[Webkit-unassigned] [Bug 76768] DFG should not have code that directly decodes the states of old JIT inline cache data structures
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 20 21:40:24 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=76768
--- Comment #5 from Filip Pizlo <fpizlo at apple.com> 2012-01-20 21:40:24 PST ---
(In reply to comment #4)
> (From update of attachment 123431 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=123431&action=review
>
> > Source/JavaScriptCore/bytecode/PutByIdStatus.h:44
> > + NoInformation,
> > + SimpleReplace,
> > + SimpleTransition,
> > + TakesSlowPath
>
> Feed me comments like my brother!
>
> > Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:-1879
> > - if (stubInfo.seen
> > - && !m_inlineStackTop->m_profiledBlock->likelyToTakeSlowCase(m_currentIndex)
> > - && !m_inlineStackTop->m_exitProfile.hasExitSite(m_currentIndex, BadCache)) {
>
> You said this is a bugish thingy.
To elaborate: the old code was checking hasExitSite - a DFG-specific query that tells if the DFG's attempt to optimize this code failed last time. The new code wasn't doing this, which was buggish and also a thingy.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list