Bug 153738 - [JSC] Make array iteration methods faster
Summary: [JSC] Make array iteration methods faster
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Yusuke Suzuki
Depends on: 154844 154022 154683 172690
  Show dependency treegraph
Reported: 2016-02-01 02:57 PST by Yusuke Suzuki
Modified: 2017-05-28 22:10 PDT (History)
7 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Yusuke Suzuki 2016-02-01 02:57:52 PST
Seeing DFG dump, (unfortunately!) Array iteration methods (like forEach) performs Double Comparison on loop condition!
This is because,

1. Poor toInteger implementation

We should convert @Number(...) to NumberUse edge filtering. And implementing isFinite in JS is better (If value is speculated as Int32, we can purge many conditions!)
Like, (Number.isFinite)
function isFinite(value)
    return value === Infinity || value === -Infinity;
And, (global).isFinite
function isFinite(value)
    var numberValue = @Number(value);  // This should be converted to edge filtering.
    return numberValue === Infinity || numberValue === -Infinity;

Handling NumberConstructor::info() in DFGByteCodeParser.cpp makes it easy I think. And to ensure more high performance implementation, introducing @toNumber bytecode intrinsic (that emits to_number bytecode) may also be good.

2. maxSafeInteger = 0x1FFFFFFFFFFFFF

Now, in toLength, we have a chance to return maxSafeInteger (This is represented as double). It is unfortunate, because it makes the result value double rep.
One plan is,

When comparing value < maxSafeInteger, and if we know value is Int32, value < maxSafeInteger becomes always true.
So we can purge this comparison and maxSafeInteger. It makes the result value Int32.

How about this?
Comment 1 Geoffrey Garen 2016-02-01 16:07:00 PST
Sounds good to me.