RESOLVED FIXED 152255
We should not employ the snippet code in the DFG if no OSR exit was previously encountered. 
https://bugs.webkit.org/show_bug.cgi?id=152255
Summary We should not employ the snippet code in the DFG if no OSR exit was previousl...
Mark Lam
Reported 2015-12-14 09:27:05 PST
We already tried to do this but was doing it wrong. The is what we do now: if (Node::shouldSpeculateUntypedForArithmetic(leftChild.node(), rightChild.node()) || m_graph.hasExitSite(node->origin.semantic, BadType)) { fixEdge<UntypedUse>(leftChild); fixEdge<UntypedUse>(rightChild); ... The || should be a &&. We only want to employ the snippet code if we have actually encountered an OSR exit due to untyped operands not being supported.
Attachments
proposed patch. (2.62 KB, patch)
2015-12-14 09:29 PST, Mark Lam 		saam: review+
DetailsFormatted DiffDiff
x86_64 benchmark result. (66.54 KB, text/plain)
2015-12-14 09:33 PST, Mark Lam 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2015-12-14 09:29:59 PST
Created attachment 267301 [details] proposed patch.
Mark Lam
Comment 2 2015-12-14 09:33:12 PST
Created attachment 267302 [details] x86_64 benchmark result.
Mark Lam
Comment 3 2015-12-14 09:33:58 PST
With this change, we see the following progression in JSRegress: arguments-out-of-bounds 12.9152+-1.3205 ^ 10.2297+-0.3642 ^ definitely 1.2625x faster
Saam Barati
Comment 4 2015-12-14 11:35:48 PST
Comment on attachment 267301 [details] proposed patch. r=me
Mark Lam
Comment 5 2015-12-14 11:41:04 PST
Thanks for the review. Landed in r194040: <http://trac.webkit.org/r194040>.
Filip Pizlo
Comment 6 2015-12-14 11:52:59 PST
Comment on attachment 267301 [details] proposed patch. This is the wrong policy. We usually only rely on exit sites as a last resort. Why did you do this?
Mark Lam
Comment 7 2015-12-14 11:54:46 PST
(In reply to comment #6) > Comment on attachment 267301 [details] > proposed patch. > > This is the wrong policy. We usually only rely on exit sites as a last > resort. > > Why did you do this? This was suggested by Geoff, and was implemented this way since the first op_sub snippet. The only issue was that I had a bug in how I implemented it.
Note You need to log in before you can comment on or make changes to this bug.