RESOLVED FIXED 238176
[JSC] Use Data CallIC in unlinked DFG 
https://bugs.webkit.org/show_bug.cgi?id=238176
Summary [JSC] Use Data CallIC in unlinked DFG
Yusuke Suzuki
Reported 2022-03-21 17:51:00 PDT
[JSC] Use Data CallIC in unlinked DFG
Attachments
Patch (24.46 KB, patch)
2022-03-21 17:51 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (24.46 KB, patch)
2022-03-23 15:07 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (25.26 KB, patch)
2022-03-23 18:10 PDT, Yusuke Suzuki 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (25.19 KB, patch)
2022-03-23 18:51 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (27.76 KB, patch)
2022-03-24 03:33 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (28.16 KB, patch)
2022-03-24 14:36 PDT, Yusuke Suzuki 		no flags
DetailsFormatted DiffDiff
Patch (28.93 KB, patch)
2022-03-24 17:12 PDT, Yusuke Suzuki 		saam: review+
DetailsFormatted DiffDiff
Show Obsolete (6) View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2022-03-21 17:51:16 PDT
Created attachment 455309 [details] Patch
Yusuke Suzuki
Comment 2 2022-03-23 15:07:30 PDT
Created attachment 455566 [details] Patch
Yusuke Suzuki
Comment 3 2022-03-23 18:10:37 PDT
Created attachment 455590 [details] Patch
Yusuke Suzuki
Comment 4 2022-03-23 18:51:02 PDT
Created attachment 455595 [details] Patch
Yusuke Suzuki
Comment 5 2022-03-24 03:33:14 PDT
Created attachment 455630 [details] Patch
Yusuke Suzuki
Comment 6 2022-03-24 14:36:31 PDT
Created attachment 455685 [details] Patch
Yusuke Suzuki
Comment 7 2022-03-24 17:12:55 PDT
Created attachment 455709 [details] Patch
Saam Barati
Comment 8 2022-03-24 18:51:51 PDT
Comment on attachment 455709 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=455709&action=review r=me with comments > Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:836 > + GPRTemporary callLinkInfoTemp(this, JITCompiler::selectScratchGPR(calleeGPR, GPRInfo::regT0)); This looks wrong to me. I think we want this GPRTemporary to stay around longer than the scope of this if statement, otherwise we might reuse this register. > Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:889 > + GPRTemporary callLinkInfoTemp(this, JITCompiler::selectScratchGPR(calleeGPR, GPRInfo::regT0)); This looks wrong to me. I think we want this GPRTemporary to stay around longer than the scope of this if statement, otherwise we might reuse this register.
Yusuke Suzuki
Comment 9 2022-03-24 23:13:34 PDT
Comment on attachment 455709 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=455709&action=review >> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:836 >> + GPRTemporary callLinkInfoTemp(this, JITCompiler::selectScratchGPR(calleeGPR, GPRInfo::regT0)); > > This looks wrong to me. I think we want this GPRTemporary to stay around longer than the scope of this if statement, otherwise we might reuse this register. Discussed with Saam. This is intentional one to allocate non-callee-save register from DFG register bank. >> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:889 >> + GPRTemporary callLinkInfoTemp(this, JITCompiler::selectScratchGPR(calleeGPR, GPRInfo::regT0)); > > This looks wrong to me. I think we want this GPRTemporary to stay around longer than the scope of this if statement, otherwise we might reuse this register. Ditto.
Yusuke Suzuki
Comment 10 2022-03-25 12:09:00 PDT
Committed r291875 (248877@trunk): <https://commits.webkit.org/248877@trunk>
Radar WebKit Bug Importer
Comment 11 2022-03-25 12:09:16 PDT
<rdar://problem/90850205>
Note You need to log in before you can comment on or make changes to this bug.