: (JSC::FTL::genericGenerationT
[webkit-changes] [WebKit/WebKit] b13bf4: [JSC] Introduce InBy megamorphic ICs
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b13bf4c3488741d6e41f1be6b2d15300a9951ce8 https://github.com/WebKit/WebKit/commit/b13bf4c3488741d6e41f1be6b2d15300a9951ce8 Author: Yusuke Suzuki Date: 2024-02-14 (Wed, 14 Feb 2024) Changed paths: M Source/JavaScriptCore/bytecode/AccessCase.cpp M Source/JavaScriptCore/bytecode/AccessCase.h M Source/JavaScriptCore/bytecode/InByStatus.cpp M Source/JavaScriptCore/bytecode/InByStatus.h M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h M Source/JavaScriptCore/bytecode/Repatch.cpp M Source/JavaScriptCore/bytecode/Repatch.h M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp M Source/JavaScriptCore/bytecode/StructureStubInfo.h M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp M Source/JavaScriptCore/dfg/DFGClobberize.h M Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp M Source/JavaScriptCore/dfg/DFGDoesGC.cpp M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp M Source/JavaScriptCore/dfg/DFGNode.cpp M Source/JavaScriptCore/dfg/DFGNode.h M Source/JavaScriptCore/dfg/DFGNodeType.h M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp M Source/JavaScriptCore/dfg/DFGSafeToExecute.h M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp M Source/JavaScriptCore/ftl/FTLCapabilities.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp M Source/JavaScriptCore/jit/AssemblyHelpers.cpp M Source/JavaScriptCore/jit/AssemblyHelpers.h M Source/JavaScriptCore/jit/JITOperations.cpp M Source/JavaScriptCore/jit/JITOperations.h M Source/JavaScriptCore/runtime/MegamorphicCache.cpp M Source/JavaScriptCore/runtime/MegamorphicCache.h Log Message: --- [JSC] Introduce InBy megamorphic ICs https://bugs.webkit.org/show_bug.cgi?id=269255 rdar://121083665 Reviewed by Justin Michaud. This patch adds InBy megamorphic IC in all tiers. This is super similar to GetBy megamorphic IC. Similar to GetBy megamorphic IC, we store structure/uid pair and the result. And when prototype objects get changed, we bump the epoch (it is already done), and then all cache gets invalidated. The only conceptual difference is that we can say `true` for custom accessor gets found. This is not possible for GetBy megamorphic IC, but for InBy IC, it is OK since it is only asking whether it exists or not. * Source/JavaScriptCore/bytecode/AccessCase.cpp: (JSC::AccessCase::create): (JSC::AccessCase::guardedByStructureCheckSkippingConstantIdentifierCheck const): (JSC::AccessCase::requiresIdentifierNameMatch const): (JSC::AccessCase::requiresInt32PropertyCheck const): (JSC::AccessCase::forEachDependentCell const): (JSC::AccessCase::doesCalls const): (JSC::AccessCase::canReplace const): (JSC::AccessCase::runWithDowncast): (JSC::AccessCase::canBeShared): * Source/JavaScriptCore/bytecode/AccessCase.h: * Source/JavaScriptCore/bytecode/InByStatus.cpp: (JSC::InByStatus::computeFor): (JSC::InByStatus::computeForStubInfo): (JSC::InByStatus::computeForStubInfoWithoutExitSiteFeedback): (JSC::InByStatus::merge): (JSC::InByStatus::dump const): * Source/JavaScriptCore/bytecode/InByStatus.h: * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::needsScratchFPR): (JSC::forInBy): (JSC::InlineCacheCompiler::generateWithGuard): (JSC::InlineCacheCompiler::generateImpl): (JSC::InlineCacheCompiler::regenerate): * Source/JavaScriptCore/bytecode/InlineCacheCompiler.h: (JSC::canUseMegamorphicInById): * Source/JavaScriptCore/bytecode/Repatch.cpp: (JSC::repatchInBySlowPathCall): (JSC::tryCacheInBy): (JSC::repatchInBy): * Source/JavaScriptCore/bytecode/Repatch.h: * Source/JavaScriptCore/bytecode/StructureStubInfo.cpp: (JSC::StructureStubInfo::summary const): (JSC::SharedJITStubSet::getMegamorphic const): (JSC::SharedJITStubSet::setMegamorphic): * Source/JavaScriptCore/bytecode/StructureStubInfo.h: * Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter::executeEffects): * Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::handleInById): (JSC::DFG::ByteCodeParser::parseBlock): * Source/JavaScriptCore/dfg/DFGClobberize.h: (JSC::DFG::clobberize): * Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp: (JSC::DFG::ConstantFoldingPhase::foldConstants): * Source/JavaScriptCore/dfg/DFGDoesGC.cpp: (JSC::DFG::doesGC): * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * Source/JavaScriptCore/dfg/DFGNode.cpp: (JSC::DFG::Node::convertToInByIdMaybeMegamorphic): * Source/JavaScriptCore/dfg/DFGNode.h: (JSC::DFG::Node::hasCacheableIdentifier): (JSC::DFG::Node::cacheableIdentifier): (JSC
[webkit-changes] [WebKit/WebKit] 7c156a: Unreviewed, debug build crash fix after 274632@main
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 7c156aca135c2775d3cb46a54be122f7d7f633aa https://github.com/WebKit/WebKit/commit/7c156aca135c2775d3cb46a54be122f7d7f633aa Author: Yusuke Suzuki Date: 2024-02-15 (Thu, 15 Feb 2024) Changed paths: M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp Log Message: --- Unreviewed, debug build crash fix after 274632@main https://bugs.webkit.org/show_bug.cgi?id=269445 rdar://122997045 * Source/JavaScriptCore/wasm/WasmBBQPlan.cpp: (JSC::Wasm::BBQPlan::compileFunction): Canonical link: https://commits.webkit.org/274705@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] c623fe: Unreviewed, speculative fixes for multiple build b...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: c623fef11c8f160122236b250a12e4e29fbf87e6 https://github.com/WebKit/WebKit/commit/c623fef11c8f160122236b250a12e4e29fbf87e6 Author: Yusuke Suzuki Date: 2024-02-15 (Thu, 15 Feb 2024) Changed paths: M Source/WebCore/Modules/applepay/ApplePayDisbursementPaymentRequest.h M Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm Log Message: --- Unreviewed, speculative fixes for multiple build breakage https://bugs.webkit.org/show_bug.cgi?id=269456 rdar://123004819 * Source/WebCore/Modules/applepay/ApplePayDisbursementPaymentRequest.h: * Source/WebKit/WebProcess/Plugins/PDF/UnifiedPDF/UnifiedPDFPlugin.mm: (WebKit::annotationIsExternalLink): Canonical link: https://commits.webkit.org/274716@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 49300e: Unreviewed, revert 274702@main
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 49300ec3e65217e1c2d5a2f3f76b3d6309cf5c34 https://github.com/WebKit/WebKit/commit/49300ec3e65217e1c2d5a2f3f76b3d6309cf5c34 Author: Yusuke Suzuki Date: 2024-02-15 (Thu, 15 Feb 2024) Changed paths: R LayoutTests/http/tests/paymentrequest/ApplePayModifier-disbursementPaymentRequest.https-expected.txt R LayoutTests/http/tests/paymentrequest/ApplePayModifier-disbursementPaymentRequest.https.html M LayoutTests/platform/ios-wk2/TestExpectations M LayoutTests/platform/mac-wk2/TestExpectations M Source/WTF/wtf/PlatformEnableCocoa.h M Source/WebCore/DerivedSources-input.xcfilelist M Source/WebCore/DerivedSources-output.xcfilelist M Source/WebCore/DerivedSources.make M Source/WebCore/Modules/applepay/ApplePayDetailsUpdateBase.h M Source/WebCore/Modules/applepay/ApplePayDetailsUpdateBase.idl R Source/WebCore/Modules/applepay/ApplePayDisbursementPaymentRequest.h R Source/WebCore/Modules/applepay/ApplePayDisbursementPaymentRequest.idl M Source/WebCore/Modules/applepay/ApplePayFeature.h M Source/WebCore/Modules/applepay/ApplePayFeature.idl M Source/WebCore/Modules/applepay/ApplePayLineItem.h M Source/WebCore/Modules/applepay/ApplePayLineItem.idl M Source/WebCore/Modules/applepay/ApplePayMerchantCapability.cpp M Source/WebCore/Modules/applepay/ApplePayMerchantCapability.h M Source/WebCore/Modules/applepay/ApplePayMerchantCapability.idl M Source/WebCore/Modules/applepay/ApplePayPaymentRequest.h M Source/WebCore/Modules/applepay/ApplePayPaymentRequest.idl M Source/WebCore/Modules/applepay/ApplePaySession.cpp M Source/WebCore/Modules/applepay/ApplePaySessionPaymentRequest.h M Source/WebCore/Modules/applepay/PaymentSummaryItems.h M Source/WebCore/Modules/applepay/cocoa/PaymentSummaryItemsCocoa.mm M Source/WebCore/Modules/applepay/paymentrequest/ApplePayModifier.h M Source/WebCore/Modules/applepay/paymentrequest/ApplePayModifier.idl M Source/WebCore/Modules/applepay/paymentrequest/ApplePayPaymentHandler.cpp M Source/WebCore/PAL/pal/cocoa/PassKitSoftLink.h M Source/WebCore/PAL/pal/cocoa/PassKitSoftLink.mm M Source/WebCore/PAL/pal/spi/cocoa/PassKitSPI.h M Source/WebCore/SourcesCocoa.txt M Source/WebCore/WebCore.xcodeproj/project.pbxproj M Source/WebCore/testing/MockPaymentCoordinator.cpp M Source/WebCore/testing/MockPaymentCoordinator.h M Source/WebCore/testing/MockPaymentCoordinator.idl M Source/WebKit/Platform/cocoa/PaymentAuthorizationPresenter.mm R Source/WebKit/Shared/ApplePay/DisbursementPaymentRequest.h R Source/WebKit/Shared/ApplePay/cocoa/DisbursementPaymentRequestCocoa.mm M Source/WebKit/Shared/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.h M Source/WebKit/Shared/ApplePay/cocoa/WebPaymentCoordinatorProxyCocoa.mm M Source/WebKit/Shared/ApplePay/ios/WebPaymentCoordinatorProxyIOS.mm M Source/WebKit/Shared/ApplePay/mac/WebPaymentCoordinatorProxyMac.mm M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in M Source/WebKit/SourcesCocoa.txt M Source/WebKit/WebKit.xcodeproj/project.pbxproj Log Message: --- Unreviewed, revert 274702@main https://bugs.webkit.org/show_bug.cgi?id=269463 rdar://115776022 Broke internal builds. * LayoutTests/http/tests/paymentrequest/ApplePayModifier-disbursementPaymentRequest.https-expected.txt: Removed. * LayoutTests/http/tests/paymentrequest/ApplePayModifier-disbursementPaymentRequest.https.html: Removed. * LayoutTests/platform/ios-wk2/TestExpectations: * LayoutTests/platform/mac-wk2/TestExpectations: * Source/WTF/wtf/PlatformEnableCocoa.h: * Source/WebCore/DerivedSources-input.xcfilelist: * Source/WebCore/DerivedSources-output.xcfilelist: * Source/WebCore/DerivedSources.make: * Source/WebCore/Modules/applepay/ApplePayDetailsUpdateBase.h: * Source/WebCore/Modules/applepay/ApplePayDetailsUpdateBase.idl: * Source/WebCore/Modules/applepay/ApplePayDisbursementPaymentRequest.h: Removed. * Source/WebCore/Modules/applepay/ApplePayDisbursementPaymentRequest.idl: Removed. * Source/WebCore/Modules/applepay/ApplePayFeature.h: * Source/WebCore/Modules/applepay/ApplePayFeature.idl: * Source/WebCore/Modules/applepay/ApplePayLineItem.h: * Source/WebCore/Modules/applepay/ApplePayLineItem.idl: * Source/WebCore/Modules/applepay/ApplePayMerchantCapability.cpp: (WebCore::convertAndValidate): * Source/WebCore/Modules/applepay/ApplePayMerchantCapability.h: * Source/WebCore/Modules/applepay/ApplePayMerchantCapability.idl: * Source/WebCore/Modules/applepay/ApplePayPaymentRequest.h: * Source/WebCore/Modules/applepay/ApplePayPaymentRequest.idl: * Source/WebCore/Modules/applepay/ApplePaySession.cpp: (WebCore::convertAndValidate): * Source/WebCore/Modules/applepay/ApplePaySessionPaymentRequest.h: (WebCore::ApplePaySessionPaymentRequest::disbursementPaymentRequest const): Deleted. (WebCore
[webkit-changes] [WebKit/WebKit] be51d0: [JSC] Use offlineasm globl to ensure that all entr...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: be51d0725a2ceb5bc1b5f2dd81b514610b925d84 https://github.com/WebKit/WebKit/commit/be51d0725a2ceb5bc1b5f2dd81b514610b925d84 Author: Yusuke Suzuki Date: 2024-02-15 (Thu, 15 Feb 2024) Changed paths: M Source/JavaScriptCore/llint/LowLevelInterpreter.asm Log Message: --- [JSC] Use offlineasm globl to ensure that all entries have alt_entry https://bugs.webkit.org/show_bug.cgi?id=269534 rdar://122525586 Reviewed by Justin Michaud. We found that vmEntryToCSSJIT and vmEntryToCSSJITAfter are not having alt_entry properly since it is not using offlineasm globl. This allowed LLInt code shuffled by linkers when alt_entry is used, which breaks many assumptions. This patch fixes it. * Source/JavaScriptCore/llint/LowLevelInterpreter.asm: Canonical link: https://commits.webkit.org/274796@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] aa5966: [JSC] Check JSManagedValue::m_lock
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: aa59663cc33a9428f15b67143300eeff73572789 https://github.com/WebKit/WebKit/commit/aa59663cc33a9428f15b67143300eeff73572789 Author: Yusuke Suzuki Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M Source/JavaScriptCore/API/JSManagedValue.mm Log Message: --- [JSC] Check JSManagedValue::m_lock https://bugs.webkit.org/show_bug.cgi?id=269536 rdar://122594166 Reviewed by Justin Michaud. JSManagedValue does not set m_lock to non-null when coming Value* was nil. We just check it in [JSManagedValue value] and return nil if m_lock is nullptr. * Source/JavaScriptCore/API/JSManagedValue.mm: (-[JSManagedValue value]): Canonical link: https://commits.webkit.org/274809@main ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 8f9efa: [JSC] Use offlineasm globl to ensure that all entr...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 8f9efa2df4fd840f10a2d478fd8a7f309248bb4e https://github.com/WebKit/WebKit/commit/8f9efa2df4fd840f10a2d478fd8a7f309248bb4e Author: Yusuke Suzuki Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M Source/JavaScriptCore/llint/LowLevelInterpreter.asm M Source/JavaScriptCore/llint/LowLevelInterpreter.cpp M Source/JavaScriptCore/offlineasm/asm.rb M Source/JavaScriptCore/offlineasm/ast.rb M Source/JavaScriptCore/offlineasm/backends.rb M Source/JavaScriptCore/offlineasm/cloop.rb M Source/JavaScriptCore/offlineasm/parser.rb Log Message: --- [JSC] Use offlineasm globl to ensure that all entries have alt_entry, take 2 https://bugs.webkit.org/show_bug.cgi?id=269553 rdar://122525586 Reviewed by Justin Michaud. Take 2. Previously we used `global` for vmEntryToCSSJIT. But this is not correct since it hides the symbol. We need `globalexport`, which makes symbol visible. This patch adds `globalexport`. Also, we correctly applied it to jitCagePtr function too. * Source/JavaScriptCore/llint/LowLevelInterpreter.asm: * Source/JavaScriptCore/llint/LowLevelInterpreter.cpp: * Source/JavaScriptCore/offlineasm/asm.rb: * Source/JavaScriptCore/offlineasm/ast.rb: * Source/JavaScriptCore/offlineasm/backends.rb: * Source/JavaScriptCore/offlineasm/cloop.rb: * Source/JavaScriptCore/offlineasm/parser.rb: Canonical link: https://commits.webkit.org/274845@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] ee4644: Unreviewed, build fix with alt_entry after 274845@...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ee464467a427e268d0a15d10b597707cac917fb5 https://github.com/WebKit/WebKit/commit/ee464467a427e268d0a15d10b597707cac917fb5 Author: Yusuke Suzuki Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M Source/JavaScriptCore/llint/LowLevelInterpreter.cpp Log Message: --- Unreviewed, build fix with alt_entry after 274845@main https://bugs.webkit.org/show_bug.cgi?id=269590 rdar://122525586 * Source/JavaScriptCore/llint/LowLevelInterpreter.cpp: Canonical link: https://commits.webkit.org/274849@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] a54c68: [JSC] InByValMegamorphic does not need to be Objec...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a54c682f6b97db45dbe3a90046d78800f0eb9be4 https://github.com/WebKit/WebKit/commit/a54c682f6b97db45dbe3a90046d78800f0eb9be4 Author: Yusuke Suzuki Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp M Source/JavaScriptCore/dfg/DFGNode.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp Log Message: --- [JSC] InByValMegamorphic does not need to be ObjectUse https://bugs.webkit.org/show_bug.cgi?id=269606 rdar://123101705 Reviewed by Justin Michaud. It can be just a CellUse. This patch fixes wrong assertion and use CellUse instead. Several debug tests already cover it (e.g. stress/proxy-has-property.js) * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * Source/JavaScriptCore/dfg/DFGNode.cpp: (JSC::DFG::Node::convertToInByIdMaybeMegamorphic): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compileInByValMegamorphic): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq): Canonical link: https://commits.webkit.org/274892@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] bda7fd: Skip repeated sanitizeValue call
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: bda7fd807e52fe81d2433ac8b8aaa0d7be243f84 https://github.com/WebKit/WebKit/commit/bda7fd807e52fe81d2433ac8b8aaa0d7be243f84 Author: Yusuke Suzuki Date: 2024-02-16 (Fri, 16 Feb 2024) Changed paths: M Source/WebCore/dom/Element.cpp M Source/WebCore/dom/Element.h M Source/WebCore/html/HTMLInputElement.cpp M Source/WebCore/html/HTMLInputElement.h Log Message: --- Skip repeated sanitizeValue call https://bugs.webkit.org/show_bug.cgi?id=269618 rdar://123118619 Reviewed by Ryosuke Niwa. Based on Ryosuke's patch, we clean up Element::parserSetAttributes and avoid repeated sanitizeValue calls. When we are creating HTMLInputElement from parser, we do not need to update type and value in attributeChanged. They are already initialized correctly in parserSetAttributes. * Source/WebCore/dom/Element.cpp: (WebCore::Element::parserSetAttributes): (WebCore::Element::parserDidSetAttributes): Deleted. * Source/WebCore/dom/Element.h: * Source/WebCore/html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::parserInitializeInputType): (WebCore::HTMLInputElement::attributeChanged): (WebCore::HTMLInputElement::initializeInputType): Deleted. (WebCore::HTMLInputElement::parserDidSetAttributes): Deleted. * Source/WebCore/html/HTMLInputElement.h: Canonical link: https://commits.webkit.org/274904@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 0cb4c5: [JSC] Use signpost macros instead of using os_sign...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 0cb4c5d019178ab2ea86f27e3a774404a15c1026 https://github.com/WebKit/WebKit/commit/0cb4c5d019178ab2ea86f27e3a774404a15c1026 Author: Yusuke Suzuki Date: 2024-02-17 (Sat, 17 Feb 2024) Changed paths: M Source/JavaScriptCore/runtime/JSGlobalObject.cpp M Source/WTF/wtf/SystemTracing.h Log Message: --- [JSC] Use signpost macros instead of using os_signpost directly https://bugs.webkit.org/show_bug.cgi?id=269634 rdar://123132279 Reviewed by Michael Saboff and Justin Michaud. Instead of using os_signpost macro directly, we should use WTFEmitSignpost. To make it work with existing use, we add WTFEmitSignpostAlways variants, and use it in JSGlobalObject. We also register JSCJSGlobalObject signpost category. * Source/JavaScriptCore/runtime/JSGlobalObject.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): * Source/WTF/wtf/SystemTracing.h: Canonical link: https://commits.webkit.org/274924@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 0bdcca: Add Decimal::doubleMax
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 0bdcca7bafd75e649e513b9151c7a35d052110f6 https://github.com/WebKit/WebKit/commit/0bdcca7bafd75e649e513b9151c7a35d052110f6 Author: Yusuke Suzuki Date: 2024-02-19 (Mon, 19 Feb 2024) Changed paths: M Source/WebCore/html/NumberInputType.cpp M Source/WebCore/html/parser/HTMLParserIdioms.cpp M Source/WebCore/platform/Decimal.cpp M Source/WebCore/platform/Decimal.h M Tools/TestWebKitAPI/CMakeLists.txt M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj A Tools/TestWebKitAPI/Tests/WebCore/Decimal.cpp Log Message: --- Add Decimal::doubleMax https://bugs.webkit.org/show_bug.cgi?id=269161 rdar://122739403 Reviewed by Justin Michaud. Decimal::fromDouble(std::numeric_limits::max()) is surprisingly slow. So, in this patch, 1. We made various functions in Decimal as constexpr to make a lot of Decimal constant computation constexpr. 2. Add Decimal::doubleMax and use it instead. 3. Do not allocate WTF::String when using Decimal::fromDouble. We use fixed-sized string buffer instead. 4. Remove UInt128 implementation in Decimal.cpp and use wtf/Int128.h's UInt128. * Source/WebCore/html/NumberInputType.cpp: (WebCore::NumberInputType::createStepRange const): * Source/WebCore/html/parser/HTMLParserIdioms.cpp: (WebCore::parseToDecimalForNumberType): * Source/WebCore/platform/Decimal.cpp: (WebCore::Decimal::fromDouble): (WebCore::Decimal::EncodedData::EncodedData): Deleted. (WebCore::Decimal::Decimal): Deleted. (WebCore::Decimal::operator=): Deleted. (WebCore::Decimal::operator== const): Deleted. (WebCore::Decimal::infinity): Deleted. (WebCore::Decimal::nan): Deleted. (WebCore::Decimal::zero): Deleted. * Source/WebCore/platform/Decimal.h: (WebCore::Decimal::Decimal): (WebCore::Decimal::EncodedData::EncodedData): (WebCore::Decimal::operator== const): (WebCore::Decimal::infinity): (WebCore::Decimal::nan): (WebCore::Decimal::zero): (WebCore::Decimal::doubleMax): * Tools/TestWebKitAPI/CMakeLists.txt: * Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: * Tools/TestWebKitAPI/Tests/WebCore/Decimal.cpp: Added. (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/274982@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] fc6c4e: Use 32 for EventPath m_path
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: fc6c4ebadf58b5892e089a3ec98f0583be7b7037 https://github.com/WebKit/WebKit/commit/fc6c4ebadf58b5892e089a3ec98f0583be7b7037 Author: Yusuke Suzuki Date: 2024-02-20 (Tue, 20 Feb 2024) Changed paths: M Source/WebCore/dom/EventPath.h Log Message: --- Use 32 for EventPath m_path https://bugs.webkit.org/show_bug.cgi?id=269803 rdar://123326028 Reviewed by Ryosuke Niwa. Adjust inline capacity for the cases we observed. * Source/WebCore/dom/EventPath.h: Canonical link: https://commits.webkit.org/275065@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] bbcc01: [JSC] Rename MegamorphicCache's load related fields
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: bbcc016589702ba11cacd4fe32c235c3ebe72559 https://github.com/WebKit/WebKit/commit/bbcc016589702ba11cacd4fe32c235c3ebe72559 Author: Yusuke Suzuki Date: 2024-02-20 (Tue, 20 Feb 2024) Changed paths: M Source/JavaScriptCore/jit/AssemblyHelpers.cpp M Source/JavaScriptCore/runtime/MegamorphicCache.cpp M Source/JavaScriptCore/runtime/MegamorphicCache.h Log Message: --- [JSC] Rename MegamorphicCache's load related fields https://bugs.webkit.org/show_bug.cgi?id=269811 rdar://12247 Reviewed by Keith Miller and Michael Saboff. Let's rename Load related MegamorphicCache fields to explicitly say "Load". Previously, it didn't since MegamorphicCache implementation started with Load only. And eventually it gets expanded. * Source/JavaScriptCore/jit/AssemblyHelpers.cpp: (JSC::AssemblyHelpers::loadMegamorphicProperty): * Source/JavaScriptCore/runtime/MegamorphicCache.cpp: (JSC::MegamorphicCache::age): (JSC::MegamorphicCache::clearEntries): * Source/JavaScriptCore/runtime/MegamorphicCache.h: (JSC::MegamorphicCache::LoadEntry::offsetOfUid): (JSC::MegamorphicCache::LoadEntry::offsetOfStructureID): (JSC::MegamorphicCache::LoadEntry::offsetOfEpoch): (JSC::MegamorphicCache::LoadEntry::offsetOfOffset): (JSC::MegamorphicCache::LoadEntry::offsetOfHolder): (JSC::MegamorphicCache::offsetOfLoadCachePrimaryEntries): (JSC::MegamorphicCache::offsetOfLoadCacheSecondaryEntries): (JSC::MegamorphicCache::initAsMiss): (JSC::MegamorphicCache::initAsHit): (JSC::MegamorphicCache::Entry::offsetOfUid): Deleted. (JSC::MegamorphicCache::Entry::offsetOfStructureID): Deleted. (JSC::MegamorphicCache::Entry::offsetOfEpoch): Deleted. (JSC::MegamorphicCache::Entry::offsetOfOffset): Deleted. (JSC::MegamorphicCache::Entry::offsetOfHolder): Deleted. (JSC::MegamorphicCache::Entry::initAsMiss): Deleted. (JSC::MegamorphicCache::Entry::initAsHit): Deleted. (JSC::MegamorphicCache::offsetOfPrimaryEntries): Deleted. (JSC::MegamorphicCache::offsetOfSecondaryEntries): Deleted. Canonical link: https://commits.webkit.org/275073@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 1c84cd: [JSC] Enhance enumerator_has_own_property pattern ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1c84cd6c970271eabe238a7e4eff9adced5614ce https://github.com/WebKit/WebKit/commit/1c84cd6c970271eabe238a7e4eff9adced5614ce Author: Yusuke Suzuki Date: 2024-02-21 (Wed, 21 Feb 2024) Changed paths: A JSTests/stress/for-in-has-own-property-complex.js M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp M Source/JavaScriptCore/parser/Nodes.h Log Message: --- [JSC] Enhance enumerator_has_own_property pattern detection https://bugs.webkit.org/show_bug.cgi?id=269834 rdar://123362273 Reviewed by Keith Miller and Justin Michaud. This patch extends enumerator_has_own_property pattern matching detection more, aligned to relatively newer JS minifier behavior. * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::tryResolveVariable): * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h: * Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp: (JSC::ForInNode::emitBytecode): * Source/JavaScriptCore/parser/Nodes.h: Canonical link: https://commits.webkit.org/275131@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3e7f2c: REGRESSION(274164@main): Do not consult against Do...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3e7f2c1bc01db4255c2de428d4b5d04ab054df86 https://github.com/WebKit/WebKit/commit/3e7f2c1bc01db4255c2de428d4b5d04ab054df86 Author: Yusuke Suzuki Date: 2024-02-21 (Wed, 21 Feb 2024) Changed paths: M Source/WebCore/dom/Document.cpp M Source/WebCore/dom/Document.h M Source/WebCore/html/CanvasBase.cpp M Source/WebCore/html/HTMLCanvasElement.cpp M Source/WebCore/html/canvas/CanvasRenderingContext.h Log Message: --- REGRESSION(274164@main): Do not consult against Document's WeakHashSet for every Canvas ops https://bugs.webkit.org/show_bug.cgi?id=269867 rdar://123400342 Reviewed by Ryosuke Niwa. 274164@main introduced addCanvasNeedingPreparationForDisplayOrFlush and removeCanvasNeedingPreparationForDisplayOrFlush, which consult against Document's WeakHashSet for every Canvas operation. Because each Canvas operation is very tiny, Canvas operations are called super frequently, and any kind of performance regression on each call can be exhibited as visible performance regression. WeakHashSet querying is costly, and Document is super large so frequent cache miss happens. Instead, we store a bool flag to CanvasRenderingContext, which says whether it is registered in Document's WeakHashSet. And avoid this costly operation once it gets registered. * Source/WebCore/dom/Document.cpp: (WebCore::Document::prepareCanvasesForDisplayOrFlushIfNeeded): (WebCore::Document::addCanvasNeedingPreparationForDisplayOrFlush): (WebCore::Document::removeCanvasNeedingPreparationForDisplayOrFlush): * Source/WebCore/dom/Document.h: * Source/WebCore/html/CanvasBase.cpp: (WebCore::CanvasBase::addCanvasNeedingPreparationForDisplayOrFlush): (WebCore::CanvasBase::removeCanvasNeedingPreparationForDisplayOrFlush): * Source/WebCore/html/HTMLCanvasElement.cpp: (WebCore::HTMLCanvasElement::didMoveToNewDocument): * Source/WebCore/html/canvas/CanvasRenderingContext.h: (WebCore::CanvasRenderingContext::setIsToPrepare): (WebCore::CanvasRenderingContext::isInPreparationForDisplayOrFlush const): Canonical link: https://commits.webkit.org/275137@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 5e5e74: [JSC] Handle Array with -1 in super common case
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 5e5e7445e5ce0a8e5f9b846c57b2d65c64cd6f51
https://github.com/WebKit/WebKit/commit/5e5e7445e5ce0a8e5f9b846c57b2d65c64cd6f51
Author: Yusuke Suzuki
Date: 2024-02-22 (Thu, 22 Feb 2024)
Changed paths:
A JSTests/microbenchmarks/array-negative-one.js
A JSTests/stress/array-negative-one-instance.js
A JSTests/stress/array-negative-one-prototype.js
A JSTests/stress/array-negative-one-prototype2.js
M Source/JavaScriptCore/dfg/DFGOperations.cpp
M Source/JavaScriptCore/jit/JITOperations.cpp
M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
M Source/JavaScriptCore/runtime/CommonIdentifiers.cpp
M Source/JavaScriptCore/runtime/CommonIdentifiers.h
M Source/JavaScriptCore/runtime/JSArray.h
M Source/JavaScriptCore/runtime/JSArrayInlines.h
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M Source/JavaScriptCore/runtime/JSGlobalObject.h
Log Message:
---
[JSC] Handle Array with -1 in super common case
https://bugs.webkit.org/show_bug.cgi?id=269901
rdar://123429794
Reviewed by Justin Michaud.
`array[-1]` access is actually common. For example,
while (item = array[--i]) {
...
}
code is written in the wild and using `array[-1]` => undefined access as a stop
condition.
We should have enough fast access for that. In this patch, we set up `-1`
property watchpoint for Array.prototype and Object.prototype,
and skip property lookup when we are just accessing normal Array's -1. We could
improve this more generic way, but it looks like, most of cases
are just covered by this. Let's start with simple one.
ToT Patched
array-negative-one 29.5545+-0.6586 ^ 15.6126+-0.5059^
definitely 1.8930x faster
* JSTests/microbenchmarks/array-negative-one.js: Added.
(shouldBe):
(t):
* JSTests/stress/array-negative-one-instance.js: Added.
(shouldBe):
(t):
* JSTests/stress/array-negative-one-prototype.js: Added.
(shouldBe):
(t):
* JSTests/stress/array-negative-one-prototype2.js: Added.
(shouldBe):
(t):
* Source/JavaScriptCore/dfg/DFGOperations.cpp:
(JSC::DFG::getByValCellInt):
(JSC::DFG::JSC_DEFINE_JIT_OPERATION):
* Source/JavaScriptCore/jit/JITOperations.cpp:
(JSC::getByVal):
(JSC::getByValWithThis):
* Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
(JSC::LLInt::getByVal):
* Source/JavaScriptCore/runtime/CommonIdentifiers.cpp:
(JSC::CommonIdentifiers::CommonIdentifiers):
* Source/JavaScriptCore/runtime/CommonIdentifiers.h:
* Source/JavaScriptCore/runtime/JSArray.h:
* Source/JavaScriptCore/runtime/JSArrayInlines.h:
(JSC::JSArray::definitelyNegativeOneMiss const):
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::setupAbsenceAdaptiveWatchpoint):
(JSC::JSGlobalObject::init):
* Source/JavaScriptCore/runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::arrayNegativeOneWatchpointSet):
Canonical link: https://commits.webkit.org/275179@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4b665f: [JSC] Fold empty string + value in bytecode generator
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4b665f046f0db0e63fa3f84ee5116897b61c78be https://github.com/WebKit/WebKit/commit/4b665f046f0db0e63fa3f84ee5116897b61c78be Author: Yusuke Suzuki Date: 2024-02-23 (Fri, 23 Feb 2024) Changed paths: A JSTests/stress/empty-string-add-to-string.js M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp Log Message: --- [JSC] Fold empty string + value in bytecode generator https://bugs.webkit.org/show_bug.cgi?id=269974 rdar://123492788 Reviewed by Ross Kirsling and Alexey Shvayka. This pattern is too much seen in the wild. So let's do optimization in bytecode generator level since it is too simple. When we see `"" + value`, we generate `to_string` bytecode for value. * JSTests/stress/empty-string-add-to-string.js: Added. (test1): (test2): (shouldBe): * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitBinaryOp): Canonical link: https://commits.webkit.org/275230@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 617715: [JSC] Clean up CallLinkInfo::unlinlkOrUpgradeImpl ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 617715243dc578fef6ca3a32ab2cb017e8e1deb5 https://github.com/WebKit/WebKit/commit/617715243dc578fef6ca3a32ab2cb017e8e1deb5 Author: Yusuke Suzuki Date: 2024-02-23 (Fri, 23 Feb 2024) Changed paths: M Source/JavaScriptCore/bytecode/CallLinkInfo.cpp M Source/JavaScriptCore/bytecode/Repatch.cpp Log Message: --- [JSC] Clean up CallLinkInfo::unlinlkOrUpgradeImpl to make `remove` consistent https://bugs.webkit.org/show_bug.cgi?id=270004 rdar://122611742 Reviewed by Alexey Shvayka. 1. In CallLinkInfo::unlinkOrUpgradeImpl, let's always start with removing it from the list. If we upgrade, we anyway re-chain it to the new CodeBlock. So there is no possible case that we would like to keep the current link. 2. Let's make linked / unlinked state consistent more by moving `remove` code inside CallLinkInfo itself. And always check `isOnList` before calling it. * Source/JavaScriptCore/bytecode/CallLinkInfo.cpp: (JSC::CallLinkInfo::unlinkOrUpgradeImpl): (JSC::CallLinkInfo::setStub): * Source/JavaScriptCore/bytecode/Repatch.cpp: (JSC::linkPolymorphicCall): Canonical link: https://commits.webkit.org/275256@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] aa1a84: [JSC] Add StringOrOther speculation against ToPrim...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: aa1a84a4b6aae5967a7a18b2d9bcca1c87f37129 https://github.com/WebKit/WebKit/commit/aa1a84a4b6aae5967a7a18b2d9bcca1c87f37129 Author: Yusuke Suzuki Date: 2024-02-24 (Sat, 24 Feb 2024) Changed paths: A JSTests/microbenchmarks/string-or-other-add.js M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h M Source/JavaScriptCore/dfg/DFGClobberize.h M Source/JavaScriptCore/dfg/DFGDoesGC.cpp M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp M Source/JavaScriptCore/dfg/DFGMayExit.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp M Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp Log Message: --- [JSC] Add StringOrOther speculation against ToPrimitive / ToString https://bugs.webkit.org/show_bug.cgi?id=270028 rdar://123538433 Reviewed by Alexey Shvayka. This patch further optimizes `value + ""` pattern. Now, we observed StringOrOther case super frequently. So we should have optimization for that. 1. Add ToPrimitive(StringOrOtherUse). Then it can be converted to Identity since both are already primitives. 2. Add ToString(StringOrOtherUse). It checks String or Other and returns strings without calling any functions. ToT Patched string-or-other-add 355.4531+-0.8540 ^ 72.8445+-0.0395 ^ definitely 4.8796x faster * JSTests/microbenchmarks/string-or-other-add.js: Added. (shouldBe): (test): * Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter::executeEffects): * Source/JavaScriptCore/dfg/DFGClobberize.h: (JSC::DFG::clobberize): * Source/JavaScriptCore/dfg/DFGDoesGC.cpp: (JSC::DFG::doesGC): * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupToPrimitive): (JSC::DFG::FixupPhase::fixupToStringOrCallStringConstructor): (JSC::DFG::FixupPhase::fixupStringValueOf): * Source/JavaScriptCore/dfg/DFGMayExit.cpp: * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp: * Source/JavaScriptCore/dfg/DFGStrengthReductionPhase.cpp: (JSC::DFG::StrengthReductionPhase::handleNode): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileToStringOrCallStringConstructorOrStringValueOf): Canonical link: https://commits.webkit.org/275280@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 88f5d6: Do not reparse the same URL repeatedly for HTMLIma...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 88f5d6430abe12164eec7acf3a0993ef1ec67d0a https://github.com/WebKit/WebKit/commit/88f5d6430abe12164eec7acf3a0993ef1ec67d0a Author: Yusuke Suzuki Date: 2024-02-24 (Sat, 24 Feb 2024) Changed paths: M Source/WTF/wtf/URL.cpp M Source/WTF/wtf/URL.h M Source/WTF/wtf/text/StringView.h M Source/WebCore/Modules/fetch/FetchLoader.cpp M Source/WebCore/Modules/reporting/ReportingScope.cpp M Source/WebCore/html/HTMLImageElement.cpp M Source/WebCore/html/HTMLImageElement.h M Source/WebCore/html/HTMLMediaElement.cpp M Source/WebCore/html/parser/HTMLPreloadScanner.cpp M Source/WebCore/html/parser/HTMLSrcsetParser.cpp M Source/WebCore/html/parser/HTMLSrcsetParser.h M Source/WebCore/loader/CrossOriginAccessControl.cpp M Source/WebCore/loader/CrossOriginAccessControl.h M Source/WebCore/loader/CrossOriginPreflightChecker.cpp M Source/WebCore/loader/FrameLoader.cpp M Source/WebCore/loader/FrameLoader.h M Source/WebCore/loader/ImageLoader.cpp M Source/WebCore/loader/LinkLoader.cpp M Source/WebCore/loader/PingLoader.cpp M Source/WebCore/loader/SubframeLoader.cpp M Source/WebCore/loader/SubframeLoader.h M Source/WebCore/loader/SubresourceLoader.cpp M Source/WebCore/loader/WorkerThreadableLoader.cpp M Source/WebCore/loader/cache/CachedResourceRequest.cpp M Source/WebCore/page/LocalDOMWindow.cpp M Source/WebCore/page/SecurityPolicy.cpp M Source/WebCore/page/SecurityPolicy.h M Source/WebCore/page/csp/ContentSecurityPolicy.cpp M Source/WebCore/platform/network/ResourceRequestBase.cpp M Source/WebKit/WebProcess/Plugins/PluginView.cpp Log Message: --- Do not reparse the same URL repeatedly for HTMLImageElement src attribute setter https://bugs.webkit.org/show_bug.cgi?id=269975 rdar://123492927 Reviewed by Ryosuke Niwa. This patch cleans up a lot of HTMLImageElement src attribute setter path. 1. HTMLImageElement should not make m_currentSrc AtomString eagerly. This is rarely accessed. So we should defer it. 2. HTMLImageElement should have super fast path for no `sizes` attribute case since this is common. We should not invoke SizesAttributeParser. 3. ImageCandidate should carry underlying AtomString if possible. Attributes are AtomString. So by carrying it, we can avoid AtomString creation for `m_bestFitImageURL = candidate.string.toAtomString()`. 4. We should use HTMLImageElement::currentURL if possible in ImageLoader, avoiding repeated parsing of the same URL string. 5. FrameLoader should keep m_outgoingReferrerURL. Then subsequent code can use this URL instead of parsing it repeatedly. We enhance URL::strippedForUseAsReferrer to further avoid reparsing URL from stripped string. * Source/WTF/wtf/URL.cpp: (WTF::URL::strippedForUseAsReferrer const): (WTF::URL::strippedForUseAsReferrerWithExplicitPort const): * Source/WTF/wtf/URL.h: * Source/WTF/wtf/text/StringView.h: (WTF::StringViewWithUnderlyingString::toAtomString const): * Source/WebCore/Modules/fetch/FetchLoader.cpp: (WebCore::FetchLoader::start): * Source/WebCore/Modules/reporting/ReportingScope.cpp: (WebCore::ReportingScope::generateTestReport): * Source/WebCore/html/HTMLImageElement.cpp: (WebCore::HTMLImageElement::currentSrc): (WebCore::HTMLImageElement::setBestFitURLAndDPRFromImageCandidate): (WebCore::HTMLImageElement::selectImageSource): * Source/WebCore/html/HTMLImageElement.h: (WebCore::HTMLImageElement::currentSrc const): Deleted. * Source/WebCore/html/HTMLMediaElement.cpp: (WebCore::HTMLMediaElement::mediaPlayerReferrer const): * Source/WebCore/html/parser/HTMLPreloadScanner.cpp: (WebCore::TokenPreloadScanner::StartTagScanner::processAttributes): * Source/WebCore/html/parser/HTMLSrcsetParser.cpp: (WebCore::parseImageCandidatesFromSrcsetAttribute): (WebCore::pickBestImageCandidate): (WebCore::bestFitSourceForImageAttributes): * Source/WebCore/html/parser/HTMLSrcsetParser.h: (WebCore::ImageCandidate::ImageCandidate): (WebCore::ImageCandidate::isEmpty const): * Source/WebCore/loader/CrossOriginAccessControl.cpp: (WebCore::updateRequestReferrer): * Source/WebCore/loader/CrossOriginAccessControl.h: * Source/WebCore/loader/CrossOriginPreflightChecker.cpp: (WebCore::CrossOriginPreflightChecker::doPreflight): * Source/WebCore/loader/FrameLoader.cpp: (WebCore::FrameLoader::setOutgoingReferrer): (WebCore::FrameLoader::outgoingReferrerURL): (WebCore::FrameLoader::loadFrameRequest): (WebCore::FrameLoader::loadResourceSynchronously): (WebCore::createWindow): * Source/WebCore/loader/FrameLoader.h: * Source/WebCore/loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement): * Source/WebCore/loader/LinkLoader.cpp: (WebCore::LinkLoader::preloadIfNeeded): * Source/WebCore/loader/PingLoader.cpp: (WebCore::PingLoader::loadImage): (WebCore::PingLoader::sendViolationReport): * Source/WebCore/loader/SubframeLoader.cpp: (WebCore::FrameLoader
[webkit-changes] [WebKit/WebKit] 4d9c89: [JSC] Do not upgrade CallLinkInfo when the target ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4d9c892d5723e95cab0c627d5f46f8d8da236294 https://github.com/WebKit/WebKit/commit/4d9c892d5723e95cab0c627d5f46f8d8da236294 Author: Yusuke Suzuki Date: 2024-02-26 (Mon, 26 Feb 2024) Changed paths: M Source/JavaScriptCore/bytecode/CodeBlock.cpp M Source/JavaScriptCore/runtime/ScriptExecutable.cpp M Source/JavaScriptCore/runtime/ScriptExecutable.h Log Message: --- [JSC] Do not upgrade CallLinkInfo when the target is also already dead https://bugs.webkit.org/show_bug.cgi?id=270119 rdar://123651394 Reviewed by Justin Michaud. Probably does not matter much but let's make it defensive. When running unlinkOrUpgrade, if it is invoked through jettisoning due to GC end-phase check, we should check whether the new target CodeBlock is also dead, and if it is dead, not passing it. * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::jettison): * Source/JavaScriptCore/runtime/ScriptExecutable.cpp: (JSC::ScriptExecutable::installCode): (JSC::ScriptExecutable::prepareForExecutionImpl): * Source/JavaScriptCore/runtime/ScriptExecutable.h: Canonical link: https://commits.webkit.org/275356@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4a9538: [JSC] Handle reallocating transitions in megamorph...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4a95386068f39d13b9db69c0e34056ee3dfe2219 https://github.com/WebKit/WebKit/commit/4a95386068f39d13b9db69c0e34056ee3dfe2219 Author: Yusuke Suzuki Date: 2024-02-29 (Thu, 29 Feb 2024) Changed paths: M Source/JavaScriptCore/bytecode/AccessCase.cpp M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp M Source/JavaScriptCore/jit/AssemblyHelpers.cpp M Source/JavaScriptCore/jit/AssemblyHelpers.h M Source/JavaScriptCore/jit/JITOperations.cpp M Source/JavaScriptCore/jit/JITOperations.h M Source/JavaScriptCore/runtime/MegamorphicCache.h Log Message: --- [JSC] Handle reallocating transitions in megamorphic store cache https://bugs.webkit.org/show_bug.cgi?id=270279 rdar://123806842 Reviewed by Justin Michaud. This patch extends megamorphic store cache with Transition case which reallocates butterfly. Previously we skipped this case since it is a bit complex. But this is very frequently seen so we must need to handle it well. Now megamorphic store cache accepts Transition with reallocating. And then, when using this in the megamorphic store cache, we call a function which does very similar thing to what AccessCase Transition with reallocation is doing. * Source/JavaScriptCore/bytecode/AccessCase.cpp: (JSC::AccessCase::doesCalls const): * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::InlineCacheCompiler::generateWithGuard): (JSC::InlineCacheCompiler::regenerate): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compilePutByIdMegamorphic): (JSC::DFG::SpeculativeJIT::compilePutByValMegamorphic): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compilePutByValMegamorphic): (JSC::FTL::DFG::LowerDFGToB3::compilePutByIdMegamorphic): * Source/JavaScriptCore/jit/AssemblyHelpers.cpp: (JSC::AssemblyHelpers::storeMegamorphicProperty): * Source/JavaScriptCore/jit/AssemblyHelpers.h: * Source/JavaScriptCore/jit/JITOperations.cpp: (JSC::putByIdMegamorphic): (JSC::JSC_DEFINE_JIT_OPERATION): (JSC::putByValMegamorphic): * Source/JavaScriptCore/jit/JITOperations.h: * Source/JavaScriptCore/runtime/MegamorphicCache.h: (JSC::MegamorphicCache::StoreEntry::offsetOfReallocating): (JSC::MegamorphicCache::StoreEntry::init): (JSC::MegamorphicCache::initAsTransition): (JSC::MegamorphicCache::initAsReplace): Canonical link: https://commits.webkit.org/275510@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 8bc91f: dataLogIf / dataLogLnIf should be macro
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 8bc91f004ab432c4a4c827c272a79f363f93cd29 https://github.com/WebKit/WebKit/commit/8bc91f004ab432c4a4c827c272a79f363f93cd29 Author: Yusuke Suzuki Date: 2024-02-29 (Thu, 29 Feb 2024) Changed paths: M Source/WTF/wtf/DataLog.h Log Message: --- dataLogIf / dataLogLnIf should be macro https://bugs.webkit.org/show_bug.cgi?id=270309 rdar://123567317 Reviewed by Mark Lam and Keith Miller. dataLogIf and dataLogLnIf should not evaluate arguments when the first condition is not true! * Source/WTF/wtf/DataLog.h: (WTF::dataLogIf): Deleted. (WTF::dataLogLnIf): Deleted. Canonical link: https://commits.webkit.org/275521@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 0291f2: [JSC] Remove some hot CommonSlowPaths
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 0291f234c90dc4d75b73075976f14d2a94878d73 https://github.com/WebKit/WebKit/commit/0291f234c90dc4d75b73075976f14d2a94878d73 Author: Yusuke Suzuki Date: 2024-03-01 (Fri, 01 Mar 2024) Changed paths: M Source/JavaScriptCore/jit/JIT.cpp M Source/JavaScriptCore/jit/JIT.h M Source/JavaScriptCore/jit/JITInlines.h M Source/JavaScriptCore/jit/JITOpcodes.cpp M Source/JavaScriptCore/jit/JITOperations.cpp M Source/JavaScriptCore/jit/JITOperations.h M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp M Source/JavaScriptCore/llint/LLIntSlowPaths.h M Source/JavaScriptCore/llint/LowLevelInterpreter.asm M Source/JavaScriptCore/runtime/CommonSlowPaths.cpp M Source/JavaScriptCore/runtime/CommonSlowPaths.h Log Message: --- [JSC] Remove some hot CommonSlowPaths https://bugs.webkit.org/show_bug.cgi?id=270363 rdar://123909602 Reviewed by Alexey Shvayka. CommonSlowPaths is always slower than normal operations in Baseline JIT since CommonSlowPaths accesses a lot of data like bytecode etc. This is OK for rare operations, but not OK for hot operations. This patch made following opcodes using operations. They are picked based on trace data. 1. op_create_lexical_environment 2. op_create_direct_arguments 3. op_create_scoped_arguments 4. op_create_cloned_arguments And move CommonSlowPaths for them to LLIntSlowPaths. Since LLInt needs to access to these bytecode etc. to retrieve information (JIT can skip it), SlowPath performance is the same to operations. * Source/JavaScriptCore/jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): * Source/JavaScriptCore/jit/JIT.h: * Source/JavaScriptCore/jit/JITOpcodes.cpp: (JSC::JIT::emit_op_create_lexical_environment): (JSC::JIT::emit_op_create_direct_arguments): (JSC::JIT::emit_op_create_scoped_arguments): (JSC::JIT::emit_op_create_cloned_arguments): * Source/JavaScriptCore/jit/JITOperations.cpp: (JSC::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/jit/JITOperations.h: * Source/JavaScriptCore/llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): * Source/JavaScriptCore/llint/LLIntSlowPaths.h: * Source/JavaScriptCore/llint/LowLevelInterpreter.asm: * Source/JavaScriptCore/runtime/CommonSlowPaths.cpp: * Source/JavaScriptCore/runtime/CommonSlowPaths.h: Canonical link: https://commits.webkit.org/275570@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4e349c: [WebCore] Optimize Font::applyTransforms
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4e349ca18c0f8e55b6bdcd2786755caf68787143 https://github.com/WebKit/WebKit/commit/4e349ca18c0f8e55b6bdcd2786755caf68787143 Author: Yusuke Suzuki Date: 2024-03-04 (Mon, 04 Mar 2024) Changed paths: M Source/WTF/wtf/Vector.h M Source/WTF/wtf/text/StringView.h M Source/WebCore/editing/cocoa/DataDetection.mm M Source/WebCore/platform/graphics/GlyphBuffer.h M Source/WebCore/platform/graphics/coretext/FontCoreText.cpp M Source/WebCore/platform/text/cocoa/LocaleCocoa.h M Source/WebCore/platform/text/cocoa/LocaleCocoa.mm M Tools/TestWebKitAPI/Tests/WTF/Vector.cpp Log Message: --- [WebCore] Optimize Font::applyTransforms https://bugs.webkit.org/show_bug.cgi?id=270406 rdar://123961009 Reviewed by Chris Dumez. Font::applyTransforms is very slow. While the most of time is used in CoreText, the other part is also using much time! This patch optimizes it. 1. We add Vector::insertFill function to insert one-item-filling into Vector. GlyphBuffer is doing this in a very inefficient way right now: allocating filled Vector and using insertVector. 2. Add size parameter to upconvertedCharacters and use 256 for static Vector size in Font::applyTransforms, to avoid unnecessary allocations. 3. LocaleCocoa::canonicalLanguageIdentifierFromString should return RetainPtr. We found that we are super repeatedly creating CFString when locale is specified because canonicalLanguageIdentifierFromString returns AtomString and we convert it to CFString. And this is very slow. Because canonicalLanguageIdentifierFromString is only used in this place, we should just return RetainPtr. Also we optimized the caching mechanism in canonicalLanguageIdentifierFromString to cache the one item out of HashMap since this one-item cache can cover almost all cases. * Source/WTF/wtf/Vector.h: (WTF::Malloc>::insertFill): * Source/WTF/wtf/text/StringView.h: (WTF::StringView::upconvertedCharacters const): (WTF::StringView::UpconvertedCharacters::UpconvertedCharacters): (WTF::StringView::UpconvertedCharacters::UpconvertedCharacters): Deleted. * Source/WebCore/editing/TextIterator.cpp: * Source/WebCore/platform/graphics/GlyphBuffer.h: (WebCore::GlyphBuffer::makeHole): * Source/WebCore/platform/graphics/coretext/FontCoreText.cpp: (WebCore::Font::applyTransforms const): * Source/WebCore/platform/text/cocoa/LocaleCocoa.h: * Source/WebCore/platform/text/cocoa/LocaleCocoa.mm: (WebCore::localeCache): (WebCore::LocaleCocoa::canonicalLanguageIdentifierFromString): (WebCore::LocaleCocoa::releaseMemory): (WebCore::canonicalLocaleMap): Deleted. Canonical link: https://commits.webkit.org/275676@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 15aaec: [JSC] Destroy LinkBuffer in compiler thread
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 15aaecdc0805096996f25abacbb59c509a1a6986 https://github.com/WebKit/WebKit/commit/15aaecdc0805096996f25abacbb59c509a1a6986 Author: Yusuke Suzuki Date: 2024-03-05 (Tue, 05 Mar 2024) Changed paths: M Source/JavaScriptCore/assembler/LinkBuffer.cpp M Source/JavaScriptCore/assembler/LinkBuffer.h M Source/JavaScriptCore/dfg/DFGJITFinalizer.cpp M Source/JavaScriptCore/dfg/DFGJITFinalizer.h M Source/JavaScriptCore/dfg/DFGLazyJSValue.cpp M Source/JavaScriptCore/dfg/DFGLazyJSValue.h M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp M Source/JavaScriptCore/ftl/FTLCompile.cpp M Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp M Source/JavaScriptCore/ftl/FTLJITFinalizer.h M Source/JavaScriptCore/ftl/FTLLink.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp M Source/JavaScriptCore/ftl/FTLPatchpointExceptionHandle.cpp M Source/JavaScriptCore/ftl/FTLState.cpp M Source/JavaScriptCore/ftl/FTLState.h M Source/JavaScriptCore/jit/BaselineJITPlan.cpp M Source/JavaScriptCore/jit/BaselineJITPlan.h M Source/JavaScriptCore/jit/JIT.cpp M Source/JavaScriptCore/jit/JIT.h M Source/JavaScriptCore/jit/JITCode.cpp M Source/JavaScriptCore/jit/JITPlan.cpp M Source/JavaScriptCore/jit/JITPlan.h M Source/JavaScriptCore/jit/JITSizeStatistics.cpp M Source/JavaScriptCore/jit/JITSizeStatistics.h M Source/JavaScriptCore/runtime/ScriptExecutable.cpp Log Message: --- [JSC] Destroy LinkBuffer in compiler thread https://bugs.webkit.org/show_bug.cgi?id=270503 rdar://124050058 Reviewed by Keith Miller. We are keeping LinkBuffer only because m_mainThreadFinalizationTasks exists. That's not great since LinkBuffer destruction is relatively costly operation. So we should do it in the compiler thread instead of the main thread. This patch moves m_mainThreadFinalizationTasks to JITPlan and run it appropriately in JITPlan so that we can destroy LinkBuffer in the compiler thread. * Source/JavaScriptCore/assembler/LinkBuffer.cpp: (JSC::LinkBuffer::runMainThreadFinalizationTasks): Deleted. * Source/JavaScriptCore/assembler/LinkBuffer.h: (JSC::LinkBuffer::addMainThreadFinalizationTask): Deleted. * Source/JavaScriptCore/dfg/DFGJITFinalizer.cpp: (JSC::DFG::JITFinalizer::JITFinalizer): (JSC::DFG::JITFinalizer::codeSize): (JSC::DFG::JITFinalizer::finalize): * Source/JavaScriptCore/dfg/DFGJITFinalizer.h: * Source/JavaScriptCore/dfg/DFGLazyJSValue.cpp: (JSC::DFG::LazyJSValue::emit const): * Source/JavaScriptCore/dfg/DFGLazyJSValue.h: * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compile): (JSC::DFG::SpeculativeJIT::compileFunction): (JSC::DFG::SpeculativeJIT::runSlowPathGenerators): (JSC::DFG::SpeculativeJIT::compileCurrentBlock): * Source/JavaScriptCore/ftl/FTLCompile.cpp: (JSC::FTL::compile): * Source/JavaScriptCore/ftl/FTLJITFinalizer.cpp: (JSC::FTL::JITFinalizer::codeSize): (JSC::FTL::JITFinalizer::finalize): * Source/JavaScriptCore/ftl/FTLJITFinalizer.h: (JSC::FTL::OutOfLineCodeInfo::OutOfLineCodeInfo): Deleted. * Source/JavaScriptCore/ftl/FTLLink.cpp: (JSC::FTL::link): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileLazyJSConstant): * Source/JavaScriptCore/ftl/FTLPatchpointExceptionHandle.cpp: (JSC::FTL::PatchpointExceptionHandle::scheduleExitCreationForUnwind): * Source/JavaScriptCore/ftl/FTLState.cpp: (JSC::FTL::State::dumpDisassembly): * Source/JavaScriptCore/ftl/FTLState.h: (JSC::FTL::State::dumpDisassembly): * Source/JavaScriptCore/jit/BaselineJITPlan.cpp: (JSC::BaselineJITPlan::compileInThreadImpl): (JSC::BaselineJITPlan::compileSync): (JSC::BaselineJITPlan::codeSize const): (JSC::BaselineJITPlan::finalize): * Source/JavaScriptCore/jit/BaselineJITPlan.h: * Source/JavaScriptCore/jit/JIT.cpp: (JSC::JIT::JIT): (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases): (JSC::JIT::compileAndLinkWithoutFinalizing): (JSC::JIT::finalizeOnMainThread): (JSC::JIT::compileSync): (JSC::JIT::privateCompile): Deleted. * Source/JavaScriptCore/jit/JIT.h: * Source/JavaScriptCore/jit/JITCode.cpp: (JSC::JITCodeWithCodeRef::size): * Source/JavaScriptCore/jit/JITPlan.cpp: (JSC::JITPlan::runMainThreadFinalizationTasks): * Source/JavaScriptCore/jit/JITPlan.h: (JSC::JITPlan::addMainThreadFinalizationTask): * Source/JavaScriptCore/jit/JITSizeStatistics.cpp: (JSC::JITSizeStatistics::markEnd): * Source/JavaScriptCore/jit/JITSizeStatistics.h: * Source/JavaScriptCore/runtime/ScriptExecutable.cpp: (JSC::setupJIT): Canonical link: https://commits.webkit.org/275696@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 540d08: [JSC] Use handler IC for single stateless AccessCase
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 540d08d37e29127fa5eeefa78d2b849561771fe8 https://github.com/WebKit/WebKit/commit/540d08d37e29127fa5eeefa78d2b849561771fe8 Author: Yusuke Suzuki Date: 2024-03-05 (Tue, 05 Mar 2024) Changed paths: M Source/JavaScriptCore/bytecode/AccessCase.cpp M Source/JavaScriptCore/bytecode/AccessCase.h M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h M Source/JavaScriptCore/bytecode/Repatch.cpp M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp M Source/JavaScriptCore/bytecode/StructureStubInfo.h M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp M Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp M Source/JavaScriptCore/jit/JITInlineCacheGenerator.h M Source/JavaScriptCore/jit/JITPropertyAccess.cpp Log Message: --- [JSC] Use handler IC for single stateless AccessCase https://bugs.webkit.org/show_bug.cgi?id=270497 rdar://124047629 Reviewed by Keith Miller. This patch enables Handler IC only for very specific case: single stateless AccessCase. For example, ArrayLength, IndexedContiguousLoad etc. does not care about Structure. They only care about the input's type. So the underlying code can be reused in different places completely. And if AccessCase is only one, the generated code can be reused in various places. And surprisingly this is relatively frequently happening. 1. This patch categorizes stateless AccessCases. They do not require Structure etc. state of the heap. 2. We clean up InlineCacheCompiler implementation about accessing to StructureStubInfo* to figure out what is the values changing the generated code from StructureStubInfo. 3. We clean up InlineCacheCompiler's information collection code from vector of AccessCase so that we can easily see what information is collected. 4. We extend SharedJITStubSet to store stateless stubs. Previously it was only storing megamorphic stubs since they are stateless. But now it gets extended to accept all stateless stubs. * Source/JavaScriptCore/bytecode/AccessCase.h: * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::isStateless): (JSC::InlineCacheCompiler::regenerate): (WTF::printInternal): * Source/JavaScriptCore/bytecode/InlineCacheCompiler.h: * Source/JavaScriptCore/bytecode/StructureStubInfo.cpp: (JSC::SharedJITStubSet::getStatelessStub const): (JSC::SharedJITStubSet::setStatelessStub): (JSC::SharedJITStubSet::getMegamorphic const): Deleted. (JSC::SharedJITStubSet::setMegamorphic): Deleted. * Source/JavaScriptCore/bytecode/StructureStubInfo.h: Canonical link: https://commits.webkit.org/275721@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 703536: [JSC] Use WriteBarrierEarlyInit for JSLexicalEnvir...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 7035360227f653be3b93de01a9f6f324764e1ee9 https://github.com/WebKit/WebKit/commit/7035360227f653be3b93de01a9f6f324764e1ee9 Author: Yusuke Suzuki Date: 2024-03-06 (Wed, 06 Mar 2024) Changed paths: M Source/JavaScriptCore/runtime/JSSymbolTableObject.h Log Message: --- [JSC] Use WriteBarrierEarlyInit for JSLexicalEnvironment's JSSymbolTableObject initialization https://bugs.webkit.org/show_bug.cgi?id=270562 rdar://124120607 Reviewed by Alexey Shvayka. Doing micro-optimization for super frequently allocated object (JSLexicalEnvironment). We can use WriteBarrierEarlyInit in the constructor. * Source/JavaScriptCore/runtime/JSSymbolTableObject.h: (JSC::JSSymbolTableObject::JSSymbolTableObject): Canonical link: https://commits.webkit.org/275731@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] a8cb9e: [WebCore] Cache inline styles
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a8cb9e6d85cf4333473241f52f4de68b7ae352bf https://github.com/WebKit/WebKit/commit/a8cb9e6d85cf4333473241f52f4de68b7ae352bf Author: Yusuke Suzuki Date: 2024-03-07 (Thu, 07 Mar 2024) Changed paths: M Source/WebCore/css/CSSBasicShapes.h M Source/WebCore/css/CSSCounterValue.h M Source/WebCore/css/CSSCrossfadeValue.h M Source/WebCore/css/CSSCursorImageValue.h M Source/WebCore/css/CSSCustomPropertyValue.h M Source/WebCore/css/CSSFilterImageValue.h M Source/WebCore/css/CSSFontFaceSrcValue.cpp M Source/WebCore/css/CSSFontFaceSrcValue.h M Source/WebCore/css/CSSFontPaletteValuesOverrideColorsValue.h M Source/WebCore/css/CSSFontStyleRangeValue.h M Source/WebCore/css/CSSFontStyleWithAngleValue.h M Source/WebCore/css/CSSFontValue.cpp M Source/WebCore/css/CSSFontValue.h M Source/WebCore/css/CSSGradientValue.h M Source/WebCore/css/CSSImageSetOptionValue.h M Source/WebCore/css/CSSImageValue.cpp M Source/WebCore/css/CSSImageValue.h M Source/WebCore/css/CSSOffsetRotateValue.h M Source/WebCore/css/CSSPendingSubstitutionValue.h M Source/WebCore/css/CSSPrimitiveValue.cpp M Source/WebCore/css/CSSPrimitiveValue.h M Source/WebCore/css/CSSQuadValue.h M Source/WebCore/css/CSSRayValue.h M Source/WebCore/css/CSSRectValue.h M Source/WebCore/css/CSSReflectValue.h M Source/WebCore/css/CSSScrollValue.h M Source/WebCore/css/CSSShadowValue.h M Source/WebCore/css/CSSValue.cpp M Source/WebCore/css/CSSValue.h M Source/WebCore/css/CSSValueList.cpp M Source/WebCore/css/CSSValueList.h M Source/WebCore/css/CSSValuePair.h M Source/WebCore/css/CSSVariableReferenceValue.h M Source/WebCore/css/CSSViewValue.h M Source/WebCore/css/StyleProperties.cpp M Source/WebCore/css/StyleProperties.h M Source/WebCore/css/StyleSheetContents.cpp M Source/WebCore/css/StyleSheetContents.h M Source/WebCore/css/parser/CSSParserContext.cpp M Source/WebCore/css/parser/CSSParserContext.h M Source/WebCore/dom/InlineStyleSheetOwner.cpp Log Message: --- [WebCore] Cache inline styles https://bugs.webkit.org/show_bug.cgi?id=270521 rdar://124074797 Reviewed by Antti Koivisto. CSS in JS is frequently used in the wild. As a result, we can see many duplicate inline styles randomly, even outside of shadow DOM. Sometimes, even we use very large strings for inline styles. So we should cache the inline styles even if it is not inside shadow DOM. This patch adds following two changes. 1. Caching inline styles for non shadow DOM elements. 2. Adding the mechanism to scan base URL dependecy in CSS rules so that we can disable caching for that case. Right now, it is a bit conservative. We disable caching when CSS custom properties exist for example. 3. Originally, we considered using the same mechanism to `setReplacementURLForSubresources` since it needs to scan CSSValues too. But it turned out that the implementation is broken and we cannot use it. Since that feature also needs to have the correct mechanism to scan CSSValues anyway, this patch implements customVisitChildren mechanism to CSSValue, which lists up CSSValue children. So by using this feature, we implement mayDependOnBaseURL function by scanning CSSValues. Existing buggy `setReplacementURLForSubresources` / `clearReplacementURLForSubresources` / `traverseSubresources` can be rewritten by using this `visitChildren` function. But this patch's intent is not fixing these existing bugs, so we separate the fix from this change. (https://bugs.webkit.org/show_bug.cgi?id=270600) 4. We found a bug in StyleSheetContents where we didn't check m_namespaceRules size for `isCacheable()` condition (As a result, we observed crashes in some of LayoutTests). This patch fixes it so that we do not say `isCacheable()` => true when there is m_namespaceRules. * Source/WebCore/css/CSSBasicShapes.h: (WebCore::CSSInsetShapeValue::top const): Deleted. (WebCore::CSSInsetShapeValue::right const): Deleted. (WebCore::CSSInsetShapeValue::bottom const): Deleted. (WebCore::CSSInsetShapeValue::left const): Deleted. (WebCore::CSSInsetShapeValue::protectedTop const): Deleted. (WebCore::CSSInsetShapeValue::protectedRight const): Deleted. (WebCore::CSSInsetShapeValue::protectedBottom const): Deleted. (WebCore::CSSInsetShapeValue::protectedLeft const): Deleted. (WebCore::CSSInsetShapeValue::topLeftRadius const): Deleted. (WebCore::CSSInsetShapeValue::topRightRadius const): Deleted. (WebCore::CSSInsetShapeValue::bottomRightRadius const): Deleted. (WebCore::CSSInsetShapeValue::bottomLeftRadius const): Deleted. (WebCore::CSSInsetShapeValue::protectedTopLeftRadius const): Deleted. (WebCore::CSSInsetShapeValue::protectedTopRightRadius const): Deleted. (WebCore::CSSInsetShapeValue::protectedBottomRightRadius const): Deleted. (WebCore::CSSIn
[webkit-changes] [WebKit/WebKit] 3bc33c: [JSC] Do not emit jsUndefined constant
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3bc33cf556e7a6b3c211af06777c10bc4984d34d https://github.com/WebKit/WebKit/commit/3bc33cf556e7a6b3c211af06777c10bc4984d34d Author: Yusuke Suzuki Date: 2024-03-07 (Thu, 07 Mar 2024) Changed paths: M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp Log Message: --- [JSC] Do not emit jsUndefined constant https://bugs.webkit.org/show_bug.cgi?id=270662 rdar://124234204 Reviewed by Keith Miller. We observed massive unnecessary mov due to this. * Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp: (JSC::PropertyListNode::emitBytecode): * Source/JavaScriptCore/llint/LLIntSlowPaths.cpp: (JSC::LLInt::LLINT_SLOW_PATH_DECL): Canonical link: https://commits.webkit.org/275813@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 347b11: [JSC] Do not use temp RegisterID when initializing...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 347b11e573c242a6e5843bb328ee4947a8ef7a30 https://github.com/WebKit/WebKit/commit/347b11e573c242a6e5843bb328ee4947a8ef7a30 Author: Yusuke Suzuki Date: 2024-03-07 (Thu, 07 Mar 2024) Changed paths: M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp Log Message: --- [JSC] Do not use temp RegisterID when initializing local FunctionDeclaration https://bugs.webkit.org/show_bug.cgi?id=270665 rdar://124236096 Reviewed by Justin Michaud. Let's avoid unnecessary mov. We can initialize local RegisterID directly for FunctionDeclaration. * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::generate): Canonical link: https://commits.webkit.org/275818@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6f9503: [JSC] Fix thread-local AssemblerBuffer
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6f9503bb480411badefe27802aff3edc4dc131a9 https://github.com/WebKit/WebKit/commit/6f9503bb480411badefe27802aff3edc4dc131a9 Author: Yusuke Suzuki Date: 2024-03-08 (Fri, 08 Mar 2024) Changed paths: M Source/JavaScriptCore/assembler/AssemblerBuffer.cpp M Source/JavaScriptCore/assembler/AssemblerBuffer.h M Source/JavaScriptCore/assembler/LinkBuffer.h Log Message: --- [JSC] Fix thread-local AssemblerBuffer https://bugs.webkit.org/show_bug.cgi?id=270642 rdar://124221850 Reviewed by Keith Miller. ARM64EHash broke thread-local AssemblerBuffer mechanism since it took the ownership of AssemblerData (not AssemblerBuffer) from MacroAssembler to LinkBuffer. So when destroying AssemblerBuffer, its underlying AssemblerData is always zero-sized. This broke thread-local AssemblerBuffer mechanism. This patch fixes it by 1. Moving thread-local AssemblerData access code from AssemblerBuffer to AssemblerData. 2. Tagging AssemblerData with enum class AssemblerDataType to specify which thread-local should be used. * Source/JavaScriptCore/assembler/AssemblerBuffer.cpp: (JSC::threadSpecificAssemblerHashes): * Source/JavaScriptCore/assembler/AssemblerBuffer.h: (JSC::AssemblerDataImpl::AssemblerDataImpl): (JSC::AssemblerDataImpl::operator=): (JSC::AssemblerDataImpl::takeBufferIfLarger): (JSC::AssemblerDataImpl::~AssemblerDataImpl): (JSC::AssemblerBuffer::AssemblerBuffer): (JSC::AssemblerBuffer::~AssemblerBuffer): (JSC::AssemblerBuffer::releaseAssemblerHashes): (JSC::AssemblerData::AssemblerData): Deleted. (JSC::AssemblerData::operator=): Deleted. (JSC::AssemblerData::takeBufferIfLarger): Deleted. (JSC::AssemblerData::~AssemblerData): Deleted. (JSC::AssemblerData::clear): Deleted. (JSC::AssemblerData::buffer const): Deleted. (JSC::AssemblerData::capacity const): Deleted. (JSC::AssemblerData::grow): Deleted. (JSC::AssemblerData::isInlineBuffer const): Deleted. * Source/JavaScriptCore/assembler/LinkBuffer.h: Canonical link: https://commits.webkit.org/275845@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3feec6: [JSC] Combine FTL code generation into one
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3feec6ad3154fd9e99b455a8d5e9609402b6602f https://github.com/WebKit/WebKit/commit/3feec6ad3154fd9e99b455a8d5e9609402b6602f Author: Yusuke Suzuki Date: 2024-03-08 (Fri, 08 Mar 2024) Changed paths: M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/b3/air/AirDisassembler.cpp M Source/JavaScriptCore/ftl/FTLCompile.cpp R Source/JavaScriptCore/ftl/FTLGeneratedFunction.h M Source/JavaScriptCore/ftl/FTLJITCode.cpp M Source/JavaScriptCore/ftl/FTLJITCode.h M Source/JavaScriptCore/ftl/FTLJITFinalizer.h M Source/JavaScriptCore/ftl/FTLLink.cpp M Source/JavaScriptCore/ftl/FTLState.h Log Message: --- [JSC] Combine FTL code generation into one https://bugs.webkit.org/show_bug.cgi?id=270684 rdar://124259821 Reviewed by Justin Michaud. This patch simplifies FTL code generation. Previously we were always generating two codes, one for normal code and one for arity check etc. But just generating both into one is easy and simple. This patch cleans up around it and use of LinkBuffer / AssemblerData etc. gets simplified. Originally we were doing so since FTL part is generated by LLVM, and we generate arity check as a separate code, but now both are generated by JSC's JIT compiler. So we do not need to separate them. * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/b3/air/AirDisassembler.cpp: (JSC::B3::Air::Disassembler::dump): * Source/JavaScriptCore/ftl/FTLCompile.cpp: (JSC::FTL::compile): * Source/JavaScriptCore/ftl/FTLGeneratedFunction.h: Removed. * Source/JavaScriptCore/ftl/FTLJITCode.cpp: (JSC::FTL::JITCode::~JITCode): (JSC::FTL::JITCode::initializeAddressForArityCheck): (JSC::FTL::JITCode::addressForCall): (JSC::FTL::JITCode::initializeArityCheckEntrypoint): Deleted. * Source/JavaScriptCore/ftl/FTLJITCode.h: * Source/JavaScriptCore/ftl/FTLJITFinalizer.h: * Source/JavaScriptCore/ftl/FTLLink.cpp: (JSC::FTL::link): * Source/JavaScriptCore/ftl/FTLState.h: Canonical link: https://commits.webkit.org/275868@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3795d9: Optimize text layout in text heavy web pages
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3795d9da24e4418ea3ed7f191e56e390738c6dac https://github.com/WebKit/WebKit/commit/3795d9da24e4418ea3ed7f191e56e390738c6dac Author: Yusuke Suzuki Date: 2024-03-12 (Tue, 12 Mar 2024) Changed paths: M Source/WebCore/layout/formattingContexts/inline/text/TextUtil.cpp M Source/WebCore/platform/graphics/FontCascade.cpp M Source/WebCore/platform/graphics/FontCascade.h M Source/WebCore/platform/graphics/WidthCache.h Log Message: --- Optimize text layout in text heavy web pages https://bugs.webkit.org/show_bug.cgi?id=270612 rdar://problem/124177964 Reviewed by Chris Dumez. This patch applies several changes. 1. isStrongDirectionalityCharacter is not used when the characters are 8Bit. We should apply isLatin1 fast path as the same to the caller. u_charDirection is ICU function and it is quite slow. 2. Move non-cach-hitting part of FontCascade::widthForSimpleText to FontCascade::widthForSimpleTextSlow. It has GlyphBuffer, and it has huge stack size. Let's extract the cache-hitting fast path from this function and avoid putting this on the stack. 3. This patch optimizes WidthCache. 3.1. We do not need to check MemoryPressureHandler status unless we extend the cache. 3.2. Since SmallStringKey's string size is small, we can make it much more like non-variable-length data and make it super fast. This patch changes the layout of SmallStringKey a bit so that we hold characters in std::array. So, comparison becomes `std::array == std::array` and because it is 32-bytes (16 size is picked for that), comparison gets done in a bulk style (e.g. 4 characters at once) automatically via compiler and it becomes super fast. By combining hash and length into one unsigned, we keep std::pair 40-bytes. 3.3. We also use WYHash for SmallStringKey's hashing. Plus, we now always hash all 16 characters (and if it is smaller than 16, then zeros follow). WYHash::computeHashAndMaskTop8Bits can see constant 16 size, so hashing gets done in a extremely fast way without branches (since now the size is always 16). Also, 16 is good number for WYHash since it can do 8-length hashing in a bulk way. 3.4. Making empty value of SmallStringKey zero. This allows HashMap to initialize newly rehashed table with zeroed-malloc. * Source/WebCore/layout/formattingContexts/inline/text/TextUtil.cpp: (WebCore::Layout::TextUtil::isStrongDirectionalityCharacter): * Source/WebCore/platform/graphics/FontCascade.cpp: (WebCore::FontCascade::widthForSimpleTextSlow const): (WebCore::addGlyphsFromText): Deleted. (WebCore::FontCascade::widthForSimpleText const): Deleted. * Source/WebCore/platform/graphics/FontCascade.h: (WebCore::FontCascade::widthForSimpleText const): * Source/WebCore/platform/graphics/WidthCache.h: (WebCore::WidthCache::SmallStringKey::capacity): (WebCore::WidthCache::SmallStringKey::SmallStringKey): (WebCore::WidthCache::SmallStringKey::characters const): (WebCore::WidthCache::SmallStringKey::length const): (WebCore::WidthCache::SmallStringKey::hash const): (WebCore::WidthCache::SmallStringKey::isHashTableDeletedValue const): (WebCore::WidthCache::SmallStringKey::isHashTableEmptyValue const): (WebCore::WidthCache::add): (WebCore::WidthCache::addSlowCase): (WebCore::operator==): Deleted. Canonical link: https://commits.webkit.org/275987@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 50f118: [WebCore] Optimize WidthCache further
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 50f118c27cfa82d3409c1ea3addf2aa07d2904d7 https://github.com/WebKit/WebKit/commit/50f118c27cfa82d3409c1ea3addf2aa07d2904d7 Author: Yusuke Suzuki Date: 2024-03-13 (Wed, 13 Mar 2024) Changed paths: M Source/WTF/wtf/HashTraits.h M Source/WebCore/platform/graphics/WidthCache.h Log Message: --- [WebCore] Optimize WidthCache further https://bugs.webkit.org/show_bug.cgi?id=270901 rdar://124512596 Reviewed by Ryosuke Niwa. This patch further optimizes WidthCache. 1. Ensure that SmallStringKey constructor is always inlined. 2. Add copySmallCharacters. We know that this string is <= 16, very small. Just doing for-loop is faster for this level of size. 3. Add FloatWithZeroEmptyKeyHashTraits. float / double uses infinity for empty value. But this means that we cannot use zeroed empty value for HashMap even though T's empty value is zero. We add FloatWithZeroEmptyKeyHashTraits which uses 0 for empty value, so that we can ensure that KeyValuePair's empty value is zero. Also, using character + 1 for key in SingleCharMap so that it can make empty value zero too. * Source/WTF/wtf/HashTraits.h: (WTF::FloatWithZeroEmptyKeyHashTraits::emptyValue): (WTF::FloatWithZeroEmptyKeyHashTraits::constructDeletedValue): (WTF::FloatWithZeroEmptyKeyHashTraits::isDeletedValue): * Source/WebCore/platform/graphics/WidthCache.h: (WebCore::WidthCache::SmallStringKey::SmallStringKey): (WebCore::WidthCache::SmallStringKey::copySmallCharacters): (WebCore::WidthCache::addSlowCase): Canonical link: https://commits.webkit.org/276034@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] dd7d67: [JSC] Mask should exclude blob URLs too
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: dd7d672f5a8997de022980824ed350a3c9ff03e9 https://github.com/WebKit/WebKit/commit/dd7d672f5a8997de022980824ed350a3c9ff03e9 Author: Yusuke Suzuki Date: 2024-03-13 (Wed, 13 Mar 2024) Changed paths: M Source/JavaScriptCore/runtime/StackFrame.cpp Log Message: --- [JSC] Mask should exclude blob URLs too https://bugs.webkit.org/show_bug.cgi?id=270947 rdar://124564230 Reviewed by Timothy Hatcher. We observed performance issues that masking includes blob URLs. http / https are excluded in 252253@main to avoid performance issues for Error.stack. We should exclude blob too. * Source/JavaScriptCore/runtime/StackFrame.cpp: (JSC::processSourceURL): Canonical link: https://commits.webkit.org/276071@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] c5e2f6: [WTF] Make Assertion inlined
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: c5e2f6fceb7fa508c026286a412a8b3b01c7f0c0 https://github.com/WebKit/WebKit/commit/c5e2f6fceb7fa508c026286a412a8b3b01c7f0c0 Author: Yusuke Suzuki Date: 2024-03-14 (Thu, 14 Mar 2024) Changed paths: M Source/WTF/wtf/Assertions.cpp M Source/WTF/wtf/Assertions.h Log Message: --- [WTF] Make Assertion inlined https://bugs.webkit.org/show_bug.cgi?id=270952 rdar://124569636 Reviewed by Keith Miller. This inlined function with optnone is originally introduced in 203263@main to fix internal build failures. But these affected code no longer exists. This patch makes WTFCrashWithInfo completely inlined function with appropriate inline asm so that we can make caller of them optimized. * Source/WTF/wtf/Assertions.h: Canonical link: https://commits.webkit.org/276095@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 416a9c: [JSC] Remove JSValue Gigacage and donate region to...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 416a9ccb3e0c77d9dccdf2d10689ba7c98b1738b https://github.com/WebKit/WebKit/commit/416a9ccb3e0c77d9dccdf2d10689ba7c98b1738b Author: Yusuke Suzuki Date: 2024-03-14 (Thu, 14 Mar 2024) Changed paths: M Source/JavaScriptCore/API/MarkedJSValueRefArray.cpp M Source/JavaScriptCore/API/MarkedJSValueRefArray.h M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp M Source/JavaScriptCore/heap/Heap.cpp M Source/JavaScriptCore/heap/Heap.h M Source/JavaScriptCore/jsc.cpp M Source/JavaScriptCore/llint/LowLevelInterpreter.asm M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm M Source/JavaScriptCore/runtime/ArgList.cpp M Source/JavaScriptCore/runtime/ArgList.h M Source/JavaScriptCore/runtime/ButterflyInlines.h M Source/JavaScriptCore/runtime/HashMapImpl.h M Source/JavaScriptCore/runtime/JSArray.cpp M Source/JavaScriptCore/runtime/JSArray.h M Source/JavaScriptCore/runtime/JSImmutableButterfly.h M Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp M Source/JavaScriptCore/runtime/ScopedArguments.cpp M Source/JavaScriptCore/runtime/StructureChain.cpp M Source/JavaScriptCore/runtime/VM.h M Source/JavaScriptCore/runtime/WeakMapImpl.h M Source/JavaScriptCore/runtime/WeakMapImplInlines.h M Source/JavaScriptCore/tools/Integrity.cpp M Source/WTF/WTF.xcodeproj/project.pbxproj M Source/WTF/wtf/CMakeLists.txt M Source/WTF/wtf/Gigacage.h R Source/WTF/wtf/JSValueMalloc.cpp M Source/WTF/wtf/JSValueMalloc.h M Source/bmalloc/bmalloc/Gigacage.cpp M Source/bmalloc/bmalloc/Gigacage.h M Source/bmalloc/bmalloc/GigacageKind.h M Source/bmalloc/bmalloc/HeapKind.h M Source/bmalloc/bmalloc/bmalloc.cpp Log Message: --- [JSC] Remove JSValue Gigacage and donate region to Primitive Gigacage on iOS https://bugs.webkit.org/show_bug.cgi?id=271006 rdar://124638480 Reviewed by Justin Michaud. This patch removes JSValue gigacage since we no longer see much value on this. And we donate the reserved region to Primitive Gigacage on iOS. * Source/JavaScriptCore/API/MarkedJSValueRefArray.cpp: (JSC::MarkedJSValueRefArray::MarkedJSValueRefArray): * Source/JavaScriptCore/API/MarkedJSValueRefArray.h: * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::InlineCacheCompiler::generateImpl): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::emitAllocateRawObject): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compileCreateClonedArguments): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileCreateClonedArguments): (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq): * Source/JavaScriptCore/heap/Heap.cpp: (JSC::Heap::Heap): * Source/JavaScriptCore/heap/Heap.h: (JSC::Heap::gigacageAuxiliarySpace): * Source/JavaScriptCore/jsc.cpp: (JSC_DEFINE_HOST_FUNCTION): * Source/JavaScriptCore/llint/LowLevelInterpreter.asm: * Source/JavaScriptCore/llint/LowLevelInterpreter64.asm: * Source/JavaScriptCore/runtime/ArgList.cpp: (JSC::MarkedVectorBase::expandCapacity): * Source/JavaScriptCore/runtime/ArgList.h: * Source/JavaScriptCore/runtime/ButterflyInlines.h: (JSC::Butterfly::tryCreateUninitialized): (JSC::Butterfly::createUninitialized): (JSC::Butterfly::tryCreate): (JSC::Butterfly::growArrayRight): (JSC::Butterfly::reallocArrayRightIfPossible): * Source/JavaScriptCore/runtime/HashMapImpl.h: (JSC::HashMapBuffer::tryCreate): * Source/JavaScriptCore/runtime/JSArray.cpp: (JSC::JSArray::tryCreateUninitializedRestricted): * Source/JavaScriptCore/runtime/JSArray.h: (JSC::JSArray::tryCreate): * Source/JavaScriptCore/runtime/JSImmutableButterfly.h: (JSC::JSImmutableButterfly::subspaceFor): * Source/JavaScriptCore/runtime/JSPropertyNameEnumerator.cpp: (JSC::JSPropertyNameEnumerator::create): * Source/JavaScriptCore/runtime/ScopedArguments.cpp: (JSC::ScopedArguments::createUninitialized): * Source/JavaScriptCore/runtime/StructureChain.cpp: (JSC::StructureChain::create): * Source/JavaScriptCore/runtime/VM.h: (JSC::VM::auxiliarySpace): (JSC::VM::immutableButterflyAuxiliarySpace): (JSC::VM::jsValueGigacageAuxiliarySpace): Deleted. (JSC::VM::immutableButterflyJSValueGigacageAuxiliarySpace): Deleted. * Source/JavaScriptCore/tools/Integrity.cpp: (JSC::Integrity::Analyzer::analyzeCell): * Source/WTF/WTF.xcodeproj/project.pbxproj: * Source/WTF/wtf/CMakeLists.txt: * Source/WTF/wtf/Gigacage.h: (Gigacage::name): * Source/WTF/wtf/JSValueMalloc.cpp: Removed. * Source/WTF/wtf/JSValueMalloc.h: (WTF::JSValueMalloc::malloc): Deleted. (WTF::JSValueMalloc::tryMalloc): Deleted. (WTF::JSValueMalloc::realloc): Deleted. (WTF::JSValueMalloc::free): Deleted. * Source/bmalloc/bmalloc/Gigacage.cpp
[webkit-changes] [WebKit/WebKit] a4e05b: [JSC] Rename Wasm B3 to Wasm OMG
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a4e05b243d9a86ac7326473a9282e3c771bd0380 https://github.com/WebKit/WebKit/commit/a4e05b243d9a86ac7326473a9282e3c771bd0380 Author: Yusuke Suzuki Date: 2024-03-16 (Sat, 16 Mar 2024) Changed paths: M Source/JavaScriptCore/CMakeLists.txt M Source/JavaScriptCore/DerivedSources-input.xcfilelist M Source/JavaScriptCore/DerivedSources-output.xcfilelist M Source/JavaScriptCore/DerivedSources.make M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/b3/B3Value.cpp M Source/JavaScriptCore/runtime/OptionsList.h R Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp R Source/JavaScriptCore/wasm/WasmB3IRGenerator.h M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp A Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp A Source/JavaScriptCore/wasm/WasmOMGIRGenerator.h M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp M Source/JavaScriptCore/wasm/WasmPlan.h M Source/JavaScriptCore/wasm/WasmThunks.cpp R Source/JavaScriptCore/wasm/generateWasmB3IRGeneratorInlinesHeader.py A Source/JavaScriptCore/wasm/generateWasmOMGIRGeneratorInlinesHeader.py M Source/JavaScriptCore/wasm/js/JSToWasm.h M Source/JavaScriptCore/wasm/js/WasmToJS.cpp Log Message: --- [JSC] Rename Wasm B3 to Wasm OMG https://bugs.webkit.org/show_bug.cgi?id=27 rdar://124783782 Reviewed by Keith Miller. Now Wasm BBQ never uses B3. Let's say Wasm OMG instead of Wasm B3. * Source/JavaScriptCore/CMakeLists.txt: * Source/JavaScriptCore/DerivedSources-input.xcfilelist: * Source/JavaScriptCore/DerivedSources-output.xcfilelist: * Source/JavaScriptCore/DerivedSources.make: * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/b3/B3Value.cpp: (JSC::B3::Value::generateCompilerConstructionSite): * Source/JavaScriptCore/wasm/WasmBBQJIT.cpp: * Source/JavaScriptCore/wasm/WasmBBQJIT32_64.cpp: * Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp: * Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp: Renamed from Source/JavaScriptCore/wasm/WasmB3IRGenerator.cpp. (dumpProcedure): (JSC::Wasm::OMGIRGenerator::ControlData::ControlData): (JSC::Wasm::OMGIRGenerator::ControlData::isIf): (JSC::Wasm::OMGIRGenerator::ControlData::isTry): (JSC::Wasm::OMGIRGenerator::ControlData::isAnyCatch): (JSC::Wasm::OMGIRGenerator::ControlData::isTopLevel): (JSC::Wasm::OMGIRGenerator::ControlData::isLoop): (JSC::Wasm::OMGIRGenerator::ControlData::isBlock): (JSC::Wasm::OMGIRGenerator::ControlData::isCatch): (JSC::Wasm::OMGIRGenerator::ControlData::dump const): (JSC::Wasm::OMGIRGenerator::ControlData::blockType const): (JSC::Wasm::OMGIRGenerator::ControlData::signature const): (JSC::Wasm::OMGIRGenerator::ControlData::hasNonVoidresult const): (JSC::Wasm::OMGIRGenerator::ControlData::targetBlockForBranch): (JSC::Wasm::OMGIRGenerator::ControlData::convertIfToBlock): (JSC::Wasm::OMGIRGenerator::ControlData::convertTryToCatch): (JSC::Wasm::OMGIRGenerator::ControlData::convertTryToCatchAll): (JSC::Wasm::OMGIRGenerator::ControlData::branchTargetArity const): (JSC::Wasm::OMGIRGenerator::ControlData::branchTargetType const): (JSC::Wasm::OMGIRGenerator::ControlData::tryStart const): (JSC::Wasm::OMGIRGenerator::ControlData::tryEnd const): (JSC::Wasm::OMGIRGenerator::ControlData::tryDepth const): (JSC::Wasm::OMGIRGenerator::ControlData::catchKind const): (JSC::Wasm::OMGIRGenerator::ControlData::exception const): (JSC::Wasm::OMGIRGenerator::ControlData::stackSize const): (JSC::Wasm::OMGIRGenerator::emptyExpression): (JSC::Wasm::OMGIRGenerator::fail const): (JSC::Wasm::OMGIRGenerator::advanceCallSiteIndex): (JSC::Wasm::OMGIRGenerator::callSiteIndex const): (JSC::Wasm::OMGIRGenerator::notifyFunctionUsesSIMD): (JSC::Wasm::OMGIRGenerator::addConstant): (JSC::Wasm::OMGIRGenerator::addExtractLane): (JSC::Wasm::OMGIRGenerator::addReplaceLane): (JSC::Wasm::OMGIRGenerator::addSIMDI_V): (JSC::Wasm::OMGIRGenerator::addSIMDV_V): (JSC::Wasm::OMGIRGenerator::addSIMDBitwiseSelect): (JSC::Wasm::OMGIRGenerator::addSIMDRelOp): (JSC::Wasm::OMGIRGenerator::fixupOutOfBoundsIndicesForSwizzle): (JSC::Wasm::OMGIRGenerator::addSIMDV_VV): (JSC::Wasm::OMGIRGenerator::addSIMDRelaxedFMA): (JSC::Wasm::OMGIRGenerator::addEndToUnreachable): (JSC::Wasm::OMGIRGenerator::endTopLevel): (JSC::Wasm::OMGIRGenerator::setParser): (JSC::Wasm::OMGIRGenerator::willParseOpcode): (JSC::Wasm::OMGIRGenerator::didParseOpcode): (JSC::Wasm::OMGIRGenerator::didFinishParsingLocals): (JSC::Wasm::OMGIRGenerator::didPopValueFromStack): (JSC::Wasm::OMGIRGenerator::getTypeDefinition): (JSC::Wasm::OMGIRGenerator::addStackMap): (JSC::Wasm::OMGIRGenerator::takeStackmaps): (JSC::Wasm::OMGIRGene
[webkit-changes] [WebKit/WebKit] 6f6701: [WebCore] Use fast bitset iteration for Style Buil...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6f670174ddc808f8b33835f906a779b27236e8a4 https://github.com/WebKit/WebKit/commit/6f670174ddc808f8b33835f906a779b27236e8a4 Author: Yusuke Suzuki Date: 2024-03-18 (Mon, 18 Mar 2024) Changed paths: M Source/WTF/wtf/BitSet.h M Source/WebCore/style/PropertyCascade.cpp M Source/WebCore/style/PropertyCascade.h M Source/WebCore/style/StyleBuilder.cpp M Tools/TestWebKitAPI/Tests/WTF/BitSet.cpp Log Message: --- [WebCore] Use fast bitset iteration for Style Builder::applyPropertiesImpl https://bugs.webkit.org/show_bug.cgi?id=271100 rdar://124722402 Reviewed by Antti Koivisto. While top-priority / high-priority CSS properties are limited, more than 300 low-priority CSS properties exist. And we are doing very naive iteration for that in Builder::applyPropertiesImpl. Given that only low-priority CSS properties are huge and it is placed at the end of bitset, let's just use super fast bitset iteration instead of doing naive loop. * Source/WTF/wtf/BitSet.h: (WTF::WordType>::forEachSetBit const): * Source/WebCore/style/PropertyCascade.cpp: (WebCore::Style::PropertyCascade::set): * Source/WebCore/style/PropertyCascade.h: (WebCore::Style::PropertyCascade::isEmpty const): (WebCore::Style::PropertyCascade::propertyIsPresent): (WebCore::Style::PropertyCascade::propertyIsPresent const): (WebCore::Style::PropertyCascade::hasNormalProperty const): * Source/WebCore/style/StyleBuilder.cpp: (WebCore::Style::Builder::applyPropertiesImpl): * Tools/TestWebKitAPI/Tests/WTF/BitSet.cpp: (TestWebKitAPI::testBitSetForEachSetBitWithStartIndex): (TestWebKitAPI::TEST): Canonical link: https://commits.webkit.org/276280@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 1dbb4d: [JSC] Simplify BaselineCallLinkInfo by not setting...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1dbb4d47a17bf9214dbea275fe54e156f6a8d0e6 https://github.com/WebKit/WebKit/commit/1dbb4d47a17bf9214dbea275fe54e156f6a8d0e6 Author: Yusuke Suzuki Date: 2024-03-18 (Mon, 18 Mar 2024) Changed paths: M Source/JavaScriptCore/bytecode/CallLinkInfo.cpp M Source/JavaScriptCore/bytecode/CallLinkInfo.h M Source/JavaScriptCore/bytecode/CallLinkStatus.cpp M Source/JavaScriptCore/bytecode/CodeBlock.cpp M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/bytecode/Repatch.cpp M Source/JavaScriptCore/dfg/DFGJITCompiler.cpp M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp M Source/JavaScriptCore/jit/BaselineJITCode.cpp M Source/JavaScriptCore/jit/BaselineJITCode.h M Source/JavaScriptCore/jit/JIT.cpp M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp M Source/JavaScriptCore/wasm/js/WasmToJS.cpp Log Message: --- [JSC] Simplify BaselineCallLinkInfo by not setting doneLocation https://bugs.webkit.org/show_bug.cgi?id=271107 rdar://124739833 Reviewed by Justin Michaud. This patch makes CodeBlock::setupWithUnlinkedBaselineCode and BaselineCallLinkInfo simpler by not setting doneLocation. CallLinkInfo's doneLocation for Baseline JIT is collected during compilation, and it is used only by DFG OSR exit compiler. We can just keep it in BaselineJITCode and use it instead of storing it in BaselineCallLinkInfo. * Source/JavaScriptCore/bytecode/CallLinkInfo.cpp: (JSC::CallLinkInfo::doneLocationIfExists): (JSC::CallLinkInfo::doneLocation): Deleted. * Source/JavaScriptCore/bytecode/CallLinkInfo.h: (JSC::UnlinkedCallLinkInfo::setDoneLocation): (JSC::UnlinkedCallLinkInfo::setCodeLocations): Deleted. * Source/JavaScriptCore/bytecode/CallLinkStatus.cpp: (JSC::CallLinkStatus::computeFor): * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::setupWithUnlinkedBaselineCode): * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::InlineCacheCompiler::generateImpl): (JSC::InlineCacheCompiler::emitProxyObjectAccess): * Source/JavaScriptCore/bytecode/Repatch.cpp: (JSC::linkPolymorphicCall): * Source/JavaScriptCore/dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::link): * Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp: (JSC::DFG::callerReturnPC): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq): * Source/JavaScriptCore/jit/BaselineJITCode.cpp: (JSC::BaselineJITCode::getCallLinkDoneLocationForBytecodeIndex const): (JSC::BaselineJITCode::~BaselineJITCode): Deleted. * Source/JavaScriptCore/jit/BaselineJITCode.h: * Source/JavaScriptCore/jit/JIT.cpp: (JSC::JIT::link): * Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp: (JSC::PolymorphicCallNode::unlinkOrUpgradeImpl): * Source/JavaScriptCore/wasm/js/WasmToJS.cpp: (JSC::Wasm::wasmToJS): Canonical link: https://commits.webkit.org/276292@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 35b903: [JSC] Remove no-longer-used LLInt -> OMG tiering u...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 35b9037171bb6b1e4fba5754093baac2286a1321 https://github.com/WebKit/WebKit/commit/35b9037171bb6b1e4fba5754093baac2286a1321 Author: Yusuke Suzuki Date: 2024-03-18 (Mon, 18 Mar 2024) Changed paths: M JSTests/wasm/stress/simd-unreachable.js M JSTests/wasm/v8/adapter-frame.js M JSTests/wasm/v8/add-getters.js M JSTests/wasm/v8/anyfunc.js M JSTests/wasm/v8/array-copy-benchmark.js M JSTests/wasm/v8/array-init-from-segment.js M JSTests/wasm/v8/asm-wasm-copy.js M JSTests/wasm/v8/asm-wasm-deopt.js M JSTests/wasm/v8/asm-wasm-exception-in-tonumber.js M JSTests/wasm/v8/asm-wasm-expr.js M JSTests/wasm/v8/asm-wasm-f32.js M JSTests/wasm/v8/asm-wasm-f64.js M JSTests/wasm/v8/asm-wasm-heap.js M JSTests/wasm/v8/asm-wasm-i32.js M JSTests/wasm/v8/asm-wasm-imports.js M JSTests/wasm/v8/asm-wasm-literals.js M JSTests/wasm/v8/asm-wasm-math-intrinsic.js M JSTests/wasm/v8/asm-wasm-memory.js M JSTests/wasm/v8/asm-wasm-names.js M JSTests/wasm/v8/asm-wasm-stack.js M JSTests/wasm/v8/asm-wasm-stdlib.js M JSTests/wasm/v8/asm-wasm-switch.js M JSTests/wasm/v8/asm-wasm-u32.js M JSTests/wasm/v8/asm-wasm.js M JSTests/wasm/v8/asm-with-wasm-off.js M JSTests/wasm/v8/atomics-non-shared.js M JSTests/wasm/v8/atomics-stress.js M JSTests/wasm/v8/atomics.js M JSTests/wasm/v8/atomics64-stress.js M JSTests/wasm/v8/bigint-i64-to-imported-js-func.js M JSTests/wasm/v8/bigint-opt.js M JSTests/wasm/v8/bigint-rematerialize.js M JSTests/wasm/v8/bigint.js M JSTests/wasm/v8/bit-shift-right.js M JSTests/wasm/v8/bounds-check-64bit.js M JSTests/wasm/v8/bounds-check-turbofan.js M JSTests/wasm/v8/bulk-memory.js M JSTests/wasm/v8/call-ref.js M JSTests/wasm/v8/call_indirect.js M JSTests/wasm/v8/calls.js M JSTests/wasm/v8/code-space-overflow.js M JSTests/wasm/v8/committed-code-exhaustion.js M JSTests/wasm/v8/compare-exchange-stress.js M JSTests/wasm/v8/compare-exchange64-stress.js M JSTests/wasm/v8/compilation-hints-async-compilation.js M JSTests/wasm/v8/compilation-hints-decoder.js M JSTests/wasm/v8/compilation-hints-ignored.js M JSTests/wasm/v8/compilation-hints-lazy-validation.js M JSTests/wasm/v8/compilation-hints-streaming-compilation.js M JSTests/wasm/v8/compilation-hints-streaming-lazy-validation.js M JSTests/wasm/v8/compilation-hints-sync-compilation.js M JSTests/wasm/v8/compilation-limits-asm.js M JSTests/wasm/v8/compilation-limits.js M JSTests/wasm/v8/compiled-module-management.js M JSTests/wasm/v8/compiled-module-serialization.js M JSTests/wasm/v8/data-segments.js M JSTests/wasm/v8/disable-trap-handler.js M JSTests/wasm/v8/disallow-codegen.js M JSTests/wasm/v8/divrem-trap.js M JSTests/wasm/v8/element-segments-with-reftypes.js M JSTests/wasm/v8/empirical_max_memory.js M JSTests/wasm/v8/ensure-wasm-binaries-up-to-date.js M JSTests/wasm/v8/errors.js M JSTests/wasm/v8/export-global.js M JSTests/wasm/v8/export-identity.js M JSTests/wasm/v8/export-mutable-global.js M JSTests/wasm/v8/export-table.js M JSTests/wasm/v8/expose-wasm.js M JSTests/wasm/v8/extended-constants.js M JSTests/wasm/v8/externref-globals.js M JSTests/wasm/v8/externref-table.js M JSTests/wasm/v8/externref.js M JSTests/wasm/v8/ffi-error.js M JSTests/wasm/v8/ffi.js M JSTests/wasm/v8/float-constant-folding.js M JSTests/wasm/v8/function-names.js M JSTests/wasm/v8/function-prototype.js M JSTests/wasm/v8/futex.js M JSTests/wasm/v8/gc-buffer.js M JSTests/wasm/v8/gc-casts-from-any.js M JSTests/wasm/v8/gc-casts-invalid.js M JSTests/wasm/v8/gc-casts-subtypes.js M JSTests/wasm/v8/gc-experimental-string-conversions.js M JSTests/wasm/v8/gc-experiments.js M JSTests/wasm/v8/gc-frame.js M JSTests/wasm/v8/gc-js-interop-async-debugger.js M JSTests/wasm/v8/gc-js-interop-collections.js M JSTests/wasm/v8/gc-js-interop-export.mjs M JSTests/wasm/v8/gc-js-interop-global-constructors.js M JSTests/wasm/v8/gc-js-interop-import.mjs M JSTests/wasm/v8/gc-js-interop-numeric.js M JSTests/wasm/v8/gc-js-interop-objects.js M JSTests/wasm/v8/gc-js-interop-wasm.js M JSTests/wasm/v8/gc-js-interop.js M JSTests/wasm/v8/gc-memory.js M JSTests/wasm/v8/gc-nominal.js M JSTests/wasm/v8/gc-optimizations.js M JSTests/wasm/v8/gc-stress.js M JSTests/wasm/v8/gc-typecheck-reducer.js M JSTests/wasm/v8/gdbjit.js M JSTests/wasm/v8/generic-wrapper.js M JSTests/wasm/v8/globals-import-export-identity.js M JSTests/wasm/v8/globals.js M JSTests/wasm/v8/graceful_shutdown.js M JSTests/wasm/v8/graceful_shutdown_during_tierup.js M JSTests/wasm/v8/grow-huge-memory.js M JSTests/wasm/v8/grow-memory-detaching.js M JSTests/wasm/v8/grow-memory-in
[webkit-changes] [WebKit/WebKit] 5e89c8: Unreviewed, build fix after 271819@main
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 5e89c8df137e7af2bf2e6054285d8e14e82b https://github.com/WebKit/WebKit/commit/5e89c8df137e7af2bf2e6054285d8e14e82b Author: Yusuke Suzuki Date: 2024-03-18 (Mon, 18 Mar 2024) Changed paths: M Source/JavaScriptCore/jit/JITCode.h Log Message: --- Unreviewed, build fix after 271819@main https://bugs.webkit.org/show_bug.cgi?id=271211 rdar://124987262 * Source/JavaScriptCore/jit/JITCode.h: Canonical link: https://commits.webkit.org/276330@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 56adf0: Unreviewed, build fix with newer SDK
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 56adf027a1d840309275e10a51ac990808f8775c https://github.com/WebKit/WebKit/commit/56adf027a1d840309275e10a51ac990808f8775c Author: Yusuke Suzuki Date: 2024-03-19 (Tue, 19 Mar 2024) Changed paths: M Source/WebKit/WebKitSwift/GroupActivities/GroupSession.swift Log Message: --- Unreviewed, build fix with newer SDK https://bugs.webkit.org/show_bug.cgi?id=271267 rdar://125035625 * Source/WebKit/WebKitSwift/GroupActivities/GroupSession.swift: Canonical link: https://commits.webkit.org/276365@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6165ff: [JSC] Keep builtin UnlinkedFunctionExecutable
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6165ff108d4cb0a08d1989951f6af78efa5644e4 https://github.com/WebKit/WebKit/commit/6165ff108d4cb0a08d1989951f6af78efa5644e4 Author: Yusuke Suzuki Date: 2024-03-20 (Wed, 20 Mar 2024) Changed paths: M Source/JavaScriptCore/builtins/BuiltinExecutables.cpp M Source/JavaScriptCore/builtins/BuiltinExecutables.h M Source/JavaScriptCore/heap/Heap.cpp M Source/JavaScriptCore/runtime/VM.cpp Log Message: --- [JSC] Keep builtin UnlinkedFunctionExecutable https://bugs.webkit.org/show_bug.cgi?id=271324 rdar://125101756 Reviewed by Justin Michaud and Keith Miller. We found that they go away quickly when opening a new iframe etc., and as a result, we may parse and generate code again and again for very popular builtin functions in some cases. Let's keep them in a similar manner to CodeCache. And clear when CodeCache clearing gets requested. * Source/JavaScriptCore/builtins/BuiltinExecutables.cpp: (JSC::BuiltinExecutables::visitAggregateImpl): (JSC::BuiltinExecutables::clear): (JSC::BuiltinExecutables::finalizeUnconditionally): Deleted. * Source/JavaScriptCore/builtins/BuiltinExecutables.h: * Source/JavaScriptCore/heap/Heap.cpp: (JSC::Heap::finalizeUnconditionalFinalizers): * Source/JavaScriptCore/runtime/VM.cpp: (JSC::VM::deleteAllCode): (JSC::VM::visitAggregateImpl): Canonical link: https://commits.webkit.org/276432@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] e3afdb: Use BitSet for canUseSimplifiedTextMeasuring
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: e3afdb45b846457e5ae8d7b9a8e506fccf8f5cdd https://github.com/WebKit/WebKit/commit/e3afdb45b846457e5ae8d7b9a8e506fccf8f5cdd Author: Yusuke Suzuki Date: 2024-03-21 (Thu, 21 Mar 2024) Changed paths: M Source/WTF/WTF.xcodeproj/project.pbxproj M Source/WTF/wtf/CMakeLists.txt A Source/WTF/wtf/text/CharacterProperties.h M Source/WTF/wtf/text/StringCommon.h M Source/WebCore/Headers.cmake M Source/WebCore/WebCore.xcodeproj/project.pbxproj M Source/WebCore/layout/formattingContexts/inline/text/TextUtil.cpp M Source/WebCore/layout/layouttree/LayoutTreeBuilder.cpp M Source/WebCore/platform/graphics/ComplexTextController.cpp M Source/WebCore/platform/graphics/Font.cpp M Source/WebCore/platform/graphics/FontCascade.cpp M Source/WebCore/platform/graphics/FontCascade.h M Source/WebCore/platform/graphics/FontRanges.cpp M Source/WebCore/platform/graphics/GlyphPage.h M Source/WebCore/platform/graphics/WidthIterator.cpp M Source/WebCore/platform/graphics/cairo/FontCairoHarfbuzzNG.cpp M Source/WebCore/platform/graphics/coretext/FontCascadeCoreText.cpp M Source/WebCore/platform/graphics/freetype/FontSetCache.cpp M Source/WebCore/platform/graphics/freetype/GlyphPageTreeNodeFreeType.cpp M Source/WebCore/platform/graphics/skia/FontCacheSkia.cpp M Source/WebCore/platform/graphics/skia/FontCascadeSkia.cpp R Source/WebCore/platform/text/CharacterProperties.h M Source/WebCore/rendering/RenderText.cpp M Tools/TestWebKitAPI/CMakeLists.txt M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj A Tools/TestWebKitAPI/Tests/WTF/CharacterProperties.cpp Log Message: --- Use BitSet for canUseSimplifiedTextMeasuring https://bugs.webkit.org/show_bug.cgi?id=271347 rdar://125124560 Reviewed by Antti Koivisto. This patch adds canUseSimplifiedTextMeasuringForNormalVariantCache BitSet cache in FontCascade so that we do not need to query to GlyphData multiple times to obtain information about canUseSimplifiedTextMeasuring for Latin-1 characters. Since this is stored in FontCascade, we can continue using this cache even beyond multiple different RenderText. Furthermore, we apply using this function in TextUtil::width etc. We also move CharacterProperties.h to WTF, and adding Latin-1 fast path to make caching condition clear and querying function fast (isEmojiWithPresentationByDefault). * Source/WTF/WTF.xcodeproj/project.pbxproj: * Source/WTF/wtf/CMakeLists.txt: * Source/WTF/wtf/text/CharacterProperties.h: Renamed from Source/WebCore/platform/text/CharacterProperties.h. (WTF::isEmojiGroupCandidate): (WTF::isEmojiFitzpatrickModifier): (WTF::isVariationSelector): (WTF::isEmojiKeycapBase): (WTF::isEmojiRegionalIndicator): (WTF::isEmojiWithPresentationByDefault): (WTF::isEmojiModifierBase): (WTF::isDefaultIgnorableCodePoint): (WTF::isControlCharacter): (WTF::isPrivateUseAreaCharacter): * Source/WTF/wtf/text/StringCommon.h: (WTF::isLatin1): * Source/WebCore/Headers.cmake: * Source/WebCore/WebCore.xcodeproj/project.pbxproj: * Source/WebCore/layout/formattingContexts/inline/text/TextUtil.cpp: (WebCore::Layout::canUseSimplifiedTextMeasuringForCharacters): * Source/WebCore/layout/layouttree/LayoutTreeBuilder.cpp: (WebCore::Layout::canUseSimplifiedTextMeasuringForCharacters): * Source/WebCore/platform/graphics/ComplexTextController.cpp: * Source/WebCore/platform/graphics/Font.cpp: * Source/WebCore/platform/graphics/FontCascade.cpp: (WebCore::FontCascade::canUseSimplifiedTextMeasuring const): * Source/WebCore/platform/graphics/FontCascade.h: * Source/WebCore/platform/graphics/FontRanges.cpp: * Source/WebCore/platform/graphics/GlyphPage.h: (WebCore::GlyphPage::create): Deleted. (WebCore::GlyphPage::~GlyphPage): Deleted. (WebCore::GlyphPage::count): Deleted. (WebCore::GlyphPage::sizeForPageNumber): Deleted. (WebCore::GlyphPage::indexForCodePoint): Deleted. (WebCore::GlyphPage::pageNumberForCodePoint): Deleted. (WebCore::GlyphPage::startingCodePointInPageNumber): Deleted. (WebCore::GlyphPage::pageNumberIsUsedForArabic): Deleted. (WebCore::GlyphPage::glyphDataForCharacter const): Deleted. (WebCore::GlyphPage::glyphForCharacter const): Deleted. (WebCore::GlyphPage::glyphDataForIndex const): Deleted. (WebCore::GlyphPage::glyphForIndex const): Deleted. (WebCore::GlyphPage::colorGlyphTypeForIndex const): Deleted. (WebCore::GlyphPage::setGlyphForIndex): Deleted. (WebCore::GlyphPage::font const): Deleted. (WebCore::GlyphPage::GlyphPage): Deleted. * Source/WebCore/platform/graphics/WidthIterator.cpp: * Source/WebCore/platform/graphics/cairo/FontCairoHarfbuzzNG.cpp: * Source/WebCore/platform/graphics/coretext/FontCascadeCoreText.cpp: (WebCore::FontCascade::resolveEmojiPolicy): * Source/WebCore/platform/graphics/freetype/FontSetCache.cpp: * Source/WebCore/platform/graphics/freetype/GlyphPageTreeNodeFreeType.cpp: * Source/WebCore/platform/graphics
