[Webkit-unassigned] [Bug 90057] llint regresses performance on some v8 benchmarks
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 10 12:14:02 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=90057
--- Comment #6 from Filip Pizlo <fpizlo at apple.com> 2012-07-10 12:14:01 PST ---
(In reply to comment #5)
> (In reply to comment #4)
> > 372328822 : Total
> > 232485832 : InlineCacheHit
> > 66597673 : OutOfLineCacheHit
> > 56115209 : NotCacheable
>
> They're basically all base mismatches: slot.slotBase() != baseValue. I'll see if adding a get_by_id_proto will help.
Why not add a llint_op_get_by_id_stub like:
_llint_op_get_by_id_stub:
traceExecution()
loadis 16[PB, PC, 8], t0
loadConstantOrVariableCell(t0, t1, .opGetByIdSlow)
jmp something[PB, PC, 8]
_llint_op_get_by_id_stub_slow:
callSlowPath(_llint_slow_path_get_by_id)
dispatch(9)
and modify the DFGRepatch get_by_id/put_by_id patching code to be able to work with LLInt as well? The DFG patching code is really powerful in that it is parameterized by the set of registers free, the set of registers that holder relevant info, etc. So you'd just tell it that GPRInfo::regT1 holds the object base and all other registers (except PB, PC, cfr) are free. Essentially you'll be telling it that you're in "registersFlushed" as the DFG calls it. Then, just modify it so that (1) its fast path jump is replaced by an LLInt dispatch, (2) its patched calls (for getter accesses) save PB, PC appropriately for stack walking (instead of saving CodeOrigin as the DFG would have done), and (3) that the slow path jump jumps to llint_op_get_by_id_stub_slow.
And viola, you'll have full polymorphic caching in LLInt! Though of course it will rely on the JIT being enabled.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list