Bug 226817

Summary: [JSC] Fix incorrect register reuse in 32bit after r278568
Product: WebKit Reporter: Xan Lopez <xan.lopez>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: angelos, ews-watchlist, keith_miller, mark.lam, msaboff, saam, ticaiolima, tzagallo, webkit-bug-importer, xan.lopez
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fix incorrect register reuse none

Xan Lopez
Reported 2021-06-09 07:21:51 PDT
The JSVALUE32_64 branch potentially needs both the tag and payload registers for both left/right nodes, so we cannot reuse any of them for the result since the first thing the code does is set it zero. Just remove the Reuse construction. This was causing extremely long test runs on 32bit.
Attachments
Fix incorrect register reuse (2.38 KB, patch)
2021-06-09 07:23 PDT, Xan Lopez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Xan Lopez
Comment 1 2021-06-09 07:23:45 PDT
Created attachment 430963 [details] Fix incorrect register reuse v1
Angelos Oikonomopoulos
Comment 2 2021-06-09 07:27:59 PDT
*** Bug 226815 has been marked as a duplicate of this bug. ***
Caio Lima
Comment 3 2021-06-09 07:45:26 PDT
Comment on attachment 430963 [details] Fix incorrect register reuse View in context: https://bugs.webkit.org/attachment.cgi?id=430963&action=review > Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:7388 > + GPRTemporary result(this); Could we try to still reuse it, but then move 0 after `notEqual.link(&m_jit);` on line 7404? I think this would allow us to reuse left and right payload/tag there.
Caio Lima
Comment 4 2021-06-09 07:47:41 PDT
Comment on attachment 430963 [details] Fix incorrect register reuse View in context: https://bugs.webkit.org/attachment.cgi?id=430963&action=review r=me >> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:7388 >> + GPRTemporary result(this); > > Could we try to still reuse it, but then move 0 after `notEqual.link(&m_jit);` on line 7404? I think this would allow us to reuse left and right payload/tag there. Never mind, this would require another jump for Equals case. Not reusing the tag sounds a better compromise then generating multiple branchs
Caio Lima
Comment 5 2021-06-09 07:51:48 PDT
Comment on attachment 430963 [details] Fix incorrect register reuse 32-bits queue is quite long, committing this to make it process patches
Caio Lima
Comment 6 2021-06-09 08:03:15 PDT
Comment on attachment 430963 [details] Fix incorrect register reuse I retract this change. I think it wont work because we need to set `false` to result when left.tagGPR(), right.tagGPR() are different.
Caio Lima
Comment 7 2021-06-09 08:12:55 PDT
(In reply to Caio Lima from comment #6) > Comment on attachment 430963 [details] > Fix incorrect register reuse > > I retract this change. I think it wont work because we need to set `false` > to result when left.tagGPR(), right.tagGPR() are different. The patch already does that, since it doesn’t change previous behavior. So, my previous comment is wrong. I’ll r+/cq+ again after local run shows it passes all tests.
Caio Lima
Comment 8 2021-06-09 08:13:16 PDT
Comment on attachment 430963 [details] Fix incorrect register reuse r=me
EWS
Comment 9 2021-06-09 09:31:32 PDT
Committed r278662 (238644@main): <https://commits.webkit.org/238644@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 430963 [details].
Radar WebKit Bug Importer
Comment 10 2021-06-09 09:32:39 PDT
<rdar://problem/79081335>
Note You need to log in before you can comment on or make changes to this bug.