[webkit-changes] [WebKit/WebKit] 2645a1: [JSC] Emit dyld tracepoint to tell system profiler...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 2645a1e90e1c5a900b1df995cd44e6c29ee06ad6 https://github.com/WebKit/WebKit/commit/2645a1e90e1c5a900b1df995cd44e6c29ee06ad6 Author: Yusuke Suzuki Date: 2024-03-21 (Thu, 21 Mar 2024) Changed paths: M Source/JavaScriptCore/jit/ExecutableAllocator.cpp M Source/WTF/wtf/ByteOrder.h M Source/WTF/wtf/UUID.cpp M Source/WTF/wtf/UUID.h Log Message: --- [JSC] Emit dyld tracepoint to tell system profiler about JIT code region https://bugs.webkit.org/show_bug.cgi?id=271419 rdar://125196249 Reviewed by Justin Michaud. This patch emits fake dyld tracepoint which tells our system profiler (see SystemTracing.h) about JIT code region. We need to assign good UUID to this JIT code region. And since this is JIT code, each process has different JIT code. Thus, we create v5 UUID from process ID and namespace UUID and attach it to JIT code region. * Source/JavaScriptCore/jit/ExecutableAllocator.cpp: (JSC::initializeJITPageReservation): * Source/WTF/wtf/ByteOrder.h: (WTF::bswap64): * Source/WTF/wtf/UUID.cpp: (WTF::UUID::createVersion5): * Source/WTF/wtf/UUID.h: Canonical link: https://commits.webkit.org/276524@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] a50b78: [JSC] Add operationIteratorNextTryFast operation
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a50b7868a41768ffb322fd91113a0210dd67e005 https://github.com/WebKit/WebKit/commit/a50b7868a41768ffb322fd91113a0210dd67e005 Author: Yusuke Suzuki Date: 2024-03-22 (Fri, 22 Mar 2024) Changed paths: M Source/JavaScriptCore/jit/JITCall.cpp M Source/JavaScriptCore/jit/JITOperations.cpp M Source/JavaScriptCore/jit/JITOperations.h Log Message: --- [JSC] Add operationIteratorNextTryFast operation https://bugs.webkit.org/show_bug.cgi?id=271367 rdar://125151326 Reviewed by Keith Miller. This function is very hot since it is invoked for each iteration run for fast arrays. Let's make it extremely optimized: use JITOperations instead of slow path calls. * Source/JavaScriptCore/jit/JITCall.cpp: (JSC::JIT::emit_op_iterator_next): * Source/JavaScriptCore/jit/JITOperations.cpp: (JSC::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/jit/JITOperations.h: Canonical link: https://commits.webkit.org/276577@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6d24e0: [JSC] Avoid using snprintf in DatePrototype.cpp
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6d24e0d96b9e1ba2a9f9d0fee0a6f76fd78f0be5 https://github.com/WebKit/WebKit/commit/6d24e0d96b9e1ba2a9f9d0fee0a6f76fd78f0be5 Author: Yusuke Suzuki Date: 2024-03-22 (Fri, 22 Mar 2024) Changed paths: M Source/JavaScriptCore/runtime/DatePrototype.cpp Log Message: --- [JSC] Avoid using snprintf in DatePrototype.cpp https://bugs.webkit.org/show_bug.cgi?id=271490 rdar://125258271 Reviewed by Justin Michaud and Keith Miller. Clang is wrongly computing snprintf's potential size (https://github.com/llvm/llvm-project/issues/71320), and generating wrong error. But given that we already have efficient WTF String's mechanism, we should just use it instead of snprintf, slow and buggy. This patch converts DatePrototype.cpp's snprintf usage to our own makeString. * Source/JavaScriptCore/runtime/DatePrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): Canonical link: https://commits.webkit.org/276582@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 9fa177: [JSC] Generate PerfLog only when new JIT code is g...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 9fa177505bc5504ab887dc60b0019ce032ba25f2 https://github.com/WebKit/WebKit/commit/9fa177505bc5504ab887dc60b0019ce032ba25f2 Author: Yusuke Suzuki Date: 2024-03-23 (Sat, 23 Mar 2024) Changed paths: M Source/JavaScriptCore/assembler/LinkBuffer.cpp M Source/JavaScriptCore/assembler/LinkBuffer.h Log Message: --- [JSC] Generate PerfLog only when new JIT code is generated https://bugs.webkit.org/show_bug.cgi?id=271515 rdar://125280914 Reviewed by Justin Michaud. Do not count code rewriting as new JIT code generation in PerfLog's JITDump. * Source/JavaScriptCore/assembler/LinkBuffer.cpp: (JSC::LinkBuffer::logJITCodeForPerf): * Source/JavaScriptCore/assembler/LinkBuffer.h: (JSC::LinkBuffer::LinkBuffer): Canonical link: https://commits.webkit.org/276592@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 6aefea: Use NodeName and Namespace in CSS JIT
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 6aefea97977e9843bddcd473b491014f7622795e https://github.com/WebKit/WebKit/commit/6aefea97977e9843bddcd473b491014f7622795e Author: Yusuke Suzuki Date: 2024-03-25 (Mon, 25 Mar 2024) Changed paths: M Source/JavaScriptCore/assembler/MacroAssembler.h M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h M Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h M Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h M Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h M Source/WTF/wtf/PlatformEnable.h M Source/WebCore/cssjit/RegisterAllocator.h M Source/WebCore/cssjit/SelectorCompiler.cpp M Source/WebCore/dom/QualifiedName.h Log Message: --- Use NodeName and Namespace in CSS JIT https://bugs.webkit.org/show_bug.cgi?id=267671 rdar://121167170 Reviewed by Ryosuke Niwa and Justin Michaud. 1. Use NodeName in CSS JIT code generation. This is more efficient and we can reduce code size. 2. Drop Darwin ARMv7 CSS JIT since it is no longer used. 3. We adjust registers so that this patch removes weird configuration of Assemblers in CSS JIT (what registers are reserved etc.). * Source/JavaScriptCore/assembler/MacroAssembler.h: (JSC::MacroAssembler::patchableBranch16): * Source/JavaScriptCore/assembler/MacroAssemblerARM64.h: (JSC::MacroAssemblerARM64::branch16): (JSC::MacroAssemblerARM64::patchableBranch16): * Source/JavaScriptCore/assembler/MacroAssemblerARMv7.h: (JSC::MacroAssemblerARMv7::branch16): (JSC::MacroAssemblerARMv7::patchableBranch16): * Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h: (JSC::MacroAssemblerRISCV64::branch16): * Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::branch16): (JSC::MacroAssemblerX86Common::branch8): * Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h: (JSC::MacroAssemblerX86_64::branch16): * Source/WTF/wtf/PlatformEnable.h: * Source/WebCore/cssjit/SelectorCompiler.cpp: (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementAttributeMatching): (WebCore::SelectorCompiler::SelectorCodeGenerator::generateElementHasTagName): * Source/WebCore/dom/QualifiedName.h: (WebCore::QualifiedName::QualifiedNameImpl::namespaceMemoryOffset): (WebCore::QualifiedName::QualifiedNameImpl::nodeNameMemoryOffset): (WebCore::QualifiedName::QualifiedNameImpl::namespaceURIMemoryOffset): Canonical link: https://commits.webkit.org/276663@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] d113cc: Check imageURL null for Element::parserSetAttribut...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: d113ccd097082b7db803786051566b6abd7ceffe https://github.com/WebKit/WebKit/commit/d113ccd097082b7db803786051566b6abd7ceffe Author: Yusuke Suzuki Date: 2024-03-29 (Fri, 29 Mar 2024) Changed paths: M Source/WebCore/loader/ImageLoader.cpp Log Message: --- Check imageURL null for Element::parserSetAttributes inconsistency issue https://bugs.webkit.org/show_bug.cgi?id=271873 rdar://125543680 Reviewed by Ryosuke Niwa. Element::parserSetAttributes first set all attributes into ElementRareData. And after that, it calls Element::attributeChanged. This can cause inconsistency in each element which configures its members in attributeChanged: while attribute is already in the ElementRareData, corresponding attributeChanged is not called *yet*. We can hit a nullptr crash in ImageLoader since it is reading src attr of (which can be set already), while it is also reading m_currentURL (which will be configured via attributeChanged, and it may not be called *yet*.). In this patch, we just handle this as the same to the case we see nullptr src attr. This is fine since we call attributeChanged for each attribute so eventually HTMLImageElement & ImageLoader state converges and it becomes consistent. * Source/WebCore/loader/ImageLoader.cpp: (WebCore::ImageLoader::updateFromElement): Canonical link: https://commits.webkit.org/276826@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4a75c6: Add SIMD containsHTMLLineBreak
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4a75c60f3cc10a3dc100d40c8f017c1247a886cb https://github.com/WebKit/WebKit/commit/4a75c60f3cc10a3dc100d40c8f017c1247a886cb Author: Yusuke Suzuki Date: 2024-03-29 (Fri, 29 Mar 2024) Changed paths: M Source/WTF/wtf/text/StringCommon.h M Source/WebCore/html/TextFieldInputType.cpp M Source/WebCore/html/parser/HTMLParserIdioms.h M Tools/TestWebKitAPI/Tests/WTF/StringCommon.cpp Log Message: --- Add SIMD containsHTMLLineBreak https://bugs.webkit.org/show_bug.cgi?id=271878 rdar://125595924 Reviewed by Mark Lam. This patch adds WTF::charactersContain SIMD function which scans entire string to check if one of character is included. This function is aligned to charactersAreAllASCII. The intention of this new function is assuming that the given characters rarely include specified characters. So this function super quickly scans entire string and returning the answer with SIMD. * Source/WTF/wtf/text/StringCommon.h: * Source/WebCore/html/TextFieldInputType.cpp: (WebCore::limitLength): (WebCore::TextFieldInputType::sanitizeValue const): * Source/WebCore/html/parser/HTMLParserIdioms.h: (WebCore::containsHTMLLineBreak): * Tools/TestWebKitAPI/Tests/WTF/StringCommon.cpp: (TestWebKitAPI::TEST(WTF_StringCommon, CharactersContain8)): (TestWebKitAPI::TEST(WTF_StringCommon, CharactersContain16)): Canonical link: https://commits.webkit.org/276842@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 220898: Use containsHTMLLineBreak more
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 220898597194f341c70105746e8dcab36c18e41c https://github.com/WebKit/WebKit/commit/220898597194f341c70105746e8dcab36c18e41c Author: Yusuke Suzuki Date: 2024-04-01 (Mon, 01 Apr 2024) Changed paths: M Source/WebCore/html/EmailInputType.cpp M Source/WebCore/html/HTMLInputElement.cpp Log Message: --- Use containsHTMLLineBreak more https://bugs.webkit.org/show_bug.cgi?id=271940 rdar://125666918 Reviewed by Mark Lam. Apply containsHTMLLineBreak more places in WebCore. They rarely include these characters. * Source/WebCore/html/EmailInputType.cpp: (WebCore::EmailInputType::sanitizeValue const): * Source/WebCore/html/HTMLInputElement.cpp: (WebCore::HTMLInputElement::placeholder const): Canonical link: https://commits.webkit.org/276886@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] d8d941: [JSC] Start sharing megamorphic ById JIT code
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: d8d941f1893050954e64ab80125e28b1a38c6445 https://github.com/WebKit/WebKit/commit/d8d941f1893050954e64ab80125e28b1a38c6445 Author: Yusuke Suzuki Date: 2024-04-01 (Mon, 01 Apr 2024) Changed paths: M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/bytecode/AccessCase.h M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp A Source/JavaScriptCore/bytecode/SharedJITStubSet.cpp A Source/JavaScriptCore/bytecode/SharedJITStubSet.h M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp M Source/JavaScriptCore/bytecode/StructureStubInfo.h M Source/JavaScriptCore/heap/Heap.cpp M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h M Source/JavaScriptCore/runtime/CacheableIdentifier.h M Source/JavaScriptCore/runtime/CacheableIdentifierInlines.h M Source/JavaScriptCore/runtime/VM.cpp Log Message: --- [JSC] Start sharing megamorphic ById JIT code https://bugs.webkit.org/show_bug.cgi?id=271942 rdar://125667161 Reviewed by Keith Miller. This patch makes megamorphic ById JIT code shareable between multiple sites. This is paving a way towards full handler IC, but for now, this is limited to megamorphic ById JIT code. SharedJITStubSet can do hashing via AccessCase vector and can store JIT code for them. This is a key part for Handler IC since we would like to use that later. * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/bytecode/AccessCase.h: (JSC::AccessCase::updateIdentifier): * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::isMegamorphicById): (JSC::InlineCacheCompiler::regenerate): * Source/JavaScriptCore/bytecode/SharedJITStubSet.cpp: Added. (JSC::SharedJITStubSet::getStatelessStub const): (JSC::SharedJITStubSet::setStatelessStub): (JSC::SharedJITStubSet::getSlowPathHandler const): (JSC::SharedJITStubSet::setSlowPathHandler): * Source/JavaScriptCore/bytecode/SharedJITStubSet.h: Added. (JSC::SharedJITStubSet::stubInfoKey): (JSC::SharedJITStubSet::Hash::Key::Key): (JSC::SharedJITStubSet::Hash::Key::isHashTableDeletedValue const): (JSC::SharedJITStubSet::Hash::hash): (JSC::SharedJITStubSet::Hash::equal): (JSC::SharedJITStubSet::Searcher::Translator::hash): (JSC::SharedJITStubSet::Searcher::Translator::equal): (JSC::SharedJITStubSet::PointerTranslator::hash): (JSC::SharedJITStubSet::PointerTranslator::equal): (JSC::SharedJITStubSet::add): (JSC::SharedJITStubSet::remove): (JSC::SharedJITStubSet::find): * Source/JavaScriptCore/bytecode/StructureStubInfo.cpp: (JSC::SharedJITStubSet::getStatelessStub const): Deleted. (JSC::SharedJITStubSet::setStatelessStub): Deleted. (JSC::SharedJITStubSet::getSlowPathHandler const): Deleted. (JSC::SharedJITStubSet::setSlowPathHandler): Deleted. * Source/JavaScriptCore/bytecode/StructureStubInfo.h: (JSC::SharedJITStubSet::Hash::Key::Key): Deleted. (JSC::SharedJITStubSet::Hash::Key::isHashTableDeletedValue const): Deleted. (JSC::SharedJITStubSet::Hash::hash): Deleted. (JSC::SharedJITStubSet::Hash::equal): Deleted. (JSC::SharedJITStubSet::Searcher::Translator::hash): Deleted. (JSC::SharedJITStubSet::Searcher::Translator::equal): Deleted. (JSC::SharedJITStubSet::PointerTranslator::hash): Deleted. (JSC::SharedJITStubSet::PointerTranslator::equal): Deleted. (JSC::SharedJITStubSet::add): Deleted. (JSC::SharedJITStubSet::remove): Deleted. (JSC::SharedJITStubSet::find): Deleted. * Source/JavaScriptCore/heap/Heap.cpp: (JSC::Heap::runEndPhase): * Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp: (JSC::PolymorphicAccessJITStubRoutine::observeZeroRefCountImpl): (JSC::PolymorphicAccessJITStubRoutine::computeHash): (JSC::PolymorphicAccessJITStubRoutine::addedToSharedJITStubSet): * Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h: (JSC::PolymorphicAccessJITStubRoutine::hash const): * Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h: * Source/JavaScriptCore/runtime/CacheableIdentifier.h: * Source/JavaScriptCore/runtime/CacheableIdentifierInlines.h: (JSC::CacheableIdentifier::createFromSharedStub): * Source/JavaScriptCore/runtime/VM.cpp: Canonical link: https://commits.webkit.org/276916@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] de77dd: [JSC] Handle OutOfBounds GetByVal of TypedArray
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: de77ddb828e1bb4c9ccd13bf96819e1268f28deb https://github.com/WebKit/WebKit/commit/de77ddb828e1bb4c9ccd13bf96819e1268f28deb Author: Yusuke Suzuki Date: 2024-04-04 (Thu, 04 Apr 2024) Changed paths: A JSTests/microbenchmarks/uint8-clamped-array-out-of-bounds.js A JSTests/stress/typed-array-out-of-bounds.js M Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h M Source/JavaScriptCore/dfg/DFGArrayMode.cpp M Source/JavaScriptCore/dfg/DFGClobberize.h M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp M Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp Log Message: --- [JSC] Handle OutOfBounds GetByVal of TypedArray https://bugs.webkit.org/show_bug.cgi?id=272107 rdar://problem/125863449 Reviewed by Justin Michaud. Previously, DFG / FTL are not tolerant against OutOfBounds access of TypedArray: whenever we encounter this, we did OSR exit. But this is not so great, and we should make it work well since there are legit cases which does OutOfBounds access to TypedArray. This patch integrates OutOfBounds GetByVal access to TypedArray, which is similar to what we have for the other arrays. Based on ArrayProfile information, we annotate DFG::ArrayMode with OutOfBounds. And then DFG / FTL handle this case gracefully. InBounds case is still fastest since we can put strong type prediction / invariant on the returned value too. But still, OutOfBounds handling is better than just doing OSR exit repeatedly. One of the interesting aspect is that TypedArray does not propagate access of OutOfBounds to [[Prototype]], which is specified in the spec. As a result, we can say that the result is `undefined` when OutOfBounds access happens, which makes slow path case significantly simpler. ToT Patched uint8-clamped-array-out-of-bounds 18.8348+-0.0251 ^ 1.3021+-0.0190^ definitely 14.4654x faster * Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h: (JSC::DFG::AbstractInterpreter::executeEffects): * Source/JavaScriptCore/dfg/DFGArrayMode.cpp: (JSC::DFG::ArrayMode::refine const): * Source/JavaScriptCore/dfg/DFGClobberize.h: (JSC::DFG::clobberize): * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::fixupNode): * Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp: * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::setIntTypedArrayLoadResult): (JSC::DFG::SpeculativeJIT::compileGetByValOnIntTypedArray): (JSC::DFG::SpeculativeJIT::emitTypedArrayBoundsCheck): Deleted. * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h: * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::compile): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileGetByValImpl): Canonical link: https://commits.webkit.org/277050@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 383ab3: [JSC] Follow-up after 277050@main
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 383ab3463ca796cfa9f5b4d1a5837f4845e540d9 https://github.com/WebKit/WebKit/commit/383ab3463ca796cfa9f5b4d1a5837f4845e540d9 Author: Yusuke Suzuki Date: 2024-04-04 (Thu, 04 Apr 2024) Changed paths: A JSTests/stress/ftl-purify-nan-oob.js M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp Log Message: --- [JSC] Follow-up after 277050@main https://bugs.webkit.org/show_bug.cgi?id=272178 rdar://125925062 Reviewed by Keith Miller. When returning boxed JSValue in FTL for GetByVal, we should do purifyNaN to make it pure NaN. * JSTests/stress/ftl-purify-nan-oob.js: Added. (shouldBe): (test): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileGetByValImpl): Canonical link: https://commits.webkit.org/277089@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 8f58d8: [libpas] Use sentinel page for primitive Gigacage
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 8f58d82a137299f5c1651599c265873bf17b3396 https://github.com/WebKit/WebKit/commit/8f58d82a137299f5c1651599c265873bf17b3396 Author: Yusuke Suzuki Date: 2024-04-04 (Thu, 04 Apr 2024) Changed paths: M Source/bmalloc/bmalloc/Gigacage.cpp M Source/bmalloc/bmalloc/Gigacage.h Log Message: --- [libpas] Use sentinel page for primitive Gigacage https://bugs.webkit.org/show_bug.cgi?id=272171 rdar://125919093 Reviewed by Mark Lam. This patch uses sentinel page approach for primitive Gigacage and donate the rest of the memory to primitive Gigacage. * Source/bmalloc/bmalloc/Gigacage.cpp: (Gigacage::ensureGigacage): (Gigacage::bmalloc::runwaySize): Deleted. * Source/bmalloc/bmalloc/Gigacage.h: Canonical link: https://commits.webkit.org/277093@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 804d44: [JSC] Cloning via Object Literal + 1 Spread should...
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 804d44f89619bfae3e5e2e21a07669b1fb320d57
https://github.com/WebKit/WebKit/commit/804d44f89619bfae3e5e2e21a07669b1fb320d57
Author: Yusuke Suzuki
Date: 2024-04-04 (Thu, 04 Apr 2024)
Changed paths:
A JSTests/microbenchmarks/clone-objects-via-spread.js
M Source/JavaScriptCore/builtins/BuiltinNames.h
M Source/JavaScriptCore/bytecode/LinkTimeConstant.h
M Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp
M Source/JavaScriptCore/parser/Nodes.h
M Source/JavaScriptCore/runtime/JSGlobalObject.cpp
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp
M Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.h
M Source/JavaScriptCore/runtime/ObjectConstructorInlines.h
Log Message:
---
[JSC] Cloning via Object Literal + 1 Spread should be super fast
https://bugs.webkit.org/show_bug.cgi?id=272131
rdar://125883824
Reviewed by Alexey Shvayka.
For the pattern like,
`{ ...object }`
we can use super fast object cloning since there are no properties. After
checking object is very specifc conditioned FinalObject,
we can just grab a structure, copy butterfly, and create a new object with them.
ToT Patched
clone-objects-via-spread 96.1927+-0.3467 ^ 15.9928+-0.1021
^ definitely 6.0147x faster
* JSTests/microbenchmarks/clone-objects-via-spread.js: Added.
(test):
* JSTests/stress/clone-objects-via-spread.js: Added.
(test):
* Source/JavaScriptCore/builtins/BuiltinNames.h:
* Source/JavaScriptCore/bytecode/LinkTimeConstant.h:
* Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp:
(JSC::ObjectLiteralNode::emitBytecode):
* Source/JavaScriptCore/parser/Nodes.h:
* Source/JavaScriptCore/runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp:
(JSC::JSC_DEFINE_HOST_FUNCTION):
* Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.h:
* Source/JavaScriptCore/runtime/ObjectConstructorInlines.h:
(JSC::checkStrucureForClone):
(JSC::objectCloneFast):
(JSC::tryCreateObjectViaCloning):
Canonical link: https://commits.webkit.org/277097@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
___
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] a68f96: Unreviewed, relanding 277093@main with 16GB size c...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: a68f96dfbdb9b8b14bfbb7651d0e05c0f5cfb560 https://github.com/WebKit/WebKit/commit/a68f96dfbdb9b8b14bfbb7651d0e05c0f5cfb560 Author: Yusuke Suzuki Date: 2024-04-05 (Fri, 05 Apr 2024) Changed paths: M Source/bmalloc/bmalloc/Gigacage.cpp M Source/bmalloc/bmalloc/Gigacage.h Log Message: --- Unreviewed, relanding 277093@main with 16GB size change https://bugs.webkit.org/show_bug.cgi?id=272217 rdar://125919093 Because we were allocating 36GB region previously, 16GB VA with 16GB alignment requirement should work. * Source/bmalloc/bmalloc/Gigacage.cpp: (Gigacage::ensureGigacage): (Gigacage::bmalloc::runwaySize): Deleted. * Source/bmalloc/bmalloc/Gigacage.h: Canonical link: https://commits.webkit.org/277115@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 524779: [JSC] Enable wasm fast-memory on iOS
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 5247798c3d0e528e13aa722328f63a74ce2d3d4d https://github.com/WebKit/WebKit/commit/5247798c3d0e528e13aa722328f63a74ce2d3d4d Author: Yusuke Suzuki Date: 2024-04-05 (Fri, 05 Apr 2024) Changed paths: M Source/JavaScriptCore/runtime/Options.cpp M Source/JavaScriptCore/runtime/OptionsList.h Log Message: --- [JSC] Enable wasm fast-memory on iOS https://bugs.webkit.org/show_bug.cgi?id=272232 rdar://125971299 Reviewed by Mark Lam. Now, primitive gigacage on iOS is 16GB. We can use some of fast-memory. Since we increased macOS primitive Gigacage from 32GB to 64GB, we also increase maxNumWebAssemblyFastMemories for macOS too. * Source/JavaScriptCore/runtime/OptionsList.h: Canonical link: https://commits.webkit.org/277124@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] ad45bd: REGRESSION (277067@main): LLINT CLoop build failin...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ad45bd40d99adfc82e0147c1e2cc45d2a5ce52dd https://github.com/WebKit/WebKit/commit/ad45bd40d99adfc82e0147c1e2cc45d2a5ce52dd Author: Yusuke Suzuki Date: 2024-04-05 (Fri, 05 Apr 2024) Changed paths: M Source/JavaScriptCore/jsc.cpp Log Message: --- REGRESSION (277067@main): LLINT CLoop build failing JavaScriptCore/jsc.cpp:3515:9: error: unknown type name 'CommaPrinter' https://bugs.webkit.org/show_bug.cgi?id=272234 rdar://125972736 Reviewed by Mark Lam. Just include CommaPrinter.h * Source/JavaScriptCore/jsc.cpp: Canonical link: https://commits.webkit.org/277126@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] ed2c12: [JSC] Introduce op_get_length
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: ed2c12887fd00128e9bc57bc4fc5747b3c915141 https://github.com/WebKit/WebKit/commit/ed2c12887fd00128e9bc57bc4fc5747b3c915141 Author: Yusuke Suzuki Date: 2024-04-06 (Sat, 06 Apr 2024) Changed paths: M Source/JavaScriptCore/assembler/JITOperationList.cpp M Source/JavaScriptCore/bytecode/BytecodeList.rb M Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp M Source/JavaScriptCore/bytecode/CodeBlock.cpp M Source/JavaScriptCore/bytecode/GetByIdMetadata.h M Source/JavaScriptCore/bytecode/GetByStatus.cpp M Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp M Source/JavaScriptCore/bytecode/Opcode.h M Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp M Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp M Source/JavaScriptCore/dfg/DFGOSRExit.cpp M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp M Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp M Source/JavaScriptCore/jit/JIT.cpp M Source/JavaScriptCore/jit/JIT.h M Source/JavaScriptCore/jit/JITPropertyAccess.cpp M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp M Source/JavaScriptCore/llint/LLIntSlowPaths.h M Source/JavaScriptCore/llint/LLIntThunks.cpp M Source/JavaScriptCore/llint/LowLevelInterpreter.asm M Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm M Source/JavaScriptCore/runtime/FileBasedFuzzerAgent.cpp M Source/JavaScriptCore/runtime/PredictionFileCreatingFuzzerAgent.cpp Log Message: --- [JSC] Introduce op_get_length https://bugs.webkit.org/show_bug.cgi?id=272271 rdar://126009739 Reviewed by Alexey Shvayka. We found a very silly performance bug: we are getting ArrayProfile from GetById's metadata in DFG. But this metadata gets updated only from LLInt. So we end up not getting this profile data very well in some cases, leading to very bad code generation. Fundamental problem is that we are doing a bit weird ArrayProfile for GetById. Since we care it only when it is "length" property access and we know get_by_id's id at bytecode compile time, we should have specific bytecode which always get ArrayProfile. In this patch, we introduce op_get_length. This is "length" version of get_by_id. And it additionally holds ArrayProfile and LLInt / BaselineJIT / upper tiers always update this properly. Furthermore, iterating ArrayProfile gets further simplified and gets faster because now we do not need to iterate GetById's metadata: we only need to iterate GetLength's metadata. Also, op_get_length's size is smaller than op_get_by_id since we don't embed "length" id number. * Source/JavaScriptCore/assembler/JITOperationList.cpp: (JSC::llintOperations): * Source/JavaScriptCore/bytecode/BytecodeList.rb: * Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp: (JSC::computeUsesForBytecodeIndexImpl): (JSC::computeDefsForBytecodeIndexImpl): * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::finishCreation): (JSC::CodeBlock::finalizeLLIntInlineCaches): (JSC::CodeBlock::getArrayProfile): (JSC::CodeBlock::updateAllArrayProfilePredictions): * Source/JavaScriptCore/bytecode/GetByIdMetadata.h: (JSC::GetByIdModeMetadata::setArrayLengthMode): (JSC::GetByIdModeMetadataArrayLength::offsetOfArrayProfile): Deleted. * Source/JavaScriptCore/bytecode/GetByStatus.cpp: (JSC::GetByStatus::computeFromLLInt): * Source/JavaScriptCore/bytecode/LLIntPrototypeLoadAdaptiveStructureWatchpoint.cpp: (JSC::LLIntPrototypeLoadAdaptiveStructureWatchpoint::fireInternal): * Source/JavaScriptCore/bytecode/Opcode.h: * Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp: (JSC::UnlinkedCodeBlock::allocateSharedProfiles): * Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp: (JSC::BytecodeGenerator::emitGetById): * Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseGetById): (JSC::DFG::ByteCodeParser::parseBlock): * Source/JavaScriptCore/dfg/DFGOSRExit.cpp: (JSC::DFG::OSRExit::compileExit): * Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp: (JSC::DFG::callerReturnPC): * Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp: (JSC::FTL::compileStub): * Source/JavaScriptCore/jit/JIT.cpp: (JSC::JIT::privateCompileMainPass): (JSC::JIT::privateCompileSlowCases): * Source/JavaScriptCore/jit/JIT.h: * Source/JavaScriptCore/jit/JITPropertyAccess.cpp: (JSC::JIT::emit_op_get_by_id): (JSC::JIT::emit_op_get_length): (JSC::JIT::emitSlow_op_get_length): * Source/JavaScriptCore/llint/LLIntSlowPaths.cpp: (JSC::LLInt::performLLIntGetByID): (JSC::LLInt::LLINT_SLOW_PATH_DECL): * Source/JavaScriptCore/llint/LLIntSlowPaths.h: * Source/JavaScriptCore/llint/LLIntThunks.cpp: (JSC::LLInt::returnLocationThunk): * Source/JavaScriptCore/llint/LowLevelInterpreter
[webkit-changes] [WebKit/WebKit] d4c4d4: [JSC] Add Array::OriginalArray DFG::ArrayMode, whi...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: d4c4d4bd1fcfb8bfee7f7a51333f8bebf5e0e369 https://github.com/WebKit/WebKit/commit/d4c4d4bd1fcfb8bfee7f7a51333f8bebf5e0e369 Author: Yusuke Suzuki Date: 2024-04-06 (Sat, 06 Apr 2024) Changed paths: M Source/JavaScriptCore/bytecode/StructureSet.h M Source/JavaScriptCore/dfg/DFGArrayMode.cpp M Source/JavaScriptCore/dfg/DFGArrayMode.h M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp Log Message: --- [JSC] Add Array::OriginalArray DFG::ArrayMode, which can handle both CoW array and non-CoW array https://bugs.webkit.org/show_bug.cgi?id=272259 rdar://125997646 Reviewed by Alexey Shvayka. This extends DFG::ArrayMode and introduces OriginalArray. And we rename old OriginalArray to OriginalNonCopyOnWriteArray. OriginalArray can handle both CoW and non-CoW original arrays. The purpose of this is telling DFG / FTL that we still see original arrays. This allows some of optimizations because it makes clobberising rules more precise. * Source/JavaScriptCore/bytecode/StructureSet.h: * Source/JavaScriptCore/dfg/DFGArrayMode.cpp: (JSC::DFG::ArrayMode::originalArrayStructures const): (JSC::DFG::ArrayMode::alreadyChecked const): (JSC::DFG::arrayClassToString): (JSC::DFG::ArrayMode::originalArrayStructure const): Deleted. * Source/JavaScriptCore/dfg/DFGArrayMode.h: (JSC::DFG::ArrayMode::withProfile const): (JSC::DFG::ArrayMode::isJSArray const): (JSC::DFG::ArrayMode::isJSArrayWithOriginalStructure const): (JSC::DFG::ArrayMode::arrayModesWithIndexingShapes const): * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::checkArray): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::jumpSlowForUnwantedArrayMode): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq): Canonical link: https://commits.webkit.org/277174@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] bbfee9: Unreviewed, do not use ScratchRegisterAllocator fo...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: bbfee9d739368aead5238893b394931ad27a82f8 https://github.com/WebKit/WebKit/commit/bbfee9d739368aead5238893b394931ad27a82f8 Author: Yusuke Suzuki Date: 2024-06-26 (Wed, 26 Jun 2024) Changed paths: M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp Log Message: --- Unreviewed, do not use ScratchRegisterAllocator for Getter / Setter since unwinding will skip restore https://bugs.webkit.org/show_bug.cgi?id=275916 rdar://130620397 * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::getterHandlerImpl): (JSC::getByIdGetterHandler): (JSC::setterHandlerImpl): (JSC::putByIdSetterHandlerImpl): (JSC::getByValGetterHandlerImpl): (JSC::putByValSetterHandlerImpl): Canonical link: https://commits.webkit.org/280390@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 5c2943: [JSC] Add inlined fast path for jfalse
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 5c29435c27adc9f6de7c9a5cbf565367bf08f89b https://github.com/WebKit/WebKit/commit/5c29435c27adc9f6de7c9a5cbf565367bf08f89b Author: Yusuke Suzuki Date: 2024-06-26 (Wed, 26 Jun 2024) Changed paths: M Source/JavaScriptCore/jit/AssemblyHelpers.cpp M Source/JavaScriptCore/jit/AssemblyHelpers.h M Source/JavaScriptCore/jit/BaselineJITRegisters.h M Source/JavaScriptCore/jit/JITCall.cpp M Source/JavaScriptCore/jit/JITOpcodes.cpp Log Message: --- [JSC] Add inlined fast path for jfalse https://bugs.webkit.org/show_bug.cgi?id=275891 rdar://130563487 Reviewed by Keith Miller. We found that valueIsFalsey / valueIsTruthy are very costly in Baseline JIT. We optimize them with the following things. 1. Inline some of hot path in Baseline JIT 2. We do not load JSGlobalObject until it becomes necessary. * Source/JavaScriptCore/jit/AssemblyHelpers.cpp: (JSC::AssemblyHelpers::branchIfValue): * Source/JavaScriptCore/jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::branchIfTruthy): (JSC::AssemblyHelpers::branchIfFalsey): * Source/JavaScriptCore/jit/BaselineJITRegisters.h: * Source/JavaScriptCore/jit/JITCall.cpp: (JSC::JIT::emit_op_iterator_next): * Source/JavaScriptCore/jit/JITOpcodes.cpp: (JSC::JIT::emit_op_jfalse): (JSC::JIT::valueIsFalseyGenerator): (JSC::JIT::valueIsTruthyGenerator): Canonical link: https://commits.webkit.org/280394@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 81e1f7: [JSC] Simplify custom setter ByVal handlers
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 81e1f7c72558da318df48f52edf3797d507a2c76 https://github.com/WebKit/WebKit/commit/81e1f7c72558da318df48f52edf3797d507a2c76 Author: Yusuke Suzuki Date: 2024-06-26 (Wed, 26 Jun 2024) Changed paths: M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp Log Message: --- [JSC] Simplify custom setter ByVal handlers https://bugs.webkit.org/show_bug.cgi?id=275927 rdar://problem/130627720 Reviewed by Yijia Huang and Alexey Shvayka. For this handler, we do not need to use ScratchRegisterAllocator. So we remove this need. * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::putByValCustomHandlerImpl): Canonical link: https://commits.webkit.org/280402@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 2c8e92: [JSC] Make Handler IC work with JITCage
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 2c8e92c82c5f65035be6f8cfab4efa7dd448a7cb https://github.com/WebKit/WebKit/commit/2c8e92c82c5f65035be6f8cfab4efa7dd448a7cb Author: Yusuke Suzuki Date: 2024-06-27 (Thu, 27 Jun 2024) Changed paths: M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp Log Message: --- [JSC] Make Handler IC work with JITCage https://bugs.webkit.org/show_bug.cgi?id=275936 rdar://130641832 Reviewed by Yijia Huang. Fix register usage for JITCage configuration in Handler IC. * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::customGetterHandlerImpl): (JSC::customSetterHandlerImpl): (JSC::putByIdCustomHandlerImpl): (JSC::putByValCustomHandlerImpl): Canonical link: https://commits.webkit.org/280409@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 3e04ec: [JSC] Add StructureStubInfo::m_globalObject
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 3e04ec2de2f6cb87ac048a2437d799f28e68ffb8 https://github.com/WebKit/WebKit/commit/3e04ec2de2f6cb87ac048a2437d799f28e68ffb8 Author: Yusuke Suzuki Date: 2024-06-27 (Thu, 27 Jun 2024) Changed paths: M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp M Source/JavaScriptCore/bytecode/StructureStubInfo.h M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp M Source/JavaScriptCore/jit/BaselineJITRegisters.h M Source/JavaScriptCore/jit/JITCall.cpp M Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp M Source/JavaScriptCore/jit/JITInlineCacheGenerator.h M Source/JavaScriptCore/jit/JITOperations.cpp M Source/JavaScriptCore/jit/JITOperations.h Log Message: --- [JSC] Add StructureStubInfo::m_globalObject https://bugs.webkit.org/show_bug.cgi?id=275955 rdar://130681060 Reviewed by Keith Miller and Justin Michaud. This is a preparation for DFG Handler IC. Since DFG has inlining, each IC may have different JSGlobalObject. So instead of loading JSGlobalObject from JITData, we load it from StructureStubInfo. * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::getByIdSlowPathCodeGenerator): (JSC::getByIdWithThisSlowPathCodeGenerator): (JSC::getByValSlowPathCodeGenerator): (JSC::getPrivateNameSlowPathCodeGenerator): (JSC::getByValWithThisSlowPathCodeGenerator): (JSC::putByIdSlowPathCodeGenerator): (JSC::putByValSlowPathCodeGenerator): (JSC::instanceOfSlowPathCodeGenerator): (JSC::delByIdSlowPathCodeGenerator): (JSC::delByValSlowPathCodeGenerator): (JSC::InlineCacheCompiler::generateWithGuard): (JSC::InlineCacheCompiler::generateAccessCase): (JSC::InlineCacheCompiler::emitProxyObjectAccess): (JSC::getByIdProxyObjectLoadHandler): (JSC::setterHandlerImpl): * Source/JavaScriptCore/bytecode/StructureStubInfo.cpp: (JSC::StructureStubInfo::initializeFromUnlinkedStructureStubInfo): (JSC::StructureStubInfo::initializeFromDFGUnlinkedStructureStubInfo): (JSC::StructureStubInfo::replaceHandler): (JSC::StructureStubInfo::prependHandler): (JSC::StructureStubInfo::resetStubAsJumpInAccess): * Source/JavaScriptCore/bytecode/StructureStubInfo.h: (JSC::StructureStubInfo::offsetOfInlineAccessBaseStructureID): (JSC::StructureStubInfo::offsetOfGlobalObject): (JSC::StructureStubInfo::globalObject const): (JSC::StructureStubInfo::offsetOfCodePtr): Deleted. * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileDeleteById): (JSC::DFG::SpeculativeJIT::compileDeleteByVal): (JSC::DFG::SpeculativeJIT::compileInById): (JSC::DFG::SpeculativeJIT::compileInByVal): (JSC::DFG::SpeculativeJIT::compileHasPrivate): (JSC::DFG::SpeculativeJIT::compilePutByVal): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp: (JSC::DFG::SpeculativeJIT::cachedGetById): (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis): (JSC::DFG::SpeculativeJIT::compileGetByVal): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp: (JSC::DFG::SpeculativeJIT::cachedGetById): (JSC::DFG::SpeculativeJIT::cachedGetByIdWithThis): (JSC::DFG::SpeculativeJIT::compileGetByVal): (JSC::DFG::SpeculativeJIT::compile): (JSC::DFG::SpeculativeJIT::compileGetByValWithThis): (JSC::DFG::SpeculativeJIT::compileEnumeratorPutByVal): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileGetByValWithThis): (JSC::FTL::DFG::LowerDFGToB3::getPrivateName): (JSC::FTL::DFG::LowerDFGToB3::compilePrivateBrandAccess): (JSC::FTL::DFG::LowerDFGToB3::compilePutPrivateName): (JSC::FTL::DFG::LowerDFGToB3::cachedPutById): (JSC::FTL::DFG::LowerDFGToB3::compileGetByValImpl): (JSC::FTL::DFG::LowerDFGToB3::compilePutByVal): (JSC::FTL::DFG::LowerDFGToB3::compileDelBy): (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq): * Source/JavaScriptCore/jit/BaselineJITRegisters.h: * Source/JavaScriptCore/jit/JITCall.cpp: (JSC::JIT::emitSlow_op_iterator_open): (JSC::JIT::emitSlow_op_iterator_next): * Source/JavaScriptCore/jit/JITInlineCacheGenerator.cpp: (JSC::JITInlineCacheGenerator::generateDFGDataICFastPath): (JSC::JITGetByIdGenerator::JITGetByIdGenerator): (JSC::generateGetByIdInlineAccessDFGDataIC): (JSC::JITGetByIdWithThisGenerator::JITGetByIdWithThisGenerator): (JSC::JITPutByIdGenerator::JITPutByIdGenerator): (JSC::JITPutByIdGenerator::generateDFGDataICFastPath): (JSC::JITDelByValGenerator::JITDelByValGenerator): (JSC::JITDelByIdGenerator::JITDelByIdGenerator): (JSC::JITInByValGenerator::JITInByValGenerator): (JSC::JITInByIdGenerator::JITInByIdGenerator): (JSC::JITInByIdGenerator::generateDFGDataICFastPath): (JSC::JITInstanceOfGenerator::JITInstanceOfGenerator): (JSC::JITGetByValGenerator::JITGetByValGenerator): (JSC::JITGetByValWithThisGenerator::JITGetByValWithThisGenerator): (JSC
[webkit-changes] [WebKit/WebKit] 94930f: [JSC] Do not use ScratchRegisterAllocator in Handl...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 94930ffa5c03591bd31a9acae4206e965d20 https://github.com/WebKit/WebKit/commit/94930ffa5c03591bd31a9acae4206e965d20 Author: Yusuke Suzuki Date: 2024-06-27 (Thu, 27 Jun 2024) Changed paths: M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h M Source/JavaScriptCore/jit/JITOperations.cpp M Source/JavaScriptCore/jit/JITOperations.h Log Message: --- [JSC] Do not use ScratchRegisterAllocator in Handler IC https://bugs.webkit.org/show_bug.cgi?id=275967 rdar://130702031 Reviewed by Justin Michaud. This patch integrates fallback of AccessCase::Transition allocation slow path via C function call so that we do not need to use ScratchRegisterAllocator in handler implementation anymore. This makes handler implementation and error handling much simpler. * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::transitionHandlerImpl): (JSC::putByIdTransitionHandlerImpl): (JSC::putByValTransitionHandlerImpl): (JSC::putByValCustomHandlerImpl): * Source/JavaScriptCore/bytecode/InlineCacheCompiler.h: * Source/JavaScriptCore/jit/JITOperations.cpp: (JSC::JSC_DEFINE_NOEXCEPT_JIT_OPERATION): * Source/JavaScriptCore/jit/JITOperations.h: Canonical link: https://commits.webkit.org/280436@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] aa3f8b: [JSC] Add Transition OutOfLine handler
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: aa3f8b06d94273718198657bf3a6da385699749a https://github.com/WebKit/WebKit/commit/aa3f8b06d94273718198657bf3a6da385699749a Author: Yusuke Suzuki Date: 2024-06-28 (Fri, 28 Jun 2024) Changed paths: M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h M Source/JavaScriptCore/jit/JITThunks.h Log Message: --- [JSC] Add Transition OutOfLine handler https://bugs.webkit.org/show_bug.cgi?id=275979 rdar://130722164 Reviewed by Yijia Huang. This patch adds Transition handler with out-of-line allocation via C function call. * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::putByIdTransitionReallocatingOutOfLineHandler): (JSC::putByValTransitionOutOfLineHandlerImpl): (JSC::putByValWithStringTransitionReallocatingOutOfLineHandler): (JSC::putByValWithSymbolTransitionReallocatingOutOfLineHandler): (JSC::InlineCacheCompiler::compileOneAccessCaseHandler): * Source/JavaScriptCore/bytecode/InlineCacheCompiler.h: * Source/JavaScriptCore/jit/JITThunks.h: Canonical link: https://commits.webkit.org/280455@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 9020ee: [libpas] Fix JIT heap test on ARM64 since reserved...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 9020ee229c08fd2b81ad6c82449246899c0c844b https://github.com/WebKit/WebKit/commit/9020ee229c08fd2b81ad6c82449246899c0c844b Author: Yusuke Suzuki Date: 2024-06-28 (Fri, 28 Jun 2024) Changed paths: M Source/bmalloc/libpas/src/test/TestHarness.cpp Log Message: --- [libpas] Fix JIT heap test on ARM64 since reserved region is too small https://bugs.webkit.org/show_bug.cgi?id=276011 rdar://130430649 Reviewed by Keith Miller. ARM64 and Intel have different JIT heap configuration (alignment etc.), and test harness is not reserving enough region for ARM64. It just adds more region in the test to make it work correctly, so it is just a test fix. * Source/bmalloc/libpas/src/test/TestHarness.cpp: (BootJITHeap::BootJITHeap): Canonical link: https://commits.webkit.org/280475@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] c1b760: [JSC] Expose CCallHelpers::shuffleRegisters
