Bug 86552

Summary: DFG should optimize aliased uses of the Arguments object of the current call frame
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on: 87378    
Bug Blocks:    
Attachments:
Description Flags
work in progress
none
more
none
fixed some issues
none
it's starting to do things
none
the patch
ggaren: review+
almost ready none

Filip Pizlo
Reported 2012-05-15 17:31:21 PDT
We currently optimize the heck out of: arguments[i] arguments.length But we fail to do the same optimizations if we have: var x = arguments; x[i] x.length In particular, we will presently allocate (and tear off) an arguments object, and then optimize x[i] and x.length to be array-like accesses to that arguments object. While that is faster than what the baseline JIT and LLInt would do, it's still rather redundant, since the DFG has most of the machinery in place to realize that this aliased form of arguments access is equivalent to the non-aliased form.
Attachments
work in progress (39.78 KB, patch)
2012-05-15 17:35 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
more (52.43 KB, patch)
2012-05-15 18:21 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
fixed some issues (53.21 KB, patch)
2012-05-15 18:29 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
it's starting to do things (65.84 KB, patch)
2012-05-15 23:04 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
the patch (66.71 KB, patch)
2012-05-17 15:06 PDT, Filip Pizlo 		ggaren: review+
DetailsFormatted DiffDiff
almost ready (81.52 KB, patch)
2012-05-17 18:45 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
Show Obsolete (5) View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2012-05-15 17:35:14 PDT
Created attachment 142107 [details] work in progress Still need to implement the OSR side of this optimization. And check that the code even compiles. ;-)
Filip Pizlo
Comment 2 2012-05-15 18:21:54 PDT
Created attachment 142114 [details] more Wrote the 64-bit side of the OSR part of this optimization. Still haven't even tried compiling this.
Filip Pizlo
Comment 3 2012-05-15 18:29:32 PDT
Created attachment 142115 [details] fixed some issues Fixed some issues that I found through code inspection.
Filip Pizlo
Comment 4 2012-05-15 23:04:06 PDT
Created attachment 142158 [details] it's starting to do things Still more work to be done though.
Filip Pizlo
Comment 5 2012-05-17 15:06:08 PDT
Created attachment 142563 [details] the patch
Geoffrey Garen
Comment 6 2012-05-17 15:53:10 PDT
Comment on attachment 142563 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=142563&action=review Test cases and 32bit, please. > Source/JavaScriptCore/dfg/DFGArgumentsSimplificationPhase.cpp:442 > + // we should remote the phantom reference, since: s/remote/remove/
Filip Pizlo
Comment 7 2012-05-17 18:45:55 PDT
Created attachment 142606 [details] almost ready I just need to turn some of my ad-hoc tests into LayoutTests.
Filip Pizlo
Comment 8 2012-05-17 22:30:16 PDT
Landed with a bunch of LayoutTests in http://trac.webkit.org/changeset/117542
Filip Pizlo
Comment 9 2012-05-17 22:32:52 PDT
> s/remote/remove/ Forgot to fix in the main commit. Fix landed in http://trac.webkit.org/changeset/117543
Filip Pizlo
Comment 10 2012-05-23 22:32:42 PDT
Merged in http://trac.webkit.org/changeset/118323
Note You need to log in before you can comment on or make changes to this bug.