| Summary: | We should consider changing where we merge LocalHeaps in our fixpoint LocalHeap analysis inside ObjectAllocationSinking | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Saam Barati <saam> |
| Component: | JavaScriptCore | Assignee: | Saam Barati <saam> |
| Status: | NEW --- | ||
| Severity: | Normal | CC: | benjamin, fpizlo, ggaren, gskachkov, guijemont, keith_miller, mark.lam, msaboff, rmorisset, ticaiolima, tzagallo, ysuzuki |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
|
Description
Saam Barati
2020-01-09 17:07:46 PST
BTW, I was considering about Object-Allocation-Sinking’s changed condition further, and now I think after third-iteration, we can just use the original check (instead of checking changed for each successor’s merging). `changed` status check was wrong in first and second iteration because, 1. In the first iteration, we are not collecting all the pointers yet. So the invariant, “If the heap of predecessors are not changed, the current block’s heap is not changed” is not met. 2. In the second iteration, we already collected all the pointers. However, we decide whether it is changed by comparing the current Heap and the heap calculated in the first iteration. And the heap calculated in the first iteration is still breaking the invariant described in the (1). So, wrong. 3. In the third iteration, calculated heap, and the stored heap are all meeting the invariant described in (1). So, it is safe. So, we can avoid any checks in the first, second iterations. And after that, we can start third iteration which actually starts calculating it for each block, and it should be sufficient. |