Created attachment 299107 [details]
patch

Should address <rdar://problem/29144126>

Here are some benchmark results:

$ run-jsc-benchmarks original:original/bin/jsc delay:current-release/bin/jsc --kraken --outer 20
                                           original                   delay                                       

ai-astar                                67.957+-1.211             67.896+-1.411         
audio-beat-detection                    28.329+-1.439      ?      28.507+-1.279         ?
audio-dft                               59.496+-0.586      ?      59.804+-0.611         ?
audio-fft                               21.121+-0.106      ?      21.168+-0.115         ?
audio-oscillator                        45.449+-1.932             44.702+-0.187           might be 1.0167x faster
imaging-darkroom                        49.720+-0.295      ?      49.832+-0.357         ?
imaging-desaturate                      43.173+-0.864             42.325+-0.775           might be 1.0200x faster
imaging-gaussian-blur                   64.513+-9.577             60.548+-7.272           might be 1.0655x faster
json-parse-financial                    29.491+-0.126      ?      29.521+-0.132         ?
json-stringify-tinderbox                18.723+-0.186             18.607+-0.184         
stanford-crypto-aes                     30.532+-0.240             30.424+-0.124         
stanford-crypto-ccm                     28.714+-0.854             28.599+-0.896         
stanford-crypto-pbkdf2                  95.847+-0.485             95.605+-0.445         
stanford-crypto-sha256-iterative        30.506+-0.080      ?      30.534+-0.131         ?

<arithmetic>                            43.827+-0.718             43.434+-0.557           might be 1.0090x faster

$ run-jsc-benchmarks original:original/bin/jsc delay:current-release/bin/jsc --kraken --benchmark gaussian-blur --outer 200
                                original                   delay                                       

imaging-gaussian-blur        63.372+-2.660             61.678+-2.618           might be 1.0275x faster

<arithmetic>                 63.372+-2.660             61.678+-2.618           might be 1.0275x faster

$ run-jsc-benchmarks original:original/bin/jsc delay:current-release/bin/jsc --benchmark marsaglia --outer 200
                                original                   delay                                       

marsaglia-larger-ints       71.3672+-0.0630     ?     71.4541+-0.1207        ?
marsaglia-osr-entry         15.8131+-0.0794     ?     15.8814+-0.0861        ?

<geometric>                 33.5883+-0.0823     ?     33.6799+-0.0910        ? might be 1.0027x slower

$ run-jsc-benchmarks original:original/bin/jsc delay:current-release/bin/jsc --benchmark mandelbrot --outer 20
                         original                   delay                                       

mandelbrot          376.3381+-2.3982          374.4935+-0.6074        

<geometric>         376.3381+-2.3982          374.4935+-0.6074          might be 1.0049x faster

$ run-jsc-benchmarks original:original/bin/jsc delay:current-release/bin/jsc --benchmark nonude --outer 60
                         original                   delay                                       

nonude               67.6165+-0.6550     ?     67.9252+-0.7012        ?

<geometric>          67.6165+-0.6550     ?     67.9252+-0.7012        ? might be 1.0046x slower

In the mandelbrot.js test I've got Unicode characters that display a fancy Mandelbrot image. Bugzilla doesn't like Unicode, but my terminal does (you can also print on each iteration to see a neat animation!).

nonude.js has baked-in constant array, I figure that's more reliable than randomly generated. I could avoid line-wrap and put everything in a single line if you think that would be better. It needs to be about this size to tier up.

Comment on attachment 299107 [details]
patch

I'd like to provide feedback on this patch, but I can't because the mandelbrot microbenchmark is too big for the patch review tool.

Also, it seems to be fairly long-running.  We don't want microbenchmarks that run for 100ms or more.

I don't think this is the right approach.  It seems to defeat the purpose of having a target loop trigger.  When you try to compile and you're not at the loop header, you just try again.  The whole point of the trigger is so that we don't have to wait and hope that we enter in the loop.

Created attachment 299313 [details]
patch

Update with a different approach: mark the outer loop for entry, and when we force its compilation then unmark it.

I still need to handle the cases where:

 - outer-loop compilation fails (can it fail for outer but not inner? Do we care?)
 - outer-loop doesn't trigger for too long (maybe we should try to trigger one loop in, and so on, until we reach the innermost loop)

I ran performance number but they look weird. I'll close things and re-run them.

Created attachment 299364 [details]
patch

Here's a sketch of what I think back off could be like.

I still need to:

 - Verify benchmarks, and tune this backoff thing.
 - Make new tests shorter.
 - Update changelog.

(In reply to comment #6)
> Created attachment 299364 [details]
> patch
> 
> Here's a sketch of what I think back off could be like.
> 
> I still need to:
> 
>  - Verify benchmarks, and tune this backoff thing.
>  - Make new tests shorter.
>  - Update changelog.

Can you please upload a smaller patch?  You should remove the benchmarks from the patch and land them anyway when you commit.  We don't review the benchmark contents usually.

Comment on attachment 299364 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=299364&action=review

> Source/JavaScriptCore/dfg/DFGTierUpEntryTrigger.h:35
> +    DontEnter = 0, // Must stay zero: JIT-compiled code enters when non-zero.
> +    TryToCompileCode,
> +    CodeCompiledSuccessfully,

s/enters/takes the triggerOSREntryNow slow path

Maybe need to rename triggerOSREntryNow to triggerTierUpNow

Maybe:

None,
Compile,
OSREnter

Created attachment 299381 [details]
patch

Update patch with Geoff's comments, and drop tests for now.

Created attachment 299395 [details]
patch

Add some logging, and clean up a minor issue with entry location.

Comment on attachment 299395 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=299395&action=review

> Source/JavaScriptCore/bytecode/ExecutionCounter.cpp:75
>  template<CountingVariant countingVariant>
> +void ExecutionCounter<countingVariant>::deferForAWhile()
> +{
> +    ASSERT(m_activeThreshold != std::numeric_limits<int32_t>::max());
> +    m_totalCount = count();
> +    m_counter = -static_cast<int32_t>(m_activeThreshold);
> +}

This function is kinda weird.  It's totally different from how we usually ask the execution counter to trigger soon.

> Source/JavaScriptCore/dfg/DFGJITCode.cpp:144
> +void JITCode::dontOptimizeForAWhile(CodeBlock* codeBlock)
> +{
> +    ASSERT(codeBlock->jitType() == JITCode::DFGJIT);
> +    if (Options::verboseOSR())
> +        dataLog(*codeBlock, ": Not FTL-optimizing for a while.\n");
> +    tierUpCounter.deferForAWhile();
> +}
> +

This seems like it's almost like optimizeAfterWarmUp or optimizeSoon. You should preferably choose one of those rather than introduce a new thing.

