RESOLVED FIXED 243148
TypedArray speciesConstruct should do the same thing to Array's species constructor optimization in C++ 
https://bugs.webkit.org/show_bug.cgi?id=243148
Summary TypedArray speciesConstruct should do the same thing to Array's species const...
SheetJS
Reported 2022-07-23 21:03:01 PDT
Parts of the SheetJS library will create many small slices from Uint8Arrays. A typical use case is performing a shallow parse of a protobuf message (https://github.com/SheetJS/sheetjs/blob/master/modules/83_numbers.ts#L145 for example) In V8, changing `buf.slice(start, end)` to `buf.subarray(start, end)` results in nearly identical performance. If we had to speculate, when code only reads from the result, `slice` does not create a new copy of the data. In Safari, changing `buf.slice(start, end)` to `buf.subarray(start, end)` results in a significant difference in running time. If we had to speculate, Safari is creating new copies with each slice even if the individual slices are not modified. The performance difference is notable: ~20% savings when testing in the Bun runtime. It shaved nearly 80 seconds (from 453 to 373 seconds) from the browser test suite run time in iOS 11.3. Given the evolution of `Buffer` in NodeJS and V8's performance profile, many isomorphic libraries use `slice` when `subarray` would have sufficed.
Attachments
v8 (1.37 MB, image/png)
2022-07-23 22:00 PDT, Jarred Sumner 		no flags
Details
jsc (1.57 MB, image/png)
2022-07-23 22:01 PDT, Jarred Sumner 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Jarred Sumner
Comment 1 2022-07-23 22:00:19 PDT
Created attachment 461170 [details] v8 instruments output of v8 shell when running this code var typedArray = new Uint8Array(1024); typedArray.fill(253); var output = typedArray.slice(); for (let i = 0; i < 10000000; i++) { output = output.slice(); }
Jarred Sumner
Comment 2 2022-07-23 22:01:45 PDT
Created attachment 461171 [details] jsc jsc shell output
Yusuke Suzuki
Comment 3 2022-07-23 22:05:35 PDT
It seems that V8's TypedArray#slice is straight forward, and I think we are doing similar things. https://source.chromium.org/chromium/chromium/src/+/main:v8/src/builtins/typed-array-slice.tq?q=typed-array-slice.tq&ss=chromium
Yusuke Suzuki
Comment 4 2022-07-23 22:26:25 PDT
TypedArray's speciesConstructor is always getting "constructor" from the object, that's bad. We should have a watchpoint for species constructor invalidation for TypedArray, and let's skip this completely, as we are doing it in Array species constructor.
Yusuke Suzuki
Comment 5 2022-07-24 02:06:35 PDT
*** Bug 243150 has been marked as a duplicate of this bug. ***
Yusuke Suzuki
Comment 6 2022-07-24 02:07:13 PDT
Pull request: https://github.com/WebKit/WebKit/pull/2694
EWS
Comment 7 2022-07-26 15:34:22 PDT
Committed 252847@main (b4e6f9389bc5): <https://commits.webkit.org/252847@main> Reviewed commits have been landed. Closing PR #2694 and removing active labels.
Radar WebKit Bug Importer
Comment 8 2022-07-26 15:35:18 PDT
<rdar://problem/97632409>
Yusuke Suzuki
Comment 9 2022-07-26 19:29:05 PDT
Now, the benchmark script is 2x faster than V8.
Note You need to log in before you can comment on or make changes to this bug.