[Webkit-unassigned] [Bug 38644] Optimize access to the global object from a function that uses eval
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon May 10 07:03:04 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=38644
--- Comment #8 from Kent Hansen <kent.hansen at nokia.com> 2010-05-10 07:03:03 PST ---
(From update of attachment 55432)
Cool, thanks for implementing this.
> + while (skip--) {
> + JSObject* o = *iter;
> + if (o->hasCustomProperties()) {
> + Identifier& ident = codeBlock->identifier(property);
> + do {
> + PropertySlot slot(o);
> + if (o->getPropertySlot(callFrame, ident, slot)) {
> + JSValue result = slot.getValue(callFrame, ident);
> + exceptionValue = callFrame->globalData().exception;
> + if (exceptionValue)
> + return false;
> + callFrame->r(dst) = JSValue(result);
> + return true;
> + }
> + if (iter == end)
> + break;
> + o = *iter;
> + ++iter;
> + } while (true);
> + exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
> + return false;
> + }
> + ++iter;
> + }
The property is looked up twice in the first scope object with custom properties now, since o is reassigned before ++iter.
Why is the lookup done dynamically for the whole scope chain in case there is just one object with custom properties? Wouldn't it still be possible to cache the property from the outer-most (global) scope and use that one when the dynamic lookup for the inner-most scope fails? This should enable the optimization to do some good in the following program:
a = 2;
(function(code) {
eval(code);
(function() {
for (var i = 0; i < 100000; ++i) {
a; a; a; a; a; a; a; a;
}
})();
})(String.fromCharCode(0x76, 0x61, 0x72, 0x20, 0x63, 0x3D, 0x34)); // "var c=4"
If I replace "eval(code)" by "eval('123')" the caching kicks in, but that's a less interesting use case.
My naive patch:
diff --git a/JavaScriptCore/interpreter/Interpreter.cpp b/JavaScriptCore/interpreter/Interpreter.cpp
index 921dfdf..f777519 100644
--- a/JavaScriptCore/interpreter/Interpreter.cpp
+++ b/JavaScriptCore/interpreter/Interpreter.cpp
@@ -210,23 +210,15 @@ NEVER_INLINE bool Interpreter::resolveGlobalDynamic(CallFrame* callFrame, Instru
JSObject* o = *iter;
if (o->hasCustomProperties()) {
Identifier& ident = codeBlock->identifier(property);
- do {
- PropertySlot slot(o);
- if (o->getPropertySlot(callFrame, ident, slot)) {
- JSValue result = slot.getValue(callFrame, ident);
- exceptionValue = callFrame->globalData().exception;
- if (exceptionValue)
- return false;
- callFrame->r(dst) = JSValue(result);
- return true;
- }
- if (iter == end)
- break;
- o = *iter;
- ++iter;
- } while (true);
- exceptionValue = createUndefinedVariableError(callFrame, ident, vPC - codeBlock->instructions().begin(), codeBlock);
- return false;
+ PropertySlot slot(o);
+ if (o->getPropertySlot(callFrame, ident, slot)) {
+ JSValue result = slot.getValue(callFrame, ident);
+ exceptionValue = callFrame->globalData().exception;
+ if (exceptionValue)
+ return false;
+ callFrame->r(dst) = JSValue(result);
+ return true;
+ }
}
++iter;
}
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list