Created attachment 299639 [details]
patch

Substantially change the logic after in-person talk with pizlo.

I still need to:

 - Test this a bunch.
 - Make the tests run faster.

The basic idea should be there though.

Comment on attachment 299639 [details]
patch

This looks pretty solid to me.

Created attachment 299676 [details]
pach

Fixed a few bugs found by tests. They're still running, I'll then benchmark and shorten the two new tests.

Tests seem happy.

First run of the benchmarks seem OK, pretty much perf neutral without regressing variance on kraken/imagine-gaussian-blur.

I'm kicking off a longer benchmark run and signing out for today, will look a the results tomorrow and report back.

Created attachment 299713 [details]
patch

Typo fix.

Benchmarks finished, ruby is crunching on them.

Created attachment 299774 [details]
patch

This looks good to go. I rebased the changes, made the new benchmarks faster, and ran benchmarks (everything looks pretty neutral).

I'll file a separate bug to investigate mandelbrot's lack of FTL-ing. It's important to fix, but not as much as other things.

Attachment 299774 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/dfg/DFGOperations.cpp:2431:  An else statement can be removed when the prior "if" concludes with a return, break, continue or goto statement.  [readability/control_flow] [4]
ERROR: Source/JavaScriptCore/dfg/DFGOperations.cpp:2613:  An else statement can be removed when the prior "if" concludes with a return, break, continue or goto statement.  [readability/control_flow] [4]
Total errors found: 2 in 18 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment on attachment 299774 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=299774&action=review

> JSTests/microbenchmarks/nonude.js:1
> +const makeFaster = 8;

Does this test actually exercise the crash?

> Source/JavaScriptCore/ChangeLog:29
> +        right JSValues, otherwise we're confusing the compiler and giving
> +        it inaccurate JSValues which can lead it to predict the wrong
> +        things, leading to suboptimal code or recompilation due to
> +        misprediction.

Also, crash

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2390
> +            // We're already compiling, and can't OSR enter. We therefore must have set our slow-path trigger as well as another slow path trigger, hoping one of these would kick off a compilation. Sure enough another bytecode location did kick off a compilation before this one got a chance to do so. There's nothing for us to do but wait.

Nit: make this multiline.

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:5787
> +        static_assert(!static_cast<int>(TierUpEntryTrigger::None), "NonZero test below depends on this");

nit: I'd use uint8_t instead of int

Comment on attachment 299774 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=299774&action=review

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2625
> +        switch (osrEntryPreparation.error()) {
> +        case FTL::OSREntryFail::StackGrowthFailed:
> +            // It's not clear what we should do. We signal to try again after a while if that happens.
> +            return nullptr;
> +        case FTL::OSREntryFail::WrongBytecode:
> +            RELEASE_ASSERT_NOT_REACHED();
> +        }

Why not just RELEASE_ASSERT(error == StackGrowthFailed)?
Also, we tend not to have "else" statements for "if"s that end in returns.

Comment on attachment 299774 [details]
patch

LGTM, but I think you should address Saam's advice.

Created attachment 299816 [details]
patch

Address Saam's comments except one as noted below.

Fix GTK build, it was sad about missing return because it wasn't smart enough to see there was no missing return (or spoon for that matter).


> > JSTests/microbenchmarks/nonude.js:1
> > +const makeFaster = 8;
> 
> Does this test actually exercise the crash?

It's complicated... The code is super finicky, and I can add asserts at specific spots to observe unwanted things that turn out to be innocuous. As-is the benchmark pretty much doesn't exhibit bad behavior.

I was thinking about adding a few asserts as sanity checks, but I'd do that separately.


> > Source/JavaScriptCore/ChangeLog:29
> > +        right JSValues, otherwise we're confusing the compiler and giving
> > +        it inaccurate JSValues which can lead it to predict the wrong
> > +        things, leading to suboptimal code or recompilation due to
> > +        misprediction.
> 
> Also, crash

I was purposefully not using that word, but pizlo says it's fine.


> View in context:
> https://bugs.webkit.org/attachment.cgi?id=299774&action=review
> 
> > Source/JavaScriptCore/dfg/DFGOperations.cpp:2625
> > +        switch (osrEntryPreparation.error()) {
> > +        case FTL::OSREntryFail::StackGrowthFailed:
> > +            // It's not clear what we should do. We signal to try again after a while if that happens.
> > +            return nullptr;
> > +        case FTL::OSREntryFail::WrongBytecode:
> > +            RELEASE_ASSERT_NOT_REACHED();
> > +        }
> 
> Why not just RELEASE_ASSERT(error == StackGrowthFailed)?
> Also, we tend not to have "else" statements for "if"s that end in returns.

I like this approach because if / when we add new reasons for OSR entry failure we *have* to edit this code (because the switch must cover all enum cases, otherwise compiler warns), think about what it means, and document it as above (what do we do about stack growth? Dunno... But wrong bytecode definitely can't happen here!).

Removing the "else" would make this code invalid: osrEntryPreparation wouldn't be in scope anymore (it's only in scope in the if / else). I can hoist it above the "if", but then IMO the code is ugly :-)

Happy to change it if you want, I just like this style quite a bit because IMO it's less likely to break in the future.

Attachment 299816 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/dfg/DFGOperations.cpp:2439:  An else statement can be removed when the prior "if" concludes with a return, break, continue or goto statement.  [readability/control_flow] [4]
ERROR: Source/JavaScriptCore/dfg/DFGOperations.cpp:2637:  An else statement can be removed when the prior "if" concludes with a return, break, continue or goto statement.  [readability/control_flow] [4]
Total errors found: 2 in 18 files


If any of these errors are false positives, please file a bug against check-webkit-style.

