RESOLVED FIXED 172115
[DFG] Constant Folding Phase should convert MakeRope("", String) => Identity(String) 
https://bugs.webkit.org/show_bug.cgi?id=172115
Summary [DFG] Constant Folding Phase should convert MakeRope("", String) => Identity(...
Yusuke Suzuki
Reported 2017-05-15 05:36:15 PDT
This optimization is performed in Fixup phase. But in fixup phase, we may not figure out many constant values... We should later perform this optimization in constant folding phase again. I investigated ARES-6 Babylon and figured out that Babylon's Array#indexOf repeatedly find roped string. This is because of readWord1 in Babylon, the implementation is like, var word = ""; ... ... ... return word + data.slice(...); Due to the above limitation, this now accidentally produces MakeRope!
Attachments
Patch (5.74 KB, patch)
2017-05-15 06:32 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (5.74 KB, patch)
2017-05-15 06:33 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (5.63 KB, patch)
2017-05-15 07:45 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.46 KB, patch)
2017-05-16 05:59 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (7.64 KB, patch)
2017-05-16 06:42 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2017-05-15 05:41:29 PDT
Before: firstIteration: 50.02 +- 14.56 ms averageWorstCase: 26.52 +- 4.52 ms steadyState: 8.15 +- 0.23 ms summary: 22.03 +- 3.38 ms After: firstIteration: 49.08 +- 12.90 ms averageWorstCase: 25.16 +- 3.82 ms steadyState: 7.58 +- 0.21 ms summary: 20.99 +- 2.73 ms
Yusuke Suzuki
Comment 2 2017-05-15 06:32:57 PDT
Created attachment 310129 [details] Patch
Yusuke Suzuki
Comment 3 2017-05-15 06:33:36 PDT
Created attachment 310130 [details] Patch
Yusuke Suzuki
Comment 4 2017-05-15 07:45:44 PDT
Created attachment 310136 [details] Patch
Saam Barati
Comment 5 2017-05-15 12:34:31 PDT
Comment on attachment 310136 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=310136&action=review Mostly LGTM, just a few comments > Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:643 > + case MakeRope: { I believe you need this code inside AbstractInterpreter as well to indicate we've found a constant. Perhaps all of it can just be moved there. > Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:653 > + const auto* string = asString(childConstant)->tryGetValueImpl(); Nit: Can we give this a type, since it's hard to see what's going on here without reading tryGetValueImpl()'s type? > Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:661 > + // Don't allow the MakeRope to have zero children. > + if (!i && !node->child2()) > + break; Why not just convert to lazy constant for "" here?
Yusuke Suzuki
Comment 6 2017-05-16 04:29:57 PDT
Comment on attachment 310136 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=310136&action=review Thanks >> Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:643 >> + case MakeRope: { > > I believe you need this code inside AbstractInterpreter as well to indicate we've found a constant. Perhaps all of it can just be moved there. Oops, right. I think we should have MakeRope here too since it can reduce the number of children (like, "" + a + b => a + b). >> Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:653 >> + const auto* string = asString(childConstant)->tryGetValueImpl(); > > Nit: Can we give this a type, since it's hard to see what's going on here without reading tryGetValueImpl()'s type? OK, I've changed it to `StringImpl*`. >> Source/JavaScriptCore/dfg/DFGConstantFoldingPhase.cpp:661 >> + break; > > Why not just convert to lazy constant for "" here? I think it is better to replace it to Identity(child1). And current code covers all the cases in the following (L668) convertToIdentity simply.
Yusuke Suzuki
Comment 7 2017-05-16 05:59:59 PDT
Created attachment 310257 [details] Patch
Yusuke Suzuki
Comment 8 2017-05-16 06:42:23 PDT
Created attachment 310259 [details] Patch
Sam Weinig
Comment 9 2017-05-16 10:42:48 PDT
Comment on attachment 310259 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=310259&action=review > Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:575 > + if (!edge) > + break; How can edge be null if it is a reference? I guess that works if Edge has a operator!, but its still a bit odd.
Saam Barati
Comment 10 2017-05-16 10:47:28 PDT
(In reply to Sam Weinig from comment #9) > Comment on attachment 310259 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=310259&action=review > > > Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h:575 > > + if (!edge) > > + break; > > How can edge be null if it is a reference? I guess that works if Edge has a > operator!, but its still a bit odd. I agree it's a bit odd, but we do this all over the DFG. It does have an operator!
Saam Barati
Comment 11 2017-05-16 10:58:57 PDT
Comment on attachment 310259 [details] Patch r=me
Yusuke Suzuki
Comment 12 2017-05-16 14:25:57 PDT
Comment on attachment 310259 [details] Patch Thanks!
WebKit Commit Bot
Comment 13 2017-05-16 14:54:04 PDT
Comment on attachment 310259 [details] Patch Clearing flags on attachment: 310259 Committed r216948: <http://trac.webkit.org/changeset/216948>
WebKit Commit Bot
Comment 14 2017-05-16 14:54:06 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.