[Webkit-unassigned] [Bug 67798] DFG JIT completely undoes speculative compilation even in the case of a partial static speculation failure
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 9 15:41:35 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=67798
--- Comment #8 from Gavin Barraclough <barraclough at apple.com> 2011-09-09 15:41:36 PST ---
(In reply to comment #6)
> (From update of attachment 106799 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=106799&action=review
>
> r=me
>
> > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:1387
> > + m_compileIndex = block.begin;
> > + m_compileOkay = true;
> > + clearGenerationInfo();
>
> It confused me that a block could sometimes assume that generation info was in an empty state, and sometimes not. Would be nice to clean this up in future, possibly by giving each block its own generation info, or maybe just by calling clearGenerationInfo() unconditionally at the head of SpeculativeJIT::compile, if that's not too expensive.
One way to ensure that the generation info is already clear at the head of compile(BasicBlock&) may be to call clearGenerationInfo() from terminateSpeculativeExecution(), then we may be able to assert in all cases that the generation info is already clear at the head of blocks.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list