Open Bug 758307 Opened 13 years ago Updated 2 years ago

IonMonkey: Handle big overflow of arguments.

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Version:
Other Branch
Platform:
x86_64
Linux
Type:
defect

Tracking

()

People

(Reporter: nbp, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [ion:t])

Bug 735406 is planning to implement JSOP_ARGUMENTS and have a slow implementation of arguments.length. The goal of this bug is to provide an alternative implementation for arguments.length which can be way more faster and might be critical for small overflow of arguments such as: function f() { var x = []; for (var i = 0; i < arguments.length; i++) x[i] = arguments[i]; return x; } try{}catch(e){}; for (var j = 0; j < 10000; j++) f(1); One Possible implementations is to pack the number of arguments in the frame descriptor: 21098765432109876543210987654321 ssssssssssssssssssssaaaaaaaaottt To avoid slowdown of frame iterations (for GC), we need to keep the frame size "s" and the frame type "t" easily reachable, such as a logical shift and a mask. The number of arguments "a" can be packed in the middle with an extra flag "o" used to report overflow when the number of argument cannot be stored in the descriptor. In such cases, we may want to allocate some extra space out of the stack to store the full set of arguments and only use the stack to store the formal arguments for the next JS frame. Another option would be to limit the number of overflow arguments and avoid compiling functions with large immediate overflow of arguments because these are costly in terms of snapshots and in terms of register allocation. Still, we want to keep such flag for when entering a function with a huge overflow of arguments and for the fun.apply where the number of arguments can easily overflow and take too much space on the stack.
Depends on: 759442
The current implementation of the argument length consist of pushing the number of actual arguments on the stack, before the calleeToken. The current implementation does not support big overflow of arguments, and to avoid overflowing the stack with series of call having thousands of arguments we limit the number before entering Ion code. This feature is important for passing arguments from one function to another and for the inlining of fun.apply(self, object) where object can be a big array, which lead us to handle big argument vectors.
Summary: IonMonkey: Optimize arguments.length. → IonMonkey: Handle big overflow of arguments.
Whiteboard: [ion:t]
Assignee: general → nobody
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.