(In reply to comment #22)
> Created attachment 299816 [details]
> patch
> 
> Address Saam's comments except one as noted below.
> 
> Fix GTK build, it was sad about missing return because it wasn't smart
> enough to see there was no missing return (or spoon for that matter).
> 
> 
> > > JSTests/microbenchmarks/nonude.js:1
> > > +const makeFaster = 8;
> > 
> > Does this test actually exercise the crash?
> 
> It's complicated... The code is super finicky, and I can add asserts at
> specific spots to observe unwanted things that turn out to be innocuous.
> As-is the benchmark pretty much doesn't exhibit bad behavior.
> 
> I was thinking about adding a few asserts as sanity checks, but I'd do that
> separately.
> 
> 
> > > Source/JavaScriptCore/ChangeLog:29
> > > +        right JSValues, otherwise we're confusing the compiler and giving
> > > +        it inaccurate JSValues which can lead it to predict the wrong
> > > +        things, leading to suboptimal code or recompilation due to
> > > +        misprediction.
> > 
> > Also, crash
> 
> I was purposefully not using that word, but pizlo says it's fine.
> 
> 
> > View in context:
> > https://bugs.webkit.org/attachment.cgi?id=299774&action=review
> > 
> > > Source/JavaScriptCore/dfg/DFGOperations.cpp:2625
> > > +        switch (osrEntryPreparation.error()) {
> > > +        case FTL::OSREntryFail::StackGrowthFailed:
> > > +            // It's not clear what we should do. We signal to try again after a while if that happens.
> > > +            return nullptr;
> > > +        case FTL::OSREntryFail::WrongBytecode:
> > > +            RELEASE_ASSERT_NOT_REACHED();
> > > +        }
> > 
> > Why not just RELEASE_ASSERT(error == StackGrowthFailed)?
> > Also, we tend not to have "else" statements for "if"s that end in returns.
> 
> I like this approach because if / when we add new reasons for OSR entry
> failure we *have* to edit this code (because the switch must cover all enum
> cases, otherwise compiler warns), think about what it means, and document it
> as above (what do we do about stack growth? Dunno... But wrong bytecode
> definitely can't happen here!).

I agree with that approach. I also like to use switch statements this way. We do it all the time in the compiler guts.

> 
> Removing the "else" would make this code invalid: osrEntryPreparation
> wouldn't be in scope anymore (it's only in scope in the if / else). I can
> hoist it above the "if", but then IMO the code is ugly :-)

That would be the WebKit style.

> 
> Happy to change it if you want, I just like this style quite a bit because
> IMO it's less likely to break in the future.

We're all very used to reading code where else is only used when 'then' might fall through. It's annoying when code breaks this tradition.

Created attachment 299823 [details]
patch

Un-else the code, pizlo makes a good case that it's WebKit style.

CQ+

Comment on attachment 299823 [details]
patch

Clearing flags on attachment: 299823

Committed r211224: <http://trac.webkit.org/changeset/211224>

All reviewed patches have been landed.  Closing bug.

I'll follow-up on mandelbrot not FTL-ing here:
https://bugs.webkit.org/show_bug.cgi?id=167460

Not now though, it's not super high priority.

Re-opened since this is blocked by bug 167479

Created attachment 300231 [details]
patch

This patch does away with tierUpEntrySeen which seems to have been the cause of the regression on kraken/ai-astar. That benchmark has nested loops through inlining, and the innermost-loop enters through triggerTierUpNowInLoop which wasn't tracking tierUpEntrySeen, thereby preventing the trigger loop from setting any enclosing loop's trigger.

Interestingly, my local build didn't spot this as a regression because the generated code was perf-neutral but had significantly different Base/DFG/FTL/FTLOSR profile numbers. The same was true of other builds, on multiple machines (different profiles, but perf-neutral). In the end the performance regression only showed up on builds using older SDKs, which had different profiles *and* had significantly worst runtime performance (~80% regression on kraken/ai-astar). This is a troubling sign of this code's brittleness (which I'll ignore for now, and look into it later, better fix this now).


For this second fix I benchmarked approaches for the following combinations:

* Whether to drop tierUpEntrySeen for triggerTierUpNowInLoop only, or for checkTierUpAndOSREnterNow as well.
* Whether to set the triggers from outer-loop to inner-loop, or the reverse (again, trying both approaches for triggerTierUpNowInLoop and checkTierUpAndOSREnterNow).

The benchmarks tell me that dropping tierUpEntrySeen entirely and always doing outer-loop to inner-loop is a win. This patch is exactly the same as the last one, except for dropping tierUpEntrySeen.


Results (and profiles) attached separately.

Created attachment 300232 [details]
Results + profiles

Results + profiles

Comment on attachment 300231 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=300231&action=review

> Source/JavaScriptCore/ChangeLog:9
> +        Re-land of r211224, but without tierUpEntrySeen which seems to
> +        have been the cause of the kraken/ai-astar regression.

tierUpEntrySeen has been around for a while.  Can you provide a lot more details about why that's not needed anymore, and why it caused the regression in ai-astar?

I think that if we can't answer that question, then wrapping this fix up together with a rewrite of a large chunk DFG->FTL OSR entry is not the right way to go.  We need to find what is the minimal change to the code that fixes the bug.

(In reply to comment #32)
> Comment on attachment 300231 [details]
> patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=300231&action=review
> 
> > Source/JavaScriptCore/ChangeLog:9
> > +        Re-land of r211224, but without tierUpEntrySeen which seems to
> > +        have been the cause of the kraken/ai-astar regression.
> 
> tierUpEntrySeen has been around for a while.  Can you provide a lot more
> details about why that's not needed anymore, and why it caused the
> regression in ai-astar?
> 
> I think that if we can't answer that question, then wrapping this fix up
> together with a rewrite of a large chunk DFG->FTL OSR entry is not the right
> way to go.  We need to find what is the minimal change to the code that
> fixes the bug.

The following code is in triggerOSREntryNow but not in triggerTierUpNowInLoop:

  jitCode->tierUpEntrySeen.add(bytecodeIndex);

The loop-traversal code then does:

             // Traverse the loop hierarchy from the outer-most loop, to the inner-most one.
             for (auto iterator = tierUpHierarchyEntry->value.rbegin(), end = tierUpHierarchyEntry->value.rend(); iterator != end; ++iterator) {
                 unsigned osrEntryCandidate = *iterator;
                 if (jitCode->tierUpEntrySeen.contains(osrEntryCandidate)) {
                     ....

That's the source of the bug in the patch which was previously committed, and then reverted.


I agree with your suggestion: I'll create a minimally-disruptive fix, upload+commit after review, and then submit this code as a bigger refactoring in a separate patch. That'll make sure that I separate bug fix from performance+refactoring fix.

Created attachment 300271 [details]
patch

Here's a very minimal patch as discussed. If it sticks I'll commit the bigger refactor+tuning in a follow-up.

Created attachment 300272 [details]
Benchmark results

Benchmark.

Attachment 300271 [details] did not pass style-queue:


ERROR: Source/JavaScriptCore/dfg/DFGOperations.cpp:2431:  Multi line control clauses should use braces.  [whitespace/braces] [4]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment on attachment 300271 [details]
patch

I don't understand this change. Why does every conditional do nothing when triggeredSlowPath?  Doesn't that mean that when you do get force triggered at the outer loop at which you could compile, then you'll end up not compiling?  Shouldn't you be predicating on canOSRFromHere?

