Closed Bug 551339 Opened 14 years ago Closed 13 years ago

JM: soup up JSOP_CALL* PICs to cache the code pointer needed by JSOP_CALL

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 587698

People

(Reporter: luke, Unassigned)

References

Details

Currently, for the sequence:

JSOP_CALL{PROP, NAME, LOCAL, ARG, GVAR}
... push arg
... push arg
JSOP_CALL

the call* op pushes a function which the call op attemps to call.  For inline calls, this means following the chain:

 JSObject -> JSFunction -> JSScript -> code

with logic/branches at each step.  Similarly, for fast natives:

 JSObject -> JSFunction -> JSFastNative

PICs, brought to us by bug 549513, will cache the object that needs to be pushed by the call* ops.  However, AFAIK, for a fixed object in the PIC, the end result of the above sequences, followed by the call op, is also fixed.  Based on this observation, it makes sense to cache the final result needed by call instead of the intermediate object.  Assuming we want to keep the same rough organization of opcodes, this would mean having the call* ops push a code pointer on the stack which should only be observed by the subsequent call op (and perhaps a few other unsavory characters like the disassembler that we will need to educate...).  The end result would be faster inline and fast native calls and less logic in the Jaeger JSOP_CALL stub.
This was subsumed 100x by all the subsequent call ic work.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.