Closed
Bug 632729
Opened 13 years ago
Closed 13 years ago
sweeping native call ic prevents future native call ic formation
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: luke, Assigned: dvander)
Details
(Whiteboard: fixed-in-tracemonkey)
Attachments
(1 file)
|
1.26 KB,
patch
|
dmandelin
:
review+
dmandelin
:
approval2.0+
|
Details | Diff | Splinter Review |
After JITScript::sweepCallICs, swept call ics are left in a state that prevents the creation of future ic stubs. For example, uncommenting 'gc()' in this test:
function f(x) {
for (var i = 0; i < x; ++i)
Math.sin(1);
}
f(4);
// gc();
f(1000000)
produces a 60% slowdown. callgrind confirms that the extra time is spent going through generateNativeStub. Unless I'm missing something pernicious, the fix should be quite simple.
|
Assignee | |
Comment 2•13 years ago
|
||
Nice catch. The inline path starts with a funobj guard. If this guard fails, it can go to either an IC, or to the slow path. The bug is that while sweeping call ICs, we blindly relink this guard to the slow path. We don't have to be so pessimistic.
Attachment #511182 -
Flags: review?(dmandelin)
Attachment #511182 -
Flags: approval2.0?
|
||
Updated•13 years ago
|
Attachment #511182 -
Flags: review?(dmandelin)
Attachment #511182 -
Flags: review+
Attachment #511182 -
Flags: approval2.0?
Attachment #511182 -
Flags: approval2.0+
|
|
Assignee | |
Comment 3•13 years ago
|
||
http://hg.mozilla.org/tracemonkey/rev/641d4c7e217b
Status: NEW → ASSIGNED
Whiteboard: fixed-in-tracemonkey
|
||
Comment 4•13 years ago
|
||
cdleary-bot mozilla-central merge info: http://hg.mozilla.org/mozilla-central/rev/641d4c7e217b
|
|
||
Updated•13 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•