Comment on attachment 300271 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=300271&action=review

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2419
> +    if (!triggeredSlowPath) {

Not sure if this should be here.  If we already have an osrEntryBlock, as the code this is guarding checks, then we have to count retry.

Comment on attachment 300271 [details]
patch

OK - the only part of this that I'm uncomfortable about is not doing the existing-osrEntryBlock dance when triggeredSlowPath.  What do you think?

(In reply to comment #37)
> Comment on attachment 300271 [details]
> patch
> 
> I don't understand this change. Why does every conditional do nothing when
> triggeredSlowPath?  Doesn't that mean that when you do get force triggered
> at the outer loop at which you could compile, then you'll end up not
> compiling?  Shouldn't you be predicating on canOSRFromHere?

(reposting here from IRC discussion).

canOSRFromHere only happens when entering from triggerTierUpNowInLoop, which gets generated by CheckTierUpInLoop, which itself gets generated by performTierUpCheckInjection when canOSREnterAtLoopHint(level, block, nodeIndex) says "can't". That's mostly orthogonal to triggeredSlowPath.

triggeredSlowPath basically skips all the places we can return from, and goes directly to the compile step instead. That's why it does all the shortcuts (but only after testing the condition, which may have side-effects). The intent is that triggeredSlowPath  does all the required bookkeeping, and takes you straight down to jitCode->reconstruct, which then triggers a compile.



Separately though, Fil pointed out that the entire section under "It's time to try to compile code for OSR entry" didn't need to be guarded by `! triggeredSlowPath`. I'll revert that part of the change, benchmark, and upload a new patch.

Created attachment 300280 [details]
patch

Updated patch. Perf numbers seem to be the same.

Comment on attachment 300280 [details]
patch

Clearing flags on attachment: 300280

Committed r211461: <http://trac.webkit.org/changeset/211461>

All reviewed patches have been landed.  Closing bug.

This seems to regress *some* kraken/ai-astar builds again by ~80%. I'm looking at why, may revert again.

This is odd. In the previous patch I had perf-neutral results with different tiering behavior because of a bug. This patch has the same tiering behavior as far as I can tell.

I ran the following to create a csv file, before and after my change:

for i in `seq 1 100`; do ./current/bin/jsc ./JSTests/ChakraCore/test/benchmarks/Kraken/ai-astar.js -p a 2>&1 > /dev/null && printf "f\nq" | ./Tools/Scripts/display-profiler-output a 2>&1 | grep findGraphNode | sed 's| *[^ ]* *[0-9]* *\([^ ]*\).*|\1|' | sed 's|/|,|g' ; done

Before my change:

	Base	DFG	FTL	FTLOSR
Average	1360	39254117	2175101	5277488
stddev	392	11810751	233459	11788088

After my change:

	Base	DFG	FTL	FTLOSR
Average	1279	40142662	2128971	4435185
stddev	242	10385349	229923	10371637

There are two modes when running the code: sometimes we hit straight FTL for findGraphNode, and sometimes we hit FTLOSR. Both before as well as after, straight FTL occurs about 80% of the time, and FTLOSR 20%. Hitting FTLOSR is a 10%-20% perf uptick.


But this is all with my local build, not with the build on the bots that show a slowdown. I need to dig some more.

Interesting data point: using an older compiler and comparing before / after my change (again 100 profiled runs) I get the following results:

Before:

	Runtime	Base	DFG	FTL	FTLOSR
Average	183	1424	4002246	2317610	40386834
Stddev	5	456	452149	310826	594810

After:

	Runtime	Base	DFG	FTL	FTLOSR
Average	268	1525	40450595	2265327	3990661
Stddev	28	1065	10648728	471780	10704523

Somehow, using an older C++ compiler drastically changes jsc's behavior. It used to go out of DFG pretty quickly, and each run does *both* FTL ad FTLOSR.

After my change it's modal: most runs do FTL only, and a few do FTL+FTLOSR. Even the few that do FTL+FTLOSR stay in DFG for longer, so their performance is worse than before my change (and the FTL only ones have way worse performance).


I'll try out a build with a newer compiler (instead of whatever I have locally), and compare to this.

Odd: a bot build with newer compiler has similar results! I'm probably perturbing compilation enough (by waiting until we hit the outer loop) that we enter FTL from the function instead of through the OSR entry.

Digging some more...

OK the data problem stems from my cmake build *not* exhibiting this issue (before / after my patch performance and behavior are the same), but the make build exhibits this issue (behavior and performance change, code becomes modal FTL mostly and FTLOSR sometimes).

I'm not sure *why* there's a difference, but now I know *where* the difference is.

Re-opened since this is blocked by bug 167721

Created attachment 300434 [details]
patch

This patch tries to only create mustHandleValues when the byte code location allows it. Contrary to what I'd measured before (with a different approach) it's a disaster:

ai-astar                                67.960+-0.933      !      78.297+-1.001         ! definitely 1.1521x slower
audio-beat-detection                    29.127+-0.044      ?      29.759+-0.616         ? might be 1.0217x slower
audio-dft                               60.107+-1.480             59.898+-0.281         
audio-fft                               21.444+-0.360             21.253+-0.086         
audio-oscillator                        44.575+-0.124      ?      44.627+-0.072         ?
imaging-darkroom                        49.453+-0.107             49.391+-0.095         
imaging-desaturate                      42.325+-0.314      ?      42.503+-0.343         ?
imaging-gaussian-blur                   52.743+-0.439      !     196.948+-48.231        ! definitely 3.7341x slower
json-parse-financial                    28.857+-0.080      ?      29.336+-0.467         ? might be 1.0166x slower
json-stringify-tinderbox                18.620+-0.198             18.599+-0.195         
stanford-crypto-aes                     30.074+-0.094      ?      30.164+-0.367         ?
stanford-crypto-ccm                     26.892+-0.281      ?      26.936+-0.524         ?
stanford-crypto-pbkdf2                  92.042+-0.862             91.473+-0.273         
stanford-crypto-sha256-iterative        29.186+-0.077      ?      29.214+-0.126         ?

