Bug 168140

Summary: Object allocation sinking phase doesn't properly handle control flow when emitting a PutHint of a materialized object into a PromotedHeapLocation of a still sunken object
Product: WebKit Reporter: Saam Barati <saam>
Component: JavaScriptCoreAssignee: Saam Barati <saam>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, fpizlo, ggaren, gskachkov, jfbastien, keith_miller, mark.lam, msaboff, oliver, ticaiolima, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch
fpizlo: review+
patch for landing none

Saam Barati
Reported 2017-02-10 11:58:38 PST
For example, if you have a control flow diamond, where we materialize along both sides of the diamond, we will emit PutHints along both sides. But we won't emit a PutHint if the Phi of the two materializations at the join point.
Attachments
patch (17.12 KB, patch)
2017-02-10 18:44 PST, Saam Barati 		fpizlo: review+
DetailsFormatted DiffDiff
patch for landing (17.29 KB, patch)
2017-02-10 18:55 PST, Saam Barati 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Saam Barati
Comment 1 2017-02-10 15:33:38 PST
An example program: What ToT produces ``` bb#0: b: PhantomActivation() a: PhantomNewFunction() c: PutHint(@a, @b, ActivationLoc) Branch(#1, #2) bb#1: d: MaterializeActivation() e: PutHint(@a, @d, ActivationLoc) f: Upsilon(@d, ^p) Jump(#3) bb#2: g: MaterializeActivation() h: PutHint(@a, @g, ActivationLoc) i: Upsilon(@d, ^p) Jump(#3) bb#3: p: Phi() // What is PromotedHeapLocation(@a, ActivationLoc) here? // What would we do if we exited? // We need to do is PutHint the Phi. ``` What we should produce as IR is: ``` bb#0: b: PhantomActivation() a: PhantomNewFunction() c: PutHint(@a, @b, ActivationLoc) Branch(#1, #2) bb#1: d: MaterializeActivation() e: PutHint(@a, @d, ActivationLoc) f: Upsilon(@d, ^p) Jump(#3) bb#2: g: MaterializeActivation() h: PutHint(@a, @g, ActivationLoc) i: Upsilon(@d, ^p) Jump(#3) bb#3: p: Phi() j: PutHint(@a, @p, ActivationLoc) ```
Saam Barati
Comment 2 2017-02-10 17:46:08 PST
<rdar://problem/30205880>
Saam Barati
Comment 3 2017-02-10 18:44:36 PST
Created attachment 301233 [details] patch
Saam Barati
Comment 4 2017-02-10 18:55:10 PST
Created attachment 301235 [details] patch for landing
WebKit Commit Bot
Comment 5 2017-02-10 20:06:41 PST
Comment on attachment 301235 [details] patch for landing Clearing flags on attachment: 301235 Committed r212177: <http://trac.webkit.org/changeset/212177>
WebKit Commit Bot
Comment 6 2017-02-10 20:06:46 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.