Stowage/ladybird
2
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2026-04-18 18:00:31 +00:00
Code Issues Projects Releases Packages Wiki Activity
ladybird/Libraries/LibJS/Bytecode/Executable.h

249 lines
8.4 KiB
C
Raw Normal View History

LibJS: Add Bytecode::Executable::dump() Let's have a helper for producing a consistent executable dump instead of repeating the logic in multiple places.
2021-10-24 13:30:49 +02:00
/*
LibJS: Flatten Operand to 32-bit index in bytecode instruction stream While we're in the bytecode compiler, we want to know which type of Operand we're dealing with, but once we've generated the bytecode stream, we only ever need its index. This patch simplifies Operand by removing the aarch64 bitfield hacks and makes it 32-bit on all platforms. We keep 3 type bits in the high bits of the index while compiling, and then zero them out when flattening the final bytecode stream. This makes bytecode more compact on x86_64, and avoids bit twiddling on aarch64. Everyone wins something! When stringifying bytecode for debugging output, we now have an API in Executable that can look at a raw operand index and tell you what type of operand it was, based on known quantities of each type in the stack frame.
2025-11-22 12:27:51 +01:00
* Copyright (c) 2021-2025, Andreas Kling <andreas@ladybird.org>
LibJS: Add Bytecode::Executable::dump() Let's have a helper for producing a consistent executable dump instead of repeating the logic in multiple places.
2021-10-24 13:30:49 +02:00
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#pragma once
Everywhere: Remove NonnullOwnPtr.h includes
2023-03-06 17:39:59 +01:00
#include <AK/NonnullOwnPtr.h>
LibJS/JIT: Don't keep trying to JIT unsupported bytecode executables We now only try jitting each Bytecode::Executable once, and then cache the resulting NativeExecutable.
2023-10-20 12:21:30 +02:00
#include <AK/OwnPtr.h>
LibJS: Add dump_to_string() for AST nodes and bytecode executables Add the ability to dump AST and bytecode to a String instead of only to stdout/stderr. This is done by adding an optional StringBuilder output sink to ASTDumpState, and a new dump_to_string() method on both ASTNode and Bytecode::Executable. These will be used for comparing output between compilation pipelines.
2026-02-22 14:18:30 +01:00
#include <AK/String.h>
LibJS+LibWeb+WebContent: Port JS::PropertyKey to UTF-16 This has quite a lot of fall out. But the majority of it is just type or UDL substitution, where the changes just fall through to other function calls. By changing property key storage to UTF-16, the main affected areas are: * NativeFunction names must now be UTF-16 * Bytecode identifiers must now be UTF-16 * Module/binding names must now be UTF-16
2025-08-02 19:27:29 -04:00
#include <AK/Utf16FlyString.h>
LibGC+Everywhere: Factor out a LibGC from LibJS Resulting in a massive rename across almost everywhere! Alongside the namespace change, we now have the following names: * JS::NonnullGCPtr -> GC::Ref * JS::GCPtr -> GC::Ptr * JS::HeapFunction -> GC::Function * JS::CellImpl -> GC::Cell * JS::Handle -> GC::Root
2024-11-15 04:01:23 +13:00
#include <LibGC/CellAllocator.h>
LibJS: Replace GC::Weak with GC::RawPtr in inline cache entries Property lookup cache entries previously used GC::Weak<T> for shape, prototype, and prototype_chain_validity pointers. Each GC::Weak requires a ref-counted WeakImpl allocation and an extra indirection on every access. Replace these with GC::RawPtr<T> and make Executable a WeakContainer so the GC can clear stale pointers during sweep via remove_dead_cells. For static PropertyLookupCache instances (used throughout the runtime for well-known property lookups), introduce StaticPropertyLookupCache which registers itself in a global list that also gets swept. Now that inline cache entries use GC::RawPtr instead of GC::Weak, we can compare shape/prototype pointers directly without going through the WeakImpl indirection. This removes one dependent load from each IC check in GetById, PutById, GetLength, GetGlobal, and SetGlobal handlers.
2026-03-07 22:18:15 +01:00
#include <LibGC/Ptr.h>
#include <LibGC/WeakContainer.h>
LibJS: Add ClassBlueprint data structures Introduce ClassBlueprint and ClassElementDescriptor structs that will replace the AST-backed class construction path. ClassBlueprint stores pre-compiled function data indices and element metadata, following the same pattern as SharedFunctionInstanceData for NewFunction. Add Vector<ClassBlueprint> to Executable for storage. No behavioral change.
2026-02-11 00:15:19 +01:00
#include <LibJS/Bytecode/ClassBlueprint.h>
LibJS: Add a separate "identifier table" to bytecode executables This is a specialized string table for storing identifiers only. Identifiers are always FlyStrings, which makes many common operations faster by allowing O(1) comparison.
2021-10-24 15:34:30 +02:00
#include <LibJS/Bytecode/IdentifierTable.h>
LibJS: Create static unwind mappings for `BasicBlock`s This is currently only used in the bytecode dump to annotate to where unwinds lead per block, but will be hooked up to the virtual machine in the next commit.
2023-10-19 23:18:54 +02:00
#include <LibJS/Bytecode/Label.h>
LibJS: Flatten Operand to 32-bit index in bytecode instruction stream While we're in the bytecode compiler, we want to know which type of Operand we're dealing with, but once we've generated the bytecode stream, we only ever need its index. This patch simplifies Operand by removing the aarch64 bitfield hacks and makes it 32-bit on all platforms. We keep 3 type bits in the high bits of the index while compiling, and then zero them out when flattening the final bytecode stream. This makes bytecode more compact on x86_64, and avoids bit twiddling on aarch64. Everyone wins something! When stringifying bytecode for debugging output, we now have an API in Executable that can look at a raw operand index and tell you what type of operand it was, based on known quantities of each type in the stack frame.
2025-11-22 12:27:51 +01:00
#include <LibJS/Bytecode/Operand.h>
LibJS: Cache fully-formed PropertyKeys in Executable Instead of creating PropertyKeys on the fly during interpreter execution, we now store fully-formed ones in the Executable. This avoids a whole bunch of busywork in property access instructions and substantially reduces code size bloat.
2025-12-11 07:57:09 -06:00
#include <LibJS/Bytecode/PropertyKeyTable.h>
LibJS: Add Bytecode::Executable::dump() Let's have a helper for producing a consistent executable dump instead of repeating the logic in multiple places.
2021-10-24 13:30:49 +02:00
#include <LibJS/Bytecode/StringTable.h>
LibJS: Enable EXPLICIT_SYMBOL_EXPORT and annotate minimum symbol set
2025-07-19 13:49:30 -07:00
#include <LibJS/Export.h>
LibJS: Forward-declare RegexTable and BasicBlock in Executable.h Previously every file that included Executable.h (which is pretty much most LibJS and LibHTML files, given that VM.h needs it) had the whole definition of LibRegex, which was slowing down source parsing.
2023-10-08 12:25:58 +02:00
#include <LibJS/Forward.h>
LibJS: Make Bytecode::Executable GC-allocated This is a step towards making ExecutionContext easier to allocate.
2023-11-27 13:23:59 +01:00
#include <LibJS/Heap/Cell.h>
LibJS: Preserve information about local variables declaration kind This is required for upcoming change where we want to emit ThrowIfTDZ for assignment expressions only for lexical declarations.
2025-05-05 21:53:19 +03:00
#include <LibJS/LocalVariable.h>
LibJS/Bytecode: Move environment coordinate caches to Executable Moving them out of the respective instructions allows the bytecode stream to be immutable.
2023-10-26 10:39:40 +02:00
#include <LibJS/Runtime/EnvironmentCoordinate.h>
LibJS/Bytecode: Flatten bytecode to a contiguous representation Instead of keeping bytecode as a set of disjoint basic blocks on the malloc heap, bytecode is now a contiguous sequence of bytes(!) The transformation happens at the end of Bytecode::Generator::generate() and the only really hairy part is rerouting jump labels. This required solving a few problems: - The interpreter execution loop had to change quite a bit, since we were storing BasicBlock pointers all over the place, and control transfer was done by redirecting the interpreter's current block. - Exception handlers & finalizers are now stored per-bytecode-range in a side table in Executable. - The interpreter now has a plain program counter instead of a stream iterator. This actually makes error stack generation a bit nicer since we just have to deal with a number instead of reaching into the iterator. This yields a 25% performance improvement on this microbenchmark: for (let i = 0; i < 1_000_000; ++i) { } But basically everything gets faster. :^)
2024-05-06 06:44:08 +02:00
#include <LibJS/SourceRange.h>
LibJS: Add Bytecode::Executable::dump() Let's have a helper for producing a consistent executable dump instead of repeating the logic in multiple places.
2021-10-24 13:30:49 +02:00
namespace JS::Bytecode {
LibJS: Make GetById cache polymorphic Instead of monomorphic (1 shape), GetById inline caches are now polymorphic (4 shapes). This improves inline cache hit rates greatly on most web JavaScript. For example, Speedometer 2.1 sees 88% -> 97% cache hit rate improvement. 1.71x speedup on MicroBench/pic-get-own.js 1.82x speedup on MicroBench/pic-get-pchain.js
2025-05-06 13:16:44 +02:00
// Represents one polymorphic inline cache used for property lookups.
LibJS/Bytecode: Cache object own property accesses The instructions GetById and GetByIdWithThis now remember the last-seen Shape, and if we see the same object again, we reuse the property offset from last time without doing a new lookup. This allows us to use Object::get_direct(), bypassing the entire lookup machinery and saving lots of time. ~23% speed-up on Kraken/ai-astar.js :^)
2023-07-08 17:43:26 +02:00
struct PropertyLookupCache {
LibJS: Make GetById cache polymorphic Instead of monomorphic (1 shape), GetById inline caches are now polymorphic (4 shapes). This improves inline cache hit rates greatly on most web JavaScript. For example, Speedometer 2.1 sees 88% -> 97% cache hit rate improvement. 1.71x speedup on MicroBench/pic-get-own.js 1.82x speedup on MicroBench/pic-get-pchain.js
2025-05-06 13:16:44 +02:00
static constexpr size_t max_number_of_shapes_to_remember = 4;
struct Entry {
LibJS: Add inline caching for adding new own properties to objects We already had IC support in PutById for the following cases: - Changing an existing own property - Calling a setter located in the prototype chain This was enough to speed up code where structurally identical objects (same shape) are processed in a loop: ```js const arr = [{ a: 1 }, { a: 2 }, { a: 3 }]; for (let obj of arr) { obj.a += 1; } ``` However, creating structurally identical objects in a loop was still slow: ```js for (let i = 0; i < 10_000_000; i++) { const o = {}; o.a = 1; o.b = 2; o.c = 3; } ``` This change addresses that by adding a new IC type that caches both the source and target shapes, allowing property additions to be fast-pathed by directly jumping to the shape that already includes the new property.
2025-09-15 17:23:39 +02:00
enum class Type {
Empty,
AddOwnProperty,
ChangeOwnProperty,
GetOwnProperty,
ChangePropertyInPrototypeChain,
GetPropertyInPrototypeChain,
};
LibJS: Shrink PropertyLookupCache::Entry size by tweaking layout Reorder members and use u32 instead of Optional<u32> for things that didn't actually need the "empty" state other than for assertions. Reduces memory usage on my x.com home feed by 9.9 MiB.
2025-12-20 16:16:16 -06:00
u32 property_offset { 0 };
u32 shape_dictionary_generation { 0 };
LibJS: Replace GC::Weak with GC::RawPtr in inline cache entries Property lookup cache entries previously used GC::Weak<T> for shape, prototype, and prototype_chain_validity pointers. Each GC::Weak requires a ref-counted WeakImpl allocation and an extra indirection on every access. Replace these with GC::RawPtr<T> and make Executable a WeakContainer so the GC can clear stale pointers during sweep via remove_dead_cells. For static PropertyLookupCache instances (used throughout the runtime for well-known property lookups), introduce StaticPropertyLookupCache which registers itself in a global list that also gets swept. Now that inline cache entries use GC::RawPtr instead of GC::Weak, we can compare shape/prototype pointers directly without going through the WeakImpl indirection. This removes one dependent load from each IC check in GetById, PutById, GetLength, GetGlobal, and SetGlobal handlers.
2026-03-07 22:18:15 +01:00
GC::RawPtr<Shape> from_shape;
GC::RawPtr<Shape> shape;
GC::RawPtr<Object> prototype;
GC::RawPtr<PrototypeChainValidity> prototype_chain_validity;
LibJS: Make GetById cache polymorphic Instead of monomorphic (1 shape), GetById inline caches are now polymorphic (4 shapes). This improves inline cache hit rates greatly on most web JavaScript. For example, Speedometer 2.1 sees 88% -> 97% cache hit rate improvement. 1.71x speedup on MicroBench/pic-get-own.js 1.82x speedup on MicroBench/pic-get-pchain.js
2025-05-06 13:16:44 +02:00
};
LibJS: Shrink PropertyLookupCache by putting types in its own array We have so many inline caches that this kind of thing becomes profitable on complex pages. Also the memory access pattern is slightly nicer for polymorphic caches. Reduces memory usage on my x.com home feed by 4.9 MiB.
2025-12-20 17:12:08 -06:00
void update(Entry::Type type, auto callback)
{
// First, move all entries one step back.
for (size_t i = entries.size() - 1; i >= 1; --i) {
LibJS: Shift PropertyLookupCache::types when finding a new slot This regressed in c258282094b5fa588e2fded0e7169a0e601e2583 and broke the polymorphic lookup cache, which was caught by the pic-* tests in our MicroBench suite.
2025-12-21 13:00:35 -06:00
types[i] = types[i - 1];
LibJS: Shrink PropertyLookupCache by putting types in its own array We have so many inline caches that this kind of thing becomes profitable on complex pages. Also the memory access pattern is slightly nicer for polymorphic caches. Reduces memory usage on my x.com home feed by 4.9 MiB.
2025-12-20 17:12:08 -06:00
entries[i] = entries[i - 1];
}
types[0] = type;
entries[0] = {};
callback(entries[0]);
}
AK::Array<Entry::Type, max_number_of_shapes_to_remember> types;
LibJS: Make GetById cache polymorphic Instead of monomorphic (1 shape), GetById inline caches are now polymorphic (4 shapes). This improves inline cache hit rates greatly on most web JavaScript. For example, Speedometer 2.1 sees 88% -> 97% cache hit rate improvement. 1.71x speedup on MicroBench/pic-get-own.js 1.82x speedup on MicroBench/pic-get-pchain.js
2025-05-06 13:16:44 +02:00
AK::Array<Entry, max_number_of_shapes_to_remember> entries;
LibJS/Bytecode: Cache object own property accesses The instructions GetById and GetByIdWithThis now remember the last-seen Shape, and if we see the same object again, we reuse the property offset from last time without doing a new lookup. This allows us to use Object::get_direct(), bypassing the entire lookup machinery and saving lots of time. ~23% speed-up on Kraken/ai-astar.js :^)
2023-07-08 17:43:26 +02:00
};
LibJS: Replace GC::Weak with GC::RawPtr in inline cache entries Property lookup cache entries previously used GC::Weak<T> for shape, prototype, and prototype_chain_validity pointers. Each GC::Weak requires a ref-counted WeakImpl allocation and an extra indirection on every access. Replace these with GC::RawPtr<T> and make Executable a WeakContainer so the GC can clear stale pointers during sweep via remove_dead_cells. For static PropertyLookupCache instances (used throughout the runtime for well-known property lookups), introduce StaticPropertyLookupCache which registers itself in a global list that also gets swept. Now that inline cache entries use GC::RawPtr instead of GC::Weak, we can compare shape/prototype pointers directly without going through the WeakImpl indirection. This removes one dependent load from each IC check in GetById, PutById, GetLength, GetGlobal, and SetGlobal handlers.
2026-03-07 22:18:15 +01:00
// A PropertyLookupCache for use as a static local variable.
// Registers itself for GC sweep since it's not owned by any Executable.
struct StaticPropertyLookupCache : public PropertyLookupCache {
StaticPropertyLookupCache();
static void sweep_all();
};
LibJS: Add optimized GetGlobal instruction to access global variables Using a special instruction to access global variables allows skipping the environment chain traversal for them and going directly to the module/global environment. Currently, this instruction only caches the offset for bindings that belong to the global object environment. However, there is also an opportunity to cache the offset in the global declarative record. This change results in a 57% increase in speed for imaging-gaussian-blur.js in Kraken.
2023-07-12 04:06:59 +02:00
struct GlobalVariableCache : public PropertyLookupCache {
u64 environment_serial_number { 0 };
LibJS: Let GetGlobal cache module environment lookups when possible
2025-03-16 18:39:57 -05:00
u32 environment_binding_index { 0 };
bool has_environment_binding_index { false };
bool in_module_environment { false };
LibJS: Add optimized GetGlobal instruction to access global variables Using a special instruction to access global variables allows skipping the environment chain traversal for them and going directly to the module/global environment. Currently, this instruction only caches the offset for bindings that belong to the global object environment. However, there is also an opportunity to cache the offset in the global declarative record. This change results in a 57% increase in speed for imaging-gaussian-blur.js in Kraken.
2023-07-12 04:06:59 +02:00
};
LibJS: Follow the spec more closely for tagged template literals This resolves a FIXME in its code generation, particularly for: - Caching the template object - Setting the correct property attributes - Freezing the resulting objects This allows archive.org to load, which uses the Lit library. The Lit library caches these template objects to determine if a template has changed, allowing it to determine to do a full template rerender or only partially update the rendering. Before, we would always cause a full rerender on update because we didn't return the same template object. This caused issues with archive.org's code, I believe particularly with its router library, where we would constantly detach and reattach nodes unexpectedly, ending up with the page content not being attached to the router's custom element.
2026-01-06 19:49:38 +00:00
// https://tc39.es/ecma262/#sec-gettemplateobject
// Template objects are cached at the call site.
struct TemplateObjectCache {
GC::Ptr<Array> cached_template_object;
};
LibJS: Add shape caching for object literal instantiation When a function creates object literals with simple property names, we now cache the resulting shape after the first instantiation. On subsequent calls, we create the object with the cached shape directly and write property values at their known offsets. This avoids repeated shape transitions and property offset lookups for a common JavaScript pattern. The optimization uses two new bytecode instructions: - CacheObjectShape: Captures the final shape after object construction - InitObjectLiteralProperty: Writes properties using cached offsets Only "simple" object literals are optimized (string literal keys with simple value expressions). Complex cases like computed properties, getters/setters, and spread elements use the existing slow path. 3.4x speedup on a microbenchmark that repeatedly instantiates an object literal with 26 properties. Small progressions on various benchmarks.
2026-01-09 18:55:00 +01:00
// Cache for object literal shapes.
// When an object literal like {a: 1, b: 2} is instantiated, we cache the final shape
// so that subsequent instantiations can allocate the object with the correct shape directly,
// avoiding repeated shape transitions.
// We also cache the property offsets so that subsequent property writes can bypass
// shape lookups and write directly to the correct storage slot.
struct ObjectShapeCache {
LibJS: Replace GC::Weak with GC::RawPtr in inline cache entries Property lookup cache entries previously used GC::Weak<T> for shape, prototype, and prototype_chain_validity pointers. Each GC::Weak requires a ref-counted WeakImpl allocation and an extra indirection on every access. Replace these with GC::RawPtr<T> and make Executable a WeakContainer so the GC can clear stale pointers during sweep via remove_dead_cells. For static PropertyLookupCache instances (used throughout the runtime for well-known property lookups), introduce StaticPropertyLookupCache which registers itself in a global list that also gets swept. Now that inline cache entries use GC::RawPtr instead of GC::Weak, we can compare shape/prototype pointers directly without going through the WeakImpl indirection. This removes one dependent load from each IC check in GetById, PutById, GetLength, GetGlobal, and SetGlobal handlers.
2026-03-07 22:18:15 +01:00
GC::RawPtr<Shape> shape;
LibJS: Add shape caching for object literal instantiation When a function creates object literals with simple property names, we now cache the resulting shape after the first instantiation. On subsequent calls, we create the object with the cached shape directly and write property values at their known offsets. This avoids repeated shape transitions and property offset lookups for a common JavaScript pattern. The optimization uses two new bytecode instructions: - CacheObjectShape: Captures the final shape after object construction - InitObjectLiteralProperty: Writes properties using cached offsets Only "simple" object literals are optimized (string literal keys with simple value expressions). Complex cases like computed properties, getters/setters, and spread elements use the existing slow path. 3.4x speedup on a microbenchmark that repeatedly instantiates an object literal with 26 properties. Small progressions on various benchmarks.
2026-01-09 18:55:00 +01:00
Vector<u32> property_offsets;
};
LibJS: Cache stable for-in iteration at bytecode sites Cache the flattened enumerable key snapshot for each `for..in` site and reuse a `PropertyNameIterator` when the receiver shape, dictionary generation, indexed storage kind and length, prototype chain validity, and magical-length state still match. Handle packed indexed receivers as well as plain named-property objects. Teach `ObjectPropertyIteratorNext` in `asmint.asm` to return cached property values directly and to fall back to the slow iterator logic when any guard fails. Treat arrays' hidden non-enumerable `length` property as a visited name for for-in shadowing, and include the receiver's magical-length state in the cache key so arrays and plain objects do not share snapshots. Add `test-js` and `test-js-bytecode` coverage for mixed numeric and named keys, packed receiver transitions, re-entry, iterator reuse, GC retention, array length shadowing, and same-site cache reuse.
