by Saam Barati, Michael Saboff, Tadeu Zagallo, Yusuke Suzuki, Robin Morisset == Now: - New Bytecode - reduced bytecode size by 65% - 12-13% less memory usage on a page like Facebook - can be cached (not being done in Safari yet) - JetStream 2 - join JS benchmarks together into a single suite (JetStream 1, ARES-6, RexBench, ...) - 64 subtests emphasizing startup perf, peak throughput perf, worst-case perf - RAMification - memory benchmark for JS - leverages JetStream 2 tests, measures peak & current usage - ExecState -> GlobalObject refactor - less error prone; most cases that were passing call frames didn't really need to be - prereq for IsoSubspace work - WASM Interpreter - improves startup time (3x), neutral on throughput - perf is now similar to V8 / SM - Fuzz Zero - improve security & stability by fuzzing - fix all bugs and allow no regressions == 2020+: - BigInt - ship - JIT improvements - new benchmark - Turbo DFG: - vs. llint: baseline 2x, DFG 11x, FTL 17x - DFG does not impact page load tests - version of DFG that's less optimized but quicker to compile may help - Fast for-of: - as fast as old-school for! - involves inline caching for next iteration - IsoHeap Everything - allocate like types together, prevent type confusion attacks - do this for all JSObjects - avoid memory/perf regression - Software Verified JIT - constrain where calls/jumps go - create a whitelist for far calls - known near calls (e.g. for slow paths) can be whitelisted too - pointer authentication