Bug 194953 - DFGBytecodeParser should not declare that a node won't clobberExit if DFGFixupPhase can later declare it does clobberExit
Summary: DFGBytecodeParser should not declare that a node won't clobberExit if DFGFixu...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Robin Morisset
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-02-22 11:28 PST by Robin Morisset
Modified: 2019-02-22 16:05 PST (History)
6 users (show)

See Also:


Attachments
Patch (4.38 KB, patch)
2019-02-22 11:52 PST, Robin Morisset
sbarati: review+
sbarati: commit-queue-
Details | Formatted Diff | Diff
Patch (4.45 KB, patch)
2019-02-22 13:29 PST, Robin Morisset
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robin Morisset 2019-02-22 11:28:18 PST
Or we fairly naturally hit validation errors out of DFGFixupPhase..
There is already such a rule for GetByVal, but we must also be conservative for other nodes that:
- (a) may or may not clobberExit depending on their arrayMode
- (b) and get their arrayMode from profiling information in DFGBytecodeParser
- (c) and can have their arrayMode refined by DFGFixupPhase.
Comment 1 Robin Morisset 2019-02-22 11:43:34 PST
<rdar://problem/47595253>
Comment 2 Robin Morisset 2019-02-22 11:52:33 PST
Created attachment 362738 [details]
Patch
Comment 3 Saam Barati 2019-02-22 12:00:54 PST
Comment on attachment 362738 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=362738&action=review

r=me

> Source/JavaScriptCore/ChangeLog:14
> +        Otherwise we are likely to hit validation failure after fixup.

instead of "likely" I think you should describe precisely when/why this happens.

> Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:7216
> +        m_exitOK = false; // PutByVal and PutByValDirect must be treated as if they clobber exit state, since FixupPhase may make them generic.

This one isn't actually needed since PutByVal always clobbers exit unless it's in ForceOSR exit mode. And if it's in that mode, I don't think we can ever refine it to be wider? I'm ok with keeping this here conservatively, but this isn't the right comment to have.
Comment 4 Robin Morisset 2019-02-22 12:13:28 PST
(In reply to Saam Barati from comment #3)
> Comment on attachment 362738 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=362738&action=review
> 
> r=me
> 
> > Source/JavaScriptCore/ChangeLog:14
> > +        Otherwise we are likely to hit validation failure after fixup.
> 
> instead of "likely" I think you should describe precisely when/why this
> happens.

OK, I am replacing this line by the following:
"Otherwise we will hit a validation failure after fixup if the next node was marked ExitValid and exits to the same semantic origin."

> > Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:7216
> > +        m_exitOK = false; // PutByVal and PutByValDirect must be treated as if they clobber exit state, since FixupPhase may make them generic.
> 
> This one isn't actually needed since PutByVal always clobbers exit unless
> it's in ForceOSR exit mode. And if it's in that mode, I don't think we can
> ever refine it to be wider? I'm ok with keeping this here conservatively,
> but this isn't the right comment to have.

I am not entirely sure whether or not we can refine it to be wider. Looking at ArrayMode::refine, it will be widened to Generic whenever "base && index && !isInt32Speculation(index)". I cannot tell if this is likely to ever happen or not, but it is not blatantly impossible.
Comment 5 Robin Morisset 2019-02-22 13:29:09 PST
Created attachment 362758 [details]
Patch

Improved a sentence in the Changelog, per Saam's suggestion.
Comment 6 WebKit Commit Bot 2019-02-22 16:05:16 PST
Comment on attachment 362758 [details]
Patch

Clearing flags on attachment: 362758

Committed r241968: <https://trac.webkit.org/changeset/241968>
Comment 7 WebKit Commit Bot 2019-02-22 16:05:18 PST
All reviewed patches have been landed.  Closing bug.