Bug 237841

Summary: [JSC] Eliminate dead bytecode locals
Product: WebKit Reporter: Robin Morisset <rmorisset>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Robin Morisset 2022-03-14 10:42:09 PDT 
The bytecode generator tends to allocate more locals than strictly necessary. I saw quite a few examples, e.g. allocating two locals for the scope even when the function is simple enough to only need one:
[   0] enter              
[   1] get_scope          dst:loc4
[   3] mov                dst:loc5, src:loc4
[   6] check_traps  
Where loc5 is completely unused afterwards

I can think of two ways to solve this:
- either going carefully through a bunch of examples and for each one finding all dead locals, tracking where it came from and fixing this particular part of the bytecode generator
- or just adding a generic dead local elimination phase to the bytecode generator.

The latter seems easier, but the former is less likely to cause a perf regression.

The memory benefit here should be tiny, but I would expect some significant win in DFG compilation time, considering that most DFG phases constantly manipulate mappings from Local -> some kind of data, and materialize these mappings at each BasicBlock boundary.
Comment 1 Radar WebKit Bug Importer 2022-03-21 10:43:16 PDT 
<rdar://problem/90576249>