RESOLVED FIXED Bug 222539
[JSC] Optimize getEnumerableLength 
https://bugs.webkit.org/show_bug.cgi?id=222539
Summary [JSC] Optimize getEnumerableLength
Yusuke Suzuki
Reported 2021-03-01 03:01:46 PST
[JSC] Rename getEnumerableLength to getEnumerableLengthTracingJSProxy, and remove indirect call of getEnumerableLength
Attachments
Patch (9.64 KB, patch)
2021-03-01 03:07 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (12.28 KB, patch)
2021-03-01 03:46 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (12.38 KB, patch)
2021-03-01 03:48 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (12.38 KB, patch)
2021-03-01 03:50 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (13.90 KB, patch)
2021-03-01 03:57 PST, Yusuke Suzuki 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (13.19 KB, patch)
2021-03-01 04:07 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (12.15 KB, patch)
2021-03-02 13:43 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (12.05 KB, patch)
2021-03-02 13:49 PST, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Show Obsolete (7) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2021-03-01 03:07:34 PST
Created attachment 421802 [details] Patch
Yusuke Suzuki
Comment 2 2021-03-01 03:46:11 PST
Created attachment 421803 [details] Patch
Yusuke Suzuki
Comment 3 2021-03-01 03:48:22 PST
Created attachment 421804 [details] Patch
Yusuke Suzuki
Comment 4 2021-03-01 03:50:22 PST
Created attachment 421805 [details] Patch
Yusuke Suzuki
Comment 5 2021-03-01 03:57:59 PST
Created attachment 421806 [details] Patch
Yusuke Suzuki
Comment 6 2021-03-01 04:07:05 PST
Created attachment 421807 [details] Patch
Alexey Shvayka
Comment 7 2021-03-01 08:14:54 PST
Comment on attachment 421807 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=421807&action=review > Source/JavaScriptCore/ChangeLog:8 > + Now getEnumerableLength is only overridden by JSProxy. And this is called in the critical path of propertyNameEnumerator. 1. I am pretty sure we can remove JSProxy handling from getEnumerableLength() because it won't hit fast path of for/in anyway: canAccessPropertiesQuicklyForEnumeration() will reject it due to overriden getOwnPropertyNames(). 2. We can't optimize access to JSProxy's indices as they are handled in JSDOMWindow::getOwnPropertySlotByIndex(). 3. For/in over window is super slow anyway, as it yield a lot of event handler properties etc, and doesn't seem like a case we should optimize for. 4. I believe we can optimize enumeration for StringObject / Arguments / TypedArray via getEnumerableLength() overrides, but can we (relatively easily) speed up indexed access for them?
Yusuke Suzuki
Comment 8 2021-03-02 13:40:21 PST
Comment on attachment 421807 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=421807&action=review >> Source/JavaScriptCore/ChangeLog:8 >> + Now getEnumerableLength is only overridden by JSProxy. And this is called in the critical path of propertyNameEnumerator. > > 1. I am pretty sure we can remove JSProxy handling from getEnumerableLength() because it won't hit fast path of for/in anyway: canAccessPropertiesQuicklyForEnumeration() will reject it due to overriden getOwnPropertyNames(). > 2. We can't optimize access to JSProxy's indices as they are handled in JSDOMWindow::getOwnPropertySlotByIndex(). > 3. For/in over window is super slow anyway, as it yield a lot of event handler properties etc, and doesn't seem like a case we should optimize for. > 4. I believe we can optimize enumeration for StringObject / Arguments / TypedArray via getEnumerableLength() overrides, but can we (relatively easily) speed up indexed access for them? Thanks, 1, 2, 3: Sounds good. I'll remove JSProxy chasing part. 4. I think they are rare enough, so we could support with TypeInfo flag in the future. For now, my plan is just keeping it as is (not optimized yet).
Yusuke Suzuki
Comment 9 2021-03-02 13:41:50 PST
Comment on attachment 421807 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=421807&action=review >>> Source/JavaScriptCore/ChangeLog:8 >>> + Now getEnumerableLength is only overridden by JSProxy. And this is called in the critical path of propertyNameEnumerator. >> >> 1. I am pretty sure we can remove JSProxy handling from getEnumerableLength() because it won't hit fast path of for/in anyway: canAccessPropertiesQuicklyForEnumeration() will reject it due to overriden getOwnPropertyNames(). >> 2. We can't optimize access to JSProxy's indices as they are handled in JSDOMWindow::getOwnPropertySlotByIndex(). >> 3. For/in over window is super slow anyway, as it yield a lot of event handler properties etc, and doesn't seem like a case we should optimize for. >> 4. I believe we can optimize enumeration for StringObject / Arguments / TypedArray via getEnumerableLength() overrides, but can we (relatively easily) speed up indexed access for them? > > Thanks, > > 1, 2, 3: Sounds good. I'll remove JSProxy chasing part. > 4. I think they are rare enough, so we could support with TypeInfo flag in the future. For now, my plan is just keeping it as is (not optimized yet). For typed-array case, we could just extend the support by using canGetIndexQuickly like feature.
Yusuke Suzuki
Comment 10 2021-03-02 13:43:39 PST
Created attachment 421988 [details] Patch
Yusuke Suzuki
Comment 11 2021-03-02 13:49:31 PST
Created attachment 421992 [details] Patch
Alexey Shvayka
Comment 12 2021-03-02 13:55:24 PST
(In reply to Yusuke Suzuki from comment #9) > For typed-array case, we could just extend the support by using canGetIndexQuickly like feature. Yeah, we don't need getEnumerableLength() in a method table for that. Regarding other objects: we can't optimize indexed access for them via IndexedForInContext, only enumeration, which won't benefit much + they are rare. Fast for/in for TypedArray can be tracked in https://bugs.webkit.org/show_bug.cgi?id=135033.
EWS
Comment 13 2021-03-02 15:33:48 PST
Committed r273766: <https://commits.webkit.org/r273766> All reviewed patches have been landed. Closing bug and clearing flags on attachment 421992 [details].
Radar WebKit Bug Importer
Comment 14 2021-03-02 15:34:19 PST
<rdar://problem/74952502>
Note You need to log in before you can comment on or make changes to this bug.