Summary: | DFG JIT unnecessarily boxes and unboxes values during silent spilling | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Filip Pizlo <fpizlo> | ||||||
Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | webkit.review.bot | ||||||
Priority: | P2 | ||||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Attachments: |
|
Description
Filip Pizlo
2011-07-07 00:08:25 PDT
Created attachment 99951 [details]
the patch
Comment on attachment 99951 [details]
the patch
Hi Filip, I think there may be a subtle bug in this code. When a register is silently spilled it is only actually written out to memory if it needs to be spilled (hasn't already been). This means that if you have values in registers XMM0 & XMM1, and XMM0 has already been spilled as a boxed value, then after the silent spill one of the values in memory will be boxed and the other won't. As such, you need to handle this in the silentFillFPR. If the register needsSpill() then it is unboxed, if not the value in memory is boxed. Also, please expand on the ChangeLog entry.
Created attachment 100776 [details]
the patch (fix review)
Comment on attachment 100776 [details]
the patch (fix review)
Looks great!
Comment on attachment 100776 [details] the patch (fix review) Clearing flags on attachment: 100776 Committed r91010: <http://trac.webkit.org/changeset/91010> All reviewed patches have been landed. Closing bug. |