Diff - 7f2d2345581b548ef0fbb9ec149ca986b9cf4bfc^! - WebKit

commit	7f2d2345581b548ef0fbb9ec149ca986b9cf4bfc	[log] [tgz]
author	fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Wed Sep 14 23:00:26 2011 +0000
committer	fpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>	Wed Sep 14 23:00:26 2011 +0000
tree	6f257457b7596da09557fc5dbcf3da647e0416e7
parent	1a446c7af8716930440dc6cc4ef1d363c84417ba [diff] [blame]

Tiered compilation heuristics do not account for value profile fullness
https://bugs.webkit.org/show_bug.cgi?id=68116

Reviewed by Oliver Hunt.
        
Tiered compilation avoids invoking the DFG JIT if it finds that value
profiles contain insufficient information. Instead, it produces a
prediction from the current value profile, and then clears the value
profile. This allows the value profile to heat up from scratch for
some number of additional executions. The new profiles will then be
merged with the previous prediction. Once the amount of information
in predictions is enough according to heuristics in CodeBlock.cpp,
DFG optimization is allowed to proceed.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.pro:
* JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.vcproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/CodeBlock.cpp:
(JSC::CodeBlock::CodeBlock):
(JSC::CodeBlock::~CodeBlock):
(JSC::CodeBlock::visitAggregate):
(JSC::CodeBlock::visitWeakReferences):
(JSC::CodeBlock::shouldOptimizeNow):
(JSC::CodeBlock::dumpValueProfiles):
* bytecode/CodeBlock.h:
* bytecode/PredictedType.cpp:
(JSC::predictionToString):
* bytecode/PredictedType.h:
* bytecode/ValueProfile.cpp: Added.
(JSC::ValueProfile::computeStatistics):
(JSC::ValueProfile::computeUpdatedPrediction):
* bytecode/ValueProfile.h:
(JSC::ValueProfile::ValueProfile):
(JSC::ValueProfile::classInfo):
(JSC::ValueProfile::numberOfSamples):
(JSC::ValueProfile::totalNumberOfSamples):
(JSC::ValueProfile::isLive):
(JSC::ValueProfile::numberOfInt32s):
(JSC::ValueProfile::numberOfDoubles):
(JSC::ValueProfile::numberOfBooleans):
(JSC::ValueProfile::dump):
(JSC::getValueProfileBytecodeOffset):
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::stronglyPredict):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::predictArgumentTypes):
* dfg/DFGJITCompiler.cpp:
(JSC::DFG::JITCompiler::exitSpeculativeWithOSR):
(JSC::DFG::JITCompiler::jumpFromSpeculativeToNonSpeculative):
* jit/JIT.cpp:
(JSC::JIT::emitOptimizationCheck):
* jit/JITInlineMethods.h:
(JSC::JIT::emitValueProfilingSite):
* jit/JITStubs.cpp:
(JSC::DEFINE_STUB_FUNCTION):



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95134 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/jit/JITInlineMethods.h b/Source/JavaScriptCore/jit/JITInlineMethods.h
index 965d984..e4627d3 100644
--- a/Source/JavaScriptCore/jit/JITInlineMethods.h
+++ b/Source/JavaScriptCore/jit/JITInlineMethods.h

@@ -456,7 +456,7 @@
     else
         add32(Imm32(3), bucketCounterRegister);
     and32(Imm32(ValueProfile::bucketIndexMask), bucketCounterRegister);
-    move(ImmPtr(valueProfile->buckets), scratch);
+    move(ImmPtr(valueProfile->m_buckets), scratch);
     storePtr(value, BaseIndex(scratch, bucketCounterRegister, TimesEight));
 }
 #endif