[webkit-changes] [WebKit/WebKit] c3525c: [JSC] BakcwardPropagationPhase should carry NaN / ...

Yusuke Suzuki noreply at github.com
Tue Jul 11 17:58:18 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c3525c11bd3ca6ad6d2375dc0f12979624c581b3
      https://github.com/WebKit/WebKit/commit/c3525c11bd3ca6ad6d2375dc0f12979624c581b3
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-07-11 (Tue, 11 Jul 2023)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp
    M Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
    M Source/JavaScriptCore/dfg/DFGGraph.h
    M Source/JavaScriptCore/dfg/DFGNode.h
    M Source/JavaScriptCore/dfg/DFGNodeFlags.cpp
    M Source/JavaScriptCore/dfg/DFGNodeFlags.h
    M Source/JavaScriptCore/dfg/DFGNodeType.h
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
    M Source/JavaScriptCore/dfg/DFGVariableAccessData.cpp

  Log Message:
  -----------
  [JSC] BakcwardPropagationPhase should carry NaN / Infinity handling, take 2
https://bugs.webkit.org/show_bug.cgi?id=259128
rdar://112108410

Reviewed by Justin Michaud.

This is the second attempt to land 252675 at main change. Previously we did this to properly propagate NaN / Infinity handling possibility
to make ArithDiv semantic bug fixed. But we rolled out and did a conservative simple fix instead since we observed JetStream2 regression (253246 at main).
But now, this patch fixes the regression, which was missing handling of this new flag in DFG::Graph::addShouldSpeculateInt52.
This offers 5~% progression (it is kind of recovery from the previous regression from 253246 at main) in JetStream2/octane-zlib by not causing repeated
ArithDiv Overflow OSR exit here.

* Source/JavaScriptCore/dfg/DFGBackwardsPropagationPhase.cpp:
(JSC::DFG::BackwardsPropagationPhase::propagate):
* Source/JavaScriptCore/dfg/DFGFixupPhase.cpp:
(JSC::DFG::FixupPhase::fixupArithDivInt32):
* Source/JavaScriptCore/dfg/DFGGraph.h:
* Source/JavaScriptCore/dfg/DFGNodeFlags.cpp:
(JSC::DFG::dumpNodeFlags):
* Source/JavaScriptCore/dfg/DFGNodeFlags.h:
(JSC::DFG::bytecodeCanIgnoreNaNAndInfinity):
* Source/JavaScriptCore/dfg/DFGNodeType.h:

Canonical link: https://commits.webkit.org/265978@main

More information about the webkit-changes mailing list