Questions on Side Effects of Large Loops

[Sharad Khanna]

Hello,

My name is Sharad and I'm a student at RIT studying the v8 engine in my free time along with some friends. Me and my peers have a few questions on some weird side effects and implementation details. 

We have a few questions regarding the following code:

foo = () => {
for (let i = 0; i < 0x10000; i++) {
}

var doubleArr = [1.1, 2.2, 3.3, 4.4];
}

The key issue we're facing is that when we remove the loop, the elements lie address-wise before the object itself. On the other hand, if we include the loop, the array lies address-wise after the object. We believe this is because of the fact that the for loop optimizes a portion of foo which introduces some changes.

However based on our observations of the maglev graph, we understand the doubleArr portion of the code to be a deopt point and accordingly be handled in ignition. This behavior indicates that both loop and non-loop cases are being handled in ignition. It is unclear to us why the introduction of a loop results in these changes. What could be causing this discrepancy and where can we find it? Could it be due to the existence of a feedback vector?

Thanks,
Sharad

[Marja Hölttä]

Hi Sharad,

Your observation seems legit. It must be because the loop makes us OSR into the optimized version of foo. And we do deopt right after, as you've noticed. So at some point, there's a branch that goes one way if we don't have the loop, and the other way if we do. And you'll need to find where that branch is. I'd start by putting debug prints into the bytecode handler where the doubleArr stuff is handled after we deopt. You can use

Print(some_obj);
and

Print("stuff");

in the bytecode handlers.

In addition, if the branch you're looking for was in optimized code, you could do --print-code --print-maglev-code --no-debug-code, then use gdb to break in the optimized code and inspect it that way. (But now it looks like the branch you're looking for is not in optimized code.)

- Marja

--
--
v8-dev mailing list
v8-...@googlegroups.com
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to v8-dev+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/v8-dev/9e77bb1f-1662-45e7-beb1-302547cd4b57n%40googlegroups.com.

--

Google Germany GmbH

Erika-Mann-Straße 33

80636 München

Geschäftsführer: Paul Manicle, Liana Sebastian.

Registergericht und -nummer: Hamburg, HRB 86891

Sitz der Gesellschaft: Hamburg

Diese E-Mail ist vertraulich. Falls sie diese fälschlicherweise erhalten haben sollten, leiten Sie diese bitte nicht an jemand anderes weiter, löschen Sie alle Kopien und Anhänge davon und lassen Sie mich bitte wissen, dass die E-Mail an die falsche Person gesendet wurde.

    

This e-mail is confidential. If you received this communication by mistake, please don't forward it to anyone else, please erase all copies and attachments, and please let me know that it has gone to the wrong person.