New issue
Advanced search Search tips

Issue 8561 link

Starred by 2 users

Issue metadata

Status: Available
Owner:
Cc:
HW: All
NextAction: ----
OS: All
Priority: ----
Type: Bug



Sign in to add a comment

Unexpected KeyedLoadICTrampoline_Megamorphic

Project Member Reported by mathiasb@google.com, Dec 7

Issue description

Consider the following program:

```js
var iterations = 1000;

function Primes() {
  this.prime_count = 0;
  this.primes = new Array(iterations);
  this.getPrimeCount = function() { return this.prime_count; }
  this.getPrime = function(i) { return this.primes[i]; }
  this.addPrime = function(i) {
    this.primes[this.prime_count++] = i;
  }
  this.isPrimeDivisible = function(candidate) {
    for (var i = 1; i <= this.prime_count; ++i) { // out-of-bounds
      if ((candidate % this.primes[i]) == 0) return true;
    }
    return false;
  }
};

function main() {
  var p = new Primes();
  var c = 1;
  while (p.getPrimeCount() < iterations) {
    if (!p.isPrimeDivisible(c)) {
      p.addPrime(c);
    }
    c++;
  }
  console.log(p.getPrime(p.getPrimeCount() - 1));
}

main();
```

The keyed load IC for `this.primes[i]` in `isPrimeDivisible` goes megamorphic. That seems unexpected.
 
Cc: ishell@chromium.org bmeu...@chromium.org verwa...@chromium.org
Labels: Performance HW-All OS-All
Status: Available (was: Untriaged)
For context, this came up while investigating https://stackoverflow.com/q/53643962/96656.

Comment 3 Deleted

Actually seems like it was previously only supported for stores and Benedikt added partial support for loads. So I presume we just never supported it?

Sign in to add a comment