588993 - JM: lazify fp->savedPC for scripted -> scripted calls

Status: RESOLVED FIXED

(Core :: JavaScript Engine, enhancement)

Description

[Brian Hackett [Laid off!]]

savedPC is written for the caller frame at each scripted call.  Instead, it could be computed lazily from the callee frame's ncode (return address).  This could be done as follows:

- When figuring out the savedPC for a frame, find its upframe first.  Worst case this is a stack walk, but it looks from the code that when savedPC is accessed it's usually doing a stack walk anyways.

- Make sure possible values for fp->ncode are all in the script's inline buffer.  This can be done even with scripted call MICs, but needs calls/returns to be implemented as jumps (see bug 587707).

- Binary search either the caller's script->nmap or script->mics or script->callSites for the PC corresponding to the callee's ncode.  Since these vectors are built in the same order as the inline code is generated, this search is possible.

This is slower laziness than that for other JSStackFrame fields, but near as I can tell the savedPC is only used for debugging and exception handling code (building stack traces and so forth).

Comment 1

[Brendan Eich [:brendan]]

This is the way to go -- the debugger and exception paths can take the heat. Any bytecode inspection from a hot native should be doing something else, and I trust is doing something else due to TM not having frames for inlined calls already.

/be