• Benedikt Meurer's avatar
    [es2015] Refactor the JSArrayIterator. · 06ee127b
    Benedikt Meurer authored
    This changes the JSArrayIterator to always have only a single instance
    type, instead of the zoo of instance types that we had before, and
    which became less useful with the specification update to when "next"
    is loaded from the iterator now. This greatly simplifies the baseline
    implementation of the array iterator, which now only looks at the
    iterated object during %ArrayIteratorPrototype%.next invocations.
    
    In TurboFan we introduce a new JSCreateArrayIterator operator, that
    holds the IterationKind and get's the iterated object as input. When
    optimizing %ArrayIteratorPrototype%.next in the JSCallReducer, we
    check whether the receiver is a JSCreateArrayIterator, and if so,
    we try to infer maps for the iterated object from there. If we find
    any, we speculatively assume that these won't have changed during
    iteration (as we did before with the previous approach), and generate
    fast code for both JSArray and JSTypedArray iteration.
    
    Drive-by-fix: Drop the fast_array_iteration protector, it's not
    necessary anymore since we have the deoptimization guard bit in
    the JSCallReducer now.
    
    This addresses the performance cliff noticed in webpack 4. The minimal
    repro on the tracking bug goes from
    
      console.timeEnd: mono, 124.773000
      console.timeEnd: poly, 670.353000
    
    to
    
      console.timeEnd: mono, 118.709000
      console.timeEnd: poly, 141.393000
    
    so that's a 4.7x improvement.
    
    Also make presubmit happy by adding the missing #undef's.
    
    Bug: v8:7510, v7:7514
    Change-Id: I79a46bfa2cd0f0710e09365ef72519b1bbb667b5
    Reviewed-on: https://chromium-review.googlesource.com/946098Reviewed-by: 's avatarSigurd Schneider <sigurds@chromium.org>
    Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#51725}
    06ee127b
contexts.h 34.5 KB