RESOLVED FIXED176654
[JSC] Optimize Object.keys by using careful array allocation 
https://bugs.webkit.org/show_bug.cgi?id=176654
Summary [JSC] Optimize Object.keys by using careful array allocation
Yusuke Suzuki
Reported 2017-09-09 09:17:36 PDT
[JSC] Optimize Object.keys by using careful array allocation
Attachments
Patch (12.39 KB, patch)
2017-09-09 09:23 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (13.80 KB, patch)
2017-09-09 09:39 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (13.90 KB, patch)
2017-09-09 09:40 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (10.58 KB, patch)
2017-09-09 10:09 PDT, Yusuke Suzuki 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2017-09-09 09:23:43 PDT
Created attachment 320344 [details] Patch
Yusuke Suzuki
Comment 2 2017-09-09 09:31:25 PDT
Comment on attachment 320344 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=320344&action=review > Source/JavaScriptCore/ChangeLog:13 > + but it rarely appears. Then, ProxyObject case goes to the generic path.
Yusuke Suzuki
Comment 3 2017-09-09 09:39:36 PDT
Created attachment 320345 [details] Patch
Yusuke Suzuki
Comment 4 2017-09-09 09:40:46 PDT
Created attachment 320346 [details] Patch
Yusuke Suzuki
Comment 5 2017-09-09 10:09:12 PDT
Created attachment 320347 [details] Patch
Darin Adler
Comment 6 2017-09-10 14:58:54 PDT
Comment on attachment 320347 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=320347&action=review > Source/JavaScriptCore/runtime/ObjectConstructor.h:125 > -JSArray* ownPropertyKeys(ExecState*, JSObject*, PropertyNameMode, DontEnumPropertiesMode); > +JSValue ownPropertyKeys(ExecState*, JSObject*, PropertyNameMode, DontEnumPropertiesMode); Why this change? Nothing in the change log explains it. The function still seems to always return a JSArray*. Is it a performance optimization to move the conversion from JSArray* to JSValue inside the function? If the change isn’t needed, then it seems useful to follow the general C++ coding style rule of not widening types unnecessarily in case the narrower type can be of use for performance optimization or otherwise useful in the future.
Yusuke Suzuki
Comment 7 2017-09-11 01:04:55 PDT
Comment on attachment 320347 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=320347&action=review >> Source/JavaScriptCore/runtime/ObjectConstructor.h:125 >> +JSValue ownPropertyKeys(ExecState*, JSObject*, PropertyNameMode, DontEnumPropertiesMode); > > Why this change? Nothing in the change log explains it. The function still seems to always return a JSArray*. Is it a performance optimization to move the conversion from JSArray* to JSValue inside the function? > > If the change isn’t needed, then it seems useful to follow the general C++ coding style rule of not widening types unnecessarily in case the narrower type can be of use for performance optimization or otherwise useful in the future. I thought it is not so good that JSValue::encode(nullptr as JSCell*) happens if the error occurrs. But either is ok to me.
Yusuke Suzuki
Comment 8 2017-09-11 01:10:17 PDT
Committed r221853: <http://trac.webkit.org/changeset/221853>
Saam Barati
Comment 10 2017-09-11 11:56:14 PDT
Comment on attachment 320347 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=320347&action=review > Source/JavaScriptCore/runtime/ObjectConstructor.cpp:402 > + values->putDirectIndex(exec, index++, value); Isn't this an observable change in JS semantics?
Darin Adler
Comment 11 2017-09-11 19:07:15 PDT
Comment on attachment 320347 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=320347&action=review >>> Source/JavaScriptCore/runtime/ObjectConstructor.h:125 >>> +JSValue ownPropertyKeys(ExecState*, JSObject*, PropertyNameMode, DontEnumPropertiesMode); >> >> Why this change? Nothing in the change log explains it. The function still seems to always return a JSArray*. Is it a performance optimization to move the conversion from JSArray* to JSValue inside the function? >> >> If the change isn’t needed, then it seems useful to follow the general C++ coding style rule of not widening types unnecessarily in case the narrower type can be of use for performance optimization or otherwise useful in the future. > > I thought it is not so good that JSValue::encode(nullptr as JSCell*) happens if the error occurrs. But either is ok to me. Not different from returning "JSValue { }"; the JSValue(JSCell*) constructor handles nullptr in exactly that way. If we wanted to optimize by avoiding the branch, I don’t think returning JSValue accomplishes that.
Yusuke Suzuki
Comment 12 2017-09-12 09:53:47 PDT
Comment on attachment 320347 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=320347&action=review >> Source/JavaScriptCore/runtime/ObjectConstructor.cpp:402 >> + values->putDirectIndex(exec, index++, value); > > Isn't this an observable change in JS semantics? I changed these code to align them to the spec (previously, our implementation does not follow the spec.) I'll add the test for this.
Saam Barati
Comment 13 2017-09-12 11:41:02 PDT
(In reply to Yusuke Suzuki from comment #12) > Comment on attachment 320347 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=320347&action=review > > >> Source/JavaScriptCore/runtime/ObjectConstructor.cpp:402 > >> + values->putDirectIndex(exec, index++, value); > > > > Isn't this an observable change in JS semantics? > > I changed these code to align them to the spec (previously, our > implementation does not follow the spec.) > I'll add the test for this. 👍🏽
Radar WebKit Bug Importer
Comment 14 2017-09-27 12:32:28 PDT
<rdar://problem/34693450>
Note You need to log in before you can comment on or make changes to this bug.