99258 2012-10-13 20:14:38 -0700 Array length array profiling is broken in the baseline JIT 2012-10-14 19:31:16 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 fpizlo fpizlo barraclough ggaren mark.lam mhahnenberg oliver oldest_to_newest 741543 0 fpizlo 2012-10-13 20:14:38 -0700 It seems that a well-intentioned no-DFG-JIT build fix borked it. 741544 1 168573 fpizlo 2012-10-13 20:21:09 -0700 Created attachment 168573 the patch 741584 2 fpizlo 2012-10-14 12:43:36 -0700 Landed in http://trac.webkit.org/changeset/131268 741670 3 168573 ggaren 2012-10-14 19:24:57 -0700 Comment on attachment 168573 the patch View in context: https://bugs.webkit.org/attachment.cgi?id=168573&action=review > Source/JavaScriptCore/ChangeLog:11 > + canBeOptimized() returns true. But m_canBeOptimized is only initialized during > + full method compiles, so in a stub compile it may (or may not) be false, meaning Please also fix the JIT constructor, so that it default-initializes m_canBeOptimized to false. Why is this initialization code in privateCompile(), and not in the the constructor, to begin with? 741677 4 fpizlo 2012-10-14 19:31:16 -0700 (In reply to comment #3) > (From update of attachment 168573 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=168573&action=review > > > Source/JavaScriptCore/ChangeLog:11 > > + canBeOptimized() returns true. But m_canBeOptimized is only initialized during > > + full method compiles, so in a stub compile it may (or may not) be false, meaning > > Please also fix the JIT constructor, so that it default-initializes m_canBeOptimized to false. https://bugs.webkit.org/show_bug.cgi?id=99283 > > Why is this initialization code in privateCompile(), and not in the the constructor, to begin with? I think that it makes sense for the decision logic to be in privateCompile(). In particular, this statement: DFG::CapabilityLevel level = m_codeBlock->canCompileWithDFG(); does an O(n) walk over the code block's bytecode. We don't want that to happen every time we construct a JIT, since we do that for every stub compile. 168573 2012-10-13 20:21:09 -0700 2012-10-14 19:24:57 -0700 the patch arraylength_1.patch text/plain 1817 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTMxMjY0KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIyIEBA CisyMDEyLTEwLTEzICBGaWxpcCBQaXpsbyAgPGZwaXpsb0BhcHBsZS5jb20+CisKKyAgICAgICAg QXJyYXkgbGVuZ3RoIGFycmF5IHByb2ZpbGluZyBpcyBicm9rZW4gaW4gdGhlIGJhc2VsaW5lIEpJ VAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9OTkyNTgK KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUaGUgY29k ZSBnZW5lcmF0b3IgZm9yIGFycmF5IGxlbmd0aCBzdHVicyBjYWxscyBpbnRvCisgICAgICAgIGVt aXRBcnJheVByb2ZpbGluZ1NpdGVGb3JCeXRlY29kZUluZGV4KCksIHdoaWNoIGVtaXRzIHByb2Zp bGluZyBvbmx5IGlmCisgICAgICAgIGNhbkJlT3B0aW1pemVkKCkgcmV0dXJucyB0cnVlLiBCdXQg bV9jYW5CZU9wdGltaXplZCBpcyBvbmx5IGluaXRpYWxpemVkIGR1cmluZworICAgICAgICBmdWxs IG1ldGhvZCBjb21waWxlcywgc28gaW4gYSBzdHViIGNvbXBpbGUgaXQgbWF5IChvciBtYXkgbm90 KSBiZSBmYWxzZSwgbWVhbmluZworICAgICAgICB0aGF0IHdlIG1heSwgb3IgbWF5IG5vdCwgZ2V0 IG1lYW5pbmdmdWwgcHJvZmlsaW5nIGluZm8uCisgICAgICAgIAorICAgICAgICBUaGlzIGFwcGVh cmVkIHRvIG5vdCBhZmZlY3QgdG9vIG1hbnkgcHJvZ3JhbXMgc2luY2UgdGhlIExMSW50IGhhcyBn b29kIGFycmF5CisgICAgICAgIGxlbmd0aCBhcnJheSBwcm9maWxpbmcuCisKKyAgICAgICAgKiBq aXQvSklULmg6CisgICAgICAgIChKU0M6OkpJVDo6Y29tcGlsZVBhdGNoR2V0QXJyYXlMZW5ndGgp OgorCiAyMDEyLTEwLTEyICBLYW5naWwgSGFuICA8a2FuZ2lsLmhhbkBzYW1zdW5nLmNvbT4KIAog ICAgICAgICBGaXggYnVpbGQgZXJyb3Igb24gREZHU3BlY3VsYXRpdmVKSVQzMl82NC5jcHAKSW5k ZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9qaXQvSklULmgKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNl L0phdmFTY3JpcHRDb3JlL2ppdC9KSVQuaAkocmV2aXNpb24gMTMxMjYyKQorKysgU291cmNlL0ph dmFTY3JpcHRDb3JlL2ppdC9KSVQuaAkod29ya2luZyBjb3B5KQpAQCAtNDEyLDYgKzQxMiwxMCBA QCBuYW1lc3BhY2UgSlNDIHsKICAgICAgICAgc3RhdGljIHZvaWQgY29tcGlsZVBhdGNoR2V0QXJy YXlMZW5ndGgoSlNHbG9iYWxEYXRhKiBnbG9iYWxEYXRhLCBDb2RlQmxvY2sqIGNvZGVCbG9jaywg UmV0dXJuQWRkcmVzc1B0ciByZXR1cm5BZGRyZXNzKQogICAgICAgICB7CiAgICAgICAgICAgICBK SVQgaml0KGdsb2JhbERhdGEsIGNvZGVCbG9jayk7CisjaWYgRU5BQkxFKERGR19KSVQpCisgICAg ICAgICAgICAvLyBGb3JjZSBwcm9maWxpbmcgdG8gYmUgZW5hYmxlZCBkdXJpbmcgc3R1YiBnZW5l cmF0aW9uLgorICAgICAgICAgICAgaml0Lm1fY2FuQmVPcHRpbWl6ZWQgPSB0cnVlOworI2VuZGlm IC8vIEVOQUJMRShERkdfSklUKQogICAgICAgICAgICAgcmV0dXJuIGppdC5wcml2YXRlQ29tcGls ZVBhdGNoR2V0QXJyYXlMZW5ndGgocmV0dXJuQWRkcmVzcyk7CiAgICAgICAgIH0KIAo=