[Webkit-unassigned] [Bug 96891] New: Array profiling has convergence issues
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Sep 16 17:19:16 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=96891
Summary: Array profiling has convergence issues
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
Consider the following code:
function foo() {
var o = {};
o.length = 5;
for (var i = 0; i < o.length; ++i)
o[i] = i;
}
Currently, array profiling will always say that 'o' is NonArrayWithArrayStorage, even though on the first iteration it's a NonArray (as in it has no array storage).
We could catch this corner case in one of two ways: (1) OSR exit profiling or (2) more precise baseline profiling. I prefer (2) because we usually only like to rely on (1) in pathological cases. The above does not feel like a pathological case - it seems rather sensible to write a program that has a loop, where the first iteration of that loop does special things.
Of course, we could also kill off this pathology, at least in most cases, by relying on loop peeling. But for now, I think having a more precise array profiler just feels like a nicer solution
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list