RESOLVED FIXED 192620
[DFG][FTL] Add NewSymbol 
https://bugs.webkit.org/show_bug.cgi?id=192620
Summary [DFG][FTL] Add NewSymbol
Yusuke Suzuki
Reported 2018-12-12 02:50:37 PST
[DFG][FTL] Add NewSymbol
Attachments
WIP (18.25 KB, patch)
2018-12-12 02:58 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (21.32 KB, patch)
2018-12-12 07:01 PST, Yusuke Suzuki 		saam: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2018-12-12 02:58:21 PST
Created attachment 357116 [details] WIP
Yusuke Suzuki
Comment 2 2018-12-12 07:01:38 PST
Created attachment 357123 [details] Patch
Saam Barati
Comment 3 2018-12-12 10:10:33 PST
Comment on attachment 357123 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=357123&action=review > Source/JavaScriptCore/ChangeLog:9 > + NewSymbol code faster. Rather than that, this patch intends to offer SpecSymbol type information into DFG's Do you think it could be worth inlining the allocation for this in another patch? > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:9662 > + // Known String. You should assert instead of comment
Saam Barati
Comment 4 2018-12-12 10:12:01 PST
Comment on attachment 357123 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=357123&action=review > Source/JavaScriptCore/ChangeLog:14 > + itself does not perform any type checks. Since `NewSymbol` will not exit except for OOM, we can just use ToString It’s worth saying this is because ToString performs effects but NewSymbol doesn’t. Also, I don’t think we will ever OOM here, we will just crash
Yusuke Suzuki
Comment 5 2018-12-12 18:05:40 PST
Comment on attachment 357123 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=357123&action=review >> Source/JavaScriptCore/ChangeLog:9 >> + NewSymbol code faster. Rather than that, this patch intends to offer SpecSymbol type information into DFG's > > Do you think it could be worth inlining the allocation for this in another patch? One problem is that every Symbol has an unique WTF::SymbolImpl, which is allocated from bmalloc heap. While we can allocate Symbol JSCell in the inline code, we still need to call C runtime to allocate this SymbolImpl. If it still offers a perf win, it would be worth doing since Symbol creation would be more frequent after class private fields come. >> Source/JavaScriptCore/ChangeLog:14 >> + itself does not perform any type checks. Since `NewSymbol` will not exit except for OOM, we can just use ToString > > It’s worth saying this is because ToString performs effects but NewSymbol doesn’t. Also, I don’t think we will ever OOM here, we will just crash Sounds nice. Fixed. >> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:9662 >> + // Known String. > > You should assert instead of comment Nice, fixed.
Yusuke Suzuki
Comment 6 2018-12-12 18:09:33 PST
Committed r239142: <https://trac.webkit.org/changeset/239142>
Radar WebKit Bug Importer
Comment 7 2018-12-12 18:10:27 PST
<rdar://problem/46683296>
Yusuke Suzuki
Comment 8 2018-12-13 00:17:47 PST
(In reply to Saam Barati from comment #3) > Comment on attachment 357123 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=357123&action=review > > > Source/JavaScriptCore/ChangeLog:9 > > + NewSymbol code faster. Rather than that, this patch intends to offer SpecSymbol type information into DFG's > > Do you think it could be worth inlining the allocation for this in another > patch? After investigating, inlining allocation does not improve Symbol constructor calls much. Actually, the large part of the time is consumed by HashTable, which is used to ensure one-on-one correspondence betweeen Symbol* and WTF::SymbolImpl.
Saam Barati
Comment 9 2018-12-13 08:22:05 PST
(In reply to Yusuke Suzuki from comment #8) > (In reply to Saam Barati from comment #3) > > Comment on attachment 357123 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=357123&action=review > > > > > Source/JavaScriptCore/ChangeLog:9 > > > + NewSymbol code faster. Rather than that, this patch intends to offer SpecSymbol type information into DFG's > > > > Do you think it could be worth inlining the allocation for this in another > > patch? > > After investigating, inlining allocation does not improve Symbol constructor > calls much. Actually, the large part of the time is consumed by HashTable, > which is used to ensure one-on-one correspondence betweeen Symbol* and > WTF::SymbolImpl. Makes sense. Thanks for investigating. If we ever found a use case where this is super hot, we could inline cache Symbol(), e.g, a program like this: function foo() { return Symbol(“const string”) } Where foo is frequently called. We could cache the underlying SymbolImpl
Yusuke Suzuki
Comment 10 2018-12-13 08:33:11 PST
(In reply to Saam Barati from comment #9) > > Makes sense. Thanks for investigating. > > If we ever found a use case where this is super hot, we could inline cache > Symbol(), e.g, a program like this: > function foo() { return Symbol(“const string”) } > Where foo is frequently called. We could cache the underlying SymbolImpl The issue is that, everytime foo is called, it generates a new unique Symbol with unique SymbolImpl. So we cannot perform IC here. One fancy plan is that, embedding SymbolImpl into Symbol*. And Symbol* won't be collected while SymbolImpl's ref count is larger than one (this could be implemented by marking constraints). But the problem is, one SymbolImpl generated by VM cannot be used by the other VM. So, if we would like to do this optimization, I think we need per-process VM heap.
Saam Barati
Comment 11 2018-12-13 11:27:35 PST
Makes sense. I clearly forgot that we have the 1:1 mapping of SymbolImpl to Symbol*
Note You need to log in before you can comment on or make changes to this bug.