Better cache our serialization of the outer TDZ environment when creating FunctionExecutables during bytecode generation

https://bugs.webkit.org/show_bug.cgi?id=199866
<rdar://problem/53333108>

Reviewed by Tadeu Zagallo.

JSTests:

* microbenchmarks/let-const-tdz-environment-parsing-and-hash-consing-speed.js: Added.

Source/JavaScriptCore:

This patch removes performance pathologies regarding programs with
many variables under TDZ (let/const). We had an algorithm for caching
the results of gathering all variables under TDZ, but that algorithm
wasn't nearly aggressive enough in its caching. This lead us to worst
case quadratic runtime, which could happens in practice for large functions.

There are a few fixes here:
- Instead of flattening the entire TDZ stack, and caching that result,
we now cache each stack entry individually. So as you push/pop to the
TDZ environment stack, we no longer invalidate everything. Instead, we
will just need to cache the newly pushed entry. We also no longer invalidate
the cache for lifting a TDZ check. The compromise here is we may emit
more runtime TDZ checks for closure variables. This is better than N^2
bytecode compile time perf, since a well predicted branch for a TDZ
check is essentially free.
- We no longer transform the CompactTDZEnvironment (formerly CompactVariableEnvironment)
from a Vector into a HashSet each time we generate code for an inner function. Instead,
CompactTDZEnvironment can be in two modes: compact and inflated. It starts life off in
compact mode (a vector), and will turn into an inflated mode if it's ever needed. Once
inflated, it'll stay this way until it's destructed. This improves our algorithm from being
O(EnvSize * NumFunctions) to O(EnvSize) at the cost of using more space in a HashTable versus a
Vector. In the future, we could consider just binary searching through this Vector, and never using
a hash table.

