Changeset 273135 in webkit

Timestamp:

Feb 19, 2021 1:42:20 AM (3 years ago)

Author:

ysuzuki@apple.com

Message:

[JSC] Simplify excludedSet handling in object rest expression
​https://bugs.webkit.org/show_bug.cgi?id=221668

Reviewed by Alexey Shvayka.

JSTests:

• microbenchmarks/object-rest-computed-destructuring.js: Added.
• stress/object-rest-computed-inlined-numbers.js: Added.

(inner):
(outer):

• stress/object-rest-computed-inlined.js: Added.

(inner):
(outer):

Source/JavaScriptCore:

This patch simplifies Object rest/spread by avoiding use of JSSet.
Instead, we store IdentifierSet into UnlinkedCodeBlock's vector and
access this directly through JS constant number.
And for additional properties, we collect it during destructuring,
and pass it to @copyDataProperties as an argument so that we do not
need to call Set#add in JS side.

We also check (isNumber()

isString) conditions for properties to

avoid calling ToPropertyKey for constant case. This is OK since we
will call ToPropertyKey inside @copyDataProperties, and this is
side-effect free if the input is number or string.

This patch shows 2x improvement in microbenchmarking.

ToT Patched

object-rest-computed-destructuring 62.9960+-6.5072 ^{30.2157+-1.1420} definitely 2.0849x faster

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::finishCreation):
(JSC::CodeBlock::setConstantIdentifierSetRegisters): Deleted.

• bytecode/CodeBlock.h:
• bytecode/UnlinkedCodeBlock.h:

(JSC::UnlinkedCodeBlock::constantIdentifierSets):

• bytecode/UnlinkedCodeBlockGenerator.h:

(JSC::UnlinkedCodeBlockGenerator::constantIdentifierSets):
(JSC::UnlinkedCodeBlockGenerator::addSetConstant):

• bytecompiler/BytecodeGenerator.cpp:

(JSC::BytecodeGenerator::emitLoad):

• bytecompiler/BytecodeGenerator.h:
• bytecompiler/NodesCodegen.cpp:

(JSC::ObjectPatternNode::bindValue const):
(JSC::ObjectSpreadExpressionNode::emitBytecode):

• runtime/CachedTypes.cpp:

(JSC::CachedConstantIdentifierSetEntry::encode): Deleted.
(JSC::CachedConstantIdentifierSetEntry::decode const): Deleted.

• runtime/JSGlobalObjectFunctions.cpp:

(JSC::getCallerCodeBlock):
(JSC::JSC_DEFINE_HOST_FUNCTION):

Location:

trunk

Files:

• JSTests/ChangeLog (modified) (1 diff)
• JSTests/microbenchmarks/object-rest-computed-destructuring.js (added)
• JSTests/stress/object-rest-computed-inlined-numbers.js (added)
• JSTests/stress/object-rest-computed-inlined.js (added)
• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/bytecode/CodeBlock.cpp (modified) (2 diffs)
• Source/JavaScriptCore/bytecode/CodeBlock.h (modified) (1 diff)
• Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h (modified) (3 diffs)
• Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.h (modified) (2 diffs)
• Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp (modified) (1 diff)
• Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h (modified) (1 diff)
• Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/CachedTypes.cpp (modified) (2 diffs)
• Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp (modified) (7 diffs)

trunk/JSTests/ChangeLog

@@ +1 @@
+2021-02-19  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Simplify excludedSet handling in object rest expression
+        https://bugs.webkit.org/show_bug.cgi?id=221668
+
+        Reviewed by Alexey Shvayka.
+
+        * microbenchmarks/object-rest-computed-destructuring.js: Added.
+        * stress/object-rest-computed-inlined-numbers.js: Added.
+        (inner):
+        (outer):
+        * stress/object-rest-computed-inlined.js: Added.
+        (inner):
+        (outer):
+
 2021-02-18  Caio Lima  <ticaiolima@gmail.com>
 