<arithmetic>                            42.386+-0.150      !      53.457+-3.464         ! definitely 1.2612x slower


Looking at ai-astar, there's more FTLOSR exit going on:

      CodeBlock        #Instr            Source Counts                     Machine Counts          #Compil  Inlines  #Exits   Last Opts
                                      Base/DFG/FTL/FTLOSR               Base/DFG/FTL/FTLOSR                Src/Total         Get/Put/Call
 findGraphNode#EBmwVP    83       140738/8742609/37824773/15         140738/1803397/37824773/0        7       1/9      15       2/0/0
    search#DTtNtq       686            253327/49301/0/15                253327/6873500/0/15          10       0/0       0       33/4/9
removeGraphNode#DqCfaQ  102          8094/155404/134382/0               8094/106372/134382/0          3       1/6       0       3/0/0

I'll explore other options.

Created attachment 300437 [details]
patch

This patch goes back to one of my original ideas of imprecise recovery. It seems to dampen the pain a bit:

                                           original                    new                                        

ai-astar                                67.288+-1.586      !      74.064+-1.935         ! definitely 1.1007x slower
audio-beat-detection                    29.172+-0.201      ?      29.256+-0.248         ?
audio-dft                               60.255+-1.880      ?      61.046+-1.703         ? might be 1.0131x slower
audio-fft                               21.212+-0.124      ?      21.370+-0.147         ?
audio-oscillator                        44.652+-0.222      ?      44.848+-0.159         ?
imaging-darkroom                        49.880+-0.140      ?      50.416+-0.816         ? might be 1.0107x slower
imaging-desaturate                      43.052+-1.005             43.049+-1.091         
imaging-gaussian-blur                   52.471+-1.869      ?      53.245+-1.872         ? might be 1.0148x slower
json-parse-financial                    29.343+-0.346             29.313+-0.239         
json-stringify-tinderbox                18.963+-0.167      ?      18.988+-0.232         ?
stanford-crypto-aes                     30.038+-0.175      ?      30.156+-0.212         ?
stanford-crypto-ccm                     26.529+-0.861      ?      27.998+-0.710         ? might be 1.0553x slower
stanford-crypto-pbkdf2                  91.727+-0.497      ?      92.433+-0.530         ?
stanford-crypto-sha256-iterative        29.734+-0.982             29.671+-0.279         

<arithmetic>                            42.451+-0.264      !      43.275+-0.223         ! definitely 1.0194x slower



      CodeBlock        #Instr            Source Counts                     Machine Counts          #Compil  Inlines  #Exits   Last Opts
                                      Base/DFG/FTL/FTLOSR               Base/DFG/FTL/FTLOSR                Src/Total         Get/Put/Call
 findGraphNode#EBmwVP    83       161883/7457230/39088698/19         161883/3149734/39088698/0        7       1/9      19       2/0/0
    search#DTtNtq       686            264380/37702/0/19                264380/4255896/0/19          10       0/0       0       33/4/9
removeGraphNode#DqCfaQ  102          4214/142140/151396/0               4214/104520/151396/0          3       1/6       0       3/0/0


I'll science this some more.

I just realized why I couldn't figure out the exit reasons: `findGraphNode` gets inlined so the exit attributions go to it, but exit events to `search`.

With this current patch (imprecise recovery) exits in kraken/ai-astar are due to BadType. With the one just before (no mustHandleValue when byte code location is bad) it's due to InadequateCoverage.

Created attachment 300445 [details]
benchmark results for imprecise mustHandleValues

benchmark results for imprecise mustHandleValues when the bytecode location isn't suitable for entry. This looks mostly neutral, though kraken is a slight regression.

We can't land a statistically significant Kraken regression, no matter how small.

Also, we consider 2% on Kraken to be a medium-to-big regression, it takes a big amount of work to get a 2% Kraken speed-up.

Comment on attachment 300437 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=300437&action=review

> Source/JavaScriptCore/bytecode/ValueRecovery.cpp:76
> +        return jsUndefined();

This is probably your problem.

If you tell the DFG that something could be Undefined and there is no other signal telling the DFG otherwise, then the DFG will assume that it should speculate that it is Undefined.

It's not clear to me what you could return here that would be safe.  Our type inference system is not designed to allow for this kind of imprecision.

Comment on attachment 300437 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=300437&action=review

> Source/JavaScriptCore/bytecode/ValueRecovery.cpp:75
> +        if (v.isInt32())
> +            return JSValue(static_cast<int32_t>(v.asInt32()));
> +        if (v.isDouble())
> +            return jsNumber(purifyNaN(v.asDouble()));

This is a possible security vulnerability.  Say that `v` was actually a pointer.  Now the compiler is constant-propagating a constant.  Probably someone could extract this integer.  I think that we want to actively defend against leaking pointers.

Created attachment 300476 [details]
collect mustHandleValues eagerly

Here's a separate approach where we eagerly keep a side-collection of mustHandleValues. Anything which ends up in tierUpCommon will reconstruct the mustHandleValues for this bytecode, and store them in a hash table which lives on jitCode. I tried to do a few different things (see below).

Neither ai-astar nor imagining-gaussian-blur are exiting.

Here's imaging-gaussian-blur:

Tip of tree:
     CodeBlock      #Instr            Source Counts                     Machine Counts          #Compil  Inlines  #Exits   Last Opts
                                   Base/DFG/FTL/FTLOSR               Base/DFG/FTL/FTLOSR                Src/Total         Get/Put/Call
gaussianBlur#AVtXjn  1335        36827/629333/0/17161183           36827/629333/0/17161183         4       0/0       0       8/0/8
buildKernel#BJnJ58   758                 0/0/0/0                           0/0/0/0                 0       0/0       0        N/A
  <global>#AzIPSP    382                 0/0/0/0                           0/0/0/0                 0       0/0       0        N/A

Snapshot on every entry:

gaussianBlur#AVtXjn  1335       40170/4244885/0/13542113           40170/4244885/0/13542113        4       0/0       0       8/0/8
buildKernel#BJnJ58   758                 0/0/0/0                           0/0/0/0                 0       0/0       0        N/A
  <global>#AzIPSP    382                 0/0/0/0                           0/0/0/0                 0       0/0       0        N/A

Here's ai-astar:


