Bug 163900

Summary: [DOMJIT] Tell IDL result type to DFG to drop type checks in AI
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: JavaScriptCoreAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, esprehn+autocc, fpizlo, keith_miller, kondapallykalyan, mark.lam, msaboff, saam
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 162544, 162980    
Attachments:
Description Flags
Patch
none
Patch sam: review+

Description Yusuke Suzuki 2016-10-24 10:29:47 PDT 
We use heap prediction in propagation phase since it is more accurate,
but we can use IDL result type in AI to drop type checks.
Comment 1 Yusuke Suzuki 2016-10-25 15:30:47 PDT 
Created attachment 292835 [details]
Patch
Comment 2 Yusuke Suzuki 2016-10-25 15:44:37 PDT 
Created attachment 292837 [details]
Patch
Comment 3 Yusuke Suzuki 2016-10-25 15:44:57 PDT 
Added more tests.
Comment 4 Sam Weinig 2016-10-25 22:30:03 PDT 
Comment on attachment 292837 [details]
Patch

Awesome!
Comment 5 Yusuke Suzuki 2016-10-25 22:45:58 PDT 
Committed r207869: <http://trac.webkit.org/changeset/207869>
Comment 6 Yusuke Suzuki 2016-10-25 22:46:20 PDT 
Thanks!
Comment 7 Saam Barati 2016-10-26 00:17:30 PDT 
Comment on attachment 292837 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=292837&action=review

> Source/WebCore/bindings/scripts/CodeGeneratorJS.pm:2506
> +        "long" => "SpecInt32Only",

This shouldn't be SpecBytecodeNumber?
Comment 8 Yusuke Suzuki 2016-10-26 02:12:41 PDT 
Comment on attachment 292837 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=292837&action=review

>> Source/WebCore/bindings/scripts/CodeGeneratorJS.pm:2506
>> +        "long" => "SpecInt32Only",
> 
> This shouldn't be SpecBytecodeNumber?

Do you mean this `long` exceeds the range of SpecInt32Only?
According to the WebIDL spec, the long is defined as a range of int32_t.
https://www.w3.org/TR/WebIDL/#idl-long
Comment 9 Saam Barati 2016-10-28 02:06:00 PDT 
(In reply to comment #8)
> Comment on attachment 292837 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=292837&action=review
> 
> >> Source/WebCore/bindings/scripts/CodeGeneratorJS.pm:2506
> >> +        "long" => "SpecInt32Only",
> > 
> > This shouldn't be SpecBytecodeNumber?
> 
> Do you mean this `long` exceeds the range of SpecInt32Only?
> According to the WebIDL spec, the long is defined as a range of int32_t.
> https://www.w3.org/TR/WebIDL/#idl-long

Yeah I was worried about that but if it's int32 then we're fine :)