Open
Bug 1353384
Opened 9 years ago
Updated 1 year ago
Optimize GetName TypeOfNoProperty
Categories
(Core :: JavaScript Engine: JIT, enhancement, P3)
Core
JavaScript Engine: JIT
Tracking
()
NEW
| Performance Impact | low |
People
(Reporter: jandem, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: perf)
Attachments
(1 file)
|
425 bytes,
text/html
|
Details |
If we have |typeof x| and x does not exist, we attach an IC stub that guards on the environment objects but it also has to guard the global's proto chain.
Unfortunately this is annoying because in the browser we have the GSP proxy on the prototype chain and we would need some way to guard it doesn't have the property.
We should probably fix this before converting this code to CacheIR (bug 1326437) as it will also affect Baseline then.
|
Reporter | |
Comment 1•9 years ago
|
||
This prints "Fail" (I get "Pass" with Ion disabled).
|
|
Reporter | |
Comment 2•9 years ago
|
||
Boris, any thoughts on how we can deal with the GSP/WindowNamedPropertiesHandler proxy? Can we do something similar to the other DOM proxies?
Flags: needinfo?(bzbarsky)
|
||
Comment 3•9 years ago
|
||
Hmm. So this one is different from other DOM proxies in various ways. It has different slot layout, no expando, etc.
But I guess the real question is whether we could give it a concept of "shape" or "generation" or something like that, right? Something that the JIT could then guard on. It seems like we should be able to do that, generally speaking, either as an ExpandoAndGeneration pointer (with an undefined expando in all cases) or a direct counter in a PrivateValue (which would presumably need to count by 2 to make sense in that case, right?). I assume we do want this thing somewhere where the jit can reach it via slots.
We'd also need the JIT to recognize this specific proxy handler, I guess.
Flags: needinfo?(bzbarsky)
|
|
Reporter | |
Comment 4•9 years ago
|
||
@bz: thanks. Yes we need a generation field for this I suppose... We could then also use this to optimize |window.missingProp|. It would be nice if we could share the ExpandoAndGeneration code.
Tom and I talked about this yesterday and for now it seems best to remove this (buggy) optimization as part of the CacheIR conversion in bug 1326437. That unblocks bug 1326437 and we can then use this bug to add it back with the correct guards.
|
|
||
Updated•9 years ago
|
Whiteboard: [qf]
|
||
Updated•9 years ago
|
Priority: -- → P3
|
|
||
Updated•9 years ago
|
Whiteboard: [qf] → [qf:p3]
|
||
Updated•4 years ago
|
Performance Impact: --- → P3
Whiteboard: [qf:p3]
|
||
Updated•3 years ago
|
Severity: normal → S3
|
||
Comment 5•1 year ago
|
||
This testcase nowp prints "True" for me on the latest Nightly? Close as WFM?
Flags: needinfo?(jdemooij)
|
||
Comment 6•1 year ago
|
||
The testcase was designed to point out a problem with the naive version of this optimization, which is why we don't currently have it.
It is still the case that if you have if (typeof foo !== "undefined"), and foo does not exist, then we don't have any CacheIR support for the missing property. If the code is in a hot loop, then we will end up hitting the fallback stub in Ion. In that sense, it would be nice to implement this.
On the other hand, I don't think I've ever seen a profile where IonGetNameIC:update was hot, so this might not be a pressing issue in real code.
Flags: needinfo?(jdemooij)
You need to log in
before you can comment on or make changes to this bug.
Description
•