Tip of tree:
      CodeBlock        #Instr            Source Counts                     Machine Counts          #Compil  Inlines  #Exits   Last Opts
                                      Base/DFG/FTL/FTLOSR               Base/DFG/FTL/FTLOSR                Src/Total         Get/Put/Call
 findGraphNode#EBmwVP    83      1223/4263839/2462385/39980673         1223/381831/2462385/0          3       1/3       0       2/0/0
    search#DTtNtq       686          44722/29270/0/228626             44722/3848207/0/39679633        4       0/0       1       33/4/9
removeGraphNode#DqCfaQ  102           8168/64194/0/225518                  8168/35557/0/0             2       1/3       0       3/0/0
    isWall#ESQBmN        21             328/4319/0/7717                     328/2689/0/0              2       1/3       0       1/0/0
   GraphNode#BmXric      86              116/9411/0/0                       116/9411/0/0              2       0/0       0       0/7/0
     init#Ct2Vq3        168               9511/0/0/0                         9511/0/0/0               2       0/0       0       0/4/0
   heuristic#DCkysN     125             374/1472/0/3127                     374/847/0/0               2       1/3       0       6/0/2
   neighbors#CZggLo     349              1335/3531/0/0                     1335/3531/0/0              2       0/0      50       8/0/4
      go#A9jRvV         100                 0/0/0/0                           0/0/0/0                 0       0/0       0        N/A
 getEndingCell#EIKyLA   113                 0/0/0/0                           0/0/0/0                 0       0/0       0        N/A
getStartingCell#DPYZfh  133                 0/0/0/0                           0/0/0/0                 0       0/0       0        N/A
   <global>#CnBI62     311876               0/0/0/0                           0/0/0/0                 0       0/0       0        N/A

Snapshot on every entry:

 findGraphNode#EBmwVP    83      2192/40538040/1801301/4366274         2192/620297/1801301/0          3       1/7       0       2/0/0
    search#DTtNtq       686          36652/228678/0/35763             36652/39611751/0/4329914        8       0/0       1       33/4/9
removeGraphNode#DqCfaQ  102           1441/260938/0/35371                  1441/35700/0/0             2       1/7       0       3/0/0
    isWall#ESQBmN        21             236/11525/0/602                     236/2536/0/0              2       1/7       0       1/0/0
   <global>#CnBI62     311876             9511/0/0/0                         9511/0/0/0               1       0/0       0       0/0/0
   GraphNode#BmXric      86              8805/701/0/0                       8805/701/0/0              2       0/0       0       0/7/0
     init#Ct2Vq3        168               8605/0/0/0                         8605/0/0/0               2       0/0       0       0/4/0
   heuristic#DCkysN     125             280/4465/0/213                      280/837/0/0               2       1/7       0       6/0/2
   neighbors#CZggLo     349              1266/3614/0/0                     1266/3614/0/0              2       0/0      65       8/0/4
getStartingCell#DPYZfh  133                 0/0/0/0                           0/0/0/0                 0       0/0       0        N/A
 getEndingCell#EIKyLA   113                 0/0/0/0                           0/0/0/0                 0       0/0       0        N/A
      go#A9jRvV         100                 0/0/0/0                           0/0/0/0                 0       0/0       0        N/A



Snapshot on every entry that canOSRFromHere (attached patch):

                                           original                    new                                        

ai-astar                                68.971+-0.810      !     122.015+-10.873        ! definitely 1.7691x slower
audio-beat-detection                    30.100+-0.494             29.857+-0.234         
audio-dft                               70.446+-0.501      ?      71.522+-0.954         ? might be 1.0153x slower
audio-fft                               22.214+-1.279             21.557+-0.058           might be 1.0305x faster
audio-oscillator                        44.986+-0.178      ?      45.233+-0.140         ?
imaging-darkroom                        50.246+-0.178      ?      50.995+-1.570         ? might be 1.0149x slower
imaging-desaturate                      46.750+-0.492      ?      46.863+-0.725         ?
imaging-gaussian-blur                   54.106+-0.972      !      85.167+-13.275        ! definitely 1.5741x slower
json-parse-financial                    29.485+-0.062      ^      29.339+-0.049         ^ definitely 1.0050x faster
json-stringify-tinderbox                19.100+-0.076      ?      19.238+-0.089         ?
stanford-crypto-aes                     30.627+-0.137      ?      30.683+-0.146         ?
stanford-crypto-ccm                     28.089+-0.631             26.967+-0.564           might be 1.0416x faster
stanford-crypto-pbkdf2                  93.139+-0.430      ?      94.900+-3.599         ? might be 1.0189x slower
stanford-crypto-sha256-iterative        29.866+-0.079      ?      30.381+-0.875         ? might be 1.0172x slower

<arithmetic>                            44.152+-0.128      !      50.337+-1.148         ! definitely 1.1401x slower


With snapshot refresh every time tierUpEntryTriggers->value is non-zero (not when the threshold causes entry):

                                           original                    new                                        

ai-astar                                68.432+-0.934      !     129.185+-8.533         ! definitely 1.8878x slower
audio-beat-detection                    29.719+-0.078      ?      30.212+-0.435         ? might be 1.0166x slower
audio-dft                               71.023+-0.540             70.820+-0.490         
audio-fft                               21.629+-0.052             21.588+-0.062         
audio-oscillator                        45.109+-0.110      ?      45.236+-0.182         ?
imaging-darkroom                        50.273+-0.223             50.272+-0.220         
imaging-desaturate                      47.295+-0.650      ?      47.364+-0.885         ?
imaging-gaussian-blur                   54.633+-1.209      !      94.046+-13.214        ! definitely 1.7214x slower
json-parse-financial                    29.578+-0.079             29.514+-0.149         
json-stringify-tinderbox                19.259+-0.078             19.145+-0.068         
stanford-crypto-aes                     30.612+-0.113      ?      31.585+-2.217         ? might be 1.0318x slower
stanford-crypto-ccm                     27.001+-0.822             26.943+-0.737         
stanford-crypto-pbkdf2                  94.911+-2.870             93.123+-0.145           might be 1.0192x faster
stanford-crypto-sha256-iterative        30.470+-1.105             30.468+-1.097         

<arithmetic>                            44.282+-0.237      !      51.393+-1.039         ! definitely 1.1606x slower


With snapshot creation only on first entry (not on every trigger, and not when the threshold causes entry):

                                           original                    new                                        

ai-astar                                69.160+-0.928      !     131.462+-13.933        ! definitely 1.9008x slower
audio-beat-detection                    29.831+-0.121      ?      29.856+-0.129         ?
audio-dft                               71.850+-1.703             70.949+-0.512           might be 1.0127x faster
audio-fft                               21.573+-0.047      ?      21.635+-0.072         ?
audio-oscillator                        45.208+-0.140      ?      45.211+-0.128         ?
imaging-darkroom                        50.431+-0.221      ?      50.452+-0.172         ?
imaging-desaturate                      51.604+-9.816             46.967+-0.597           might be 1.0987x faster
imaging-gaussian-blur                   53.568+-1.192      !      88.972+-13.724        ! definitely 1.6609x slower
json-parse-financial                    29.618+-0.087      ^      28.988+-0.102         ^ definitely 1.0217x faster
json-stringify-tinderbox                19.201+-0.096      ^      18.511+-0.101         ^ definitely 1.0373x faster
stanford-crypto-aes                     30.747+-0.260      ?      31.444+-1.533         ? might be 1.0227x slower
stanford-crypto-ccm                     27.170+-0.658      ?      27.527+-0.765         ? might be 1.0131x slower
stanford-crypto-pbkdf2                  93.346+-0.389             93.088+-0.147         
stanford-crypto-sha256-iterative        29.946+-0.084             29.930+-0.103         

