WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
28294
Devirtualise marking
https://bugs.webkit.org/show_bug.cgi?id=28294
Summary
Devirtualise marking
Oliver Hunt
Reported
2009-08-13 22:07:52 PDT
Marking currently uses virtual methods, but in the general case these virtual calls are unnecessary and can be elided.
Attachments
Patch v1
(28.99 KB, patch)
2009-08-13 22:14 PDT
,
Oliver Hunt
mjs
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Oliver Hunt
Comment 1
2009-08-13 22:14:51 PDT
Created
attachment 34809
[details]
Patch v1
Maciej Stachowiak
Comment 2
2009-08-13 22:19:29 PDT
Comment on
attachment 34809
[details]
Patch v1 r=me but consider reformatting the long inline method definitions as suggested.
Oliver Hunt
Comment 3
2009-08-13 22:35:48 PDT
Committed
r47267
Gabor Loki
Comment 4
2009-08-18 06:07:09 PDT
It looks like this patch breaks the ARM JIT port at
r47269
with ENABLE_YARR=1 ENABLE_YARR_JIT=1 ENABLE_JIT=1 WTF_USE_JSVALUE32=1. There is a regression at JavaScriptCore/tests/mozilla/ecma/Array/15.4.4.4-1.js . The GDB backtrace says: #0 JSC::JSValue::isGetterSetter (this=0x4007ea4c) at JavaScriptCore/runtime/JSCell.h:186 #1 callDefaultValueFunction (exec=0x426a004c, object=0x428b2660, propertyName=@0x2e4320) at JavaScriptCore/runtime/JSObject.cpp:218 #2 JSC::JSObject::defaultValue (this=0x428b2660, exec=0x426a004c, hint=JSC::NoPreference) at JavaScriptCore/runtime/JSObject.cpp:245 #3 JSC::JSObject::toPrimitive (this=0x428b2660, exec=0x426a004c, preferredType=JSC::NoPreference) at JavaScriptCore/runtime/JSObject.h:538 #4 JSC::JSValue::toPrimitive (this=0x4007eae8, exec=0x426a004c, preferredType=JSC::NoPreference) at JavaScriptCore/runtime/JSCell.h:261 #5 cti_op_to_primitive (args=0x4007eb04) at JavaScriptCore/jit/JITStubs.cpp:2786 #6 ctiTrampoline () Do you have any hint or thought how to fix it?
Gabor Loki
Comment 5
2009-08-19 07:45:23 PDT
The bug can be reproduced on ARM with interpreter and jit as well. The situation is the same with debug and with release mode also. Does iPhone run correctly?
Oliver Hunt
Comment 6
2009-08-19 10:45:51 PDT
(In reply to
comment #5
)
> The bug can be reproduced on ARM with interpreter and jit as well. The > situation is the same with debug and with release mode also. Does iPhone run > correctly?
I just did a trivial amount of debugging myself, and forced JSVALUE_32 on x86 and this crash occurred. Given that's the only substantive difference between ARM and x86 build settings that seems obvious and demonstrates the bug.
Oliver Hunt
Comment 7
2009-08-19 13:08:42 PDT
JSVALUE32 fix landed in
r47522
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug