Skip to content

V
V8
Switch branch/tag
Find file
BlameHistoryPermalink
  • Benedikt Meurer's avatar
    [turbofan] Generalize and optimize API calls a bit. · cd1063ca
    Benedikt Meurer authored 
    When calling API functions (i.e. Blink C++ DOM methods and accessors)
directly from TurboFan we currently only optimize that to a fast call
via the CallApiCallback builtin when TurboFan is able to find reliable
map information about the receiver in the graph. This is usually only
the case when the call is preceeded by a monomorphic or polymorphic
property access on the receiver, i.e. something like

```js
element.hasAttribute("bar");
```

will work, since the call to the `hasAttribute` method is immediately
preceeded by a `CheckMaps(element)` in the monomorphic/polymorphic case.
However this no longer works when the responsible LOAD_IC was
megamorphic or the method is called via `Function#call()` for example:

```js
const hasAttribute = Element.prototype.hasAttribute;
// ...
hasAttribute.call(element, "bar");
```

This change allows for more optimizations in two cases:

1. When the method accepts any receiver (i.e. no signature type and no
   access checks needed), and
2. when we find information about the receiver in the graph, but that
   information is not reliable.

For the first case, when the API method accepts any receiver and doesn't
limit it to specific types of receivers (aka no compatible receiver
check is required), we just insert a ConvertReceiver receiver and pass
the result as both the receiver and the holder to the API callback.

For the second case, we lift the current restriction of only supporting
reliable, stable receiver map information, because we only need to know
two things:

a. The Map::constructor field on the root map satisfies the compatible
   receiver check.
b. If the receiver is a JSObject, then the "access check needed" bit
   is not set (or the API method accepts any receiver).

Both of these cannot change with map transitions. So if at some point in
the past we knew that this held for a given receiver (by looking into
the TurboFan graph), we definitely know that it's still going to hold at
any later point.

Bug: v8:8820
Change-Id: I2316e8a4e2b3b7560e5c5d2b7d1569ebe1d3a1c8
Cq-Include-Trybots: luci.chromium.try:linux-blink-rel
Reviewed-on: https://chromium-review.googlesource.com/c/1466562
Commit-Queue: Benedikt Meurer <bmeurer@chromium.org>
Reviewed-by: 's avatarGeorg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59526}
    cd1063ca
js-call-reducer.cc 302 KB