Bug 198520

Summary: Argument elimination should check transitive dependents for interference
Product: WebKit Reporter: Tadeu Zagallo <tzagallo>
Component: JavaScriptCoreAssignee: Tadeu Zagallo <tzagallo>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, fpizlo, keith_miller, mark.lam, msaboff, rmorisset, saam, webkit-bug-importer, wuninsu, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch for landing none

Description Tadeu Zagallo 2019-06-04 02:07:02 PDT 
<rdar://problem/50863343>
Comment 1 Tadeu Zagallo 2019-06-04 02:10:30 PDT 
Created attachment 371256 [details]
Patch
Comment 2 Saam Barati 2019-06-04 10:22:04 PDT 
Comment on attachment 371256 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=371256&action=review

LGTM too, just one question

> Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp:609
> +                            if (node == candidate && inlineCallFrame == candidate->origin.semantic.inlineCallFrame())

Why this? Why not just break unconditionally when finding the candidate like before?
Comment 3 Tadeu Zagallo 2019-06-04 10:23:52 PDT 
Comment on attachment 371256 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=371256&action=review

>> Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp:609
>> +                            if (node == candidate && inlineCallFrame == candidate->origin.semantic.inlineCallFrame())
> 
> Why this? Why not just break unconditionally when finding the candidate like before?

Because the current candidate can interfere with the transitive candidate, which actually happens with the test case included.
Comment 4 Saam Barati 2019-06-04 10:26:34 PDT 
That seems weird. I thought the KillStack was the issue?

Also, it’s weird we’re running clobberize on the pre-transformed node. Presumably they may have different effects?
Comment 5 Tadeu Zagallo 2019-06-04 10:44:06 PDT 
(In reply to Saam Barati from comment #4)
> That seems weird. I thought the KillStack was the issue?

You're right, that's not necessary.

> Also, it’s weird we’re running clobberize on the pre-transformed node.
> Presumably they may have different effects?

Do you mean prior to transformation? Nothing has been transformed yet at this point.
The tricky thing is that transform has to happen top-dowm and interference is computed bottom-up.
Comment 6 Tadeu Zagallo 2019-06-04 11:24:57 PDT 
Created attachment 371309 [details]
Patch for landing
Comment 7 WebKit Commit Bot 2019-06-04 12:06:39 PDT 
Comment on attachment 371309 [details]
Patch for landing

Clearing flags on attachment: 371309

Committed r246075: <https://trac.webkit.org/changeset/246075>
Comment 8 WebKit Commit Bot 2019-06-04 12:06:41 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 9 Yusuke Suzuki 2020-04-14 09:44:09 PDT 
*** Bug 197956 has been marked as a duplicate of this bug. ***