[Webkit-unassigned] [Bug 68320] New: DFG JIT does not speculate aggressively enough on GetById
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Sep 17 22:56:30 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=68320
Summary: DFG JIT does not speculate aggressively enough on
GetById
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
The DFG JIT uses the same optimization strategy as the old JIT for GetById: it assumes nothing a priori and lets the code get repatched. But this results in a large amount of slow-path code, which takes up space and increases i-cache misses. It also means that repeated GetById's on the same base do repeated structure checks, and repeated loads of the storage pointer. But the DFG JIT has complete information available to it about how the old JIT patched its get_by_id's, and whether or not that patching was the right thing to do (if the slow path is ever taken then the get_by_id turns into a polymorphic list access). It should take advantage of this to reduce the amount of slow path code that it emits, and eliminate redundant structure checks and redundant storage loads.
This will also allow the DFG to treat these optimized GetById's as being pure. This will enable load elimination on GetById, and make it so that CSE no longer has to assume that GetById clobbers the world.
That being said, the current GetById strategy should still be used as a fall-back if the old JIT's profiling tells us that it would be unwise to speculate on the structure.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list