[JSC] Object.create should have intrinsic
authorutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 2 Jun 2018 21:08:10 +0000 (21:08 +0000)
committerutatane.tea@gmail.com <utatane.tea@gmail.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 2 Jun 2018 21:08:10 +0000 (21:08 +0000)
commit12f3301d899c6c867b214381f0ad41e5cfcc7959
treec1f379458d6166f610ba84f14d35e188b7428a4c
parent9dc6046da44e594eeeaecbe1b5fc9bb571261373
[JSC] Object.create should have intrinsic
https://bugs.webkit.org/show_bug.cgi?id=186200

Reviewed by Filip Pizlo.

JSTests:

* microbenchmarks/object-create-null.js: Added.
(test):
* microbenchmarks/object-create-unknown-object-prototype.js: Added.
(test):
* microbenchmarks/object-create-untyped-prototype.js: Added.
(test):
* stress/get-by-pname-only-prototype-properties.js: Added.
(foo):
* stress/object-create-define.js: Added.
(shouldBe):
(test):
* stress/object-create-null-external.js: Added.
(shouldBe):
(test):
* stress/object-create-null.js: Added.
(shouldBe):
(test):
* stress/object-create-prototype.js: Added.
(shouldBe):
(test):
* stress/object-create-undefined.js: Added.
(shouldThrow):
(i.shouldThrow):

Source/JavaScriptCore:

Object.create is used in various JS code. `Object.create(null)` is particularly used
to create empty plain object with null [[Prototype]]. We can find `Object.create(null)`
call in ARES-6/Babylon code.

This patch adds ObjectCreateIntrinsic to JSC. DFG recognizes it and produces ObjectCreate
DFG node. DFG AI and constant folding attempt to convert it to NewObject when prototype
object is null. It offers significant performance boost for `Object.create(null)`.

                                                 baseline                  patched

object-create-null                           53.7940+-1.5297     ^     19.8846+-0.6584        ^ definitely 2.7053x faster
object-create-unknown-object-prototype       38.9977+-1.1364     ^     37.2207+-0.6143        ^ definitely 1.0477x faster
object-create-untyped-prototype              22.5632+-0.6917           22.2539+-0.6876          might be 1.0139x faster

* dfg/DFGAbstractInterpreterInlines.h:
(JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::handleIntrinsicCall):
* dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::foldConstants):
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
* dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupNode):
* dfg/DFGNode.h:
(JSC::DFG::Node::convertToNewObject):
* dfg/DFGNodeType.h:
* dfg/DFGOperations.cpp:
* dfg/DFGOperations.h:
* dfg/DFGPredictionPropagationPhase.cpp:
* dfg/DFGSafeToExecute.h:
(JSC::DFG::safeToExecute):
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileObjectCreate):
* dfg/DFGSpeculativeJIT.h:
* dfg/DFGSpeculativeJIT32_64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* dfg/DFGSpeculativeJIT64.cpp:
(JSC::DFG::SpeculativeJIT::compile):
* ftl/FTLCapabilities.cpp:
(JSC::FTL::canCompile):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
(JSC::FTL::DFG::LowerDFGToB3::compileObjectCreate):
* runtime/Intrinsic.cpp:
(JSC::intrinsicName):
* runtime/Intrinsic.h:
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::nullPrototypeObjectStructure const):
* runtime/ObjectConstructor.cpp:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@232442 268f45cc-cd09-0410-ab3c-d52691b4dbfc
34 files changed:
JSTests/ChangeLog
JSTests/microbenchmarks/object-create-null.js [new file with mode: 0644]
JSTests/microbenchmarks/object-create-unknown-object-prototype.js [new file with mode: 0644]
JSTests/microbenchmarks/object-create-untyped-prototype.js [new file with mode: 0644]
JSTests/stress/get-by-pname-only-prototype-properties.js [new file with mode: 0644]
JSTests/stress/object-create-define.js [new file with mode: 0644]
JSTests/stress/object-create-null-external.js [new file with mode: 0644]
JSTests/stress/object-create-null.js [new file with mode: 0644]
JSTests/stress/object-create-prototype.js [new file with mode: 0644]
JSTests/stress/object-create-undefined.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGClobberize.h
Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp
Source/JavaScriptCore/dfg/DFGDoesGC.cpp
Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
Source/JavaScriptCore/dfg/DFGNode.h
Source/JavaScriptCore/dfg/DFGNodeType.h
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/dfg/DFGOperations.h
Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
Source/JavaScriptCore/dfg/DFGSafeToExecute.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
Source/JavaScriptCore/ftl/FTLCapabilities.cpp
Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
Source/JavaScriptCore/runtime/Intrinsic.cpp
Source/JavaScriptCore/runtime/Intrinsic.h
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.h
Source/JavaScriptCore/runtime/ObjectConstructor.cpp