Bug 186721

Summary: [DFG] Reduce OSRExit for Kraken/crypto-aes due to CoW array
Product: WebKit Reporter: Yusuke Suzuki <ysuzuki>
Component: New BugsAssignee: Yusuke Suzuki <ysuzuki>
Status: RESOLVED FIXED    
Severity: Normal CC: ews-watchlist, guijemont, keith_miller, mark.lam, msaboff, saam, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch keith_miller: review+

Description Yusuke Suzuki 2018-06-16 08:17:36 PDT 
[DFG] Reduce OSRExit for Kraken/crypto-aes due to CoW array
Comment 1 Yusuke Suzuki 2018-06-16 08:22:37 PDT 
Created attachment 342879 [details]
Patch
Comment 2 Yusuke Suzuki 2018-06-16 08:43:15 PDT 
Created attachment 342880 [details]
Patch
Comment 3 Keith Miller 2018-06-16 09:29:35 PDT 
Comment on attachment 342880 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=342880&action=review

r=me.

> Source/JavaScriptCore/runtime/CommonSlowPaths.cpp:1166
> +    ArrayAllocationProfile::updateLastAllocationFor(profile, result);

Ha, whoops! I think I removed that to test something and forgot to put it back later...
Comment 4 Yusuke Suzuki 2018-06-16 09:33:31 PDT 
Comment on attachment 342880 [details]
Patch

Yeah, we still have one more OSRExit, which is caused by Array#slice lookup. Personally, I think this can be fixed Fil's CreateThis's GetById extension, but idk.
Comment 5 Yusuke Suzuki 2018-06-16 09:34:03 PDT 
Committed r232904: <https://trac.webkit.org/changeset/232904>
Comment 6 Radar WebKit Bug Importer 2018-06-16 09:35:18 PDT 
<rdar://problem/41187936>
Comment 7 Guillaume Emont 2018-06-20 06:40:10 PDT 
Since this change, stress/cow-convert-double-to-contiguous.js and stress/cow-convert-int32-to-contiguous.js fail on all 32-bit platforms. I'm trying to understand why.