Ignore:
Timestamp:
Dec 18, 2011, 10:36:05 PM (13 years ago)
Author:
[email protected]
Message:

DFG is too sloppy with register allocation
https://bugs.webkit.org/show_bug.cgi?id=74835

Reviewed by Gavin Barraclough.

Added assertions that at the end of a successfully generated basic block,
all use counts should be zero. This revealed a number of bugs:

  • Array length optimizations were turning a must-generate node into one that is not must-generate, but failing to change the ref count accordingly.


  • Indexed property storage optimizations were failing to deref their children, or to deref the indexed property storage node itself. Also, they used the Phantom node as a replacement. But the Phantom node is must-generate, which was causing bizarre issues. So this introduces a Nop node, which should be used in cases where you want a node that is skipped and has no children.


This does not have any significant performance effect, but it should
relieve some register pressure. The main thing this patch adds, though,
are the assertions, which should make it easier to do register allocation
related changes in the future.

  • dfg/DFGAbstractState.cpp:

(JSC::DFG::AbstractState::execute):

  • dfg/DFGGenerationInfo.h:

(JSC::DFG::GenerationInfo::initConstant):
(JSC::DFG::GenerationInfo::initInteger):
(JSC::DFG::GenerationInfo::initJSValue):
(JSC::DFG::GenerationInfo::initCell):
(JSC::DFG::GenerationInfo::initBoolean):
(JSC::DFG::GenerationInfo::initDouble):
(JSC::DFG::GenerationInfo::initStorage):
(JSC::DFG::GenerationInfo::use):

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::clearAndDerefChild1):
(JSC::DFG::Graph::clearAndDerefChild2):
(JSC::DFG::Graph::clearAndDerefChild3):

  • dfg/DFGNode.h:

(JSC::DFG::Node::deref):

  • dfg/DFGPropagator.cpp:

(JSC::DFG::Propagator::propagateNodePredictions):
(JSC::DFG::Propagator::fixupNode):

  • dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

  • dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r103202 r103218  
     12011-12-18  Filip Pizlo  <[email protected]>
     2
     3        DFG is too sloppy with register allocation
     4        https://bugs.webkit.org/show_bug.cgi?id=74835
     5
     6        Reviewed by Gavin Barraclough.
     7       
     8        Added assertions that at the end of a successfully generated basic block,
     9        all use counts should be zero. This revealed a number of bugs:
     10       
     11        - Array length optimizations were turning a must-generate node into one
     12          that is not must-generate, but failing to change the ref count
     13          accordingly.
     14         
     15        - Indexed property storage optimizations were failing to deref their
     16          children, or to deref the indexed property storage node itself. Also,
     17          they used the Phantom node as a replacement. But the Phantom node is
     18          must-generate, which was causing bizarre issues. So this introduces a
     19          Nop node, which should be used in cases where you want a node that is
     20          skipped and has no children.
     21         
     22        This does not have any significant performance effect, but it should
     23        relieve some register pressure. The main thing this patch adds, though,
     24        are the assertions, which should make it easier to do register allocation
     25        related changes in the future.
     26
     27        * dfg/DFGAbstractState.cpp:
     28        (JSC::DFG::AbstractState::execute):
     29        * dfg/DFGGenerationInfo.h:
     30        (JSC::DFG::GenerationInfo::initConstant):
     31        (JSC::DFG::GenerationInfo::initInteger):
     32        (JSC::DFG::GenerationInfo::initJSValue):
     33        (JSC::DFG::GenerationInfo::initCell):
     34        (JSC::DFG::GenerationInfo::initBoolean):
     35        (JSC::DFG::GenerationInfo::initDouble):
     36        (JSC::DFG::GenerationInfo::initStorage):
     37        (JSC::DFG::GenerationInfo::use):
     38        * dfg/DFGGraph.h:
     39        (JSC::DFG::Graph::clearAndDerefChild1):
     40        (JSC::DFG::Graph::clearAndDerefChild2):
     41        (JSC::DFG::Graph::clearAndDerefChild3):
     42        * dfg/DFGNode.h:
     43        (JSC::DFG::Node::deref):
     44        * dfg/DFGPropagator.cpp:
     45        (JSC::DFG::Propagator::propagateNodePredictions):
     46        (JSC::DFG::Propagator::fixupNode):
     47        * dfg/DFGSpeculativeJIT.cpp:
     48        (JSC::DFG::SpeculativeJIT::compile):
     49        * dfg/DFGSpeculativeJIT32_64.cpp:
     50        (JSC::DFG::SpeculativeJIT::compile):
     51        * dfg/DFGSpeculativeJIT64.cpp:
     52        (JSC::DFG::SpeculativeJIT::compile):
     53
    1542011-12-18  Benjamin Poulain  <[email protected]>
    255
Note: See TracChangeset for help on using the changeset viewer.