Last Comment Bug 722708 - IonMonkey: Handle hoisted bounds check failures better
: IonMonkey: Handle hoisted bounds check failures better
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
-- normal (vote)
: ---
Assigned To: Jan de Mooij [:jandem]
: Jason Orendorff [:jorendorff]
Depends on: 770623
Blocks: IonSpeed 768572
  Show dependency treegraph
Reported: 2012-01-31 07:52 PST by Jan de Mooij [:jandem]
Modified: 2012-07-05 10:22 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

WIP (7.77 KB, patch)
2012-06-12 11:16 PDT, Jan de Mooij [:jandem]
no flags Details | Diff | Splinter Review
Patch (12.84 KB, patch)
2012-07-05 05:09 PDT, Jan de Mooij [:jandem]
dvander: review+
Details | Diff | Splinter Review

Description User image Jan de Mooij [:jandem] 2012-01-31 07:52:17 PST
See bug 722331 comment 3.

If we want to handle this like JM, we could add a new bailout kind and use it for hoisted bounds checks. When we bailout, we can set script->failedBoundsCheck to |true| and invalidate the caller. The next time the script is compiled, we can check this flag to prevent hoisting bounds checks.
Comment 1 User image Jan de Mooij [:jandem] 2012-06-12 11:16:43 PDT
Created attachment 632331 [details] [diff] [review]

This fixes some benchmark problems. More complete patch tomorrow.
Comment 2 User image Jan de Mooij [:jandem] 2012-07-05 05:09:36 PDT
Created attachment 639296 [details] [diff] [review]

If a bounds check fails, recompile and don't optimize bounds checks in the future.

On v8-crypto, with --no-jm, this reduces the number of bailouts caused by bounds checks from > 1100 to 3. Without --no-jm, v8-crypto becomes slower unfortunately, because we use IonMonkey more, which isn't as heavily optimized for am3. The right way forward there is enabling/improving our range analysis so that we don't have to rely on using JM+TI instead of Ion though.
Comment 3 User image Jan de Mooij [:jandem] 2012-07-05 10:22:02 PDT

Note You need to log in before you can comment on or make changes to this bug.