[Webkit-unassigned] [Bug 149600] New: Factoring out baseline code generation for JS operations into snippet generators

Mon Sep 28 11:27:55 PDT 2015

https://bugs.webkit.org/show_bug.cgi?id=149600

            Bug ID: 149600
           Summary: Factoring out baseline code generation for JS
                    operations into snippet generators
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: mark.lam at apple.com

Currently, a lot of DFG and FTL code generation for JS operations only handles operands that are of a primitive type like int32 and double.  This is the case even when type profiling predicts that the operands will be of a non-number or polymorphic type.  If the operand is not an int32 or double, the generated DFG/FTL code will currently OSR exit to the baseline JIT.  In contrast, the baseline JIT does have code to handle all types of operands (either via generated code or via a call to a C++ runtime helper).  We should factor out the baseline code that handles these polymorphic operands into re-targettable snippet generators, and allow the DFG and FTL to use them to generate code to handle polymorphic operands when the type profiling data calls for it.  This will prevent OSR exits due to operations on polymorphic operands when they can be predicted.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150928/6e335837/attachment.html>