[webkit-changes] [190749] trunk/Source/JavaScriptCore

Thu, 08 Oct 2015 15:19:41 -0700

Title: [190749] trunk/Source/_javascript_Core
Revision
190749
Author
[email protected]
Date
2015-10-08 15:18:49 -0700 (Thu, 08 Oct 2015)

Log Message

DFG SSA should remove unreachable code
https://bugs.webkit.org/show_bug.cgi?id=149931

Reviewed by Geoffrey Garen.

* dfg/DFGConstantFoldingPhase.cpp:
(JSC::DFG::ConstantFoldingPhase::run): Remove unreachable code.
* dfg/DFGObjectAllocationSinkingPhase.cpp: Deal with the CFG changing.
* dfg/DFGPutStackSinkingPhase.cpp: Deal with the CFG changing.

Modified Paths

Diff

Modified: trunk/Source/_javascript_Core/ChangeLog (190748 => 190749)


--- trunk/Source/_javascript_Core/ChangeLog	2015-10-08 22:16:03 UTC (rev 190748)
+++ trunk/Source/_javascript_Core/ChangeLog	2015-10-08 22:18:49 UTC (rev 190749)
@@ -1,3 +1,15 @@
+2015-10-08  Filip Pizlo  <[email protected]>
+
+        DFG SSA should remove unreachable code
+        https://bugs.webkit.org/show_bug.cgi?id=149931
+
+        Reviewed by Geoffrey Garen.
+
+        * dfg/DFGConstantFoldingPhase.cpp:
+        (JSC::DFG::ConstantFoldingPhase::run): Remove unreachable code.
+        * dfg/DFGObjectAllocationSinkingPhase.cpp: Deal with the CFG changing.
+        * dfg/DFGPutStackSinkingPhase.cpp: Deal with the CFG changing.
+
 2015-10-08  Joseph Pecoraro  <[email protected]>
 
         Unreviewed build fix. Missing forward declaration.

Modified: trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp (190748 => 190749)


--- trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp	2015-10-08 22:16:03 UTC (rev 190748)
+++ trunk/Source/_javascript_Core/dfg/DFGConstantFoldingPhase.cpp	2015-10-08 22:18:49 UTC (rev 190749)
@@ -30,7 +30,7 @@
 
 #include "DFGAbstractInterpreterInlines.h"
 #include "DFGArgumentsUtilities.h"
-#include "DFGBasicBlock.h"
+#include "DFGBasicBlockInlines.h"
 #include "DFGGraph.h"
 #include "DFGInPlaceAbstractState.h"
 #include "DFGInferredTypeCheck.h"
@@ -55,23 +55,50 @@
     bool run()
     {
         bool changed = false;
-        
-        for (BlockIndex blockIndex = 0; blockIndex < m_graph.numBlocks(); ++blockIndex) {
-            BasicBlock* block = m_graph.block(blockIndex);
-            if (!block)
-                continue;
+
+        for (BasicBlock* block : m_graph.blocksInNaturalOrder()) {
             if (block->cfaFoundConstants)
                 changed |= foldConstants(block);
         }
         
         if (changed && m_graph.m_form == SSA) {
             // It's now possible that we have Upsilons pointed at JSConstants. Fix that.
-            for (BlockIndex blockIndex = m_graph.numBlocks(); blockIndex--;) {
-                BasicBlock* block = m_graph.block(blockIndex);
-                if (!block)
-                    continue;
+            for (BasicBlock* block : m_graph.blocksInNaturalOrder())
                 fixUpsilons(block);
+        }
+
+        if (m_graph.m_form == SSA) {
+            // It's now possible to simplify basic blocks by placing an Unreachable terminator right
+            // after anything that invalidates AI.
+            bool didClipBlock = false;
+            for (BasicBlock* block : m_graph.blocksInNaturalOrder()) {
+                m_state.beginBasicBlock(block);
+                for (unsigned nodeIndex = 0; nodeIndex < block->size(); ++nodeIndex) {
+                    if (block->at(nodeIndex)->isTerminal()) {
+                        // It's possible that we have something after the terminal. It could be a
+                        // no-op Check node, for example. We don't want the logic below to turn that
+                        // node into Unreachable, since then we'd have two terminators.
+                        break;
+                    }
+                    if (!m_state.isValid()) {
+                        NodeOrigin origin = block->at(nodeIndex)->origin;
+                        for (unsigned killIndex = nodeIndex; killIndex < block->size(); ++killIndex)
+                            m_graph.m_allocator.free(block->at(killIndex));
+                        block->resize(nodeIndex);
+                        block->appendNode(m_graph, SpecNone, Unreachable, origin);
+                        didClipBlock = true;
+                        break;
+                    }
+                    m_interpreter.execute(nodeIndex);
+                }
             }
+
+            if (didClipBlock) {
+                changed = true;
+                m_graph.invalidateCFG();
+                m_graph.resetReachability();
+                m_graph.killUnreachableBlocks();
+            }
         }
          
         return changed;

Modified: trunk/Source/_javascript_Core/dfg/DFGObjectAllocationSinkingPhase.cpp (190748 => 190749)


--- trunk/Source/_javascript_Core/dfg/DFGObjectAllocationSinkingPhase.cpp	2015-10-08 22:16:03 UTC (rev 190748)
+++ trunk/Source/_javascript_Core/dfg/DFGObjectAllocationSinkingPhase.cpp	2015-10-08 22:18:49 UTC (rev 190749)
@@ -727,6 +727,7 @@
     {
         m_graph.computeRefCounts();
         m_graph.initializeNodeOwners();
+        m_graph.m_dominators.computeIfNecessary(m_graph);
         performLivenessAnalysis(m_graph);
         performOSRAvailabilityAnalysis(m_graph);
         m_combinedLiveness = CombinedLiveness(m_graph);

Modified: trunk/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp (190748 => 190749)


--- trunk/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp	2015-10-08 22:16:03 UTC (rev 190748)
+++ trunk/Source/_javascript_Core/dfg/DFGPutStackSinkingPhase.cpp	2015-10-08 22:18:49 UTC (rev 190749)
@@ -75,6 +75,8 @@
             dataLog("Graph before PutStack sinking:\n");
             m_graph.dump();
         }
+
+        m_graph.m_dominators.computeIfNecessary(m_graph);
         
         SSACalculator ssaCalculator(m_graph);
         InsertionSet insertionSet(m_graph);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to