<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Create ById IC for ByVal operation only when the specific Id comes more than once"

   href="https://bugs.webkit.org/show_bug.cgi?id=148288">148288</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Create ById IC for ByVal operation only when the specific Id comes more than once

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>WebKit Nightly Build

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>JavaScriptCore

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>utatane.tea&#64;gmail.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>After introducing byId ICs into byVal ops, byVal ops creates much ICs than before.

<a class="bz_bug_link 

          bz_status_ASSIGNED "

   title="ASSIGNED - Skip no-llint tests that fail due to running out of executable memory after r188969"

   href="show_bug.cgi?id=148273">https://bugs.webkit.org/show_bug.cgi?id=148273</a>

The failure figures out these ICs are created even if this op is executed only once.

The situation is the following;

In the current code, when byVal op is executed with the Id, we immediately set up the byId IC for that byVal op.

But setting up JITGetByIdGenerator generates the fast path IC code and consumes executable memory.

As a result, if we call eval(&quot;contains byVal ops&quot;) with the different strings repeatedly under no-llint environment, each eval call creates byId IC for byVal and consumes executable memory.

To solve it, we will add &quot;seen&quot; flag to ByValInfo.

And we will create the IC on the second byVal op call with the same Id.

The rough design is the following,

if (!byValInfo-&gt;seen) {

    byValInfo-&gt;seen = true;

    byValInfo-&gt;cachedId = givenId;

} else if (byValInfo-&gt;cachedId == givenId)

    Generate IC!

else

    Make the call site generic.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>