Diff - fbf1df97da883aba0bb0c14dbf89f55a6c082756^! - WebKit

commit	fbf1df97da883aba0bb0c14dbf89f55a6c082756	[log] [tgz]
author	yusukesuzuki@slowstart.org <yusukesuzuki@slowstart.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Thu Sep 20 05:54:27 2018 +0000
committer	yusukesuzuki@slowstart.org <yusukesuzuki@slowstart.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Thu Sep 20 05:54:27 2018 +0000
tree	83ea96e95cdc1a6ebd1c56d2f95d4c22c5b10e43
parent	19f4ba2b6c697a54acd70f7a80ee91286ebe2dff [diff] [blame]

[JSC] Optimize Array#indexOf in C++ runtime
https://bugs.webkit.org/show_bug.cgi?id=189507

Reviewed by Saam Barati.

JSTests:

* stress/array-indexof-array-prototype-trap.js: Added.
(shouldBe):
(AncestorArray.prototype.get 2):
(AncestorArray):
* stress/array-indexof-have-a-bad-time-c-runtime.js: Added.
(shouldBe):
* stress/array-indexof-hole-nan.js: Added.
(shouldBe):
(throw.new.Error):
* stress/array-indexof-infinity.js: Added.
(shouldBe):
(throw.new.Error):
* stress/array-indexof-negative-zero.js: Added.
(shouldBe):
(throw.new.Error):
* stress/array-indexof-own-getter.js: Added.
(shouldBe):
(throw.new.Error.get array):
(get array):
* stress/array-indexof-prototype-trap.js: Added.
(shouldBe):
(DerivedArray.prototype.get 2):
(DerivedArray):

Source/JavaScriptCore:

C++ Array#indexOf runtime function takes so much time in babylon benchmark in
web-tooling-benchmark. While our DFG and FTL has Array#indexOf optimization
and actually it is working well, C++ Array#indexOf is called significant amount
of time before tiering up, and it takes 6.74% of jsc main thread samples according
to perf command in Linux. This is because C++ Array#indexOf is too generic and
misses the chance to optimize JSArray cases.

This patch adds JSArray fast path for Array#indexOf. If we know that indexed
access to the given JSArray is non-observable and indexing type is good for the fast
path, we go to the fast path. This makes sampling of Array#indexOf 3.83% in
babylon web-tooling-benchmark.

* runtime/ArrayPrototype.cpp:
(JSC::arrayProtoFuncIndexOf):
* runtime/JSArray.h:
* runtime/JSArrayInlines.h:
(JSC::JSArray::canDoFastIndexedAccess):
(JSC::toLength):
* runtime/JSCJSValueInlines.h:
(JSC::JSValue::JSValue):
* runtime/JSGlobalObject.h:
* runtime/JSGlobalObjectInlines.h:
(JSC::JSGlobalObject::isArrayPrototypeIndexedAccessFastAndNonObservable):
(JSC::JSGlobalObject::isArrayPrototypeIteratorProtocolFastAndNonObservable):
* runtime/MathCommon.h:
(JSC::canBeStrictInt32):
(JSC::canBeInt32):

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@236240 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/runtime/JSArray.h b/Source/JavaScriptCore/runtime/JSArray.h
index a6ee5d3..4877eb8 100644
--- a/Source/JavaScriptCore/runtime/JSArray.h
+++ b/Source/JavaScriptCore/runtime/JSArray.h

@@ -101,6 +101,7 @@
     JSArray* fastSlice(ExecState&, unsigned startIndex, unsigned count);
 
     bool canFastCopy(VM&, JSArray* otherArray);
+    bool canDoFastIndexedAccess(VM&);
     // This function returns NonArray if the indexing types are not compatable for copying.
     IndexingType mergeIndexingTypeForCopying(IndexingType other);
     bool appendMemcpy(ExecState*, VM&, unsigned startIndex, JSArray* otherArray);