• bmeurer's avatar
    [builtins] Properly optimize Object.prototype.isPrototypeOf. · b11c557d
    bmeurer authored
    Port the baseline implementation of Object.prototype.isPrototypeOf to
    the CodeStubAssembler, sharing the existing prototype chain lookup logic
    with the instanceof / OrdinaryHasInstance implementation. Based on that,
    do the same in TurboFan, introducing a new JSHasInPrototypeChain
    operator, which encapsulates the central prototype chain walk logic.
    
    This speeds up Object.prototype.isPrototypeOf by more than a factor of
    four, so that the code
    
      A.prototype.isPrototypeOf(a)
    
    is now performance-wise on par with
    
      a instanceof A
    
    for the case where A is a regular constructor function and a is an
    instance of A.
    
    Since instanceof does more than just the fundamental prototype chain
    lookup, it was discovered in Node core that O.p.isPrototypeOf would
    be a more appropriate alternative for certain sanity checks, since
    it's less vulnerable to monkey-patching. In addition, the Object
    builtin would also avoid the performance-cliff associated with
    instanceof (due to the Symbol.hasInstance hook), as for example hit
    by https://github.com/nodejs/node/pull/13403#issuecomment-305915874.
    The main blocker was the missing performance of isPrototypeOf, since
    it was still a JS builtin backed by a runtime call.
    
    This CL also adds more test coverage for the
    Object.prototype.isPrototypeOf builtin, especially when called from
    optimized code.
    
    CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_chromium_rel_ng
    BUG=v8:5269,v8:5989,v8:6483
    R=jgruber@chromium.org
    
    Review-Url: https://codereview.chromium.org/2934893002
    Cr-Commit-Position: refs/heads/master@{#45925}
    b11c557d
code-stub-assembler.cc 339 KB