Last Comment Bug 722708 - IonMonkey: Handle hoisted bounds check failures better
: IonMonkey: Handle hoisted bounds check failures better
Status: RESOLVED FIXED
:
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: ---
Assigned To: Jan de Mooij [:jandem]
:
: Jason Orendorff [:jorendorff]
Mentors:
Depends on: 770623
Blocks: IonSpeed 768572
  Show dependency treegraph
 
Reported: 2012-01-31 07:52 PST by Jan de Mooij [:jandem]
Modified: 2012-07-05 10:22 PDT (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
WIP (7.77 KB, patch)
2012-06-12 11:16 PDT, Jan de Mooij [:jandem]
no flags Details | Diff | Splinter Review
Patch (12.84 KB, patch)
2012-07-05 05:09 PDT, Jan de Mooij [:jandem]
dvander: review+
Details | Diff | Splinter Review

Description Jan de Mooij [:jandem] 2012-01-31 07:52:17 PST
See bug 722331 comment 3.

If we want to handle this like JM, we could add a new bailout kind and use it for hoisted bounds checks. When we bailout, we can set script->failedBoundsCheck to |true| and invalidate the caller. The next time the script is compiled, we can check this flag to prevent hoisting bounds checks.
Comment 1 Jan de Mooij [:jandem] 2012-06-12 11:16:43 PDT
Created attachment 632331 [details] [diff] [review]
WIP

This fixes some benchmark problems. More complete patch tomorrow.
Comment 2 Jan de Mooij [:jandem] 2012-07-05 05:09:36 PDT
Created attachment 639296 [details] [diff] [review]
Patch

If a bounds check fails, recompile and don't optimize bounds checks in the future.

On v8-crypto, with --no-jm, this reduces the number of bailouts caused by bounds checks from > 1100 to 3. Without --no-jm, v8-crypto becomes slower unfortunately, because we use IonMonkey more, which isn't as heavily optimized for am3. The right way forward there is enabling/improving our range analysis so that we don't have to rely on using JM+TI instead of Ion though.
Comment 3 Jan de Mooij [:jandem] 2012-07-05 10:22:02 PDT
https://hg.mozilla.org/projects/ionmonkey/rev/df6295d780ed

Note You need to log in before you can comment on or make changes to this bug.