Bug 130630
| Summary: | A bunch of hot paths do the slow structure loading thing, or a full structure check, just to verify that the given cell is a JSFunction even though there is a JSFunctionType | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Filip Pizlo <fpizlo> |
| Component: | JavaScriptCore | Assignee: | Mark Hahnenberg <mhahnenberg> |
| Status: | NEW | ||
| Severity: | Normal | CC: | barraclough, fpizlo, ggaren, mark.lam, mhahnenberg, msaboff, oliver, sam |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | All | ||
| OS: | All | ||
Filip Pizlo
...
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Filip Pizlo
Example from ThunkGenerators.cpp:
AssemblyHelpers::emitLoadStructure(jit, GPRInfo::regT0, GPRInfo::regT2, GPRInfo::regT1);
slowCase.append(
jit.branchPtr(
CCallHelpers::NotEqual,
CCallHelpers::Address(GPRInfo::regT2, Structure::classInfoOffset()),
CCallHelpers::TrustedImmPtr(JSFunction::info())));
// Now we know we have a JSFunction.