Closed Bug 562793 Opened 14 years ago Closed 11 years ago

JM: PICs need to handle disabled property cache

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: dmandelin, Unassigned)

References

Details

The property cache can get disabled if we run out of shapes, which the PICs don't currently check for. I think bug 558451 would fix this problem, if it also allowed us to guard on scope/proptreenode pointers instead of shape numbers.

Alternatively, if we do have to handle this case directly, it seems like we should not create PIC stubs if the property cache is disabled. I think we also need to purge all PICs (which we do already on GC, so it is not hard) when the property cache becomes disabled.
Bug 558451 kept 32-bit (24-bit, really) shape identifiers. This bug should not block on that bug. If we want to use js::Shape pointers, we need a new bug (or just use this one), but it isn't clearly worth it.

The generation number approach lets us avoid allocation Shapes unpredictably and it is as fast to load the shape id from the object now, as it is to get the Shape pointer from the object.

More analysis needed, but what needs to happen in JM if we stick with shape ids instead of pointers?

/be
No longer depends on: 558451
I think the solution in comment #0 works - the ICs should check and not generate stubs, and we should purge ICs at the overflow.
JM removed.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.