<arithmetic>                            44.518+-0.736      !      51.071+-1.430         ! definitely 1.1472x slower

Created attachment 300546 [details]
patch

This patch is perf neutral, and is minimally-disruptive. I think this will stick! 🎉

Created attachment 300547 [details]
Performance results

Of special interest are the kraken results:

Kraken:
   ai-astar                                           68.933+-1.456             68.404+-1.343         
   audio-beat-detection                               29.792+-0.137      ?      29.965+-0.765         ?
   audio-dft                                          71.272+-0.797             70.672+-0.700         
   audio-fft                                          23.429+-2.957             21.546+-0.103           might be 1.0874x faster
   audio-oscillator                                   44.972+-0.203      ?      45.022+-0.296         ?
   imaging-darkroom                                   50.153+-0.296             50.057+-0.407         
   imaging-desaturate                                 46.187+-0.685             46.068+-1.034         
   imaging-gaussian-blur                              54.450+-1.002             53.633+-1.700           might be 1.0152x faster
   json-parse-financial                               30.566+-1.894             28.952+-0.161           might be 1.0557x faster
   json-stringify-tinderbox                           19.054+-0.142      ^      18.637+-0.167         ^ definitely 1.0224x faster
   stanford-crypto-aes                                31.273+-1.453             30.708+-0.460           might be 1.0184x faster
   stanford-crypto-ccm                                28.895+-2.198             27.556+-0.912           might be 1.0486x faster
   stanford-crypto-pbkdf2                             92.832+-0.457      ?      92.892+-0.516         ?
   stanford-crypto-sha256-iterative                   29.809+-0.130      ?      30.369+-1.425         ? might be 1.0188x slower

   <arithmetic>                                       44.401+-0.297             43.892+-0.216           might be 1.0116x faster

Comment on attachment 300546 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=300546&action=review

Seems mostly good to me. Just some questions, some of which may stem from my shallow understanding of this code.

> Source/JavaScriptCore/ChangeLog:23
> +        entering. It therefore makes the trigger a tri-state (0: don't
> +        enter, 1: compilation complete, 2: please compile). Only 2 gets
> +        reset to zero, 1 does not.

Does it get reset to zero if the OSR entry compilation is jettisoned?

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2359
> +    bool triggeredSlowPath = false;

This name confuses me. I think it really means that we want a compilation elsewhere

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2363
> +        case 0:

Maybe it's worth giving these numbers some names in an enum?

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2470
> +        jitCode->dontOptimizeAnytimeSoon(codeBlock);

Why this?

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2479
> +            for (unsigned osrEntryCandidate : tierUpHierarchyEntry->value) {

Don't you want to try to compile the outermost loop first? If so, I think you want to iterate this vector backwards.

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2485
> +                    jitCode->dontOptimizeAnytimeSoon(codeBlock);

Why this?

Fil asked me to check what the FTL compilation is doing to see when we FTL versus FTLOSR compile.

$ VM=./WebKitBuild/Release/ && DYLD_FRAMEWORK_PATH=$VM $VM/jsc ./JSTests/ChakraCore/test/benchmarks/Kraken/ai-astar.js --reportFTLCompileTimes=1

Before my patch:

  Optimized findGraphNode#EBmwVP:[0x10756ac60->0x107569ae0->0x1075b7480, NoneFunctionCall, 83 (DidTryToEnterInLoop)] using FTLMode with FTL into 731 bytes in 18.484423 ms (DFG: 6.894247, B3: 11.590176).
  Optimized search#DTtNtq:[0x10756ae90->0x107568ff0->0x1075b7660, NoneFunctionCall, 686 (DidTryToEnterInLoop)] using FTLForOSREntryMode with FTL into 3318 bytes in 16.226048 ms (DFG: 6.966971, B3: 9.259077).
  Optimized search#DTtNtq:[0x10756b0c0->0x107568ff0->0x1075b7660, NoneFunctionCall, 686 (DidTryToEnterInLoop)] using FTLMode with FTL into 4111 bytes in 16.218263 ms (DFG: 7.276756, B3: 8.941507).


After my patch:

  Optimized GraphNode#BmXric:[0x106568730->0x1065682d0->0x1065b6e40, NoneFunctionConstruct, 86] using FTLMode with FTL into 981 bytes in 1.618677 ms (DFG: 0.628264, B3: 0.990413).
  Optimized findGraphNode#EBmwVP:[0x10656ae90->0x106569d10->0x1065b7480, NoneFunctionCall, 83] using FTLMode with FTL into 731 bytes in 1.043065 ms (DFG: 0.535857, B3: 0.507208).
  Optimized search#DTtNtq:[0x10656b0c0->0x106569220->0x1065b7660, NoneFunctionCall, 686 (DidTryToEnterInLoop)] using FTLForOSREntryMode with FTL into 3433 bytes in 11.175271 ms (DFG: 6.220067, B3: 4.955204).
  Optimized search#DTtNtq:[0x10656b2f0->0x106569220->0x1065b7660, NoneFunctionCall, 686 (DidTryToEnterInLoop)] using FTLMode with FTL into 4261 bytes in 11.527336 ms (DFG: 6.404499, B3: 5.122837).

So search starts with FTLOSR before FTL. The window is between the two (which is where unsetting the trigger was causing perf to tank, because we didn't enter DFG->FTLOSR more than once) is pretty small. Adding more printing, we start FTL and FTLOSR compilations within 0.01 ms of each other, but FTLOSR finishes 0.5 ms earlier. There's just a tiny window, considering the benchmark itself runs for ~160 ms.


Inlining looks like this:

Compilation search#DTtNtq-2-DFG:
    bc#297 --> removeGraphNode#DqCfaQ
    bc#407 --> findGraphNode#EBmwVP
    bc#431 --> isWall#ESQBmN
    bc#475 --> findGraphNode#EBmwVP
    bc#535 --> heuristic#DCkysN
Compilation search#DTtNtq-3-FTLForOSREntry:
    bc#297 --> removeGraphNode#DqCfaQ
    bc#297 --> removeGraphNode#DqCfaQ
    bc#407 --> findGraphNode#EBmwVP
    bc#431 --> isWall#ESQBmN
    bc#475 --> findGraphNode#EBmwVP
    bc#535 --> heuristic#DCkysN

Created attachment 300563 [details]
patch

Patch updated.

