Skip to site navigation (Press enter)

[webkit-changes] [131268] trunk/Source/JavaScriptCore

fpizlo Sun, 14 Oct 2012 12:41:03 -0700

Title: [131268] trunk/Source/_javascript_Core

Revision: 131268
Author: [email protected]
Date: 2012-10-14 12:42:17 -0700 (Sun, 14 Oct 2012)

Log Message

Array length array profiling is broken in the baseline JIT
https://bugs.webkit.org/show_bug.cgi?id=99258


Reviewed by Oliver Hunt.

The code generator for array length stubs calls into
emitArrayProfilingSiteForBytecodeIndex(), which emits profiling only if
canBeOptimized() returns true. But m_canBeOptimized is only initialized during
full method compiles, so in a stub compile it may (or may not) be false, meaning
that we may, or may not, get meaningful profiling info.
        
This appeared to not affect too many programs since the LLInt has good array
length array profiling.

* jit/JIT.h:
(JSC::JIT::compilePatchGetArrayLength):

Modified Paths

trunk/Source/_javascript_Core/ChangeLog
trunk/Source/_javascript_Core/jit/JIT.h

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (131267 => 131268)


--- trunk/Source/_javascript_Core/ChangeLog	2012-10-14 16:22:49 UTC (rev 131267)
+++ trunk/Source/_javascript_Core/ChangeLog	2012-10-14 19:42:17 UTC (rev 131268)
@@ -1,3 +1,22 @@
+2012-10-13  Filip Pizlo  <[email protected]>
+
+        Array length array profiling is broken in the baseline JIT
+        https://bugs.webkit.org/show_bug.cgi?id=99258
+
+        Reviewed by Oliver Hunt.
+
+        The code generator for array length stubs calls into
+        emitArrayProfilingSiteForBytecodeIndex(), which emits profiling only if
+        canBeOptimized() returns true. But m_canBeOptimized is only initialized during
+        full method compiles, so in a stub compile it may (or may not) be false, meaning
+        that we may, or may not, get meaningful profiling info.
+        
+        This appeared to not affect too many programs since the LLInt has good array
+        length array profiling.
+
+        * jit/JIT.h:
+        (JSC::JIT::compilePatchGetArrayLength):
+
 2012-10-14  Patrick Gansterer  <[email protected]>
 
         Build fix for WinCE after r131089.

Modified: trunk/Source/_javascript_Core/jit/JIT.h (131267 => 131268)


--- trunk/Source/_javascript_Core/jit/JIT.h	2012-10-14 16:22:49 UTC (rev 131267)
+++ trunk/Source/_javascript_Core/jit/JIT.h	2012-10-14 19:42:17 UTC (rev 131268)
@@ -412,6 +412,10 @@
         static void compilePatchGetArrayLength(JSGlobalData* globalData, CodeBlock* codeBlock, ReturnAddressPtr returnAddress)
         {
             JIT jit(globalData, codeBlock);
+#if ENABLE(DFG_JIT)
+            // Force profiling to be enabled during stub generation.
+            jit.m_canBeOptimized = true;
+#endif // ENABLE(DFG_JIT)
             return jit.privateCompilePatchGetArrayLength(returnAddress);
         }

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes