[v8-dev] Unnecessary Check Bounds

Sun, 03 Apr 2016 01:39:07 -0700 

Hi,


I have an important question about check bounds. Why, in some very clear 
cases, V8 put the instruction to obtain the length of the array out of the 
loop, but the check bounds is still inside? (I refer the scenarios when the 
loop control variable is clear to be incremented by 1 at each loop 
iteration and it is not manipulated by no function)



I put an example to clarify it:

Given this JS function from Kraken suite:

1    findGraphNode = function(node) {    
2        for(var i=0;i<this.length;i++) {        
3            if(this[i].position == node.position) { 
4                return true; 
5            }    
6        }   
7         return false;
8    }


The optimized generated x86 code is the following:

I1    movq rax, this        // load this
I2    test rax, 1            // check non-smi
I3    jz code_deoptimization    // check non-smi
I4    movq r10, nodeList        // check maps
I5    cmpq (rax-1), r10        // check maps
I6    jnz code_deoptimization    // check maps
I7    movl rbx, (rax+27)        // load elements length
I8    movq rdx,(rax+15)        // load elements array 
I9    movq rcx, (rbp+16)         // load node
I10    testb rcx, 1            // check non-smi
I11    jz code_deoptimization     // check non-smi
I12    movq r10, GraphNode         // check maps
I13    cmpq (rcx-1), r10        // check maps
I14    jnz code_deoptimization    // check maps
I15    movq rsi,(rcx+47)        // load node.position
loop:
I16    cmpl rdi, rbx         // compare i to this.length
I17    jge return_false        // node not found: return false
I18    cmpq rsp, (stack_limit)     // check stack
I19    jc external_exception    // check stack
I20    cmpl rbx,rdi            // check bounds
I21    jna code_deoptimization    // check bounds
I22    movq r8, (rdx+rdi*8)        // load this[i]
I23    testb r8, 1            // check non-smi
I24    jz code_deoptimization    // check non-smi
I25    movq r10, GraphNode        // check maps
I26    cmpq (r8-1), r10        // check maps
I27    jnz code_deoptimization     // check maps
I28    movq r9,(r8+47)        // load this[i].position
I29    cmpq r9,rsi            // compare this[i].position to node.position 
I30    jz return_true        //  node found: return true
I31    addl rdi,0x1                // i++
I32    jmp loop            // loop back edge


So, Why check bounds can not be put out of the loop? You can put a check 
bounds out of the loop and compare it with this.length variable directly...

Thanks in Avdance

-- 
-- 
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups 
"v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to