Bug 87205

Summary:

DFG should keep captured variables alive until the (inline) return.

Product:

WebKit

Reporter:

Filip Pizlo <fpizlo>

Component:

JavaScriptCore

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

kangil.han

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Bug Depends on:

85945

Bug Blocks:

87813

Attachments:

Description	Flags
work in progress	none
it's starting to work	none
more	none
even more	none
the patch	barraclough: review+

Filip Pizlo

Reported 2012-05-22 21:22:25 PDT

Otherwise OSR exit may decided to set them to Undefined.

Attachments
work in progress (10.06 KB, patch) 2012-05-28 23:37 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
it's starting to work (12.46 KB, patch) 2012-05-29 00:09 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
more (16.11 KB, patch) 2012-05-29 14:06 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
even more (21.44 KB, patch) 2012-05-29 15:06 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (33.82 KB, patch) 2012-05-29 16:14 PDT, Filip Pizlo	barraclough: review+	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2012-05-22 23:57:50 PDT

Currently a variable may appear to be dead at a basic block boundary even though it is captured. As a hack, we can peek at the first node of the successor block(s) and check what variables are captured at that node's code origin. But that's just disgusting and wrong. The right solution is to change how captured variables are flushed. Currently we flush SetLocals by planting a Flush node right after them: a: SetLocal(thingy) b: Flush(@a) But we could instead have a flush right before each SetLocal: a: Flush(...) b: SetLocal(thingy) As well as a Flush for all captured variables at the return site. That will effectively keep variables alive through the whole span of code in which they are captured.

Filip Pizlo

Comment 2 2012-05-28 23:37:27 PDT

Created attachment 144458 [details] work in progress

Filip Pizlo

Comment 3 2012-05-29 00:09:17 PDT

Created attachment 144464 [details] it's starting to work

Filip Pizlo

Comment 4 2012-05-29 14:06:28 PDT

Created attachment 144616 [details] more Still making sure that I've dotted all of my t's.

Filip Pizlo

Comment 5 2012-05-29 15:06:25 PDT

Created attachment 144629 [details] even more It's starting to pass tests.

Filip Pizlo

Comment 6 2012-05-29 16:14:38 PDT

Created attachment 144638 [details] the patch

Filip Pizlo

Comment 7 2012-05-29 16:44:05 PDT

Landed in http://trac.webkit.org/changeset/118858

Kangil Han

Comment 8 2012-07-31 07:34:00 PDT

Just for your information, I've got a build warning on my laptop as below. :-) [ 5%] Building CXX object Source/JavaScriptCore/CMakeFiles/javascriptcore_efl.dir/dfg/DFGCapabilities.cpp.o /home/kangilhan/dev/WebKit/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp: In member function ‘JSC::DFG::ArgumentPosition* JSC::DFG::ByteCodeParser::findArgumentPositionForLocal(int)’: /home/kangilhan/dev/WebKit/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:361:73: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

Note You need to log in before you can comment on or make changes to this bug.