RESOLVED FIXED 154704
[JSC] Add32(Imm, Tmp, Tmp) does not ZDef the destination if Imm is zero 
https://bugs.webkit.org/show_bug.cgi?id=154704
Summary [JSC] Add32(Imm, Tmp, Tmp) does not ZDef the destination if Imm is zero
Benjamin Poulain
Reported 2016-02-25 16:54:58 PST
[JSC] Add32(Imm, Tmp, Tmp) does not ZDef the destination if Imm is zero
Attachments
Patch (2.88 KB, patch)
2016-02-25 17:17 PST, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Benjamin Poulain
Comment 1 2016-02-25 17:17:46 PST
Created attachment 272266 [details] Patch
WebKit Commit Bot
Comment 2 2016-02-25 17:19:04 PST
Attachment 272266 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/b3/testb3.cpp:431: Consider using CHECK_EQ instead of CHECK(a == b) [readability/check] [2] Total errors found: 1 in 3 files If any of these errors are false positives, please file a bug against check-webkit-style.
Geoffrey Garen
Comment 3 2016-02-26 00:15:00 PST
Comment on attachment 272266 [details] Patch r=me
WebKit Commit Bot
Comment 4 2016-02-26 11:18:50 PST
Comment on attachment 272266 [details] Patch Clearing flags on attachment: 272266 Committed r197186: <http://trac.webkit.org/changeset/197186>
WebKit Commit Bot
Comment 5 2016-02-26 11:18:55 PST
All reviewed patches have been landed. Closing bug.
Filip Pizlo
Comment 6 2016-02-27 15:09:51 PST
Comment on attachment 272266 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=272266&action=review > Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h:204 > void add32(TrustedImm32 imm, RegisterID src, RegisterID dest) > { > if (!imm.m_value) { > - move(src, dest); > + zeroExtend32ToPtr(src, dest); > return; > } > I think that this is still wrong. Can we please remove this strength reduction rule from the MacroAssembler? Unless a move instruction sets the same flags as an add32 instruction, then this constant-folding rule will cause us great confusion if we ever start reasoning about flags. Reasoning about flags unlocks smart things, like realizing that if you compare the result of an addition to zero, you can usually just remove the compare (or test) instruction and branch directly on add's flags. I've already removed all other places that I found where we did this !imm.m_value optimization, because they were also causing ZDef bugs. I then removed the add32AndSetFlags() thing because that appeared to mostly be for avoiding this optimization. So, now the expectation is that add32() sets flags.
Filip Pizlo
Comment 7 2016-02-27 15:10:27 PST
(In reply to comment #6) > Comment on attachment 272266 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=272266&action=review > > > Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h:204 > > void add32(TrustedImm32 imm, RegisterID src, RegisterID dest) > > { > > if (!imm.m_value) { > > - move(src, dest); > > + zeroExtend32ToPtr(src, dest); > > return; > > } > > > > I think that this is still wrong. Can we please remove this strength > reduction rule from the MacroAssembler? Unless a move instruction sets the > same flags as an add32 instruction, then this constant-folding rule will > cause us great confusion if we ever start reasoning about flags. Reasoning > about flags unlocks smart things, like realizing that if you compare the > result of an addition to zero, you can usually just remove the compare (or > test) instruction and branch directly on add's flags. > > I've already removed all other places that I found where we did this > !imm.m_value optimization, because they were also causing ZDef bugs. I then > removed the add32AndSetFlags() thing because that appeared to mostly be for > avoiding this optimization. So, now the expectation is that add32() sets > flags. I just realized that I'm wrong - three-operand add32() on X86 doesn't set flags! Never mind everything I said above.
Note You need to log in before you can comment on or make changes to this bug.