RESOLVED FIXED140137
MultiGetByOffset should be marked NodeMustGenerate 
https://bugs.webkit.org/show_bug.cgi?id=140137
Summary MultiGetByOffset should be marked NodeMustGenerate
Filip Pizlo
Reported 2015-01-06 11:51:21 PST
Nodes that perform speculations that are necessary to prove that the equivalent bytecode operation is pure must be marked NodeMustGenerate. MultiGetByOffset checks the structure of its input. If the incoming object didn't have that structure, then the equivalent bytecode operation (get_by_id) might do something effectful. But, it's not marked NodeMustGenerate. We should fix that.
Attachments
the patch (3.50 KB, patch)
2015-02-02 19:48 PST, Filip Pizlo 		msaboff: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2015-02-02 19:48:51 PST
Created attachment 245919 [details] the patch
Michael Saboff
Comment 2 2015-02-02 19:54:23 PST
Comment on attachment 245919 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=245919&action=review r=me with spelling fixes in ChangeLog. > Source/JavaScriptCore/ChangeLog:10 > + (JSC::DFG::Node::convertToMultiGetByOffset): Assert that we converted from something that alraedy had NodeMustGenerate. *already* > Source/JavaScriptCore/ChangeLog:11 > + * dfg/DFGNodeType.h: We shouldn't DCE a node that does checks and could be effectful in bseline. Making MultiGetBYoffset as NodeMustGenerate prevents DCE. FTL could still DCE the actual loads, but the checks will stay. *baseline*
Filip Pizlo
Comment 3 2015-02-02 19:55:11 PST
(In reply to comment #2) > Comment on attachment 245919 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=245919&action=review > > r=me with spelling fixes in ChangeLog. > > > Source/JavaScriptCore/ChangeLog:10 > > + (JSC::DFG::Node::convertToMultiGetByOffset): Assert that we converted from something that alraedy had NodeMustGenerate. > > *already* > > > Source/JavaScriptCore/ChangeLog:11 > > + * dfg/DFGNodeType.h: We shouldn't DCE a node that does checks and could be effectful in bseline. Making MultiGetBYoffset as NodeMustGenerate prevents DCE. FTL could still DCE the actual loads, but the checks will stay. > > *baseline* Thanks! Fixed both locally.
Filip Pizlo
Comment 4 2015-02-02 20:31:06 PST
Landed in http://trac.webkit.org/changeset/179536
Note You need to log in before you can comment on or make changes to this bug.