2026-04-10 00:56:49 +02:00
enum class ObjectPropertyIteratorFastPath : u8 {
None,
PlainNamed,
PackedIndexed,
};
class JS_API ObjectPropertyIteratorCacheData final : public Cell {
GC_CELL(ObjectPropertyIteratorCacheData, Cell);
GC_DECLARE_ALLOCATOR(ObjectPropertyIteratorCacheData);
public:
ObjectPropertyIteratorCacheData(VM&, Vector<PropertyKey>, ObjectPropertyIteratorFastPath, u32 indexed_property_count, bool receiver_has_magical_length_property, GC::Ref<Shape>, GC::Ptr<PrototypeChainValidity> = nullptr);
virtual ~ObjectPropertyIteratorCacheData() override = default;
[[nodiscard]] ReadonlySpan<PropertyKey> properties() const { return m_properties.span(); }
[[nodiscard]] ReadonlySpan<Value> property_values() const { return m_property_values.span(); }
[[nodiscard]] ObjectPropertyIteratorFastPath fast_path() const { return m_fast_path; }
[[nodiscard]] u32 indexed_property_count() const { return m_indexed_property_count; }
[[nodiscard]] bool receiver_has_magical_length_property() const { return m_receiver_has_magical_length_property; }
[[nodiscard]] GC::Ptr<Shape> shape() const { return m_shape; }
[[nodiscard]] GC::Ptr<PrototypeChainValidity> prototype_chain_validity() const { return m_prototype_chain_validity; }
[[nodiscard]] u32 shape_dictionary_generation() const { return m_shape_dictionary_generation; }
private:
virtual void visit_edges(Visitor&) override;
Vector<PropertyKey> m_properties;
Vector<Value> m_property_values;
GC::Ptr<Shape> m_shape;
GC::Ptr<PrototypeChainValidity> m_prototype_chain_validity;
u32 m_indexed_property_count { 0 };
u32 m_shape_dictionary_generation { 0 };
bool m_receiver_has_magical_length_property { false };
ObjectPropertyIteratorFastPath m_fast_path { ObjectPropertyIteratorFastPath::None };
};
struct ObjectPropertyIteratorCache {
GC::Ptr<ObjectPropertyIteratorCacheData> data;
GC::Ptr<Object> reusable_property_name_iterator;
};
LibJS: Add file & line number to bytecode VM stack traces :^) This works by adding source start/end offset to every bytecode instruction. In the future we can make this more efficient by keeping a map of bytecode ranges to source ranges in the Executable instead, but let's just get traces working first. Co-Authored-By: Andrew Kaster <akaster@serenityos.org>
2023-09-01 16:53:55 +02:00
struct SourceRecord {
u32 source_start_offset {};
u32 source_end_offset {};
};
LibJS: Replace source map HashMap with sorted Vector Bytecode source map entries are always added in order of increasing bytecode offset, and lookups only happen during error handling (a cold path). This makes a sorted vector with binary search a better fit than a hash map. This change reduces memory overhead and speeds up bytecode generation by avoiding hash table operations during compilation. Lookups remain fast via binary search, and since source_range_at() is only called when generating stack traces, the O(log n) lookup is acceptable.
2026-01-26 17:51:53 +01:00
struct SourceMapEntry {
u32 bytecode_offset {};
SourceRecord source_record {};
};
LibJS: Replace GC::Weak with GC::RawPtr in inline cache entries Property lookup cache entries previously used GC::Weak<T> for shape, prototype, and prototype_chain_validity pointers. Each GC::Weak requires a ref-counted WeakImpl allocation and an extra indirection on every access. Replace these with GC::RawPtr<T> and make Executable a WeakContainer so the GC can clear stale pointers during sweep via remove_dead_cells. For static PropertyLookupCache instances (used throughout the runtime for well-known property lookups), introduce StaticPropertyLookupCache which registers itself in a global list that also gets swept. Now that inline cache entries use GC::RawPtr instead of GC::Weak, we can compare shape/prototype pointers directly without going through the WeakImpl indirection. This removes one dependent load from each IC check in GetById, PutById, GetLength, GetGlobal, and SetGlobal handlers.
2026-03-07 22:18:15 +01:00
class JS_API Executable final
: public Cell
, public GC::WeakContainer {
LibGC+Everywhere: Factor out a LibGC from LibJS Resulting in a massive rename across almost everywhere! Alongside the namespace change, we now have the following names: * JS::NonnullGCPtr -> GC::Ref * JS::GCPtr -> GC::Ptr * JS::HeapFunction -> GC::Function * JS::CellImpl -> GC::Cell * JS::Handle -> GC::Root
2024-11-15 04:01:23 +13:00
GC_CELL(Executable, Cell);
GC_DECLARE_ALLOCATOR(Executable);
LibJS: Make Bytecode::Executable GC-allocated This is a step towards making ExecutionContext easier to allocate.
2023-11-27 13:23:59 +01:00
LibJS: Make Executable ref-counted and let instruction iterator co-own it This ensures that the instruction stream pointed at by the instruction iterator remains valid as long as the iterator exists.
2023-10-03 08:18:10 +02:00
public:
Executable(
LibJS/Bytecode: Flatten bytecode to a contiguous representation Instead of keeping bytecode as a set of disjoint basic blocks on the malloc heap, bytecode is now a contiguous sequence of bytes(!) The transformation happens at the end of Bytecode::Generator::generate() and the only really hairy part is rerouting jump labels. This required solving a few problems: - The interpreter execution loop had to change quite a bit, since we were storing BasicBlock pointers all over the place, and control transfer was done by redirecting the interpreter's current block. - Exception handlers & finalizers are now stored per-bytecode-range in a side table in Executable. - The interpreter now has a plain program counter instead of a stream iterator. This actually makes error stack generation a bit nicer since we just have to deal with a number instead of reaching into the iterator. This yields a 25% performance improvement on this microbenchmark: for (let i = 0; i < 1_000_000; ++i) { } But basically everything gets faster. :^)
2024-05-06 06:44:08 +02:00
Vector<u8> bytecode,
LibJS: Make Executable ref-counted and let instruction iterator co-own it This ensures that the instruction stream pointed at by the instruction iterator remains valid as long as the iterator exists.
2023-10-03 08:18:10 +02:00
NonnullOwnPtr<IdentifierTable>,
LibJS: Cache fully-formed PropertyKeys in Executable Instead of creating PropertyKeys on the fly during interpreter execution, we now store fully-formed ones in the Executable. This avoids a whole bunch of busywork in property access instructions and substantially reduces code size bloat.
2025-12-11 07:57:09 -06:00
NonnullOwnPtr<PropertyKeyTable>,
LibJS: Make Executable ref-counted and let instruction iterator co-own it This ensures that the instruction stream pointed at by the instruction iterator remains valid as long as the iterator exists.
2023-10-03 08:18:10 +02:00
NonnullOwnPtr<StringTable>,
NonnullOwnPtr<RegexTable>,
LibJS/Bytecode: Add constants table to Bytecode::Executable
2024-02-02 09:52:25 +01:00
Vector<Value> constants,
LibJS: Make Executable ref-counted and let instruction iterator co-own it This ensures that the instruction stream pointed at by the instruction iterator remains valid as long as the iterator exists.
2023-10-03 08:18:10 +02:00
NonnullRefPtr<SourceCode const>,
size_t number_of_property_lookup_caches,
size_t number_of_global_variable_caches,
LibJS: Follow the spec more closely for tagged template literals This resolves a FIXME in its code generation, particularly for: - Caching the template object - Setting the correct property attributes - Freezing the resulting objects This allows archive.org to load, which uses the Lit library. The Lit library caches these template objects to determine if a template has changed, allowing it to determine to do a full template rerender or only partially update the rendering. Before, we would always cause a full rerender on update because we didn't return the same template object. This caused issues with archive.org's code, I believe particularly with its router library, where we would constantly detach and reattach nodes unexpectedly, ending up with the page content not being attached to the router's custom element.
2026-01-06 19:49:38 +00:00
size_t number_of_template_object_caches,
LibJS: Add shape caching for object literal instantiation When a function creates object literals with simple property names, we now cache the resulting shape after the first instantiation. On subsequent calls, we create the object with the cached shape directly and write property values at their known offsets. This avoids repeated shape transitions and property offset lookups for a common JavaScript pattern. The optimization uses two new bytecode instructions: - CacheObjectShape: Captures the final shape after object construction - InitObjectLiteralProperty: Writes properties using cached offsets Only "simple" object literals are optimized (string literal keys with simple value expressions). Complex cases like computed properties, getters/setters, and spread elements use the existing slow path. 3.4x speedup on a microbenchmark that repeatedly instantiates an object literal with 26 properties. Small progressions on various benchmarks.
2026-01-09 18:55:00 +01:00
size_t number_of_object_shape_caches,
LibJS: Cache stable for-in iteration at bytecode sites Cache the flattened enumerable key snapshot for each `for..in` site and reuse a `PropertyNameIterator` when the receiver shape, dictionary generation, indexed storage kind and length, prototype chain validity, and magical-length state still match. Handle packed indexed receivers as well as plain named-property objects. Teach `ObjectPropertyIteratorNext` in `asmint.asm` to return cached property values directly and to fall back to the slow iterator logic when any guard fails. Treat arrays' hidden non-enumerable `length` property as a visited name for for-in shadowing, and include the receiver's magical-length state in the cache key so arrays and plain objects do not share snapshots. Add `test-js` and `test-js-bytecode` coverage for mixed numeric and named keys, packed receiver transitions, re-entry, iterator reuse, GC retention, array length shadowing, and same-site cache reuse.
2026-04-10 00:56:49 +02:00
size_t number_of_object_property_iterator_caches,
LibJS: Make Executable ref-counted and let instruction iterator co-own it This ensures that the instruction stream pointed at by the instruction iterator remains valid as long as the iterator exists.
2023-10-03 08:18:10 +02:00
size_t number_of_registers,
LibJS: Let bytecode instructions know whether they are in strict mode This commits puts the strict mode flag in the header of every bytecode instruction. This allows us to check for strict mode without looking at the currently running execution context.
2025-10-28 20:25:12 +01:00
Strict);
LibJS: Make Executable ref-counted and let instruction iterator co-own it This ensures that the instruction stream pointed at by the instruction iterator remains valid as long as the iterator exists.
2023-10-03 08:18:10 +02:00
LibJS: Make Bytecode::Executable GC-allocated This is a step towards making ExecutionContext easier to allocate.
2023-11-27 13:23:59 +01:00
virtual ~Executable() override;
LibJS: Make Executable ref-counted and let instruction iterator co-own it This ensures that the instruction stream pointed at by the instruction iterator remains valid as long as the iterator exists.
2023-10-03 08:18:10 +02:00
LibJS+LibWeb+WebContent: Port JS::PropertyKey to UTF-16 This has quite a lot of fall out. But the majority of it is just type or UDL substitution, where the changes just fall through to other function calls. By changing property key storage to UTF-16, the main affected areas are: * NativeFunction names must now be UTF-16 * Bytecode identifiers must now be UTF-16 * Module/binding names must now be UTF-16
2025-08-02 19:27:29 -04:00
Utf16FlyString name;
LibJS/Bytecode: Flatten bytecode to a contiguous representation Instead of keeping bytecode as a set of disjoint basic blocks on the malloc heap, bytecode is now a contiguous sequence of bytes(!) The transformation happens at the end of Bytecode::Generator::generate() and the only really hairy part is rerouting jump labels. This required solving a few problems: - The interpreter execution loop had to change quite a bit, since we were storing BasicBlock pointers all over the place, and control transfer was done by redirecting the interpreter's current block. - Exception handlers & finalizers are now stored per-bytecode-range in a side table in Executable. - The interpreter now has a plain program counter instead of a stream iterator. This actually makes error stack generation a bit nicer since we just have to deal with a number instead of reaching into the iterator. This yields a 25% performance improvement on this microbenchmark: for (let i = 0; i < 1_000_000; ++i) { } But basically everything gets faster. :^)
2024-05-06 06:44:08 +02:00
Vector<u8> bytecode;
LibJS/Bytecode: Cache object own property accesses The instructions GetById and GetByIdWithThis now remember the last-seen Shape, and if we see the same object again, we reuse the property offset from last time without doing a new lookup. This allows us to use Object::get_direct(), bypassing the entire lookup machinery and saving lots of time. ~23% speed-up on Kraken/ai-astar.js :^)
2023-07-08 17:43:26 +02:00
Vector<PropertyLookupCache> property_lookup_caches;
LibJS: Add optimized GetGlobal instruction to access global variables Using a special instruction to access global variables allows skipping the environment chain traversal for them and going directly to the module/global environment. Currently, this instruction only caches the offset for bindings that belong to the global object environment. However, there is also an opportunity to cache the offset in the global declarative record. This change results in a 57% increase in speed for imaging-gaussian-blur.js in Kraken.
2023-07-12 04:06:59 +02:00
Vector<GlobalVariableCache> global_variable_caches;
LibJS: Follow the spec more closely for tagged template literals This resolves a FIXME in its code generation, particularly for: - Caching the template object - Setting the correct property attributes - Freezing the resulting objects This allows archive.org to load, which uses the Lit library. The Lit library caches these template objects to determine if a template has changed, allowing it to determine to do a full template rerender or only partially update the rendering. Before, we would always cause a full rerender on update because we didn't return the same template object. This caused issues with archive.org's code, I believe particularly with its router library, where we would constantly detach and reattach nodes unexpectedly, ending up with the page content not being attached to the router's custom element.
2026-01-06 19:49:38 +00:00
Vector<TemplateObjectCache> template_object_caches;
LibJS: Add shape caching for object literal instantiation When a function creates object literals with simple property names, we now cache the resulting shape after the first instantiation. On subsequent calls, we create the object with the cached shape directly and write property values at their known offsets. This avoids repeated shape transitions and property offset lookups for a common JavaScript pattern. The optimization uses two new bytecode instructions: - CacheObjectShape: Captures the final shape after object construction - InitObjectLiteralProperty: Writes properties using cached offsets Only "simple" object literals are optimized (string literal keys with simple value expressions). Complex cases like computed properties, getters/setters, and spread elements use the existing slow path. 3.4x speedup on a microbenchmark that repeatedly instantiates an object literal with 26 properties. Small progressions on various benchmarks.
2026-01-09 18:55:00 +01:00
Vector<ObjectShapeCache> object_shape_caches;
LibJS: Cache stable for-in iteration at bytecode sites Cache the flattened enumerable key snapshot for each `for..in` site and reuse a `PropertyNameIterator` when the receiver shape, dictionary generation, indexed storage kind and length, prototype chain validity, and magical-length state still match. Handle packed indexed receivers as well as plain named-property objects. Teach `ObjectPropertyIteratorNext` in `asmint.asm` to return cached property values directly and to fall back to the slow iterator logic when any guard fails. Treat arrays' hidden non-enumerable `length` property as a visited name for for-in shadowing, and include the receiver's magical-length state in the cache key so arrays and plain objects do not share snapshots. Add `test-js` and `test-js-bytecode` coverage for mixed numeric and named keys, packed receiver transitions, re-entry, iterator reuse, GC retention, array length shadowing, and same-site cache reuse.
2026-04-10 00:56:49 +02:00
Vector<ObjectPropertyIteratorCache> object_property_iterator_caches;
LibJS: Add Bytecode::Executable::dump() Let's have a helper for producing a consistent executable dump instead of repeating the logic in multiple places.
2021-10-24 13:30:49 +02:00
NonnullOwnPtr<StringTable> string_table;
LibJS: Add a separate "identifier table" to bytecode executables This is a specialized string table for storing identifiers only. Identifiers are always FlyStrings, which makes many common operations faster by allowing O(1) comparison.
2021-10-24 15:34:30 +02:00
NonnullOwnPtr<IdentifierTable> identifier_table;
LibJS: Cache fully-formed PropertyKeys in Executable Instead of creating PropertyKeys on the fly during interpreter execution, we now store fully-formed ones in the Executable. This avoids a whole bunch of busywork in property access instructions and substantially reduces code size bloat.
2025-12-11 07:57:09 -06:00
NonnullOwnPtr<PropertyKeyTable> property_key_table;
LibJS/Bytecode: Don't reparse regular expressions on instantiation The RegExpLiteral AST node already has the parsed regex::Parser::Result so let's plumb that over to the bytecode executable instead of reparsing the regex every time NewRegExp is executed. ~12% speed-up on language/literals/regexp/S7.8.5_A2.1_T2.js in test262.
2023-07-13 10:49:07 +02:00
NonnullOwnPtr<RegexTable> regex_table;
LibJS/Bytecode: Add constants table to Bytecode::Executable
2024-02-02 09:52:25 +01:00
Vector<Value> constants;
LibJS: Create static unwind mappings for `BasicBlock`s This is currently only used in the bytecode dump to annotate to where unwinds lead per block, but will be hooked up to the virtual machine in the next commit.
2023-10-19 23:18:54 +02:00
LibJS: Pre-create SharedFunctionInstanceData in NewFunction Replace the FunctionNode const& stored on the NewFunction bytecode instruction with an index into a table of pre-created SharedFunctionInstanceData objects on the Executable. During bytecode compilation, we now eagerly create SharedFunctionInstanceData for each function that will be instantiated by NewFunction, and store it on both the FunctionNode (for caching) and the Executable (for GC tracing). At runtime, NewFunction simply looks up the SharedFunctionInstanceData by index and calls create_from_function_data() directly, bypassing the AST entirely. This removes one of the main reasons the AST had to stay alive after compilation. The instantiate_ordinary_function_expression() helper in Interpreter.cpp is removed as its non-trivial code path (creating a scope for named function expressions) was dead code -- it was only called when !has_name(), so the has_own_name branch never executed.
2026-02-10 23:02:46 +01:00
Vector<GC::Ptr<SharedFunctionInstanceData>> shared_function_data;
LibJS: Add ClassBlueprint data structures Introduce ClassBlueprint and ClassElementDescriptor structs that will replace the AST-backed class construction path. ClassBlueprint stores pre-compiled function data indices and element metadata, following the same pattern as SharedFunctionInstanceData for NewFunction. Add Vector<ClassBlueprint> to Executable for storage. No behavioral change.
2026-02-11 00:15:19 +01:00
Vector<ClassBlueprint> class_blueprints;
LibJS: Pre-create SharedFunctionInstanceData in NewFunction Replace the FunctionNode const& stored on the NewFunction bytecode instruction with an index into a table of pre-created SharedFunctionInstanceData objects on the Executable. During bytecode compilation, we now eagerly create SharedFunctionInstanceData for each function that will be instantiated by NewFunction, and store it on both the FunctionNode (for caching) and the Executable (for GC tracing). At runtime, NewFunction simply looks up the SharedFunctionInstanceData by index and calls create_from_function_data() directly, bypassing the AST entirely. This removes one of the main reasons the AST had to stay alive after compilation. The instantiate_ordinary_function_expression() helper in Interpreter.cpp is removed as its non-trivial code path (creating a scope for named function expressions) was dead code -- it was only called when !has_name(), so the has_own_name branch never executed.
2026-02-10 23:02:46 +01:00
LibJS: Add file & line number to bytecode VM stack traces :^) This works by adding source start/end offset to every bytecode instruction. In the future we can make this more efficient by keeping a map of bytecode ranges to source ranges in the Executable instead, but let's just get traces working first. Co-Authored-By: Andrew Kaster <akaster@serenityos.org>
2023-09-01 16:53:55 +02:00
NonnullRefPtr<SourceCode const> source_code;
LibJS: Skip initializing constant slots in ExecutionContext Every function call allocates an ExecutionContext with a trailing array of Values for registers, locals, constants, and arguments. Previously, the constructor would initialize all slots to js_special_empty_value(), but constant slots were then immediately overwritten by the interpreter copying in values from the Executable before execution began. To eliminate this redundant initialization, we rearrange the layout from [registers | constants | locals] to [registers | locals | constants]. This groups registers and locals together at the front, allowing us to initialize only those slots while leaving constant slots uninitialized until they're populated with their actual values. This reduces the per-call initialization cost from O(registers + locals + constants) to O(registers + locals). Also tightens up the types involved (size_t -> u32) and adds VERIFYs to guard against overflow when computing the combined slot counts, and to ensure the total fits within the 29-bit operand index field.
2026-01-18 23:17:10 +01:00
u32 number_of_registers { 0 };
LibJS/Bytecode: Determine strict mode on an executable basis An executable is generated for the top-level script and for each function. Strict mode can only be changed with the first statement of the top-level script and each function, which corresponds directly to Executable.
2022-07-17 18:56:36 +01:00
bool is_strict_mode { false };
LibJS: Add Bytecode::Executable::dump() Let's have a helper for producing a consistent executable dump instead of repeating the logic in multiple places.
2021-10-24 13:30:49 +02:00
LibJS: Skip initializing constant slots in ExecutionContext Every function call allocates an ExecutionContext with a trailing array of Values for registers, locals, constants, and arguments. Previously, the constructor would initialize all slots to js_special_empty_value(), but constant slots were then immediately overwritten by the interpreter copying in values from the Executable before execution began. To eliminate this redundant initialization, we rearrange the layout from [registers | constants | locals] to [registers | locals | constants]. This groups registers and locals together at the front, allowing us to initialize only those slots while leaving constant slots uninitialized until they're populated with their actual values. This reduces the per-call initialization cost from O(registers + locals + constants) to O(registers + locals). Also tightens up the types involved (size_t -> u32) and adds VERIFYs to guard against overflow when computing the combined slot counts, and to ensure the total fits within the 29-bit operand index field.
2026-01-18 23:17:10 +01:00
u32 registers_and_locals_count { 0 };
u32 registers_and_locals_and_constants_count { 0 };
LibJS: Cache Executable constants for asm Call Mirror Executable's constants size and data pointer in adjacent fields so the asm Call fast path can pair-load them together. The underlying Vector layout keeps size and data apart, so a small cached raw span lets the hot constant-copy loop fetch both pieces of metadata at once.
2026-04-14 10:16:33 +02:00
size_t asm_constants_size { 0 };
Value const* asm_constants_data { nullptr };
LibJS: Precompute the number of regs/constants/locals in Executable Instead of doing it again on every call. Minor bump in call performance.
2025-10-30 00:09:09 +01:00
LibJS/Bytecode: Flatten bytecode to a contiguous representation Instead of keeping bytecode as a set of disjoint basic blocks on the malloc heap, bytecode is now a contiguous sequence of bytes(!) The transformation happens at the end of Bytecode::Generator::generate() and the only really hairy part is rerouting jump labels. This required solving a few problems: - The interpreter execution loop had to change quite a bit, since we were storing BasicBlock pointers all over the place, and control transfer was done by redirecting the interpreter's current block. - Exception handlers & finalizers are now stored per-bytecode-range in a side table in Executable. - The interpreter now has a plain program counter instead of a stream iterator. This actually makes error stack generation a bit nicer since we just have to deal with a number instead of reaching into the iterator. This yields a 25% performance improvement on this microbenchmark: for (let i = 0; i < 1_000_000; ++i) { } But basically everything gets faster. :^)
2024-05-06 06:44:08 +02:00
struct ExceptionHandlers {
size_t start_offset;
size_t end_offset;
LibJS: Collapse handler/finalizer into single exception handler target After replacing the runtime unwind context stack with explicit completion records for try/finally dispatch, the distinction between "handler" (catch) and "finalizer" (finally) in the exception handler table is no longer meaningful at runtime. handle_exception() checked handler first, then finalizer, but they did the exact same thing (set the PC). When both were present, the finalizer was dead code. Collapse both fields into a single handler_offset (now non-optional, since an entry always has a target), remove the finalizer concept from BasicBlock, UnwindContext, and ExceptionHandlers, and simplify handle_exception() to a direct assignment.
2026-02-09 12:08:49 +01:00
size_t handler_offset;
LibJS/Bytecode: Flatten bytecode to a contiguous representation Instead of keeping bytecode as a set of disjoint basic blocks on the malloc heap, bytecode is now a contiguous sequence of bytes(!) The transformation happens at the end of Bytecode::Generator::generate() and the only really hairy part is rerouting jump labels. This required solving a few problems: - The interpreter execution loop had to change quite a bit, since we were storing BasicBlock pointers all over the place, and control transfer was done by redirecting the interpreter's current block. - Exception handlers & finalizers are now stored per-bytecode-range in a side table in Executable. - The interpreter now has a plain program counter instead of a stream iterator. This actually makes error stack generation a bit nicer since we just have to deal with a number instead of reaching into the iterator. This yields a 25% performance improvement on this microbenchmark: for (let i = 0; i < 1_000_000; ++i) { } But basically everything gets faster. :^)
2024-05-06 06:44:08 +02:00
};
Vector<ExceptionHandlers> exception_handlers;
Vector<size_t> basic_block_start_offsets;
LibJS: Replace source map HashMap with sorted Vector Bytecode source map entries are always added in order of increasing bytecode offset, and lookups only happen during error handling (a cold path). This makes a sorted vector with binary search a better fit than a hash map. This change reduces memory overhead and speeds up bytecode generation by avoiding hash table operations during compilation. Lookups remain fast via binary search, and since source_range_at() is only called when generating stack traces, the O(log n) lookup is acceptable.
2026-01-26 17:51:53 +01:00
Vector<SourceMapEntry> source_map;
LibJS/Bytecode: Keep instruction source mappings in Executable Instead of storing source offsets with each instruction, we now keep them in a side table in Executable. This shrinks each instruction by 8 bytes, further improving locality.
2024-05-06 07:51:14 +02:00
LibJS: Preserve information about local variables declaration kind This is required for upcoming change where we want to emit ThrowIfTDZ for assignment expressions only for lexical declarations.
2025-05-05 21:53:19 +03:00
Vector<LocalVariable> local_variable_names;
LibJS: Skip initializing constant slots in ExecutionContext Every function call allocates an ExecutionContext with a trailing array of Values for registers, locals, constants, and arguments. Previously, the constructor would initialize all slots to js_special_empty_value(), but constant slots were then immediately overwritten by the interpreter copying in values from the Executable before execution began. To eliminate this redundant initialization, we rearrange the layout from [registers | constants | locals] to [registers | locals | constants]. This groups registers and locals together at the front, allowing us to initialize only those slots while leaving constant slots uninitialized until they're populated with their actual values. This reduces the per-call initialization cost from O(registers + locals + constants) to O(registers + locals). Also tightens up the types involved (size_t -> u32) and adds VERIFYs to guard against overflow when computing the combined slot counts, and to ensure the total fits within the 29-bit operand index field.
2026-01-18 23:17:10 +01:00
u32 local_index_base { 0 };
u32 argument_index_base { 0 };
LibJS/Bytecode: Display local variable names in bytecode dumps Instead of displaying locals as "locN", we now show them as "name~N". This makes it a lot easier to follow bytecode dumps, especially in longer functions. Note that we keep displaying the local index, to avoid confusion in case there are multiple separate locals with the same name in one executable.
2024-06-13 21:19:06 +02:00
LibJS: Cache fully-formed PropertyKeys in Executable Instead of creating PropertyKeys on the fly during interpreter execution, we now store fully-formed ones in the Executable. This avoids a whole bunch of busywork in property access instructions and substantially reduces code size bloat.
2025-12-11 07:57:09 -06:00
Optional<PropertyKeyTableIndex> length_identifier;
LibJS: Make GetById and GetByValue avoid get_identifier() in common case We now defer looking up the various identifiers by IdentifierTableIndex until the last moment. This allows us to avoid the retrieval in common cases like when a property access is cached. Knocks a ~12% item off the profile on https://ventrella.com/Clusters/
2024-07-09 11:37:06 +02:00
LibJS+LibWeb: Port interned bytecode strings to UTF-16 This was almost a no-op, except we intern JS exception messages. So the bulk of this patch is porting exception messages to UTF-16.
2025-08-07 19:31:52 -04:00
Utf16String const& get_string(StringTableIndex index) const { return string_table->get(index); }
LibJS+LibWeb+WebContent: Port JS::PropertyKey to UTF-16 This has quite a lot of fall out. But the majority of it is just type or UDL substitution, where the changes just fall through to other function calls. By changing property key storage to UTF-16, the main affected areas are: * NativeFunction names must now be UTF-16 * Bytecode identifiers must now be UTF-16 * Module/binding names must now be UTF-16
2025-08-02 19:27:29 -04:00
Utf16FlyString const& get_identifier(IdentifierTableIndex index) const { return identifier_table->get(index); }
LibJS: Cache fully-formed PropertyKeys in Executable Instead of creating PropertyKeys on the fly during interpreter execution, we now store fully-formed ones in the Executable. This avoids a whole bunch of busywork in property access instructions and substantially reduces code size bloat.
2025-12-11 07:57:09 -06:00
PropertyKey const& get_property_key(PropertyKeyTableIndex index) const { return property_key_table->get(index); }
LibJS: Add Bytecode::Executable::dump() Let's have a helper for producing a consistent executable dump instead of repeating the logic in multiple places.
