Summary: | We should OSR exit with Int52Overflow when we fail to make an Int52 where we expect one. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Mark Lam <mark.lam> | ||||||
Component: | JavaScriptCore | Assignee: | Mark Lam <mark.lam> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | benjamin, fpizlo, ggaren, keith_miller, msaboff, saam | ||||||
Priority: | P2 | ||||||||
Version: | WebKit Local Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Bug Depends on: | |||||||||
Bug Blocks: | 153019 | ||||||||
Attachments: |
|
Description
Mark Lam
2016-01-22 15:16:28 PST
Created attachment 269617 [details]
proposed patch.
Created attachment 269619 [details] x86_64 benchmark result. Perf is neutral so far with this patch. None of the "definitely"s are consistently repeatable on retries. Though perf is neutral in ToT, this will fix a bug that causes a perf regression in LongSpider crypto-aes when the patch for https://bugs.webkit.org/show_bug.cgi?id=153019 lands. Comment on attachment 269617 [details] proposed patch. View in context: https://bugs.webkit.org/attachment.cgi?id=269617&action=review > Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:2217 > - DFG_TYPE_CHECK( > + DFG_TYPE_CHECK_WITH_EXIT_KIND(Int52Overflow, > JSValueRegs(), node->child1(), SpecInt52AsDouble, > m_jit.branch64( > JITCompiler::Equal, resultGPR, Yuck! But I get it. Thanks for the review. Landed in r195488: <http://trac.webkit.org/r195488>. |