| Summary: | Array accesses should remember what kind of array they are predicted to access | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Filip Pizlo <fpizlo> | ||||||||||||||||||||
| Component: | JavaScriptCore | Assignee: | Filip Pizlo <fpizlo> | ||||||||||||||||||||
| Status: | RESOLVED FIXED | ||||||||||||||||||||||
| Severity: | Normal | CC: | barraclough, ggaren, mhahnenberg, msaboff, oliver | ||||||||||||||||||||
| Priority: | P2 | ||||||||||||||||||||||
| Version: | 528+ (Nightly build) | ||||||||||||||||||||||
| Hardware: | All | ||||||||||||||||||||||
| OS: | All | ||||||||||||||||||||||
| Bug Depends on: | |||||||||||||||||||||||
| Bug Blocks: | 91933 | ||||||||||||||||||||||
| Attachments: |
|
||||||||||||||||||||||
|
Description
Filip Pizlo
2012-08-20 00:24:00 PDT
Created attachment 159347 [details]
work in progress
Created attachment 159797 [details]
work in progress
Created attachment 159845 [details]
work in progress
Created attachment 159846 [details]
almost there
Created attachment 159851 [details]
getting there
Created attachment 159875 [details]
it runs simple things
Still more testing to go. And there's also 32-bit to worry about.
Created attachment 160010 [details]
more
Created attachment 160026 [details]
seems to work
Seems at least perf-neutral and it runs non-trivial workloads, but I'm still testing it more.
Created attachment 160041 [details]
the patch
Comment on attachment 160041 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=160041&action=review > Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:151 > + for (unsigned n = 2; n--;) why? - please to be commenting. > Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:328 > + case PutByVal: { case PutByValAlias: > Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:344 > if (m_graph[child3].shouldSpeculateInteger()) if (!condition) fixDoubleEdge Landed in http://trac.webkit.org/changeset/126387 |