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2021-02-19  Yusuke Suzuki  <ysuzuki@apple.com>
+
+        [JSC] Simplify excludedSet handling in object rest expression
+        https://bugs.webkit.org/show_bug.cgi?id=221668
+
+        Reviewed by Alexey Shvayka.
+
+        This patch simplifies Object rest/spread by avoiding use of JSSet.
+        Instead, we store IdentifierSet into UnlinkedCodeBlock's vector and
+        access this directly through JS constant number.
+        And for additional properties, we collect it during destructuring,
+        and pass it to @copyDataProperties as an argument so that we do not
+        need to call Set#add in JS side.
+
+        We also check (isNumber() || isString) conditions for properties to
+        avoid calling ToPropertyKey for constant case. This is OK since we
+        will call ToPropertyKey inside @copyDataProperties, and this is
+        side-effect free if the input is number or string.
+
+        This patch shows 2x improvement in microbenchmarking.
+
+                                                       ToT                     Patched
+
+        object-rest-computed-destructuring       62.9960+-6.5072     ^     30.2157+-1.1420        ^ definitely 2.0849x faster
+
+        * bytecode/CodeBlock.cpp:
+        (JSC::CodeBlock::finishCreation):
+        (JSC::CodeBlock::setConstantIdentifierSetRegisters): Deleted.
+        * bytecode/CodeBlock.h:
+        * bytecode/UnlinkedCodeBlock.h:
+        (JSC::UnlinkedCodeBlock::constantIdentifierSets):
+        * bytecode/UnlinkedCodeBlockGenerator.h:
+        (JSC::UnlinkedCodeBlockGenerator::constantIdentifierSets):
+        (JSC::UnlinkedCodeBlockGenerator::addSetConstant):
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::emitLoad):
+        * bytecompiler/BytecodeGenerator.h:
+        * bytecompiler/NodesCodegen.cpp:
+        (JSC::ObjectPatternNode::bindValue const):
+        (JSC::ObjectSpreadExpressionNode::emitBytecode):
+        * runtime/CachedTypes.cpp:
+        (JSC::CachedConstantIdentifierSetEntry::encode): Deleted.
+        (JSC::CachedConstantIdentifierSetEntry::decode const): Deleted.
+        * runtime/JSGlobalObjectFunctions.cpp:
+        (JSC::getCallerCodeBlock):
+        (JSC::JSC_DEFINE_HOST_FUNCTION):
+
 2021-02-18  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

@@ -423 +423 @@
         createRareDataIfNecessary();
 
-        setConstantIdentifierSetRegisters(vm, unlinkedCodeBlock->constantIdentifierSets());
-        RETURN_IF_EXCEPTION(throwScope, false);
-
         if (size_t count = unlinkedCodeBlock->numberOfExceptionHandlers()) {
             m_rareData->m_exceptionHandlers.resizeToFit(count);
@@ -889 +886 @@
     }
 #endif // ENABLE(JIT)
-}
-
-void CodeBlock::setConstantIdentifierSetRegisters(VM& vm, const RefCountedArray<ConstantIdentifierSetEntry>& constants)
-{
-    auto scope = DECLARE_THROW_SCOPE(vm);
-    JSGlobalObject* globalObject = m_globalObject.get();
-
-    for (const auto& entry : constants) {
-        const IdentifierSet& set = entry.first;
-
-        Structure* setStructure = globalObject->setStructure();
-        RETURN_IF_EXCEPTION(scope, void());
-        JSSet* jsSet = JSSet::create(globalObject, vm, setStructure, set.size());
-        RETURN_IF_EXCEPTION(scope, void());
-
-        for (const auto& setEntry : set) {
-            JSString* jsString = jsOwnedString(vm, setEntry.get()); 
-            jsSet->add(globalObject, jsString);
-            RETURN_IF_EXCEPTION(scope, void());
-        }
-        m_constantRegisters[entry.second].set(vm, this, jsSet);
-    }
 }
 

trunk/Source/JavaScriptCore/bytecode/CodeBlock.h

@@ -954 +954 @@
     void updateAllValueProfilePredictionsAndCountLiveness(unsigned& numberOfLiveNonArgumentValueProfiles, unsigned& numberOfSamplesInProfiles);
 
