[Webkit-unassigned] [Bug 88176] New: If the DFG bytecode parser detects that op_method_check has gone polymorphic, it shouldn't revert all the way to GetById/GetByIdFlush

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Jun 2 15:55:44 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=88176

           Summary: If the DFG bytecode parser detects that
                    op_method_check has gone polymorphic, it shouldn't
                    revert all the way to GetById/GetByIdFlush
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: fpizlo at apple.com


The DFG is capable of four levels of get_by_id optimization:

Fastest: CheckStructure to check if the object still has the right structure, and then WeakJSConstant for the result, if the structure specializes that field.
Fast: CheckStructure to check if the object still has the right structure, and then a GetByOffset.
Slow: GetById, which gets patched and is slightly speculated in favor of the access not causing arbitrary side-effects, in that it doesn't pre flush registers and thus requires getters to go through the slow path
Slowest: GetByIdFlush, which flushes all registers first and allows for any arbitrarily crazy access to happen using the fastest possible dynamically generated stub

When parsing code, the DFG sees two distinct kinds of get_by_id's: those that are preceded by method_check and those that aren't.  Currently for those that have method_check, the DFG first tries to generate the Fastest code, but if that fails (say due to slow path profiling indicating that it's a bad idea) then it reverts to Slow or Slowest.  The Fast mode is thus only available to get_by_id's that don't have a method_check.

This is an unusual and unnecessary restriction that is largely caused by the intelligence necessary to emit the Fast form only being present in the 'case op_get_by_id' part of the parser.  The code should be refactored so that the op_method_check case can gracefully fall through to op_get_by_id and be able to emit all of the optimizations that op_get_by_id would do.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list