Ignore:
Timestamp:
Sep 18, 2020, 12:34:21 PM (5 years ago)
Author:
[email protected]
Message:

DFG should ensure there are PhantomLocals for the taken block of op_jneq_ptr
https://bugs.webkit.org/show_bug.cgi?id=216669

Reviewed by Saam Barati.

JSTests:

  • stress/jneq-ptr-opcode-variable-only-live-on-taken-branch.js: Added.

(bar):
(foo):

Source/JavaScriptCore:

Right now, if there is a local that is live on the taken branch but dead on
not-taken branch then nothing will preserve it for OSR exit. This patch simply
adds a PhantomLocal for each live operand for the first bytecode of the taken block.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

    r267062 r267255  
    71667166                LAST_OPCODE(op_jneq_ptr);
    71677167            }
     7168
     7169            // We need to phantom any local that is live on the taken block but not live on the not-taken block. i.e. `set of locals
     7170            // live at head of taken` - `set of locals live at head of not-taken`. Otherwise, there are no "uses" to preserve the
     7171            // those locals for OSR after this point. Since computing this precisely is somewhat non-trivial, we instead Phantom
     7172            // everything live at the head of the taken block.
     7173            auto addFlushDirect = [&] (InlineCallFrame* inlineCallFrame, Operand operand) {
     7174                // We don't need to flush anything here since that should be handled by the terminal of the not-taken block.
     7175                UNUSED_PARAM(inlineCallFrame);
     7176                ASSERT_UNUSED(operand, unmapOperand(inlineCallFrame, operand).isArgument() || operand == m_graph.m_codeBlock->scopeRegister());
     7177            };
     7178            auto addPhantomLocalDirect = [&] (InlineCallFrame*, Operand operand) { phantomLocalDirect(operand); };
     7179            // The addPhantomLocalDirect part of flushForTerminal happens to be exactly what we want so let's just call that.
     7180            flushForTerminalImpl(CodeOrigin(BytecodeIndex(m_currentIndex.offset() + relativeOffset), inlineCallFrame()), addFlushDirect, addPhantomLocalDirect);
     7181
    71687182            addToGraph(CheckIsConstant, OpInfo(frozenPointer), child);
    71697183            NEXT_OPCODE(op_jneq_ptr);
Note: See TracChangeset for help on using the changeset viewer.