-    void setConstantIdentifierSetRegisters(VM&, const RefCountedArray<ConstantIdentifierSetEntry>& constants);
-
     void setConstantRegisters(const RefCountedArray<WriteBarrier<Unknown>>& constants, const RefCountedArray<SourceCodeRepresentation>& constantsSourceCodeRepresentation, ScriptExecutable* topLevelExecutable);
 

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h

@@ -75 +75 @@
 typedef unsigned UnlinkedObjectAllocationProfile;
 typedef unsigned UnlinkedLLIntCallLinkInfo;
-using ConstantIdentifierSetEntry = std::pair<IdentifierSet, unsigned>;
 
 struct UnlinkedStringJumpTable {
@@ -163 +162 @@
 
     unsigned numberOfConstantIdentifierSets() const { return m_rareData ? m_rareData->m_constantIdentifierSets.size() : 0; }
-    const RefCountedArray<ConstantIdentifierSetEntry>& constantIdentifierSets() { ASSERT(m_rareData); return m_rareData->m_constantIdentifierSets; }
+    const RefCountedArray<IdentifierSet>& constantIdentifierSets() { ASSERT(m_rareData); return m_rareData->m_constantIdentifierSets; }
 
     // Jumps
@@ -412 +411 @@
         RefCountedArray<InstructionStream::Offset> m_opProfileControlFlowBytecodeOffsets;
         RefCountedArray<BitVector> m_bitVectors;
-        RefCountedArray<ConstantIdentifierSetEntry> m_constantIdentifierSets;
+        RefCountedArray<IdentifierSet> m_constantIdentifierSets;
 
         unsigned m_needsClassFieldInitializer : 1;

trunk/Source/JavaScriptCore/bytecode/UnlinkedCodeBlockGenerator.h

@@ -112 +112 @@
 
     unsigned numberOfConstantIdentifierSets() const { return m_constantIdentifierSets.size(); }
-    const Vector<ConstantIdentifierSetEntry>& constantIdentifierSets() { return m_constantIdentifierSets; }
-    void addSetConstant(IdentifierSet& set)
-    {
-        ASSERT(m_vm.heap.isDeferred());
-        unsigned result = m_constantRegisters.size();
-        m_constantRegisters.append(WriteBarrier<Unknown>());
-        m_constantsSourceCodeRepresentation.append(SourceCodeRepresentation::Other);
-        m_constantIdentifierSets.append(ConstantIdentifierSetEntry(set, result));
+    const Vector<IdentifierSet>& constantIdentifierSets() { return m_constantIdentifierSets; }
+    unsigned addSetConstant(IdentifierSet&& set)
+    {
+        ASSERT(m_vm.heap.isDeferred());
+        unsigned result = m_constantIdentifierSets.size();
+        m_constantIdentifierSets.append(WTFMove(set));
+        return result;
     }
 
@@ -211 +210 @@
     Vector<InstructionStream::Offset> m_opProfileControlFlowBytecodeOffsets;
     Vector<BitVector> m_bitVectors;
-    Vector<ConstantIdentifierSetEntry> m_constantIdentifierSets;
+    Vector<IdentifierSet> m_constantIdentifierSets;
 };
 

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.cpp

@@ -1841 +1841 @@
 }
 
-RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, IdentifierSet& set)
-{
-    if (m_codeBlock->numberOfConstantIdentifierSets()) {
-        for (const auto& entry : m_codeBlock->constantIdentifierSets()) {
-            if (entry.first != set)
-                continue;
-            
-            return &m_constantPoolRegisters[entry.second];
-        }
-    }
-    
-    unsigned index = addConstantIndex();
-    m_codeBlock->addSetConstant(set);
-    RegisterID* m_setRegister = &m_constantPoolRegisters[index];
-    
-    if (dst)
-        return move(dst, m_setRegister);
-    
-    return m_setRegister;
+RegisterID* BytecodeGenerator::emitLoad(RegisterID* dst, IdentifierSet&& set)
+{
+    unsigned setIndex = m_codeBlock->addSetConstant(WTFMove(set));
+    return emitLoad(dst, jsNumber(setIndex));
 }
 

trunk/Source/JavaScriptCore/bytecompiler/BytecodeGenerator.h

@@ -706 +706 @@
         RegisterID* emitLoad(RegisterID* dst, const Identifier&);
         RegisterID* emitLoad(RegisterID* dst, JSValue, SourceCodeRepresentation = SourceCodeRepresentation::Other);
-        RegisterID* emitLoad(RegisterID* dst, IdentifierSet& excludedList);
+        RegisterID* emitLoad(RegisterID* dst, IdentifierSet&& excludedList);
 
         template<typename UnaryOp, typename = std::enable_if_t<UnaryOp::opcodeID != op_negate>>

trunk/Source/JavaScriptCore/bytecompiler/NodesCodegen.cpp

@@ -5509 +5509 @@
     generator.emitRequireObjectCoercible(rhs, "Right side of assignment cannot be destructured"_s);
 
-    RefPtr<RegisterID> excludedList;
-    IdentifierSet excludedSet;
-    RefPtr<RegisterID> addMethod;
-    if (m_containsRestElement && m_containsComputedProperty) {
-        RefPtr<RegisterID> setConstructor = generator.moveLinkTimeConstant(nullptr, LinkTimeConstant::Set);
-
-        CallArguments args(generator, nullptr, 0);
-        excludedList = generator.emitConstruct(generator.newTemporary(), setConstructor.get(), setConstructor.get(), NoExpectedFunction, args, divot(), divotStart(), divotEnd());
-
-        addMethod = generator.emitGetById(generator.newTemporary(), excludedList.get(), generator.propertyNames().builtinNames().addPrivateName());
-    }
-
     BytecodeGenerator::PreservedTDZStack preservedTDZStack;
     generator.preserveTDZStack(preservedTDZStack);
 
-    for (size_t i = 0; i < m_targetPatterns.size(); i++) {
-        const auto& target = m_targetPatterns[i];
-        if (target.bindingType == BindingType::Element) {
-            // If the destructuring becomes get_by_id and mov, then we should store results directly to the local's binding.
-            // From
-            //     get_by_id          dst:loc10, base:loc9, property:0
-            //     mov                dst:loc6, src:loc10
-            // To
-            //     get_by_id          dst:loc6, base:loc9, property:0
-            auto writableDirectBindingIfPossible = [&]() -> RegisterID* {
-                // The following pattern is possible. In that case, after setting |data| local variable, we need to store property name into the set.
-                // So, old property name |data| result must be kept before setting it into |data|.
-                //     ({ [data]: data, ...obj } = object);
-                if (m_containsRestElement && m_containsComputedProperty && target.propertyExpression)
-                    return nullptr;
-                // default value can include a reference to local variable. So filling value to a local variable can differ result.
-                // We give up fast path if default value includes non constant.
-                // For example,
-                //     ({ data = data } = object);
-                if (target.defaultValue && !target.defaultValue->isConstant())
-                    return nullptr;
-                return target.pattern->writableDirectBindingIfPossible(generator);
-            };
-
-            auto finishDirectBindingAssignment = [&]() {
-                ASSERT(writableDirectBindingIfPossible());
-                target.pattern->finishDirectBindingAssignment(generator);
-            };
-
-            RefPtr<RegisterID> temp;
-            RegisterID* directBinding = writableDirectBindingIfPossible();
-            if (directBinding)
-                temp = directBinding;
-            else
-                temp = generator.newTemporary();
-
-            RefPtr<RegisterID> propertyName;
-            if (!target.propertyExpression) {
-                Optional<uint32_t> optionalIndex = parseIndex(target.propertyName);
-                if (!optionalIndex)
-                    generator.emitGetById(temp.get(), rhs, target.propertyName);
-                else {
-                    RefPtr<RegisterID> propertyIndex = generator.emitLoad(nullptr, jsNumber(optionalIndex.value()));
-                    generator.emitGetByVal(temp.get(), rhs, propertyIndex.get());
+    {
+        RefPtr<RegisterID> newObject;
+        IdentifierSet excludedSet;
+        Optional<CallArguments> args;
+        unsigned numberOfComputedProperties = 0;
+        unsigned indexInArguments = 2;
+        if (m_containsRestElement) {
+            if (m_containsComputedProperty) {
+                for (const auto& target : m_targetPatterns) {
+                    if (target.bindingType == BindingType::Element) {
+                        if (target.propertyExpression)
+                            ++numberOfComputedProperties;
+                    }
                 }
+            }
+            newObject = generator.newTemporary();
+            args.emplace(generator, nullptr, indexInArguments + numberOfComputedProperties);
+        }
+
+        for (size_t i = 0; i < m_targetPatterns.size(); i++) {
+            const auto& target = m_targetPatterns[i];
+            if (target.bindingType == BindingType::Element) {
+                // If the destructuring becomes get_by_id and mov, then we should store results directly to the local's binding.
+                // From
+                //     get_by_id          dst:loc10, base:loc9, property:0
+                //     mov                dst:loc6, src:loc10
+                // To
+                //     get_by_id          dst:loc6, base:loc9, property:0
+                auto writableDirectBindingIfPossible = [&]() -> RegisterID* {
+                    // The following pattern is possible. In that case, after setting |data| local variable, we need to store property name into the set.
+                    // So, old property name |data| result must be kept before setting it into |data|.
+                    //     ({ [data]: data, ...obj } = object);
+                    if (m_containsRestElement && m_containsComputedProperty && target.propertyExpression)
+                        return nullptr;
+                    // default value can include a reference to local variable. So filling value to a local variable can differ result.
+                    // We give up fast path if default value includes non constant.
+                    // For example,
+                    //     ({ data = data } = object);
+                    if (target.defaultValue && !target.defaultValue->isConstant())
+                        return nullptr;
+                    return target.pattern->writableDirectBindingIfPossible(generator);
+                };
+
+                auto finishDirectBindingAssignment = [&]() {
+                    ASSERT(writableDirectBindingIfPossible());
+                    target.pattern->finishDirectBindingAssignment(generator);
+                };
+
+                RefPtr<RegisterID> temp;
+                RegisterID* directBinding = writableDirectBindingIfPossible();
+                if (directBinding)
+                    temp = directBinding;
+                else
+                    temp = generator.newTemporary();
+
+                if (!target.propertyExpression) {
+                    Optional<uint32_t> optionalIndex = parseIndex(target.propertyName);
+                    if (!optionalIndex)
+                        generator.emitGetById(temp.get(), rhs, target.propertyName);
+                    else {
+                        RefPtr<RegisterID> propertyIndex = generator.emitLoad(nullptr, jsNumber(optionalIndex.value()));
+                        generator.emitGetByVal(temp.get(), rhs, propertyIndex.get());
+                    }
+                    if (m_containsRestElement)
+                        excludedSet.add(target.propertyName.impl());
+                } else {
+                    RefPtr<RegisterID> propertyName;
+                    if (m_containsRestElement) {
+                        propertyName = generator.emitNodeForProperty(args->argumentRegister(indexInArguments++), target.propertyExpression);
+                        // ToPropertyKey(Number | String) does not have side-effect.
+                        // And @copyDataProperties performs ToPropertyKey internally.
+                        // And for Number case, passing it to GetByVal is better for performance.
+                        if (!target.propertyExpression->isNumber() || !target.propertyExpression->isString())
+                            propertyName = generator.emitToPropertyKey(propertyName.get(), propertyName.get());
+                    } else
+                        propertyName = generator.emitNodeForProperty(target.propertyExpression);
+                    generator.emitGetByVal(temp.get(), rhs, propertyName.get());
+                }
+
+                if (target.defaultValue)
+                    assignDefaultValueIfUndefined(generator, temp.get(), target.defaultValue);
+                if (directBinding)
+                    finishDirectBindingAssignment();
+                else
+                    target.pattern->bindValue(generator, temp.get());
             } else {
-                propertyName = generator.emitNodeForProperty(target.propertyExpression);
-                generator.emitGetByVal(temp.get(), rhs, propertyName.get());
+                ASSERT(target.bindingType == BindingType::RestElement);
+                ASSERT(i == m_targetPatterns.size() - 1);
+
+                generator.emitNewObject(newObject.get());
+
+                // load and call @copyDataProperties
+                RefPtr<RegisterID> copyDataProperties = generator.moveLinkTimeConstant(nullptr, LinkTimeConstant::copyDataProperties);
+
+                // This must be non-tail-call because @copyDataProperties accesses caller-frame.
+                generator.move(args->thisRegister(), newObject.get());
+                generator.move(args->argumentRegister(0), rhs);
+                generator.emitLoad(args->argumentRegister(1), WTFMove(excludedSet));
+                generator.emitCall(generator.newTemporary(), copyDataProperties.get(), NoExpectedFunction, args.value(), divot(), divotStart(), divotEnd(), DebuggableCall::No);
+                target.pattern->bindValue(generator, newObject.get());
             }
-
-            if (m_containsRestElement) {
-                if (m_containsComputedProperty) {
-                    if (target.propertyExpression)
-                        propertyName = generator.emitToPropertyKey(generator.tempDestination(propertyName.get()), propertyName.get());
-                    else
-                        propertyName = generator.emitLoad(nullptr, target.propertyName);
-
-                    CallArguments args(generator, nullptr, 1);
-                    generator.move(args.thisRegister(), excludedList.get());
-                    generator.move(args.argumentRegister(0), propertyName.get());
-                    generator.emitCall(generator.newTemporary(), addMethod.get(), NoExpectedFunction, args, divot(), divotStart(), divotEnd(), DebuggableCall::No);
-                } else
-                    excludedSet.add(target.propertyName.impl());
-            }
-
-            if (target.defaultValue)
-                assignDefaultValueIfUndefined(generator, temp.get(), target.defaultValue);
-            if (directBinding)
-                finishDirectBindingAssignment();
-            else
-                target.pattern->bindValue(generator, temp.get());
-        } else {
-            ASSERT(target.bindingType == BindingType::RestElement);
-            ASSERT(i == m_targetPatterns.size() - 1);
-            RefPtr<RegisterID> newObject = generator.emitNewObject(generator.newTemporary());
-            
-            // load and call @copyDataProperties
-            RefPtr<RegisterID> copyDataProperties = generator.moveLinkTimeConstant(nullptr, LinkTimeConstant::copyDataProperties);
-            
-            CallArguments args(generator, nullptr, 3);
-            generator.emitLoad(args.thisRegister(), jsUndefined());
-            generator.move(args.argumentRegister(0), newObject.get());
-            generator.move(args.argumentRegister(1), rhs);
-            if (m_containsComputedProperty)
-                generator.move(args.argumentRegister(2), excludedList.get());
-            else {
-                RefPtr<RegisterID> excludedSetReg = generator.emitLoad(generator.newTemporary(), excludedSet);
-                generator.move(args.argumentRegister(2), excludedSetReg.get());
-            }
-
-            generator.emitCall(generator.newTemporary(), copyDataProperties.get(), NoExpectedFunction, args, divot(), divotStart(), divotEnd(), DebuggableCall::No);
-            target.pattern->bindValue(generator, newObject.get());
         }
     }
@@ -5826 +5823 @@
     RefPtr<RegisterID> copyDataProperties = generator.moveLinkTimeConstant(nullptr, LinkTimeConstant::copyDataProperties);
     
