Bug 198520 - Argument elimination should check transitive dependents for interference
Summary: Argument elimination should check transitive dependents for interference
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Tadeu Zagallo
URL:
Keywords: InRadar
: 197956 (view as bug list)
Depends on:
Blocks:
 
Reported: 2019-06-04 02:07 PDT by Tadeu Zagallo
Modified: 2020-04-14 09:44 PDT (History)
10 users (show)

See Also:

Attachments
Patch (13.56 KB, patch)
2019-06-04 02:10 PDT, Tadeu Zagallo 		no flags Details | Formatted Diff | Diff
Patch for landing (13.38 KB, patch)
2019-06-04 11:24 PDT, Tadeu Zagallo 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tadeu Zagallo 2019-06-04 02:07:02 PDT 
<rdar://problem/50863343>
Comment 1 Tadeu Zagallo 2019-06-04 02:10:30 PDT 
Created attachment 371256 [details]
Patch
Comment 2 Saam Barati 2019-06-04 10:22:04 PDT 
Comment on attachment 371256 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=371256&action=review

LGTM too, just one question

> Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp:609
> +                            if (node == candidate && inlineCallFrame == candidate->origin.semantic.inlineCallFrame())

Why this? Why not just break unconditionally when finding the candidate like before?
Comment 3 Tadeu Zagallo 2019-06-04 10:23:52 PDT 
Comment on attachment 371256 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=371256&action=review

>> Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp:609
>> +                            if (node == candidate && inlineCallFrame == candidate->origin.semantic.inlineCallFrame())
> 
> Why this? Why not just break unconditionally when finding the candidate like before?

Because the current candidate can interfere with the transitive candidate, which actually happens with the test case included.
Comment 4 Saam Barati 2019-06-04 10:26:34 PDT 
That seems weird. I thought the KillStack was the issue?

Also, it’s weird we’re running clobberize on the pre-transformed node. Presumably they may have different effects?
Comment 5 Tadeu Zagallo 2019-06-04 10:44:06 PDT 
(In reply to Saam Barati from comment #4)
> That seems weird. I thought the KillStack was the issue?

You're right, that's not necessary.

> Also, it’s weird we’re running clobberize on the pre-transformed node.
> Presumably they may have different effects?

Do you mean prior to transformation? Nothing has been transformed yet at this point.
The tricky thing is that transform has to happen top-dowm and interference is computed bottom-up.
Comment 6 Tadeu Zagallo 2019-06-04 11:24:57 PDT 
Created attachment 371309 [details]
Patch for landing
Comment 7 WebKit Commit Bot 2019-06-04 12:06:39 PDT 
Comment on attachment 371309 [details]
Patch for landing

Clearing flags on attachment: 371309

Committed r246075: <https://trac.webkit.org/changeset/246075>
Comment 8 WebKit Commit Bot 2019-06-04 12:06:41 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 9 Yusuke Suzuki 2020-04-14 09:44:09 PDT 
*** Bug 197956 has been marked as a duplicate of this bug. ***