87205 – DFG should keep captured variables alive until the (inline) return.

RESOLVED FIXED 87205

DFG should keep captured variables alive until the (inline) return.

https://bugs.webkit.org/show_bug.cgi?id=87205

Summary DFG should keep captured variables alive until the (inline) return.

Filip Pizlo

Reported 2012-05-22 21:22:25 PDT

Otherwise OSR exit may decided to set them to Undefined.

Attachments
work in progress (10.06 KB, patch) 2012-05-28 23:37 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
it's starting to work (12.46 KB, patch) 2012-05-29 00:09 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
more (16.11 KB, patch) 2012-05-29 14:06 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
even more (21.44 KB, patch) 2012-05-29 15:06 PDT, Filip Pizlo	no flags	Details Formatted Diff Diff
the patch (33.82 KB, patch) 2012-05-29 16:14 PDT, Filip Pizlo	barraclough: review+	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Filip Pizlo

Comment 1 2012-05-22 23:57:50 PDT

Currently a variable may appear to be dead at a basic block boundary even though it is captured. As a hack, we can peek at the first node of the successor block(s) and check what variables are captured at that node's code origin. But that's just disgusting and wrong. The right solution is to change how captured variables are flushed. Currently we flush SetLocals by planting a Flush node right after them: a: SetLocal(thingy) b: Flush(@a) But we could instead have a flush right before each SetLocal: a: Flush(...) b: SetLocal(thingy) As well as a Flush for all captured variables at the return site. That will effectively keep variables alive through the whole span of code in which they are captured.

Filip Pizlo

Comment 2 2012-05-28 23:37:27 PDT

Created attachment 144458 [details] work in progress

Filip Pizlo

Comment 3 2012-05-29 00:09:17 PDT

Created attachment 144464 [details] it's starting to work

Filip Pizlo

Comment 4 2012-05-29 14:06:28 PDT

Created attachment 144616 [details] more Still making sure that I've dotted all of my t's.

Filip Pizlo

Comment 5 2012-05-29 15:06:25 PDT

Created attachment 144629 [details] even more It's starting to pass tests.

Filip Pizlo

Comment 6 2012-05-29 16:14:38 PDT

Created attachment 144638 [details] the patch

Filip Pizlo

Comment 7 2012-05-29 16:44:05 PDT

Landed in http://trac.webkit.org/changeset/118858

Kangil Han

Comment 8 2012-07-31 07:34:00 PDT

Just for your information, I've got a build warning on my laptop as below. :-) [ 5%] Building CXX object Source/JavaScriptCore/CMakeFiles/javascriptcore_efl.dir/dfg/DFGCapabilities.cpp.o /home/kangilhan/dev/WebKit/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp: In member function ‘JSC::DFG::ArgumentPosition* JSC::DFG::ByteCodeParser::findArgumentPositionForLocal(int)’: /home/kangilhan/dev/WebKit/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:361:73: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2012-05-22 21:22 PDT

Modified

2012-07-31 07:34 PDT History

CC List

1 user Show

URL

Keywords

Depends on

85945

Blocks

87813

Dependencies

tree graph