[Webkit-unassigned] [Bug 64969] New: DFG JIT generates inefficient code for speculation failures
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 21 12:07:35 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=64969
Summary: DFG JIT generates inefficient code for speculation
failures
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
When the speculative version of the DFG-generated code encounters a value that violates speculation, it jumps to the non-speculative version of the same code. The two code sequences are generated mostly independently, with different register allocation and spill decisions, but with the invariant that the spill slots are the same and have the same format. Currently the speculation failure code that is emitted to jump from one path to the other spills all registers used by the speculative path, and then refills the ones used by the non-speculative path. In most cases, both paths will have succeeded in allocating registers to roughly the same nodes - so a more efficient approach would be to emit code that simply shuffles the the values in registers rather than going to memory, and to only spill and fill if one path had spilled but the other hadn't.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list