* bytecode/UnlinkedFunctionExecutable.cpp:
(JSC::generateUnlinkedFunctionCodeBlock):
(JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
* bytecode/UnlinkedFunctionExecutable.h:
* bytecompiler/BytecodeGenerator.cpp:
(JSC::BytecodeGenerator::BytecodeGenerator):
(JSC::BytecodeGenerator::popLexicalScopeInternal):
(JSC::BytecodeGenerator::needsTDZCheck):
(JSC::BytecodeGenerator::liftTDZCheckIfPossible):
(JSC::BytecodeGenerator::pushTDZVariables):
(JSC::BytecodeGenerator::getVariablesUnderTDZ):
(JSC::BytecodeGenerator::preserveTDZStack):
(JSC::BytecodeGenerator::restoreTDZStack):
(JSC::BytecodeGenerator::emitNewInstanceFieldInitializerFunction):
* bytecompiler/BytecodeGenerator.h:
(JSC::BytecodeGenerator::generate):
(JSC::BytecodeGenerator::makeFunction):
* debugger/DebuggerCallFrame.cpp:
(JSC::DebuggerCallFrame::evaluateWithScopeExtension):
* interpreter/Interpreter.cpp:
(JSC::eval):
* parser/Parser.h:
(JSC::Parser<LexerType>::parse):
(JSC::parse):
* parser/VariableEnvironment.cpp:
(JSC::CompactTDZEnvironment::sortCompact):
(JSC::CompactTDZEnvironment::CompactTDZEnvironment):
(JSC::CompactTDZEnvironment::operator== const):
(JSC::CompactTDZEnvironment::toTDZEnvironmentSlow const):
(JSC::CompactTDZEnvironmentMap::get):
(JSC::CompactTDZEnvironmentMap::Handle::~Handle):
(JSC::CompactTDZEnvironmentMap::Handle::Handle):
(JSC::CompactVariableEnvironment::CompactVariableEnvironment): Deleted.
(JSC::CompactVariableEnvironment::operator== const): Deleted.
(JSC::CompactVariableEnvironment::toVariableEnvironment const): Deleted.
(JSC::CompactVariableMap::get): Deleted.
(JSC::CompactVariableMap::Handle::~Handle): Deleted.
(JSC::CompactVariableMap::Handle::Handle): Deleted.
* parser/VariableEnvironment.h:
(JSC::CompactTDZEnvironment::toTDZEnvironment const):
(JSC::CompactTDZEnvironmentKey::CompactTDZEnvironmentKey):
(JSC::CompactTDZEnvironmentKey::hash):
(JSC::CompactTDZEnvironmentKey::equal):
(JSC::CompactTDZEnvironmentKey::makeDeletedValue):
(JSC::CompactTDZEnvironmentKey::isHashTableDeletedValue const):
(JSC::CompactTDZEnvironmentKey::environment):
(WTF::HashTraits<JSC::CompactTDZEnvironmentKey>::emptyValue):
(WTF::HashTraits<JSC::CompactTDZEnvironmentKey>::isEmptyValue):
(WTF::HashTraits<JSC::CompactTDZEnvironmentKey>::constructDeletedValue):
(WTF::HashTraits<JSC::CompactTDZEnvironmentKey>::isDeletedValue):
(JSC::CompactTDZEnvironmentMap::Handle::environment const):
(JSC::CompactVariableEnvironment::hash const): Deleted.
(JSC::CompactVariableMapKey::CompactVariableMapKey): Deleted.
(JSC::CompactVariableMapKey::hash): Deleted.
(JSC::CompactVariableMapKey::equal): Deleted.
(JSC::CompactVariableMapKey::makeDeletedValue): Deleted.
(JSC::CompactVariableMapKey::isHashTableDeletedValue const): Deleted.
(JSC::CompactVariableMapKey::isHashTableEmptyValue const): Deleted.
(JSC::CompactVariableMapKey::environment): Deleted.
(WTF::HashTraits<JSC::CompactVariableMapKey>::emptyValue): Deleted.
(WTF::HashTraits<JSC::CompactVariableMapKey>::isEmptyValue): Deleted.
(WTF::HashTraits<JSC::CompactVariableMapKey>::constructDeletedValue): Deleted.
(WTF::HashTraits<JSC::CompactVariableMapKey>::isDeletedValue): Deleted.
(JSC::CompactVariableMap::Handle::Handle): Deleted.
(JSC::CompactVariableMap::Handle::operator=): Deleted.
(JSC::CompactVariableMap::Handle::operator bool const): Deleted.
(JSC::CompactVariableMap::Handle::environment const): Deleted.
(JSC::CompactVariableMap::Handle::swap): Deleted.
* runtime/CachedTypes.cpp:
(JSC::Decoder::handleForTDZEnvironment const):
(JSC::Decoder::setHandleForTDZEnvironment):
(JSC::CachedCompactTDZEnvironment::encode):
(JSC::CachedCompactTDZEnvironment::decode const):
(JSC::CachedCompactTDZEnvironmentMapHandle::encode):
(JSC::CachedCompactTDZEnvironmentMapHandle::decode const):
(JSC::CachedFunctionExecutableRareData::decode const):
(JSC::Decoder::handleForEnvironment const): Deleted.
(JSC::Decoder::setHandleForEnvironment): Deleted.
(JSC::CachedCompactVariableEnvironment::encode): Deleted.
(JSC::CachedCompactVariableEnvironment::decode const): Deleted.
(JSC::CachedCompactVariableMapHandle::encode): Deleted.
(JSC::CachedCompactVariableMapHandle::decode const): Deleted.
* runtime/CachedTypes.h:
* runtime/CodeCache.cpp:
(JSC::generateUnlinkedCodeBlockImpl):
(JSC::generateUnlinkedCodeBlock):
(JSC::generateUnlinkedCodeBlockForDirectEval):
(JSC::recursivelyGenerateUnlinkedCodeBlockForProgram):
(JSC::recursivelyGenerateUnlinkedCodeBlockForModuleProgram):
(JSC::CodeCache::getUnlinkedGlobalCodeBlock):
* runtime/CodeCache.h:
* runtime/Completion.cpp:
(JSC::generateProgramBytecode):
(JSC::generateModuleBytecode):
* runtime/DirectEvalExecutable.cpp:
(JSC::DirectEvalExecutable::create):
* runtime/DirectEvalExecutable.h:
* runtime/JSScope.cpp:
(JSC::JSScope::collectClosureVariablesUnderTDZ):
* runtime/JSScope.h:
* runtime/VM.cpp:
(JSC::VM::VM):
* runtime/VM.h:

Source/WTF:

* wtf/RefPtr.h:
(WTF::swap): Deleted.
This function is no longer necessary, and causes ADL (https://en.cppreference.com/w/cpp/language/adl)
compile errors when not using DumbPtrTraits and calling sort on a vector of that type.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@269115 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Author: [email protected]

JSTests/ChangeLog

@@ -1,3 +1,13 @@
+2020-10-28  Saam Barati  <[email protected]>
+
+        Better cache our serialization of the outer TDZ environment when creating FunctionExecutables during bytecode generation
+        https://bugs.webkit.org/show_bug.cgi?id=199866
+        <rdar://problem/53333108>
+
+        Reviewed by Tadeu Zagallo.
+
+        * microbenchmarks/let-const-tdz-environment-parsing-and-hash-consing-speed.js: Added.
+
 2020-10-28  Robin Morisset  <[email protected]>
 
         DFGIntegerRangeOptimization is wrong for Upsilon (as 'shadow' nodes are not in SSA form)

JSTests/microbenchmarks/let-const-tdz-environment-parsing-and-hash-consing-speed.js

@@ -1,3 +1,139 @@
+2020-10-28  Saam Barati  <[email protected]>
+
+        Better cache our serialization of the outer TDZ environment when creating FunctionExecutables during bytecode generation
+        https://bugs.webkit.org/show_bug.cgi?id=199866
+        <rdar://problem/53333108>
+
+        Reviewed by Tadeu Zagallo.
+
+        This patch removes performance pathologies regarding programs with
+        many variables under TDZ (let/const). We had an algorithm for caching
+        the results of gathering all variables under TDZ, but that algorithm
+        wasn't nearly aggressive enough in its caching. This lead us to worst
+        case quadratic runtime, which could happens in practice for large functions.
+        
+        There are a few fixes here:
+        - Instead of flattening the entire TDZ stack, and caching that result,
+        we now cache each stack entry individually. So as you push/pop to the
+        TDZ environment stack, we no longer invalidate everything. Instead, we
+        will just need to cache the newly pushed entry. We also no longer invalidate
+        the cache for lifting a TDZ check. The compromise here is we may emit
+        more runtime TDZ checks for closure variables. This is better than N^2
+        bytecode compile time perf, since a well predicted branch for a TDZ
+        check is essentially free.
+        - We no longer transform the CompactTDZEnvironment (formerly CompactVariableEnvironment)
+        from a Vector into a HashSet each time we generate code for an inner function. Instead,
+        CompactTDZEnvironment can be in two modes: compact and inflated. It starts life off in
+        compact mode (a vector), and will turn into an inflated mode if it's ever needed. Once
+        inflated, it'll stay this way until it's destructed. This improves our algorithm from being 
+        O(EnvSize * NumFunctions) to O(EnvSize) at the cost of using more space in a HashTable versus a 
+        Vector. In the future, we could consider just binary searching through this Vector, and never using
+        a hash table.
+
+        * bytecode/UnlinkedFunctionExecutable.cpp:
+        (JSC::generateUnlinkedFunctionCodeBlock):
+        (JSC::UnlinkedFunctionExecutable::UnlinkedFunctionExecutable):
+        * bytecode/UnlinkedFunctionExecutable.h:
+        * bytecompiler/BytecodeGenerator.cpp:
+        (JSC::BytecodeGenerator::BytecodeGenerator):
+        (JSC::BytecodeGenerator::popLexicalScopeInternal):
+        (JSC::BytecodeGenerator::needsTDZCheck):
+        (JSC::BytecodeGenerator::liftTDZCheckIfPossible):
+        (JSC::BytecodeGenerator::pushTDZVariables):
+        (JSC::BytecodeGenerator::getVariablesUnderTDZ):
+        (JSC::BytecodeGenerator::preserveTDZStack):
+        (JSC::BytecodeGenerator::restoreTDZStack):
+        (JSC::BytecodeGenerator::emitNewInstanceFieldInitializerFunction):
+        * bytecompiler/BytecodeGenerator.h:
+        (JSC::BytecodeGenerator::generate):
+        (JSC::BytecodeGenerator::makeFunction):
+        * debugger/DebuggerCallFrame.cpp:
+        (JSC::DebuggerCallFrame::evaluateWithScopeExtension):
+        * interpreter/Interpreter.cpp:
+        (JSC::eval):
+        * parser/Parser.h:
+        (JSC::Parser<LexerType>::parse):
+        (JSC::parse):
+        * parser/VariableEnvironment.cpp:
+        (JSC::CompactTDZEnvironment::sortCompact):
+        (JSC::CompactTDZEnvironment::CompactTDZEnvironment):
+        (JSC::CompactTDZEnvironment::operator== const):
+        (JSC::CompactTDZEnvironment::toTDZEnvironmentSlow const):
+        (JSC::CompactTDZEnvironmentMap::get):
+        (JSC::CompactTDZEnvironmentMap::Handle::~Handle):
+        (JSC::CompactTDZEnvironmentMap::Handle::Handle):
+        (JSC::CompactVariableEnvironment::CompactVariableEnvironment): Deleted.
+        (JSC::CompactVariableEnvironment::operator== const): Deleted.
+        (JSC::CompactVariableEnvironment::toVariableEnvironment const): Deleted.
+        (JSC::CompactVariableMap::get): Deleted.
+        (JSC::CompactVariableMap::Handle::~Handle): Deleted.
+        (JSC::CompactVariableMap::Handle::Handle): Deleted.
+        * parser/VariableEnvironment.h:
+        (JSC::CompactTDZEnvironment::toTDZEnvironment const):
+        (JSC::CompactTDZEnvironmentKey::CompactTDZEnvironmentKey):
+        (JSC::CompactTDZEnvironmentKey::hash):
+        (JSC::CompactTDZEnvironmentKey::equal):
+        (JSC::CompactTDZEnvironmentKey::makeDeletedValue):
+        (JSC::CompactTDZEnvironmentKey::isHashTableDeletedValue const):
+        (JSC::CompactTDZEnvironmentKey::environment):
+        (WTF::HashTraits<JSC::CompactTDZEnvironmentKey>::emptyValue):
+        (WTF::HashTraits<JSC::CompactTDZEnvironmentKey>::isEmptyValue):
+        (WTF::HashTraits<JSC::CompactTDZEnvironmentKey>::constructDeletedValue):
+        (WTF::HashTraits<JSC::CompactTDZEnvironmentKey>::isDeletedValue):
+        (JSC::CompactTDZEnvironmentMap::Handle::environment const):
+        (JSC::CompactVariableEnvironment::hash const): Deleted.
+        (JSC::CompactVariableMapKey::CompactVariableMapKey): Deleted.
+        (JSC::CompactVariableMapKey::hash): Deleted.
+        (JSC::CompactVariableMapKey::equal): Deleted.
+        (JSC::CompactVariableMapKey::makeDeletedValue): Deleted.
+        (JSC::CompactVariableMapKey::isHashTableDeletedValue const): Deleted.
+        (JSC::CompactVariableMapKey::isHashTableEmptyValue const): Deleted.
+        (JSC::CompactVariableMapKey::environment): Deleted.
+        (WTF::HashTraits<JSC::CompactVariableMapKey>::emptyValue): Deleted.
+        (WTF::HashTraits<JSC::CompactVariableMapKey>::isEmptyValue): Deleted.
+        (WTF::HashTraits<JSC::CompactVariableMapKey>::constructDeletedValue): Deleted.
+        (WTF::HashTraits<JSC::CompactVariableMapKey>::isDeletedValue): Deleted.
+        (JSC::CompactVariableMap::Handle::Handle): Deleted.
+        (JSC::CompactVariableMap::Handle::operator=): Deleted.
+        (JSC::CompactVariableMap::Handle::operator bool const): Deleted.
+        (JSC::CompactVariableMap::Handle::environment const): Deleted.
+        (JSC::CompactVariableMap::Handle::swap): Deleted.
+        * runtime/CachedTypes.cpp:
+        (JSC::Decoder::handleForTDZEnvironment const):
+        (JSC::Decoder::setHandleForTDZEnvironment):
+        (JSC::CachedCompactTDZEnvironment::encode):
+        (JSC::CachedCompactTDZEnvironment::decode const):
+        (JSC::CachedCompactTDZEnvironmentMapHandle::encode):
+        (JSC::CachedCompactTDZEnvironmentMapHandle::decode const):
+        (JSC::CachedFunctionExecutableRareData::decode const):
+        (JSC::Decoder::handleForEnvironment const): Deleted.
+        (JSC::Decoder::setHandleForEnvironment): Deleted.
+        (JSC::CachedCompactVariableEnvironment::encode): Deleted.
+        (JSC::CachedCompactVariableEnvironment::decode const): Deleted.
+        (JSC::CachedCompactVariableMapHandle::encode): Deleted.
+        (JSC::CachedCompactVariableMapHandle::decode const): Deleted.
+        * runtime/CachedTypes.h:
+        * runtime/CodeCache.cpp:
+        (JSC::generateUnlinkedCodeBlockImpl):
+        (JSC::generateUnlinkedCodeBlock):
+        (JSC::generateUnlinkedCodeBlockForDirectEval):
+        (JSC::recursivelyGenerateUnlinkedCodeBlockForProgram):
+        (JSC::recursivelyGenerateUnlinkedCodeBlockForModuleProgram):
+        (JSC::CodeCache::getUnlinkedGlobalCodeBlock):
+        * runtime/CodeCache.h:
+        * runtime/Completion.cpp:
+        (JSC::generateProgramBytecode):
+        (JSC::generateModuleBytecode):
+        * runtime/DirectEvalExecutable.cpp:
+        (JSC::DirectEvalExecutable::create):
+        * runtime/DirectEvalExecutable.h:
+        * runtime/JSScope.cpp:
+        (JSC::JSScope::collectClosureVariablesUnderTDZ):
+        * runtime/JSScope.h:
+        * runtime/VM.cpp:
+        (JSC::VM::VM):
+        * runtime/VM.h:
+
 2020-10-28  Robin Morisset  <[email protected]>
 
         DFGIntegerRangeOptimization is wrong for Upsilon (as 'shadow' nodes are not in SSA form)

Source/JavaScriptCore/ChangeLog

@@ -72,17 +72,17 @@ static UnlinkedFunctionCodeBlock* generateUnlinkedFunctionCodeBlock(
 
     UnlinkedFunctionCodeBlock* result = UnlinkedFunctionCodeBlock::create(vm, FunctionCode, ExecutableInfo(function->usesEval(), kind == CodeForConstruct, functionKind == UnlinkedBuiltinFunction, executable->constructorKind(), scriptMode, executable->superBinding(), parseMode, executable->derivedContextType(), executable->needsClassFieldInitializer(), false, isClassContext, EvalContextType::FunctionEvalContext), codeGenerationMode);
 
-    VariableEnvironment parentScopeTDZVariables = executable->parentScopeTDZVariables();
+    auto parentScopeTDZVariables = executable->parentScopeTDZVariables();
     ECMAMode ecmaMode = executable->isInStrictContext() ? ECMAMode::strict() : ECMAMode::sloppy();
-    error = BytecodeGenerator::generate(vm, function.get(), source, result, codeGenerationMode, &parentScopeTDZVariables, ecmaMode);
+    error = BytecodeGenerator::generate(vm, function.get(), source, result, codeGenerationMode, parentScopeTDZVariables, ecmaMode);
 
     if (error.isValid())
         return nullptr;
     vm.codeCache()->updateCache(executable, source, kind, result);
     return result;
 }
 
-UnlinkedFunctionExecutable::UnlinkedFunctionExecutable(VM& vm, Structure* structure, const SourceCode& parentSource, FunctionMetadataNode* node, UnlinkedFunctionKind kind, ConstructAbility constructAbility, JSParserScriptMode scriptMode, Optional<CompactVariableMap::Handle> parentScopeTDZVariables, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, bool isBuiltinDefaultClassConstructor)
+UnlinkedFunctionExecutable::UnlinkedFunctionExecutable(VM& vm, Structure* structure, const SourceCode& parentSource, FunctionMetadataNode* node, UnlinkedFunctionKind kind, ConstructAbility constructAbility, JSParserScriptMode scriptMode, Optional<Vector<CompactTDZEnvironmentMap::Handle>> parentScopeTDZVariables, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, bool isBuiltinDefaultClassConstructor)
     : Base(vm, structure)
     , m_firstLineOffset(node->firstLine() - parentSource.firstLine().oneBasedInt())
     , m_isInStrictContext(node->isInStrictContext())

Source/JavaScriptCore/bytecode/UnlinkedFunctionExecutable.cpp

@@ -70,7 +70,7 @@ class UnlinkedFunctionExecutable final : public JSCell {
         return &vm.unlinkedFunctionExecutableSpace.space;
     }
 
-    static UnlinkedFunctionExecutable* create(VM& vm, const SourceCode& source, FunctionMetadataNode* node, UnlinkedFunctionKind unlinkedFunctionKind, ConstructAbility constructAbility, JSParserScriptMode scriptMode, Optional<CompactVariableMap::Handle> parentScopeTDZVariables, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, bool isBuiltinDefaultClassConstructor = false)
+    static UnlinkedFunctionExecutable* create(VM& vm, const SourceCode& source, FunctionMetadataNode* node, UnlinkedFunctionKind unlinkedFunctionKind, ConstructAbility constructAbility, JSParserScriptMode scriptMode, Optional<Vector<CompactTDZEnvironmentMap::Handle>> parentScopeTDZVariables, DerivedContextType derivedContextType, NeedsClassFieldInitializer needsClassFieldInitializer, bool isBuiltinDefaultClassConstructor = false)
     {
         UnlinkedFunctionExecutable* instance = new (NotNull, allocateCell<UnlinkedFunctionExecutable>(vm.heap))
             UnlinkedFunctionExecutable(vm, vm.unlinkedFunctionExecutableStructure.get(), source, node, unlinkedFunctionKind, constructAbility, scriptMode, WTFMove(parentScopeTDZVariables), derivedContextType, needsClassFieldInitializer, isBuiltinDefaultClassConstructor);
@@ -168,11 +168,11 @@ class UnlinkedFunctionExecutable final : public JSCell {
         return !m_rareData->m_classSource.isNull();
     }
 
-    VariableEnvironment parentScopeTDZVariables() const
+    Vector<CompactTDZEnvironmentMap::Handle> parentScopeTDZVariables() const
     {
-        if (!m_rareData || !m_rareData->m_parentScopeTDZVariables)
-            return VariableEnvironment();
-        return m_rareData->m_parentScopeTDZVariables.environment().toVariableEnvironment();
+        if (!m_rareData || m_rareData->m_parentScopeTDZVariables.isEmpty())
+            return { };
+        return m_rareData->m_parentScopeTDZVariables;
     }
 
     bool isArrowFunction() const { return isArrowFunctionParseMode(parseMode()); }
@@ -208,7 +208,7 @@ class UnlinkedFunctionExecutable final : public JSCell {
         SourceCode m_classSource;
         String m_sourceURLDirective;
         String m_sourceMappingURLDirective;
-        CompactVariableMap::Handle m_parentScopeTDZVariables;
+        Vector<CompactTDZEnvironmentMap::Handle> m_parentScopeTDZVariables;
         Vector<JSTextPosition> m_instanceFieldLocations;
     };
 
@@ -229,7 +229,7 @@ class UnlinkedFunctionExecutable final : public JSCell {
     }
 
 private:
-    UnlinkedFunctionExecutable(VM&, Structure*, const SourceCode&, FunctionMetadataNode*, UnlinkedFunctionKind, ConstructAbility, JSParserScriptMode, Optional<CompactVariableMap::Handle>,  JSC::DerivedContextType, JSC::NeedsClassFieldInitializer, bool isBuiltinDefaultClassConstructor);
+    UnlinkedFunctionExecutable(VM&, Structure*, const SourceCode&, FunctionMetadataNode*, UnlinkedFunctionKind, ConstructAbility, JSParserScriptMode, Optional<Vector<CompactTDZEnvironmentMap::Handle>>,  JSC::DerivedContextType, JSC::NeedsClassFieldInitializer, bool isBuiltinDefaultClassConstructor);
     UnlinkedFunctionExecutable(Decoder&, const CachedFunctionExecutable&);
 
     static void visitChildren(JSCell*, SlotVisitor&);