<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - Implement a mega-disassembler that'll be used in the FTL"

   href="https://bugs.webkit.org/show_bug.cgi?id=168685">168685</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>Implement a mega-disassembler that'll be used in the FTL

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>WebKit Nightly Build

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>JavaScriptCore

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>sbarati&#64;apple.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>benjamin&#64;webkit.org, fpizlo&#64;apple.com, ggaren&#64;apple.com, gskachkov&#64;gmail.com, jfbastien&#64;apple.com, keith_miller&#64;apple.com, mark.lam&#64;apple.com, msaboff&#64;apple.com, ticaiolima&#64;gmail.com, utatane.tea&#64;gmail.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Here is Phil's rough sketch:

```

Say we have:

function foo(a, b) { return a + b; }

And say that it translates to this BC:

[   0] op_enter

[   1] op_add loc0, arg0, arg1

[   6] op_ret

And say that it's all predicted ints without overflows.

So here's the megadisasm:

                0x100000000  pushq %ebp

                 ... prologue

    0: JSConstant(...)

    1: JSConstant(...)

    ... more prologue

[   0] op_enter

    0: JSConstant(...)

    MovHint(...)

    ... more DFG prologue

[   1] op_add loc0, arg0, arg1

    2: GetStack(arg0)

        Int32 &#64;42 = Load(&#64;13, stuff)

            Move stuff(%rbp), %things

                movl stuff(%rbp), %things

    3: GetStack(arg1)

        Int32 &#64;43 = Load(&#64;13, otherstuff)

            Move otherstuff(%rbp), %otherthings

                movl otherstuff(%rbp), %otherthings

    4: ArithAdd(Int32: &#64;2, Int32:&#64;3)

        Int32 &#64;44 = CheckAdd(&#64;2, &#64;3, ...)

            Patch &amp;BranchAdd32, ...

                addl ...

                jo ...

... and so on

```

This would be super cool.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>