Closed
Bug 677045
Opened 13 years ago
Closed 13 years ago
IonMonkey: Type analyzer inefficiency with phis
Categories
(Core :: JavaScript Engine, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: dvander, Assigned: dvander)
Details
Attachments
(1 file)
1.84 KB,
patch
|
rpearl
:
review+
|
Details | Diff | Splinter Review |
In the following code: var f = function (y) { var x = y; for (var i = 1; i; i = i + 1) { x = x & i; } return x; } The type analyzer does not recognize that the argument |y| is only ever used as an int32, and places an unbox instruction inside the loop which generates really inefficient code: => 0xf73ed179: cmpl $0xffffff81,0x7c(%esp) => 0xf73ed17e: jne 0xf73ed004 => 0xf73ed184: test %ebp,%ebp => 0xf73ed186: jne 0xf73ed198 => 0xf73ed198: and %ebp,%esi => 0xf73ed19a: add $0x1,%ebp => 0xf73ed1a2: mov %edi,0x7c(%esp) => 0xf73ed1a6: jmp 0xf73ed179 The reason is that the only use |y| is a phi and phis are not propagating observed types.
Assignee | ||
Comment 1•13 years ago
|
||
This patch propagates observed types from phis, and also makes Unbox idempotent. Now we get, for this loop: => 0xf73ed17e: test %esi,%esi => 0xf73ed180: jne 0xf73ed192 => 0xf73ed192: and %esi,%edi => 0xf73ed194: add $0x1,%esi => 0xf73ed197: jmp 0xf73ed17e
Attachment #551281 -
Flags: review?(rpearl)
Updated•13 years ago
|
Attachment #551281 -
Flags: review?(rpearl) → review+
Comment 2•13 years ago
|
||
http://hg.mozilla.org/projects/ionmonkey/rev/c88d2ecb2472
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•