[Webkit-unassigned] [Bug 148288] New: Create ById IC for ByVal operation only when the specific Id comes more than once

Thu Aug 20 21:30:09 PDT 2015

https://bugs.webkit.org/show_bug.cgi?id=148288

            Bug ID: 148288
           Summary: Create ById IC for ByVal operation only when the
                    specific Id comes more than once
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: utatane.tea at gmail.com

After introducing byId ICs into byVal ops, byVal ops creates much ICs than before.

https://bugs.webkit.org/show_bug.cgi?id=148273
The failure figures out these ICs are created even if this op is executed only once.

The situation is the following;
In the current code, when byVal op is executed with the Id, we immediately set up the byId IC for that byVal op.
But setting up JITGetByIdGenerator generates the fast path IC code and consumes executable memory.
As a result, if we call eval("contains byVal ops") with the different strings repeatedly under no-llint environment, each eval call creates byId IC for byVal and consumes executable memory.

To solve it, we will add "seen" flag to ByValInfo.
And we will create the IC on the second byVal op call with the same Id.

The rough design is the following,

if (!byValInfo->seen) {
    byValInfo->seen = true;
    byValInfo->cachedId = givenId;
} else if (byValInfo->cachedId == givenId)
    Generate IC!
else
    Make the call site generic.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150821/c8f83344/attachment.html>