-    CallArguments args(generator, nullptr, 2);
-    generator.emitLoad(args.thisRegister(), jsUndefined());
-    generator.move(args.argumentRegister(0), dst);
-    generator.move(args.argumentRegister(1), src.get());
+    CallArguments args(generator, nullptr, 1);
+    generator.move(args.thisRegister(), dst);
+    generator.move(args.argumentRegister(0), src.get());
     
+    // This must be non-tail-call because @copyDataProperties accesses caller-frame.
     generator.emitCall(generator.newTemporary(), copyDataProperties.get(), NoExpectedFunction, args, divot(), divotStart(), divotEnd(), DebuggableCall::No);
     

trunk/Source/JavaScriptCore/runtime/CachedTypes.cpp

@@ -963 +963 @@
 };
 
-class CachedConstantIdentifierSetEntry : public VariableLengthObject<ConstantIdentifierSetEntry> {
-public:
-    void encode(Encoder& encoder, const ConstantIdentifierSetEntry& entry)
-    {
-        m_constant = entry.second;
-        m_set.encode(encoder, entry.first);
-    }
-
-    void decode(Decoder& decoder, ConstantIdentifierSetEntry& entry) const
-    {
-        entry.second = m_constant;
-        m_set.decode(decoder, entry.first);
-    }
-
-private:
-    unsigned m_constant;
-    CachedHashSet<CachedRefPtr<CachedUniquedStringImpl>, IdentifierRepHash> m_set;
-};
-
 class CachedCodeBlockRareData : public CachedObject<UnlinkedCodeBlock::RareData> {
 public:
@@ -1022 +1003 @@
     CachedVector<InstructionStream::Offset> m_opProfileControlFlowBytecodeOffsets;
     CachedVector<CachedBitVector> m_bitVectors;
-    CachedVector<CachedConstantIdentifierSetEntry> m_constantIdentifierSets;
+    CachedVector<CachedHashSet<CachedRefPtr<CachedUniquedStringImpl>, IdentifierRepHash>> m_constantIdentifierSets;
     unsigned m_needsClassFieldInitializer : 1;
     unsigned m_privateBrandRequirement : 1;

trunk/Source/JavaScriptCore/runtime/JSGlobalObjectFunctions.cpp

@@ -28 +28 @@
 #include "CallFrame.h"
 #include "IndirectEvalExecutable.h"
+#include "InlineCallFrame.h"
 #include "Interpreter.h"
 #include "IntlDateTimeFormat.h"
@@ -835 +836 @@
 };
 
+static CodeBlock* getCallerCodeBlock(CallFrame* callFrame)
+{
+    CallFrame* callerFrame = callFrame->callerFrame();
+    CodeOrigin codeOrigin = callerFrame->codeOrigin();
+    if (codeOrigin && codeOrigin.inlineCallFrame())
+        return baselineCodeBlockForInlineCallFrame(codeOrigin.inlineCallFrame());
+    return callerFrame->codeBlock();
+}
+
 // https://tc39.es/ecma262/#sec-copydataproperties
 JSC_DEFINE_HOST_FUNCTION(globalFuncCopyDataProperties, (JSGlobalObject* globalObject, CallFrame* callFrame))
@@ -841 +851 @@
     auto scope = DECLARE_THROW_SCOPE(vm);
 
