Title: [267062] trunk
- Revision
- 267062
- Author
- [email protected]
- Date
- 2020-09-14 18:25:54 -0700 (Mon, 14 Sep 2020)
Log Message
BytecodeParser should GetLocal op_ret's value even if it's unused by the caller
https://bugs.webkit.org/show_bug.cgi?id=216506
Reviewed by Mark Lam.
JSTests:
* stress/osr-availability-should-see-unused-return-as-available.js: Added.
(foo):
(set isFinite):
Source/_javascript_Core:
We have to unconditionally GetLocal operands each bytecode claims to use
regardless of true liveness. This is important to keep OSRAvailability simple.
However, op_ret would only GetLocal the return value if we knew the value
was going to be used by an inline caller.
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (267061 => 267062)
--- trunk/JSTests/ChangeLog 2020-09-15 00:57:42 UTC (rev 267061)
+++ trunk/JSTests/ChangeLog 2020-09-15 01:25:54 UTC (rev 267062)
@@ -1,3 +1,14 @@
+2020-09-14 Keith Miller <[email protected]>
+
+ BytecodeParser should GetLocal op_ret's value even if it's unused by the caller
+ https://bugs.webkit.org/show_bug.cgi?id=216506
+
+ Reviewed by Mark Lam.
+
+ * stress/osr-availability-should-see-unused-return-as-available.js: Added.
+ (foo):
+ (set isFinite):
+
2020-09-14 Alexey Shvayka <[email protected]>
Proxy's "ownKeys" trap result should not be sorted
Added: trunk/JSTests/stress/osr-availability-should-see-unused-return-as-available.js (0 => 267062)
--- trunk/JSTests/stress/osr-availability-should-see-unused-return-as-available.js (rev 0)
+++ trunk/JSTests/stress/osr-availability-should-see-unused-return-as-available.js 2020-09-15 01:25:54 UTC (rev 267062)
@@ -0,0 +1,11 @@
+const z = {};
+Object.defineProperty(z, 'xxx', { set: isFinite });
+
+function foo() {
+ z.xxx = undefined;
+}
+noInline(foo);
+
+for (let i=0; i<10000; i++) {
+ foo();
+}
Modified: trunk/Source/_javascript_Core/ChangeLog (267061 => 267062)
--- trunk/Source/_javascript_Core/ChangeLog 2020-09-15 00:57:42 UTC (rev 267061)
+++ trunk/Source/_javascript_Core/ChangeLog 2020-09-15 01:25:54 UTC (rev 267062)
@@ -1,3 +1,18 @@
+2020-09-14 Keith Miller <[email protected]>
+
+ BytecodeParser should GetLocal op_ret's value even if it's unused by the caller
+ https://bugs.webkit.org/show_bug.cgi?id=216506
+
+ Reviewed by Mark Lam.
+
+ We have to unconditionally GetLocal operands each bytecode claims to use
+ regardless of true liveness. This is important to keep OSRAvailability simple.
+ However, op_ret would only GetLocal the return value if we knew the value
+ was going to be used by an inline caller.
+
+ * dfg/DFGByteCodeParser.cpp:
+ (JSC::DFG::ByteCodeParser::parseBlock):
+
2020-09-14 Alexey Shvayka <[email protected]>
Proxy's "ownKeys" trap result should not be sorted
Modified: trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp (267061 => 267062)
--- trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2020-09-15 00:57:42 UTC (rev 267061)
+++ trunk/Source/_javascript_Core/dfg/DFGByteCodeParser.cpp 2020-09-15 01:25:54 UTC (rev 267062)
@@ -6520,9 +6520,13 @@
case op_ret: {
auto bytecode = currentInstruction->as<OpRet>();
ASSERT(!m_currentBlock->terminal());
+ // We have to get the return here even if we know the caller won't use it because the GetLocal may
+ // be the only thing keeping m_value alive for OSR.
+ auto returnValue = get(bytecode.m_value);
+
if (!inlineCallFrame()) {
// Simple case: we are just producing a return
- addToGraph(Return, get(bytecode.m_value));
+ addToGraph(Return, returnValue);
flushForReturn();
LAST_OPCODE(op_ret);
}
@@ -6529,7 +6533,7 @@
flushForReturn();
if (m_inlineStackTop->m_returnValue.isValid())
- setDirect(m_inlineStackTop->m_returnValue, get(bytecode.m_value), ImmediateSetWithFlush);
+ setDirect(m_inlineStackTop->m_returnValue, returnValue, ImmediateSetWithFlush);
if (!m_inlineStackTop->m_continuationBlock && m_currentIndex.offset() + currentInstruction->size() != m_inlineStackTop->m_codeBlock->instructions().size()) {
// This is an early return from an inlined function and we do not have a continuation block, so we must allocate one.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
