[Webkit-unassigned] [Bug 65334] New: DFG JIT does not have any way of undoing double speculation
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jul 28 12:15:26 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=65334
Summary: DFG JIT does not have any way of undoing double
speculation
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
The DFG JIT may speculate that a value is double if it has no evidence that it is an integer, but it has evidence that it should be a number. But doing so means that integers will turn into doubles. Doubles are less efficient than integers in certain cases, such as for performing GetByVal accesses. The DFG JIT should have some way of undoing double speculation when jumping to non-speculative code - that is, attempting to convert doubles back to integers so as to prevent the non-speculative code does not have to take even deeper slow paths when doing array accesses.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list