RESOLVED FIXED 140110
Fix Use details for op_create_lexical_environment and op_create_arguments 
https://bugs.webkit.org/show_bug.cgi?id=140110
Summary Fix Use details for op_create_lexical_environment and op_create_arguments
Mark Lam
Reported 2015-01-05 18:55:00 PST
The current "Use" details for op_create_lexical_environment and op_create_arguments are wrong. op_create_argument uses nothing instead of 1st operand (the output local). op_create_lexical_environment uses its 2nd operand (the scope chain) instead of the 1st (the output local).
Attachments
the patch. (2.12 KB, patch)
2015-01-05 19:00 PST, Mark Lam 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mark Lam
Comment 1 2015-01-05 19:00:31 PST
Created attachment 244027 [details] the patch.
Mark Lam
Comment 2 2015-01-05 19:04:09 PST
FYI, I've run this patch on the layout tests, JSC stress tests, and the JSC benchmarks (for stability ... I didn't check perf because it doesn't look like it should impact perf). There were no regressions.
Filip Pizlo
Comment 3 2015-01-05 19:29:12 PST
Comment on attachment 244027 [details] the patch. A def isn't necessarily a use unless the instruction reads the old value of the variable. Is that true of the op_create_* opcodes?
Mark Lam
Comment 4 2015-01-05 19:46:04 PST
(In reply to comment #3) > Comment on attachment 244027 [details] > the patch. > > A def isn't necessarily a use unless the instruction reads the old value of > the variable. Is that true of the op_create_* opcodes? Yes. op_create_arguments does not read the old value. Hence, I changed it to use none. op_create_lexical_environment reads operand 2, not operand 1. Hence, I changed it accordingly too. I didn’t change the defs which are already correct.
Filip Pizlo
Comment 5 2015-01-05 20:10:38 PST
Comment on attachment 244027 [details] the patch. Test case? Or is this benign?
Filip Pizlo
Comment 6 2015-01-05 20:11:25 PST
(In reply to comment #5) > Comment on attachment 244027 [details] > the patch. > > Test case? Or is this benign? Seems like not using an operand that is used should cause OSR exit glitches.
Mark Lam
Comment 7 2015-01-06 09:35:09 PST
(In reply to comment #6) > (In reply to comment #5) > > Comment on attachment 244027 [details] > > the patch. > > > > Test case? Or is this benign? > > Seems like not using an operand that is used should cause OSR exit glitches. I think it’s benign because: 1. The node that is used is always the result of GetScope. 2. The CreateActivation that uses it effectively follows immediately after the GetScope. 3. There is no opportunity for an OSR exit between the GetScope and the CreateActivation.
WebKit Commit Bot
Comment 8 2015-01-06 11:39:07 PST
Comment on attachment 244027 [details] the patch. Clearing flags on attachment: 244027 Committed r177981: <http://trac.webkit.org/changeset/177981>
WebKit Commit Bot
Comment 9 2015-01-06 11:39:10 PST
All reviewed patches have been landed. Closing bug.
Mark Lam
Comment 10 2015-01-06 14:00:23 PST
The patch was wrong about op_create_arguments. It does indeed use its 1st operand. Reverted that part of the patch in r177994: <http://trac.webkit.org/r177994>. rs=pizlo.
Note You need to log in before you can comment on or make changes to this bug.