Closed
Bug 722708
Opened 12 years ago
Closed 12 years ago
IonMonkey: Handle hoisted bounds check failures better
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: jandem, Assigned: jandem)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 1 obsolete file)
12.84 KB,
patch
|
dvander
:
review+
|
Details | Diff | Splinter Review |
See bug 722331 comment 3. If we want to handle this like JM, we could add a new bailout kind and use it for hoisted bounds checks. When we bailout, we can set script->failedBoundsCheck to |true| and invalidate the caller. The next time the script is compiled, we can check this flag to prevent hoisting bounds checks.
Assignee | ||
Comment 1•12 years ago
|
||
This fixes some benchmark problems. More complete patch tomorrow.
Assignee: general → jdemooij
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•12 years ago
|
||
If a bounds check fails, recompile and don't optimize bounds checks in the future. On v8-crypto, with --no-jm, this reduces the number of bailouts caused by bounds checks from > 1100 to 3. Without --no-jm, v8-crypto becomes slower unfortunately, because we use IonMonkey more, which isn't as heavily optimized for am3. The right way forward there is enabling/improving our range analysis so that we don't have to rely on using JM+TI instead of Ion though.
Attachment #632331 -
Attachment is obsolete: true
Attachment #639296 -
Flags: review?(dvander)
Updated•12 years ago
|
Attachment #639296 -
Flags: review?(dvander) → review+
Assignee | ||
Comment 3•12 years ago
|
||
https://hg.mozilla.org/projects/ionmonkey/rev/df6295d780ed
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•