Closed Bug 1665227 Opened 4 years ago Closed 3 years ago

Warp: Support non-object prototypes in scripted constructors

Categories

(Core :: JavaScript Engine: JIT, task, P2)

Product:
Core
Component:
JavaScript Engine: JIT
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
95 Branch
Tracking Flags:
Tracking Status
firefox95 --- fixed

People

(Reporter: iain, Assigned: anba)

References

(Blocks 1 open bug)

Details

Attachments

(2 files)

Bug 1665227 - Part 1: Inline constructors with non-object prototypes. r=iain!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1665227 - Part 2: Use the same allocation kind irrespective of the prototype type. r=iain!
48 bytes, text/x-phabricator-request
Details | Review

In bug 1664357, to make it possible to inline constructors, we ensured that scripted constructor stubs can only attached when we have a template object (or are calling a constructor that expects to be passed JS_UNINITIALIZED_LEXICAL for this).

anba points out real-world cases where a null prototype is useful. We should optimize those too.

The cleanest way to do this is probably to wait until Ion is gone and we are no longer using MetaTwoByte for native template objects. At that point, we can replace the use of MetaTwoByte for scripted constructors with a field in CallScriptedFunction / CallInlinedFunction, and replace the isConstructing/needsUninitializedThis flags in CallFlags with a ConstructorKind enum class (with values None, TemplateObject, UninitializedThis, and VMCall).

Severity: -- → N/A

This follows the existing inlining support for constructors with an object
prototype, but instead of guarding that the prototype slot is a specific
object, the new operation guards that the prototype slot isn't an object.

Assignee: nobody → andrebargull
Status: NEW → ASSIGNED

This change ensures there's no surprising performance difference between:

function Klass() {
  this.prop = 0;
}

new Klass();

and:

function Klass() {
  this.prop = 0;
}
Klass.prototype = null;

new Klass();

In the first case, the created this object has AllocKind::OBJECT4, so
adding "prop" is writing to a fixed slot. Without this change, the second case
created an object with AllocKind::OBJECT0, which meant that adding "prop"
allocated a new dynamic slot.

Depends on D128378

Pushed by andre.bargull@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/37a13e4f61a2
Part 1: Inline constructors with non-object prototypes. r=iain
https://hg.mozilla.org/integration/autoland/rev/3adef16ca742
Part 2: Use the same allocation kind irrespective of the prototype type. r=iain

https://hg.mozilla.org/mozilla-central/rev/37a13e4f61a2
https://hg.mozilla.org/mozilla-central/rev/3adef16ca742

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox95: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: