Bug 108580

Summary: DFG::CFGSimplificationPhase::keepOperandAlive() conflates liveness and availability
Product: WebKit Reporter: Filip Pizlo <fpizlo>
Component: JavaScriptCoreAssignee: Filip Pizlo <fpizlo>
Status: RESOLVED FIXED    
Severity: Normal CC: barraclough, ggaren, mark.lam, mhahnenberg, msaboff, oliver, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
the patch oliver: review+

Description Filip Pizlo 2013-01-31 22:01:37 PST 
This is a harmless bug in that it only results in us keeping a bit too many things for OSR.  But it's worth fixing so that the code is consistent.

keepOperandAlive() is called when block A has a branch to blocks B and C, but the A->B edge is proven to never be taken and we want to optimize the code to have A unconditionally jump to C.  In that case, for the purposes of OSR, we need to preserve the knowledge that the state that B expected to be live incoming from A ought still to be live up to the point of where the A->B,C branch used to be.  The way we keep things alive is by using the variablesAtTail of A (i.e., we use the knowledge of in what manner A made state available to B and C).  The way we choose which state should be kept alive ought to be chosen by the variablesAtHead of B (i.e. the things B says it needs from its predecessors, including A), except that keepOperandAlive() was previously just using variablesAtTail of A for this purpose.
Comment 1 Filip Pizlo 2013-01-31 22:04:35 PST 
Created attachment 185943 [details]
the patch
Comment 2 Filip Pizlo 2013-01-31 23:43:28 PST 
Landed in http://trac.webkit.org/changeset/141544