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: c1b76025f7b4987566e619951a98ca71e4a2c932 https://github.com/WebKit/WebKit/commit/c1b76025f7b4987566e619951a98ca71e4a2c932 Author: Yusuke Suzuki Date: 2024-06-28 (Fri, 28 Jun 2024) Changed paths: M Source/JavaScriptCore/jit/CCallHelpers.h Log Message: --- [JSC] Expose CCallHelpers::shuffleRegisters https://bugs.webkit.org/show_bug.cgi?id=276019 rdar://problem/130784250 Reviewed by Yijia Huang. Expose CCallHelpers::shuffleRegisters, which is useful for mass-moving registers to registers. * Source/JavaScriptCore/jit/CCallHelpers.h: (JSC::CCallHelpers::shuffleRegisters): (JSC::CCallHelpers::setupArgumentsImpl): (JSC::CCallHelpers::setupStubArgs): Deleted. Canonical link: https://commits.webkit.org/280492@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 447672: [JSC] exception can be thrown during exit
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 447672fe5051418f5be8f8bf6f08f80596d0d76a https://github.com/WebKit/WebKit/commit/447672fe5051418f5be8f8bf6f08f80596d0d76a Author: Yusuke Suzuki Date: 2024-06-28 (Fri, 28 Jun 2024) Changed paths: A JSTests/stress/exception-can-be-already-thrown-during-exit.js M Source/JavaScriptCore/dfg/DFGOperations.cpp M Source/JavaScriptCore/ftl/FTLOperations.cpp M Source/JavaScriptCore/runtime/ClonedArguments.cpp M Source/JavaScriptCore/runtime/ClonedArguments.h Log Message: --- [JSC] exception can be thrown during exit https://bugs.webkit.org/show_bug.cgi?id=276027 rdar://130677122 Reviewed by Yijia Huang. 279057@main was wrong since exception can be already thrown during OSR exit (and it can be the reason why OSR exit is occuring). We should not throw any errors from that. This patch fixes RELEASE_ASSERT condition. * JSTests/stress/exception-can-be-already-thrown-during-exit.js: Added. (C.prototype.set valueOf): (C): * Source/JavaScriptCore/dfg/DFGOperations.cpp: (JSC::DFG::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/ftl/FTLOperations.cpp: (JSC::FTL::JSC_DEFINE_NOEXCEPT_JIT_OPERATION): * Source/JavaScriptCore/runtime/ClonedArguments.cpp: (JSC::ClonedArguments::createEmpty): (JSC::ClonedArguments::createWithInlineFrame): (JSC::ClonedArguments::createByCopyingFrom): * Source/JavaScriptCore/runtime/ClonedArguments.h: Canonical link: https://commits.webkit.org/280493@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 2fdb35: [JSC] Add fpTempRegister to x64 macro assembler
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 2fdb35959e51641413e88e0eb9d47fb134f46b01 https://github.com/WebKit/WebKit/commit/2fdb35959e51641413e88e0eb9d47fb134f46b01 Author: Yusuke Suzuki Date: 2024-06-29 (Sat, 29 Jun 2024) Changed paths: M Source/JavaScriptCore/assembler/MacroAssemblerARM64.h M Source/JavaScriptCore/assembler/MacroAssemblerRISCV64.h M Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h M Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h M Source/JavaScriptCore/jit/FPRInfo.h M Source/JavaScriptCore/jit/RegisterSet.cpp M Source/JavaScriptCore/wasm/WasmBBQJIT64.cpp Log Message: --- [JSC] Add fpTempRegister to x64 macro assembler https://bugs.webkit.org/show_bug.cgi?id=275596 rdar://130468600 Reviewed by Yijia Huang. And use it in some weird places. Also, by using this, we add transferVector and use it in WasmBBQJIT. * Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h: (JSC::MacroAssemblerX86Common::divDouble): (JSC::MacroAssemblerX86Common::divFloat): (JSC::MacroAssemblerX86Common::subDouble): (JSC::MacroAssemblerX86Common::subFloat): * Source/JavaScriptCore/assembler/MacroAssemblerX86_64.h: (JSC::MacroAssemblerX86_64::swapDouble): * Source/JavaScriptCore/jit/FPRInfo.h: * Source/JavaScriptCore/jit/RegisterSet.cpp: (JSC::RegisterSetBuilder::macroClobberedFPRs): Canonical link: https://commits.webkit.org/280495@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 63f111: [JSC] Use Data Call IC in FTL
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 63f11147b08a7bacd245550e84ef886cde29a333 https://github.com/WebKit/WebKit/commit/63f11147b08a7bacd245550e84ef886cde29a333 Author: Yusuke Suzuki Date: 2024-07-01 (Mon, 01 Jul 2024) Changed paths: M Source/JavaScriptCore/bytecode/CallLinkInfo.cpp M Source/JavaScriptCore/bytecode/CallLinkInfo.h M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/dfg/DFGJITCompiler.cpp M Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp M Source/JavaScriptCore/ftl/FTLState.cpp M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h M Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm M Source/JavaScriptCore/llint/LowLevelInterpreter64.asm Log Message: --- [JSC] Use Data Call IC in FTL https://bugs.webkit.org/show_bug.cgi?id=276000 rdar://130766372 Reviewed by Yijia Huang. This patch makes FTL always use Data IC for CallLinkInfo. As a result, now all calls use Data IC (except for DirectCallLinkInfo). In addition to simplify the implementation, it also unlocks CallLinkInfo's upgradeIfPossible feature for all code. * Source/JavaScriptCore/bytecode/CallLinkInfo.cpp: (JSC::CallLinkInfo::unlinkOrUpgradeImpl): (JSC::CallLinkInfo::setMonomorphicCallee): (JSC::CallLinkInfo::clearCallee): (JSC::CallLinkInfo::revertCallToStub): (JSC::DataOnlyCallLinkInfo::initialize): (JSC::CallLinkInfo::setVirtualCall): (JSC::CallLinkInfo::setStub): (JSC::CallLinkInfo::emitFastPathImpl): (JSC::CallLinkInfo::emitDataICFastPath): (JSC::CallLinkInfo::emitTailCallDataICFastPath): (JSC::OptimizingCallLinkInfo::emitFastPath): (JSC::OptimizingCallLinkInfo::emitTailCallFastPath): * Source/JavaScriptCore/bytecode/CallLinkInfo.h: (JSC::CallLinkInfo::offsetOfCodeBlock): (JSC::CallLinkInfo::offsetOfMonomorphicCallDestination): (JSC::CallLinkInfo::CallLinkInfo): (JSC::CallLinkInfo::isDataIC const): Deleted. (JSC::CallLinkInfo::useDataIC const): Deleted. * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::InlineCacheCompiler::generateAccessCase): (JSC::InlineCacheCompiler::emitProxyObjectAccess): * Source/JavaScriptCore/dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::addCallLinkInfo): * Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp: (JSC::FTL::DFG::LowerDFGToB3::compileCompareStrictEq): * Source/JavaScriptCore/ftl/FTLState.cpp: (JSC::FTL::State::addCallLinkInfo): * Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp: (JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine): (JSC::PolymorphicCallStubRoutine::upgradeIfPossible): * Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h: * Source/JavaScriptCore/llint/LowLevelInterpreter32_64.asm: * Source/JavaScriptCore/llint/LowLevelInterpreter64.asm: Canonical link: https://commits.webkit.org/280538@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 5dfa6b: Unreviewed, small-pool is too small
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 5dfa6b4e66a4440eee5b35e81117a870f02c4d81 https://github.com/WebKit/WebKit/commit/5dfa6b4e66a4440eee5b35e81117a870f02c4d81 Author: Yusuke Suzuki Date: 2024-07-01 (Mon, 01 Jul 2024) Changed paths: M Tools/Scripts/run-jsc-stress-tests Log Message: --- Unreviewed, small-pool is too small https://bugs.webkit.org/show_bug.cgi?id=276084 rdar://130911205 small-pool configuration is too small and too fragile against how executable memory is allocated via libpas. We extend it to at least 1MB. * Tools/Scripts/run-jsc-stress-tests: Canonical link: https://commits.webkit.org/280545@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 8f84cb: [JSC] Inline hot part of op_enter in Baseline JIT
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 8f84cbe944f64a1b34715c0257d9cfed5bdefc9f https://github.com/WebKit/WebKit/commit/8f84cbe944f64a1b34715c0257d9cfed5bdefc9f Author: Yusuke Suzuki Date: 2024-07-01 (Mon, 01 Jul 2024) Changed paths: M Source/JavaScriptCore/bytecode/CodeBlock.cpp M Source/JavaScriptCore/bytecode/CodeBlock.h M Source/JavaScriptCore/jit/AssemblyHelpers.h M Source/JavaScriptCore/jit/BaselineJITRegisters.h M Source/JavaScriptCore/jit/JITOpcodes.cpp M Source/JavaScriptCore/jit/JITOperations.cpp M Source/JavaScriptCore/runtime/VM.h M Source/JavaScriptCore/runtime/VMTraps.h Log Message: --- [JSC] Inline hot part of op_enter in Baseline JIT https://bugs.webkit.org/show_bug.cgi?id=276060 rdar://130879769 Reviewed by Yijia Huang. Our new profiling identified that op_enter thunk call in Baseline JIT is too costly. As the result of collecting data, we found that most of # of variables is very small. So we should take fast-path-slow-path approach here. We inline fast path part in Baseline JIT code, and jumping to the generic slow thunk when we found it hits the slow case. * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::capabilityLevel): * Source/JavaScriptCore/bytecode/CodeBlock.h: (JSC::CodeBlock::offsetOfVM): * Source/JavaScriptCore/jit/AssemblyHelpers.h: (JSC::AssemblyHelpers::branchIfBarriered): * Source/JavaScriptCore/jit/BaselineJITRegisters.h: * Source/JavaScriptCore/jit/JITOpcodes.cpp: (JSC::JIT::emit_op_enter): (JSC::JIT::op_enter_handlerGenerator): (JSC::JIT::emitSlow_op_enter): * Source/JavaScriptCore/jit/JITOperations.cpp: (JSC::JSC_DEFINE_JIT_OPERATION): * Source/JavaScriptCore/runtime/VM.h: (JSC::VM::offsetOfTrapsBits): * Source/JavaScriptCore/runtime/VMTraps.h: (JSC::VMTraps::offsetOfTrapsBits): Canonical link: https://commits.webkit.org/280547@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 1b1b5e: [JSC] IndexedProxyObjectLoad should be usable for ...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 1b1b5e74e7c97a75dc18caf9a78248b582210dff https://github.com/WebKit/WebKit/commit/1b1b5e74e7c97a75dc18caf9a78248b582210dff Author: Yusuke Suzuki Date: 2024-07-02 (Tue, 02 Jul 2024) Changed paths: M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/bytecode/Repatch.cpp Log Message: --- [JSC] IndexedProxyObjectLoad should be usable for GetByVal with Int32 https://bugs.webkit.org/show_bug.cgi?id=276139 rdar://130989573 Reviewed by Yijia Huang. IndexedProxyObjectLoad should work with Int32 propertyName case too. Thus we use this in tryCacheArrayGetByVal too when the base object is ProxyObjectType. We also categorize it to stateless since this is not relying on some state in AccessCase. * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::isStateless): * Source/JavaScriptCore/bytecode/Repatch.cpp: (JSC::tryCacheArrayGetByVal): Canonical link: https://commits.webkit.org/280594@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] cc5180: [JSC] Implement IndexedProxyObjectIn and IndexedPr...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: cc5180250455cc0abf88c2620e5762f0e2c7b5e6 https://github.com/WebKit/WebKit/commit/cc5180250455cc0abf88c2620e5762f0e2c7b5e6 Author: Yusuke Suzuki Date: 2024-07-02 (Tue, 02 Jul 2024) Changed paths: M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj M Source/JavaScriptCore/Sources.txt M Source/JavaScriptCore/builtins/ProxyHelpers.js M Source/JavaScriptCore/bytecode/AccessCase.cpp M Source/JavaScriptCore/bytecode/AccessCase.h M Source/JavaScriptCore/bytecode/GetByStatus.cpp M Source/JavaScriptCore/bytecode/GetByStatus.h M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h R Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp R Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.h M Source/JavaScriptCore/bytecode/PutByStatus.cpp M Source/JavaScriptCore/bytecode/Repatch.cpp M Source/JavaScriptCore/runtime/JSGlobalObject.cpp M Source/JavaScriptCore/runtime/JSGlobalObject.h M Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h Log Message: --- [JSC] Implement IndexedProxyObjectIn and IndexedProxyObjectStore https://bugs.webkit.org/show_bug.cgi?id=276148 rdar://130996102 Reviewed by Yijia Huang. This patch adds IndexedProxyObjectIn and IndexedProxyObjectStore IC as we see this patterns. 1. IndexedProxyObjectIn and IndexedProxyObjectStore are both stateless IC as the same to IndexedProxyObjectLoad. 2. IndexedProxyObjectIn and IndexedProxyObjectStore just implement Proxy object handler invocation as the same to ProxyObjectIn and ProxyObjectStore. Also, we rename ProxyObjectHas to ProxyObjectIn to align these IC names to the rest of the IC names. * Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj: * Source/JavaScriptCore/Sources.txt: * Source/JavaScriptCore/builtins/ProxyHelpers.js: (linkTimeConstant.performProxyObjectHasByVal): (linkTimeConstant.performProxyObjectSetByValSloppy): (linkTimeConstant.performProxyObjectSetByValStrict): * Source/JavaScriptCore/bytecode/AccessCase.cpp: (JSC::AccessCase::create): (JSC::AccessCase::guardedByStructureCheckSkippingConstantIdentifierCheck const): (JSC::AccessCase::requiresIdentifierNameMatch const): (JSC::AccessCase::requiresInt32PropertyCheck const): (JSC::AccessCase::forEachDependentCell const): (JSC::AccessCase::doesCalls const): (JSC::AccessCase::canReplace const): (JSC::AccessCase::runWithDowncast): (JSC::AccessCase::canBeShared): * Source/JavaScriptCore/bytecode/AccessCase.h: * Source/JavaScriptCore/bytecode/GetByStatus.cpp: (JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback): * Source/JavaScriptCore/bytecode/GetByStatus.h: * Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp: (JSC::needsScratchFPR): (JSC::forInBy): (JSC::isStateless): (JSC::doesJSCalls): (JSC::isMegamorphic): (JSC::canBeViaGlobalProxy): (JSC::InlineCacheCompiler::generateWithGuard): (JSC::InlineCacheCompiler::generateAccessCase): (JSC::InlineCacheCompiler::emitProxyObjectAccess): * Source/JavaScriptCore/bytecode/InlineCacheCompiler.h: * Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp: Removed. * Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.h: Removed. * Source/JavaScriptCore/bytecode/PutByStatus.cpp: (JSC::PutByStatus::computeForStubInfo): * Source/JavaScriptCore/bytecode/Repatch.cpp: (JSC::tryCacheGetBy): (JSC::tryCacheArrayGetByVal): (JSC::tryCachePutBy): (JSC::tryCacheArrayPutByVal): (JSC::tryCacheInBy): (JSC::tryCacheArrayInByVal): * Source/JavaScriptCore/runtime/JSGlobalObject.cpp: (JSC::JSGlobalObject::init): (JSC::JSGlobalObject::visitChildrenImpl): * Source/JavaScriptCore/runtime/JSGlobalObject.h: (JSC::JSGlobalObject::offsetOfPerformProxyObjectHasByValFunction): (JSC::JSGlobalObject::offsetOfPerformProxyObjectSetByValStrictFunction): (JSC::JSGlobalObject::offsetOfPerformProxyObjectSetByValSloppyFunction): * Source/JavaScriptCore/runtime/JSGlobalObjectInlines.h: (JSC::JSGlobalObject::performProxyObjectHasByValFunction const): (JSC::JSGlobalObject::performProxyObjectHasByValFunctionConcurrently const): (JSC::JSGlobalObject::performProxyObjectSetByValSloppyFunction const): (JSC::JSGlobalObject::performProxyObjectSetByValSloppyFunctionConcurrently const): (JSC::JSGlobalObject::performProxyObjectSetByValStrictFunction const): (JSC::JSGlobalObject::performProxyObjectSetByValStrictFunctionConcurrently const): Canonical link: https://commits.webkit.org/280608@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] b750a5: [JSC] Extend double string cache
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: b750a5abaa781f9442aa2f3ad68f404362da7bec https://github.com/WebKit/WebKit/commit/b750a5abaa781f9442aa2f3ad68f404362da7bec Author: Yusuke Suzuki Date: 2024-07-03 (Wed, 03 Jul 2024) Changed paths: A JSTests/microbenchmarks/double-to-string.js A JSTests/stress/double-to-string.js M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp M Source/JavaScriptCore/runtime/NumberPrototype.cpp M Source/JavaScriptCore/runtime/NumericStrings.h Log Message: --- [JSC] Extend double string cache https://bugs.webkit.org/show_bug.cgi?id=276165 rdar://131021443 Reviewed by Keith Miller and Michael Saboff. This patch adds optimizations for double string. 1. Handle "string" + double + "string" well in DFG / FTL by converting double via ToString node and use MakeRope for them. 2. Add JSString cache for doubles. * JSTests/microbenchmarks/double-to-string.js: Added. (test): * JSTests/stress/double-to-string.js: Added. (shouldBe): (test): * Source/JavaScriptCore/dfg/DFGFixupPhase.cpp: (JSC::DFG::FixupPhase::attemptToMakeFastStringAdd): * Source/JavaScriptCore/runtime/NumberPrototype.cpp: (JSC::NumericStrings::addJSString): (JSC::numberToStringInternal): (JSC::int52ToString): * Source/JavaScriptCore/runtime/NumericStrings.h: (JSC::NumericStrings::add): (JSC::NumericStrings::clearOnGarbageCollection): (JSC::NumericStrings::visitAggregate): (JSC::NumericStrings::lookup): Canonical link: https://commits.webkit.org/280628@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 033ade: Make SIMD using table lookup
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 033adec3616bdf5bcfdd1e7fb279e329f0384901 https://github.com/WebKit/WebKit/commit/033adec3616bdf5bcfdd1e7fb279e329f0384901 Author: Yusuke Suzuki Date: 2024-07-04 (Thu, 04 Jul 2024) Changed paths: M Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp Log Message: --- Make SIMD using table lookup https://bugs.webkit.org/show_bug.cgi?id=276213 rdar://problem/131089475 Reviewed by Justin Michaud. Use https://lemire.me/blog/2024/06/08/scan-html-faster-with-simd-instructions-chrome-edition/ 's simple table-lookup approach instead of naive compare-chains. * Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp: (WebCore::HTMLFastPathParser::scanText): (WebCore::HTMLFastPathParser::scanAttributeValue): Canonical link: https://commits.webkit.org/280670@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] d4018f: [JSC] Implement Uint8Array.prototype.toHex in SIMD
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: d4018f63175c602605145887c61d21ffdbd1a75b https://github.com/WebKit/WebKit/commit/d4018f63175c602605145887c61d21ffdbd1a75b Author: Yusuke Suzuki Date: 2024-07-07 (Sun, 07 Jul 2024) Changed paths: A JSTests/microbenchmarks/to-hex.js M JSTests/stress/uint8array-toHex.js M Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototype.cpp Log Message: --- [JSC] Implement Uint8Array.prototype.toHex in SIMD https://bugs.webkit.org/show_bug.cgi?id=276295 rdar://problem/131249821 Reviewed by Sam Weinig. toHex function is very simple conversion, thus we can write it in SIMD easily. In particular, we leverage vqtbl1q_u8 since hex characters are only 16 characters, which fits in vqtbl1q_u8's table. The newly written code is 19x faster than the scalar one. ToT Patched to-hex 259.5243+-0.8852 ^ 13.2425+-0.1322^ definitely 19.5979x faster * JSTests/microbenchmarks/to-hex.js: Added. * JSTests/stress/uint8array-toHex.js: (255.toHex): (shouldBe): * Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototype.cpp: (JSC::JSC_DEFINE_HOST_FUNCTION): Canonical link: https://commits.webkit.org/280719@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 4084ca: Apply SIMD table lookup to 16bit characters in HTM...
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 4084cae3554fdd89eff4bd49cb60b0f4944142a2 https://github.com/WebKit/WebKit/commit/4084cae3554fdd89eff4bd49cb60b0f4944142a2 Author: Yusuke Suzuki Date: 2024-07-08 (Mon, 08 Jul 2024) Changed paths: M Source/WTF/wtf/SIMDHelpers.h M Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp Log Message: --- Apply SIMD table lookup to 16bit characters in HTML fast path parser https://bugs.webkit.org/show_bug.cgi?id=276244 rdar://131153910 Reviewed by Justin Michaud. 280670@main applied SIMD table lookup to 8bit characters. But since searching characters are all ASCII, this method can be easily applied to 16bit characters too: Use NEON SIMD to load 16bit characters in interleaved manner (lowers and uppers), and checking uppers are zero and lowers are searching characters via table lookup. * Source/WTF/wtf/SIMDHelpers.h: (WTF::SIMD::findInterleaved): * Source/WebCore/html/parser/HTMLDocumentParserFastPath.cpp: (WebCore::HTMLFastPathParser::scanText): (WebCore::HTMLFastPathParser::scanAttributeValue): Canonical link: https://commits.webkit.org/280741@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
[webkit-changes] [WebKit/WebKit] 862cea: [JSC] Materialize JITData register in DFG
Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 862ceab95094435cebe11828c7ba2a2d33422d89 https://github.com/WebKit/WebKit/commit/862ceab95094435cebe11828c7ba2a2d33422d89 Author: Yusuke Suzuki Date: 2024-07-11 (Thu, 11 Jul 2024) Changed paths: M Source/JavaScriptCore/bytecode/CodeBlock.cpp M Source/JavaScriptCore/dfg/DFGJITCompiler.cpp M Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp M Source/JavaScriptCore/jit/JIT.cpp M Source/JavaScriptCore/jit/JIT.h M Source/JavaScriptCore/jit/JITInlines.h M Source/JavaScriptCore/jit/JITOpcodes.cpp M Source/JavaScriptCore/jit/JITPropertyAccess.cpp Log Message: --- [JSC] Materialize JITData register in DFG https://bugs.webkit.org/show_bug.cgi?id=276474 rdar://131519305 Reviewed by Yijia Huang. This patch adds code materializing JITData register in DFG regardless of whether DFG is unlinked or not. So Handler IC code can use JITData register in DFG too. * Source/JavaScriptCore/bytecode/CodeBlock.cpp: (JSC::CodeBlock::~CodeBlock): (JSC::CodeBlock::resetBaselineJITData): * Source/JavaScriptCore/dfg/DFGJITCompiler.cpp: (JSC::DFG::JITCompiler::compileSetupRegistersForEntry): * Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp: (JSC::DFG::reifyInlinedCallFrames): (JSC::DFG::adjustAndJumpToTarget): * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp: (JSC::DFG::SpeculativeJIT::compileCurrentBlock): * Source/JavaScriptCore/jit/JIT.cpp: (JSC::JIT::emitMaterializeMetadataAndConstantPoolRegisters): (JSC::JIT::consistencyCheckGenerator): * Source/JavaScriptCore/jit/JIT.h: * Source/JavaScriptCore/jit/JITInlines.h: (JSC::JIT::emitValueProfilingSite): (JSC::JIT::loadPtrFromMetadata): (JSC::JIT::load32FromMetadata): (JSC::JIT::load8FromMetadata): (JSC::JIT::store8ToMetadata): (JSC::JIT::store32ToMetadata): (JSC::JIT::materializePointerIntoMetadata): (JSC::JIT::loadConstant): (JSC::JIT::loadGlobalObject): (JSC::JIT::loadStructureStubInfo): * Source/JavaScriptCore/jit/JITOpcodes.cpp: (JSC::JIT::emit_op_catch): * Source/JavaScriptCore/jit/JITPropertyAccess.cpp: (JSC::JIT::emit_op_resolve_scope): (JSC::JIT::emit_op_get_from_scope): Canonical link: https://commits.webkit.org/280865@main To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications ___ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes
