Commit Graph

3839 Commits

Author SHA1 Message Date
Andreas Kling
f6aee2b9e8 LibJS/Bytecode: Flatten bytecode to a contiguous representation
Instead of keeping bytecode as a set of disjoint basic blocks on the
malloc heap, bytecode is now a contiguous sequence of bytes(!)

The transformation happens at the end of Bytecode::Generator::generate()
and the only really hairy part is rerouting jump labels.

This required solving a few problems:

- The interpreter execution loop had to change quite a bit, since we
  were storing BasicBlock pointers all over the place, and control
  transfer was done by redirecting the interpreter's current block.

- Exception handlers & finalizers are now stored per-bytecode-range
  in a side table in Executable.

- The interpreter now has a plain program counter instead of a stream
  iterator. This actually makes error stack generation a bit nicer
  since we just have to deal with a number instead of reaching into
  the iterator.

This yields a 25% performance improvement on this microbenchmark:

    for (let i = 0; i < 1_000_000; ++i) { }

But basically everything gets faster. :^)
2024-05-07 09:15:40 +02:00
Aliaksandr Kalenik
f21c0f9dcd LibJS: Skip some declarative env allocations in function instantiation
If all lexical declaration use local variables then there is no need
to allocate declarative environment.

With this change we skip ~3x more environment allocations on Github.
2024-05-06 15:09:20 +02:00
Daniel La Rocque
9065b0b0f6 LibJS: Truncate roundingIncrement before range check
This is a normative change in the Temporal spec.

See: https://github.com/tc39/proposal-temporal/commit/8fc8130
2024-05-05 19:59:26 +01:00
Andreas Kling
8ff16c1b57 LibJS: Cache access to properties found in prototype chain
We already had fast access to own properties via shape-based IC.
This patch extends the mechanism to properties on the prototype chain,
using the "validity cell" technique from V8.

- Prototype objects now have unique shape
- Each prototype has an associated PrototypeChainValidity
- When a prototype shape is mutated, every prototype shape "below" it
  in any prototype chain is invalidated.
- Invalidation happens by marking the validity object as invalid,
  and then replacing it with a new validity object.
- Property caches keep a pointer to the last seen valid validity.
  If there is no validity, or the validity is invalid, the cache
  misses and gets repopulated.

This is very helpful when using JavaScript to access DOM objects,
as we frequently have to traverse 4+ prototype objects before finding
the property we're interested in on e.g EventTarget or Node.
2024-05-04 21:42:59 +02:00
Andreas Kling
493a04d5fe LibJS: Add PropertyLookupPhase enum to distinguish Object [[Get]] calls
We can now tell the difference between an own property access and a
subsequent (automatic) prototype chain access.

This will be used to implement caching of prototype chain accesses.
2024-05-04 21:42:59 +02:00
Andreas Kling
3945e1a82a LibJS: Make JS::Cell a Weakable
This makes things easier downstream of Cell, and is preparation for
using weak pointers in prototype chain property caches.
2024-05-04 21:42:59 +02:00
Aliaksandr Kalenik
4d5823a5bc LibWeb+LibJS: Skip function environment allocation if possible
If a function has the following properties:
- uses only local variables and registers
- does not use `this`
- does not use `new.target`
- does not use `super`
- does not use direct eval() calls

then it is possible to entirely skip function environment allocation
because it will never be used

This change adds gathering of information whether a function needs to
access `this` from environment and updates `prepare_for_ordinary_call()`
to skip allocation when possible.

For now, this optimisation is too aggressively blocked; e.g. if `this`
is used in a function scope, then all functions in outer scopes have to
allocate an environment. It could be improved in the future, although
this implementation already allows skipping >80% of environment
allocations on Discord, GitHub and Twitter.
2024-05-04 06:48:07 +02:00
Aliaksandr Kalenik
865e651a7d LibJS: Merge CallFrame into ExecutionContext
Before this change both ExecutionContext and CallFrame were created
before executing function/module/script with a couple exceptions:
- executable created for default function argument evaluation has to
  run in function's execution context.
- `execute_ast_node()` where executable compiled for ASTNode has to be
  executed in running execution context.

This change moves all members previously owned by CallFrame into
ExecutionContext, and makes two exceptions where an executable that does
not have a corresponding execution context saves and restores registers
before running.

Now, all execution state lives in a single entity, which makes it a bit
easier to reason about and opens opportunities for optimizations, such
as moving registers and local variables into a single array.
2024-05-02 07:26:13 +02:00
Timothy Flynn
ec492a1a08 Everywhere: Run clang-format
The following command was used to clang-format these files:

    clang-format-18 -i $(find . \
        -not \( -path "./\.*" -prune \) \
        -not \( -path "./Base/*" -prune \) \
        -not \( -path "./Build/*" -prune \) \
        -not \( -path "./Toolchain/*" -prune \) \
        -not \( -path "./Ports/*" -prune \) \
        -type f -name "*.cpp" -o -name "*.mm" -o -name "*.h")

There are a couple of weird cases where clang-format now thinks that a
pointer access in an initializer list, e.g. `m_member(ptr->foo)`, is a
lambda return statement, and it puts spaces around the `->`.
2024-04-24 16:50:01 -04:00
Andreas Kling
0c84508f87 LibJS: Fix GC leaks in promise reaction job setup
There's no need to capture things as Handle when using HeapFunction.
In this case, it was even creating a strong reference cycle, which ended
up leaking.
2024-04-23 12:50:40 +02:00
Andreas Kling
4db1712f90 LibJS+LibWeb: Make Console, ConsoleClient & subclasses GC-allocated
These objects had confusing ownership semantics. Let's just throw them
all on the GC heap and stop worrying about it.
2024-04-21 09:12:25 +02:00
Jess
ecb7d4b40f LibJS: Throw RangeError in StringPrototype::repeat if OOM
currently crashes with an assertion failure in `String::repeated` if
malloc can't serve a `count * input_size` sized request, so add
`String::repeated_with_error` to propagate the error.
2024-04-20 19:23:46 -04:00
Dan Klishch
5ed7cd6e32 Everywhere: Use east const in more places
These changes are compatible with clang-format 16 and will be mandatory
when we eventually bump clang-format version. So, since there are no
real downsides, let's commit them now.
2024-04-19 06:31:19 -04:00
Andreas Kling
5f9a905793 Ladybird+LibJS: Add optional logging of *all* JS exceptions
When running with --log-all-js-exceptions, we will print the message
and backtrace for every single JS exception that is thrown, not just
the ones nobody caught.

This can sometimes be very helpful in debugging sites that swallow
important exceptions.
2024-04-16 16:57:06 +02:00
Andreas Kling
53d0dd4a2e LibJS+LibWeb: Use new Cell::Visitor helpers to avoid manual iteration 2024-04-16 07:40:01 +02:00
Linus Groh
cad95ce274 LibJS: Implement Promise.try()
See: https://github.com/tc39/proposal-promise-try
2024-04-09 10:18:35 +02:00
Matthew Olsson
d62c0fcbdc LibJS: Add calls to JS_{DECLARE,DEFINE}_ALLOCATOR() 2024-04-09 09:13:06 +02:00
Matthew Olsson
d47f656a3a LibJS+LibWeb: Mark a few variables as IGNORE_USE_IN_ESCAPING_LAMBDA
This is a bit noisy, but it'll be better once we upgrade to C++23.
2024-04-09 09:10:44 +02:00
Matthew Olsson
ff00d21d58 Everywhere: Mark a bunch of function parameters as NOESCAPE
This fixes the relevant warnings when running LibJSGCVerifier. Note that
the analysis is only performed over LibJS-adjacent code, but could be
performed over the entire codebase. That will have to wait for a future
commit.
2024-04-09 09:10:44 +02:00
Andreas Kling
7cbbd4dd7e LibJS: Suppress LibJSGCVerifier warning about Map::m_keys 2024-04-07 18:01:50 +02:00
Matthew Olsson
8b8ada292e LibJS: Fix some GCVerifier warnings 2024-04-07 07:03:13 +02:00
Idan Horowitz
b018114bee LibWeb: Add missing visit_edges implementation to RegExpObject 2024-04-06 06:59:36 +02:00
Idan Horowitz
f357998e81 LibWeb: Add missing visit_edges implementation to ModuleNamespaceObject 2024-04-06 06:59:36 +02:00
Idan Horowitz
c84cd1d668 LibJSGCVerifier: Support marking GCPtr members as raw references
This lets us avoid false positives when a GCPtr-wrapped member is only
a weak reference which is automatically updated by the GC when the
member's gc state is updated.
2024-04-06 06:59:36 +02:00
Shannon Booth
0090b916dd LibJS: Make ParserError::to_string infallible 2024-04-05 20:01:37 -04:00
Andreas Kling
338dde70a1 LibJS: Don't create Handles in Promise.finally()
Capturing Handles like this was creating unbreakable GC reference cycles
and causing us to leak entire realms.
2024-04-03 18:14:33 +02:00
Andreas Kling
d8b7341050 LibJS: Add missing visit of ECMAScriptFunctionObject::m_name_string 2024-04-02 15:56:05 +02:00
Andreas Kling
44819419ab LibJS: Add missing Base::visit_edges() in JobCallback 2024-04-02 15:56:05 +02:00
Shannon Booth
713d8dc0f8 LibJS: Add support for constructing a PropertyKey from a FlyString 2024-04-01 14:41:00 +02:00
Timothy Flynn
9bbd3103a8 LibJS: Include identifier information in nullish property read access
When a GetById / GetByValue bytecode operation results in accessing a
nullish object, we now include the name of the property and the object
being accessed in the exception message (if available). This should make
it easier to debug live websites.

For example, the following errors would all previously produce a generic
error message of "ToObject on null or undefined":

  > foo = null
  > foo.bar
  Uncaught exception:
  [TypeError] Cannot access property "bar" on null object "foo"
      at <unknown>

  > foo = { bar: undefined }
  > foo.bar.baz
  Uncaught exception:
  [TypeError] Cannot access property "baz" on undefined object "foo.bar"
      at <unknown>

Note we certainly don't capture all possible nullish property read
accesses here. This just covers cases I've seen most on live websites;
we can cover more cases as they arise.
2024-03-29 21:57:19 +01:00
Daniel La Rocque
1e1906865c LibJS: Remove ToTemporalDateTimeRoundingIncrement
This is an editorial change in the Temporal spec.

See: https://github.com/tc39/proposal-temporal/commit/aca38be
2024-03-26 17:22:46 -04:00
Timothy Flynn
45fa6249df LibJS: Do not unnecessarily revalidate a TypedArray
No effective change, as ValidateTypedArray would call the validation AO
that the spec wants us to call manually. But no need to do it twice.
2024-03-26 17:11:26 -04:00
Andreas Kling
41cc8e75f2 LibJS: Make PromiseJob store callback as a HeapFunction
This is a speculative fix for a flake seen on CI where a JobCallback
captured by a PromiseJob callback was GC'd prematurely.
2024-03-26 05:47:24 +01:00
forchane
2d11fc6d44 LibJS: Rename ToSecondsStringPrecision to ToSecondsStringPrecisionRecord
This is an editorial change in the Temporal spec.

See: https://github.com/tc39/proposal-temporal/commit/60f1052
2024-03-23 08:46:56 -04:00
forchane
d2e4da62c8 LibJS: Separate validation of roundingIncrement option
This is an editorial change in the temporal spec.

See: https://github.com/tc39/proposal-temporal/commit/712c449
2024-03-23 08:45:59 -04:00
Aliaksandr Kalenik
a3b4c2a30f LibJS+LibWeb: Change JobCallback to be GC-allocated
Fixes leak caused by mutual dependency when JS::Handle<JobCallback> is
owned by GC-allocated PromiseReaction.
2024-03-16 14:27:06 +01:00
Aliaksandr Kalenik
fceba6a257 LibWeb/WebIDL: Introduce ObservableArray
ObservableArray inherits from JS::Array and overrides `internal_set`
and `internal_delete` to run an interceptor callback when an indexed
item is added or deleted.
2024-03-08 16:31:21 +01:00
Andreas Kling
17c1f742a9 LibJS/Bytecode: Increase coverage of left/shift expression fast paths
As long as the inputs are Int32, we can convert them to UInt32 in a
spec-compliant way with a simple static_cast<u32>.

This allows calculations like `-3 >>> 2` to take the fast path as well,
which is extremely valuable for stuff like crypto code.

While we're doing this, also remove the fast paths from the generic
shift functions in Value.cpp, since we only end up there if we *didn't*
take the same fast path in the interpreter.
2024-03-04 20:54:51 +01:00
Andreas Kling
55e9df4954 LibJS/Bytecode: Add fast paths for equality checks with same-tag values 2024-03-04 20:54:51 +01:00
Shannon Booth
cb1c3e5ea5 LibJS: Use TimeZoneMethods in DisambiguatePossibleInstants
This commit partially updates the DisambiguatePossibleInstants AO to use
a time zone methods record in line with the latest spec.
2024-03-02 12:27:20 +01:00
Shannon Booth
f95117f75d LibJS: Use TimeZoneMethods in GetOffsetNanosecondsFor
Update to the latest version of the spec which was refactored to use
time zone methods record. This requires updating a whole bunch of
callers to pass through a record too.

This also ends up improving exceptions on a missing
getOffsetNanosecondsFor method.
2024-03-02 12:27:20 +01:00
Shannon Booth
230ffc022c LibJS: Update Temporal's GetPossibleInstantsFor to latest spec
The most noteworthy change is that we now pass through a Time Zone
Methods Record to this function instead of a raw object.
2024-03-02 12:27:20 +01:00
Shannon Booth
aa9cdc2205 LibJS: Make DisambiguatePossibleInstants take a vector of NonullGCPtr
Instead of a raw pointer. Then deal with the fallout of making that
change.
2024-03-02 12:27:20 +01:00
Timothy Flynn
d878975f95 AK+LibJS: Remove OFFSET_OF and its users
With the LibJS JIT removed, let's not expose pointers to internal
members.
2024-02-29 09:00:00 +01:00
Andreas Kling
01e9eee7dd LibJS/Bytecode: Avoid Value==Value in Call built-in fast path
Comparing two Values has to call the generic same_value() helper,
and we can avoid this by simply using a stronger type for built-in
native function handlers.
2024-02-28 21:09:09 +01:00
Andreas Kling
1060c63bd8 LibJS: Mark ThrowCompletionOr member functions as ALWAYS_INLINE
Some of them stood out in a profile, and they have no business doing so.
2024-02-28 21:09:09 +01:00
Timothy Flynn
d0d22304e4 Revert "LibJS: Add fast path for getting the TA length of valid TAs"
This reverts commit 9c943f36ed.

This optimization is superseded by optimizing IsValidIntegerIndex for
TypedArrays with non-resizable ArrayBuffers. Reverting this commit has
no impact on test-js, test262, or live website performance.
2024-02-28 19:41:11 +01:00
Timothy Flynn
98552bf4c9 Revert "LibJS: Add fast path for checking if attached TAs are OOB"
This reverts commit 5fd53652b7.

This optimization is superseded by optimizing IsValidIntegerIndex for
TypedArrays with non-resizable ArrayBuffers. Reverting this commit has
no impact on test-js, test262, or live website performance.
2024-02-28 19:41:11 +01:00
Timothy Flynn
d8eb297b95 Revert "LibJS: Add fast path for creating a TA record for attached TAs"
This reverts commit 72cee4c88b.

This optimization is superseded by optimizing IsValidIntegerIndex for
TypedArrays with non-resizable ArrayBuffers. Reverting this commit has
no impact on test-js, test262, or live website performance.
2024-02-28 19:41:11 +01:00
Timothy Flynn
08ad2d774e LibJS: Optimize IsValidIntegerIndex for TAs with non-resizable buffers
If we know the TA does not have a resizable ArrayBuffer, we can avoid
most of the heavy lifting that IsValidIntegerIndex performs.

On https://cyxx.github.io/another_js, this reduces the runtime of
IsValidIntegerIndex from 7.1% to 3.7%.
2024-02-28 19:41:11 +01:00