[webkit-changes] [WebKit/WebKit] 49a82e: [JSC] Keep used locals alive for iterator_next / i...

Yusuke Suzuki noreply at github.com
Tue Mar 14 19:47:35 PDT 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 49a82e3d03250e03f408b7a8aff80313b849932c
      https://github.com/WebKit/WebKit/commit/49a82e3d03250e03f408b7a8aff80313b849932c
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-03-14 (Tue, 14 Mar 2023)

  Changed paths:
    A JSTests/stress/iterator-next-osr-exit-dead-1.js
    A JSTests/stress/iterator-next-osr-exit-dead-2.js
    M Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp
    M Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

  Log Message:
  -----------
  [JSC] Keep used locals alive for iterator_next / iterator_open
https://bugs.webkit.org/show_bug.cgi?id=253907
rdar://102754257

Reviewed by Keith Miller and Justin Michaud.

iterator_next and iterator_open can create a graph of DFG nodes. But this is problematic for OSR exit node liveness tracking.
We have phantom insertion phase to keep uses of instructions alive properly. But that analysis has an assumption that one instruction
cannot create a graph. As a result, the phase does block local analysis, and if the local is not used on that basic block,
we do not insert phantoms. Let's see

Block #0
    @0 GetLocal(local0)
    @1 Use(@0)
    @2 Jump(#1)
Block #1
    @3 ForceOSRExit

In #1, we do not know that local0 needs to be kept alive even if local0 is alive in bytecode. And phantom insertion phase cannot insert phantoms
to keep them alive since local0 operand in #1 is not filled.

This patch adds keepUsesOfCurrentInstructionAlive helper function and call it in the prologue of newly created basic block for one instruction.
This inserts all the uses of the instruction explicitly via GetLocal.

Block #0
    @0 GetLocal(local0)
    @1 Use(@0)
    @2 Jump(#1)
Block #1
    @3 GetLocal(local0)
    @4 ForceOSRExit

With this function, we insert @3 for local0, and now phatom insertion phase will see operand for local0 is filled in #1,
and appropriately insert Phantom into #1 too.

* JSTests/stress/iterator-next-osr-exit-dead-1.js: Added.
* JSTests/stress/iterator-next-osr-exit-dead-2.js: Added.
(i.i.switch):
* Source/JavaScriptCore/bytecode/BytecodeUseDef.cpp:
(JSC::computeUsesForBytecodeIndexImpl):
* Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::keepUsesOfCurrentInstructionAlive):
(JSC::DFG::ByteCodeParser::parseBlock):

Canonical link: https://commits.webkit.org/261668@main

More information about the webkit-changes mailing list