2021-10-24 13:30:49 +02:00
LibJS+LibWeb+WebContent: Port JS::PropertyKey to UTF-16 This has quite a lot of fall out. But the majority of it is just type or UDL substitution, where the changes just fall through to other function calls. By changing property key storage to UTF-16, the main affected areas are: * NativeFunction names must now be UTF-16 * Bytecode identifiers must now be UTF-16 * Module/binding names must now be UTF-16
2025-08-02 19:27:29 -04:00
Optional<Utf16FlyString const&> get_identifier(Optional<IdentifierTableIndex> const& index) const
LibJS: Include identifier information in nullish property read access When a GetById / GetByValue bytecode operation results in accessing a nullish object, we now include the name of the property and the object being accessed in the exception message (if available). This should make it easier to debug live websites. For example, the following errors would all previously produce a generic error message of "ToObject on null or undefined": > foo = null > foo.bar Uncaught exception: [TypeError] Cannot access property "bar" on null object "foo" at <unknown> > foo = { bar: undefined } > foo.bar.baz Uncaught exception: [TypeError] Cannot access property "baz" on undefined object "foo.bar" at <unknown> Note we certainly don't capture all possible nullish property read accesses here. This just covers cases I've seen most on live websites; we can cover more cases as they arise.
2024-03-29 11:26:10 -04:00
{
if (!index.has_value())
return {};
return get_identifier(*index);
}
LibJS: Mark exception_handlers_for_offset() COLD
2025-12-04 23:08:21 +01:00
[[nodiscard]] COLD Optional<ExceptionHandlers const&> exception_handlers_for_offset(size_t offset) const;
LibJS/Bytecode: Flatten bytecode to a contiguous representation Instead of keeping bytecode as a set of disjoint basic blocks on the malloc heap, bytecode is now a contiguous sequence of bytes(!) The transformation happens at the end of Bytecode::Generator::generate() and the only really hairy part is rerouting jump labels. This required solving a few problems: - The interpreter execution loop had to change quite a bit, since we were storing BasicBlock pointers all over the place, and control transfer was done by redirecting the interpreter's current block. - Exception handlers & finalizers are now stored per-bytecode-range in a side table in Executable. - The interpreter now has a plain program counter instead of a stream iterator. This actually makes error stack generation a bit nicer since we just have to deal with a number instead of reaching into the iterator. This yields a 25% performance improvement on this microbenchmark: for (let i = 0; i < 1_000_000; ++i) { } But basically everything gets faster. :^)
2024-05-06 06:44:08 +02:00
[[nodiscard]] UnrealizedSourceRange source_range_at(size_t offset) const;
LibJS: Move source range cache from ExecutionContext to Executable CachedSourceRange was a GC-allocated cell stored on the ExecutionContext, only needed because ExecutionContext must be trivially destructible. Move the source range cache to a HashMap<u32, SourceRange> on the Executable (keyed by program counter), where it belongs. This eliminates the GC::Cell subclass entirely and removes the cached_source_range field from ExecutionContext. StackTraceElement and TracebackFrame now store Optional<SourceRange> directly instead of GC::Ptr<CachedSourceRange>. Shrinks ExecutionContext from 144 to 136 bytes.
2026-03-08 11:56:31 +01:00
[[nodiscard]] SourceRange const& get_source_range(u32 program_counter);
LibJS: Store cache pointers directly in bytecode instructions Instead of storing a u32 index into a cache vector and looking up the cache at runtime through a chain of dependent loads (load Executable*, load vector data pointer, multiply index, add), store the actual cache pointer as a u64 directly in the instruction stream. A fixup pass (Executable::fixup_cache_pointers()) runs after Executable construction in both the Rust and C++ pipelines, walking the bytecode and replacing each index with the corresponding pointer. The cache pointer type is encoded in Bytecode.def (e.g. PropertyLookupCache*, GlobalVariableCache*) so the fixup switch is auto-generated by the Python Op code generator, making it impossible to forget updating the fixup when adding new cached instructions. This eliminates 3-4 dependent loads on every inline cache access in both the C++ interpreter and the assembly interpreter.
2026-03-07 22:52:25 +01:00
void fixup_cache_pointers();
LibJS: Add Bytecode::Executable::dump() Let's have a helper for producing a consistent executable dump instead of repeating the logic in multiple places.
2021-10-24 13:30:49 +02:00
void dump() const;
LibJS: Add dump_to_string() for AST nodes and bytecode executables Add the ability to dump AST and bytecode to a String instead of only to stdout/stderr. This is done by adding an optional StringBuilder output sink to ASTDumpState, and a new dump_to_string() method on both ASTNode and Bytecode::Executable. These will be used for comparing output between compilation pipelines.
2026-02-22 14:18:30 +01:00
[[nodiscard]] String dump_to_string() const;
LibJS/Bytecode: Make primitive strings be constants Instead of emitting a NewString instruction to construct a primitive string from a parsed literal, we now instantiate the PrimitiveString on the heap during codegen.
2024-03-03 11:34:36 +01:00
LibJS: Flatten Operand to 32-bit index in bytecode instruction stream While we're in the bytecode compiler, we want to know which type of Operand we're dealing with, but once we've generated the bytecode stream, we only ever need its index. This patch simplifies Operand by removing the aarch64 bitfield hacks and makes it 32-bit on all platforms. We keep 3 type bits in the high bits of the index while compiling, and then zero them out when flattening the final bytecode stream. This makes bytecode more compact on x86_64, and avoids bit twiddling on aarch64. Everyone wins something! When stringifying bytecode for debugging output, we now have an API in Executable that can look at a raw operand index and tell you what type of operand it was, based on known quantities of each type in the stack frame.
2025-11-22 12:27:51 +01:00
[[nodiscard]] Operand original_operand_from_raw(u32) const;
LibJS: Replace GC::Weak with GC::RawPtr in inline cache entries Property lookup cache entries previously used GC::Weak<T> for shape, prototype, and prototype_chain_validity pointers. Each GC::Weak requires a ref-counted WeakImpl allocation and an extra indirection on every access. Replace these with GC::RawPtr<T> and make Executable a WeakContainer so the GC can clear stale pointers during sweep via remove_dead_cells. For static PropertyLookupCache instances (used throughout the runtime for well-known property lookups), introduce StaticPropertyLookupCache which registers itself in a global list that also gets swept. Now that inline cache entries use GC::RawPtr instead of GC::Weak, we can compare shape/prototype pointers directly without going through the WeakImpl indirection. This removes one dependent load from each IC check in GetById, PutById, GetLength, GetGlobal, and SetGlobal handlers.
2026-03-07 22:18:15 +01:00
virtual void remove_dead_cells(Badge<GC::Heap>) override;
LibJS/Bytecode: Make primitive strings be constants Instead of emitting a NewString instruction to construct a primitive string from a parsed literal, we now instantiate the PrimitiveString on the heap during codegen.
2024-03-03 11:34:36 +01:00
private:
virtual void visit_edges(Visitor&) override;
LibJS: Move source range cache from ExecutionContext to Executable CachedSourceRange was a GC-allocated cell stored on the ExecutionContext, only needed because ExecutionContext must be trivially destructible. Move the source range cache to a HashMap<u32, SourceRange> on the Executable (keyed by program counter), where it belongs. This eliminates the GC::Cell subclass entirely and removes the cached_source_range field from ExecutionContext. StackTraceElement and TracebackFrame now store Optional<SourceRange> directly instead of GC::Ptr<CachedSourceRange>. Shrinks ExecutionContext from 144 to 136 bytes.
2026-03-08 11:56:31 +01:00
HashMap<u32, SourceRange> m_source_range_cache;
LibJS: Add Bytecode::Executable::dump() Let's have a helper for producing a consistent executable dump instead of repeating the logic in multiple places.
2021-10-24 13:30:49 +02:00
};
}
Reference in a new issue Copy permalink