Bug 156182

Summary: PolymorphicAccess should have a MegamorphicLoad case
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, keith_miller, mark.lam, msaboff, rniwa, saam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
patch that does not work
none
the patch
none
the patch ggaren: review+

Filip Pizlo
Reported 2016-04-04 15:09:28 PDT
Patch forthcoming
Attachments
patch that does not work (35.79 KB, patch)
2016-04-04 15:11 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (47.11 KB, patch)
2016-04-04 20:35 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (46.75 KB, patch)
2016-04-05 11:07 PDT, Filip Pizlo 		ggaren: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2016-04-04 15:11:38 PDT
Created attachment 275580 [details] patch that does not work It generates code for MegamorphicAccess but that code then crashes. OTOH the other changes in this patch pass tests and are perf-neutral (like changing repatch heuristics and hashing).
Filip Pizlo
Comment 2 2016-04-04 16:46:09 PDT
It now works for a simple test: TipOfTree Things megamorphic-load 29.3178+-2.9974 ^ 16.4813+-1.2412 ^ definitely 1.7789x faster
Filip Pizlo
Comment 3 2016-04-04 20:35:19 PDT
Created attachment 275628 [details] the patch Not yet ready for review since I am not yet done benchmarking it.
WebKit Commit Bot
Comment 4 2016-04-04 21:11:32 PDT
Attachment 275628 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/jit/AssemblyHelpers.h:154: The parameter name "object" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 1 in 20 files If any of these errors are false positives, please file a bug against check-webkit-style.
Filip Pizlo
Comment 5 2016-04-05 10:57:57 PDT
(In reply to comment #4) > Attachment 275628 [details] did not pass style-queue: > > > ERROR: Source/JavaScriptCore/jit/AssemblyHelpers.h:154: The parameter name > "object" adds no information, so it should be removed. False. > [readability/parameter_name] [5] > Total errors found: 1 in 20 files > > > If any of these errors are false positives, please file a bug against > check-webkit-style.
Keith Miller
Comment 6 2016-04-05 10:59:41 PDT
Looks like some of the builds are unhappy with your patch.
Filip Pizlo
Comment 7 2016-04-05 11:00:15 PDT
(In reply to comment #6) > Looks like some of the builds are unhappy with your patch. Yeah, I haven't compiled/tested 32-bit yet.
Filip Pizlo
Comment 8 2016-04-05 11:07:33 PDT
Created attachment 275676 [details] the patch Fixes 32-bit-only link error.
WebKit Commit Bot
Comment 9 2016-04-05 11:09:54 PDT
Attachment 275676 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/jit/AssemblyHelpers.h:154: The parameter name "object" adds no information, so it should be removed. [readability/parameter_name] [5] Total errors found: 1 in 20 files If any of these errors are false positives, please file a bug against check-webkit-style.
Geoffrey Garen
Comment 10 2016-04-05 12:48:50 PDT
Comment on attachment 275676 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=275676&action=review r=me > Source/JavaScriptCore/ChangeLog:22 > + pathology only makes sense if it also preserves the good performance of the fast case, or reduces the > + likelihood of the worst-case by so much that it's a win for the average case even with a slow-down in > + the fast case. Interesting. I was just looking at the same problem for bmalloc. I think doubleHash() was originally partially a defense against the combination of: (a) hash functions that weren't very good at mixing the low bits, and (b) hash tables where the key was expensive to compare, like a WTF::String. But maybe those problems are in the past. Maybe we should make the same change in WTF::HashTable, which also doubleHashes.
Keith Miller
Comment 11 2016-04-05 12:52:32 PDT
Comment on attachment 275676 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=275676&action=review r=me too. > Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp:531 > + UNUSED_PARAM(loop); Seems unnecessary.
Filip Pizlo
Comment 12 2016-04-05 12:53:13 PDT
(In reply to comment #11) > Comment on attachment 275676 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=275676&action=review > > r=me too. > > > Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp:531 > > + UNUSED_PARAM(loop); > > Seems unnecessary. Ooops I will remove.
Filip Pizlo
Comment 13 2016-04-05 12:58:25 PDT
Landed in http://trac.webkit.org/changeset/199069
Note You need to log in before you can comment on or make changes to this bug.