-    JSFinalObject* target = jsCast<JSFinalObject*>(callFrame->uncheckedArgument(0));
+    JSFinalObject* target = jsCast<JSFinalObject*>(callFrame->thisValue());
     ASSERT(target->isStructureExtensible(vm));
 
-    JSValue sourceValue = callFrame->uncheckedArgument(1);
+    JSValue sourceValue = callFrame->uncheckedArgument(0);
     if (sourceValue.isUndefinedOrNull())
-        return JSValue::encode(jsUndefined());
+        return JSValue::encode(target);
 
     JSObject* source = sourceValue.toObject(globalObject);
     scope.assertNoException();
 
-    JSSet* excludedSet = nullptr;
-    if (callFrame->argumentCount() > 2)
-        excludedSet = jsCast<JSSet*>(callFrame->uncheckedArgument(2));
-
-    auto isPropertyNameExcluded = [&] (JSGlobalObject* globalObject, PropertyName propertyName) -> bool {
+    UnlinkedCodeBlock* unlinkedCodeBlock = nullptr;
+    const IdentifierSet* excludedSet = nullptr;
+    Optional<IdentifierSet> newlyCreatedSet;
+    if (callFrame->argumentCount() > 1) {
+        int32_t setIndex = callFrame->uncheckedArgument(1).asUInt32AsAnyInt();
+        CodeBlock* codeBlock = getCallerCodeBlock(callFrame);
+        ASSERT(codeBlock);
+        unlinkedCodeBlock = codeBlock->unlinkedCodeBlock();
+        excludedSet = &unlinkedCodeBlock->constantIdentifierSets()[setIndex];
+        if (callFrame->argumentCount() > 2) {
+            newlyCreatedSet.emplace(*excludedSet);
+            for (unsigned index = 2; index < callFrame->argumentCount(); ++index) {
+                // This isn't observable since ObjectPatternNode::bindValue() also performs ToPropertyKey.
+                auto propertyName = callFrame->uncheckedArgument(index).toPropertyKey(globalObject);
+                RETURN_IF_EXCEPTION(scope, { });
+                newlyCreatedSet->add(propertyName.impl());
+            }
+            excludedSet = &newlyCreatedSet.value();
+        }
+    }
+
+    auto isPropertyNameExcluded = [&] (PropertyName propertyName) -> bool {
         ASSERT(!propertyName.isPrivateName());
         if (!excludedSet)
             return false;
-
-        JSValue propertyNameValue = identifierToJSValue(vm, Identifier::fromUid(vm, propertyName.uid()));
-        RETURN_IF_EXCEPTION(scope, false);
-        return excludedSet->has(globalObject, propertyNameValue);
+        return excludedSet->contains(propertyName.uid());
     };
 
@@ -889 +913 @@
                 return true;
 
+            if (isPropertyNameExcluded(propertyName))
+                return true;
+
             properties.append(entry.key);
             values.appendWithCrashOnOverflow(source->getDirect(entry.offset));
@@ -899 +926 @@
             // FIXME: We could put properties in a batching manner to accelerate CopyDataProperties more.
             // https://bugs.webkit.org/show_bug.cgi?id=185358
-            bool excluded = isPropertyNameExcluded(globalObject, properties[i].get());
-            RETURN_IF_EXCEPTION(scope, { });
-            if (excluded)
-                continue;
             target->putDirect(vm, properties[i].get(), values.at(i));
         }
@@ -911 +934 @@
 
         for (const auto& propertyName : propertyNames) {
-            bool excluded = isPropertyNameExcluded(globalObject, propertyName);
-            RETURN_IF_EXCEPTION(scope, { });
-            if (excluded)
+            if (isPropertyNameExcluded(propertyName))
                 continue;
 
@@ -936 +957 @@
     }
 
-    return JSValue::encode(jsUndefined());
+    ensureStillAliveHere(unlinkedCodeBlock);
+    return JSValue::encode(target);
 }