> > Source/JavaScriptCore/ChangeLog:23
> > +        entering. It therefore makes the trigger a tri-state (0: don't
> > +        enter, 1: compilation complete, 2: please compile). Only 2 gets
> > +        reset to zero, 1 does not.
> 
> Does it get reset to zero if the OSR entry compilation is jettisoned?

Oh yeah I should mention that!


> > Source/JavaScriptCore/dfg/DFGOperations.cpp:2359
> > +    bool triggeredSlowPath = false;
> 
> This name confuses me. I think it really means that we want a compilation
> elsewhere

True, I renamed it. My refactoring will also make that much clearer.


> > Source/JavaScriptCore/dfg/DFGOperations.cpp:2363
> > +        case 0:
> 
> Maybe it's worth giving these numbers some names in an enum?

Definitely! The refactoring patch did this. I was trying to keep this patch as small as I can (using an enum touches other files). But since it's not changing any behavior I'll add the enum here.


> > Source/JavaScriptCore/dfg/DFGOperations.cpp:2470
> > +        jitCode->dontOptimizeAnytimeSoon(codeBlock);
> 
> Why this?

The idea here is to bump the threshold so that this function's loops stop entering this OSR handling code. We decided than another loop is a good place to optimize, and we've set their trigger accordingly, so they'll come into this OSR handling code, but we don't want the counter to do so as well.


> > Source/JavaScriptCore/dfg/DFGOperations.cpp:2479
> > +            for (unsigned osrEntryCandidate : tierUpHierarchyEntry->value) {
> 
> Don't you want to try to compile the outermost loop first? If so, I think
> you want to iterate this vector backwards.

Correct, that's what yields better perf IIUC, but I'm leaving the old code as-is to not change its behavior. I'm just delaying the compile for correctness, not changing which loop gets compiled (as I did in my refactoring). I'll validate that going the other way is better separately.


> > Source/JavaScriptCore/dfg/DFGOperations.cpp:2485
> > +                    jitCode->dontOptimizeAnytimeSoon(codeBlock);
> 
> Why this?

Same as above.

Comment on attachment 300563 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=300563&action=review

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2470
> +        jitCode->dontOptimizeAnytimeSoon(codeBlock);

This should be optimizeSoon.

> Source/JavaScriptCore/dfg/DFGOperations.cpp:2485
> +                    jitCode->dontOptimizeAnytimeSoon(codeBlock);

This should be optimizeSoon.

Comment on attachment 300563 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=300563&action=review

>> Source/JavaScriptCore/dfg/DFGOperations.cpp:2470
>> +        jitCode->dontOptimizeAnytimeSoon(codeBlock);
> 
> This should be optimizeSoon.

Make that setOptimizationBlahBlah(Deferred)

Created attachment 300574 [details]
patch

As we discussed on IRC I tried the 3 different approaches. setOptimizationThresholdBasedOnCompilationResult is the least different from existing code (it currently compiles and calls that function, we now set the trigger and then we want to back off a bit). The worry Saam expressed was that I was delaying regular FTL compile too much. Benchmarks don't show a difference, but we may just be getting lucky.

This patch calls setOptimizationThresholdBasedOnCompilationResult.

Here are kraken results. I'll compare setOptimizationThresholdBasedOnCompilationResult in a full benchmark run and post those results.

$ run-jsc-benchmarks original:./WebKitBuild/current/jsc dontSoon:./WebKitBuild/dontOptimizeAnytimeSoon/jsc optimizeSoon:./WebKitBuild/optimizeSoon/jsc setBlah:./WebKitBuild/setOptimizationThresholdBasedOnCompilationResult/jsc --kraken --outer 20

                                           original                  dontSoon                optimizeSoon                setBlah               setBlah v. original    

ai-astar                                67.627+-1.053             67.544+-0.798      ?      67.953+-0.978             67.816+-0.893         ?
audio-beat-detection                    29.133+-0.075      ?      29.167+-0.195             29.132+-0.082      ?      29.444+-0.602         ? might be 1.0107x slower
audio-dft                               60.809+-0.943             60.250+-0.500      ?      60.580+-0.707             60.182+-0.612           might be 1.0104x faster
audio-fft                               21.700+-0.663             21.397+-0.116      ?      21.871+-0.689             21.791+-0.882         ?
audio-oscillator                        44.702+-0.137      ?      44.817+-0.178      ?      44.823+-0.352      ?      44.930+-0.291         ?
imaging-darkroom                        50.023+-0.183      ?      50.038+-0.235             49.932+-0.170             49.903+-0.215         
imaging-desaturate                      42.867+-0.705      ?      44.027+-0.812             43.403+-0.818             43.248+-0.686         ?
imaging-gaussian-blur                   53.495+-0.845      ?      53.639+-0.928             53.342+-0.993             52.668+-1.117           might be 1.0157x faster
json-parse-financial                    29.381+-0.133      ^      27.807+-0.093             27.804+-0.128      !      28.143+-0.180         ^ definitely 1.0440x faster
json-stringify-tinderbox                17.856+-0.060      !      18.469+-0.080      ?      18.482+-0.116             18.456+-0.134         ! definitely 1.0336x slower
stanford-crypto-aes                     30.170+-0.145             30.113+-0.180      ?      30.128+-0.187             29.999+-0.192         
stanford-crypto-ccm                     26.464+-0.905      ?      26.932+-0.658      ?      27.611+-1.037             26.562+-0.881         ?
stanford-crypto-pbkdf2                  94.567+-3.453             92.140+-0.546      ?      92.339+-0.588             92.136+-0.507           might be 1.0264x faster
stanford-crypto-sha256-iterative        29.667+-0.616      ?      29.714+-0.638      ?      30.296+-1.051             29.510+-0.134         

<arithmetic>                            42.747+-0.281             42.575+-0.110      ?      42.693+-0.165             42.485+-0.168           might be 1.0062x faster

Comment on attachment 300574 [details]
patch

r=me too

I ran the full benchmark suite. Everything looks perf-neutral, including Sunspider and Octane!

Comment on attachment 300574 [details]
patch

Clearing flags on attachment: 300574

Committed r211658: <http://trac.webkit.org/changeset/211658>

All reviewed patches have been landed.  Closing bug.