RESOLVED FIXED 65334
DFG JIT does not have any way of undoing double speculation 
https://bugs.webkit.org/show_bug.cgi?id=65334
Summary DFG JIT does not have any way of undoing double speculation
Filip Pizlo
Reported 2011-07-28 12:15:26 PDT
The DFG JIT may speculate that a value is double if it has no evidence that it is an integer, but it has evidence that it should be a number. But doing so means that integers will turn into doubles. Doubles are less efficient than integers in certain cases, such as for performing GetByVal accesses. The DFG JIT should have some way of undoing double speculation when jumping to non-speculative code - that is, attempting to convert doubles back to integers so as to prevent the non-speculative code does not have to take even deeper slow paths when doing array accesses.
Attachments
the patch (13.31 KB, patch)
2011-07-28 12:19 PDT, Filip Pizlo 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2011-07-28 12:19:26 PDT
Created attachment 102284 [details] the patch
WebKit Review Bot
Comment 2 2011-07-29 15:40:17 PDT
Comment on attachment 102284 [details] the patch Clearing flags on attachment: 102284 Committed r92024: <http://trac.webkit.org/changeset/92024>
WebKit Review Bot
Comment 3 2011-07-29 15:40:21 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.