Bug 226817 - [JSC] Fix incorrect register reuse in 32bit after r278568
Summary: [JSC] Fix incorrect register reuse in 32bit after r278568
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
: 226815 (view as bug list)
Depends on:
Blocks:
 
Reported: 2021-06-09 07:21 PDT by Xan Lopez
Modified: 2021-06-09 09:32 PDT (History)
10 users (show)

See Also:

Attachments
Fix incorrect register reuse (2.38 KB, patch)
2021-06-09 07:23 PDT, Xan Lopez 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Xan Lopez 2021-06-09 07:21:51 PDT 
The JSVALUE32_64 branch potentially needs both the tag and payload registers for both left/right nodes, so we cannot reuse any of them for the result since the first thing the code does is set it zero. Just remove the Reuse construction. This was causing extremely long test runs on 32bit.
Comment 1 Xan Lopez 2021-06-09 07:23:45 PDT 
Created attachment 430963 [details]
Fix incorrect register reuse

v1
Comment 2 Angelos Oikonomopoulos 2021-06-09 07:27:59 PDT 
*** Bug 226815 has been marked as a duplicate of this bug. ***
Comment 3 Caio Lima 2021-06-09 07:45:26 PDT 
Comment on attachment 430963 [details]
Fix incorrect register reuse

View in context: https://bugs.webkit.org/attachment.cgi?id=430963&action=review

> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:7388
> +    GPRTemporary result(this);

Could we try to still reuse it, but then move 0 after `notEqual.link(&m_jit);` on line 7404? I think this would allow us to reuse left and right payload/tag there.
Comment 4 Caio Lima 2021-06-09 07:47:41 PDT 
Comment on attachment 430963 [details]
Fix incorrect register reuse

View in context: https://bugs.webkit.org/attachment.cgi?id=430963&action=review

r=me

>> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:7388
>> +    GPRTemporary result(this);
> 
> Could we try to still reuse it, but then move 0 after `notEqual.link(&m_jit);` on line 7404? I think this would allow us to reuse left and right payload/tag there.

Never mind, this would require another jump for Equals case. Not reusing the tag sounds a better compromise then generating multiple branchs
Comment 5 Caio Lima 2021-06-09 07:51:48 PDT 
Comment on attachment 430963 [details]
Fix incorrect register reuse

32-bits queue is quite long, committing this to make it process patches
Comment 6 Caio Lima 2021-06-09 08:03:15 PDT 
Comment on attachment 430963 [details]
Fix incorrect register reuse

I retract this change. I think it wont work because we need to set `false` to result when left.tagGPR(), right.tagGPR() are different.
Comment 7 Caio Lima 2021-06-09 08:12:55 PDT 
(In reply to Caio Lima from comment #6)
> Comment on attachment 430963 [details]
> Fix incorrect register reuse
> 
> I retract this change. I think it wont work because we need to set `false`
> to result when left.tagGPR(), right.tagGPR() are different.

The patch already does that, since it doesn’t change previous behavior. So, my previous comment is wrong. I’ll r+/cq+ again after local run shows it passes all tests.
Comment 8 Caio Lima 2021-06-09 08:13:16 PDT 
Comment on attachment 430963 [details]
Fix incorrect register reuse

r=me
Comment 9 EWS 2021-06-09 09:31:32 PDT 
Committed r278662 (238644@main): <https://commits.webkit.org/238644@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 430963 [details].
Comment 10 Radar WebKit Bug Importer 2021-06-09 09:32:39 PDT 
<rdar://problem/79081335>