Ignore:
Timestamp:
May 14, 2020, 11:55:08 PM (5 years ago)
Author:
[email protected]
Message:

GetByVal and PutByVal runtime operations shouldn't fall off a performance cliff when the property is an integer boxed as a double
https://bugs.webkit.org/show_bug.cgi?id=211935

Reviewed by Yusuke Suzuki and Mark Lam.

JSTests:

  • microbenchmarks/get-and-put-by-val-double-index-dont-fall-off-a-cliff.js: Added.

(test):

Source/JavaScriptCore:

There were parts in the runtime for get_by_val that weren't properly handling
ints boxed as doubles along the fast path. This could lead to terrible
performance as we could go from double -> string -> int while converting the
subscript into a property to access.

This patch fixes that, and removes the duplicate code we had throughout the
codebase that does this conversion. I'm adding a new functions tryGetAsUint32Index
and tryGetAsInt32 which will handle the double to int conversion.

This is a 10x speedup on the microbenchmark get-and-put-by-val-double-index-dont-fall-off-a-cliff.js

  • dfg/DFGOperations.cpp:

(JSC::DFG::putByValInternal):

  • jit/JITOperations.cpp:

(JSC::getByVal):

  • jsc.cpp:

(functionAsDoubleNumber):

  • llint/LLIntSlowPaths.cpp:

(JSC::LLInt::getByVal):
(JSC::LLInt::LLINT_SLOW_PATH_DECL):

  • runtime/JSCJSValue.h:
  • runtime/JSCJSValueInlines.h:

(JSC::JSValue::tryGetAsUint32Index):
(JSC::JSValue::tryGetAsInt32):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jsc.cpp

    r261567 r261731  
    374374
    375375static EncodedJSValue JSC_HOST_CALL functionSetUnhandledRejectionCallback(JSGlobalObject*, CallFrame*);
     376static EncodedJSValue JSC_HOST_CALL functionAsDoubleNumber(JSGlobalObject*, CallFrame*);
    376377
    377378struct Script {
     
    642643
    643644        addFunction(vm, "setUnhandledRejectionCallback", functionSetUnhandledRejectionCallback, 1);
     645
     646        addFunction(vm, "asDoubleNumber", functionAsDoubleNumber, 1);
    644647    }
    645648   
     
    24932496}
    24942497
     2498EncodedJSValue JSC_HOST_CALL functionAsDoubleNumber(JSGlobalObject* globalObject, CallFrame* callFrame)
     2499{
     2500    VM& vm = globalObject->vm();
     2501    auto scope = DECLARE_THROW_SCOPE(vm);
     2502    double num = callFrame->argument(0).toNumber(globalObject);
     2503    RETURN_IF_EXCEPTION(scope, encodedJSValue());
     2504    return JSValue::encode(jsDoubleNumber(num));
     2505}
     2506
    24952507// Use SEH for Release builds only to get rid of the crash report dialog
    24962508// (luckily the same tests fail in Release and Debug builds so far). Need to
Note: See TracChangeset for help on using the changeset viewer.