[webkit-changes] [WebKit/WebKit] dcfc25: [JSC] REGRESSION(269099 at main) Fix the regression c...
Commit Queue
noreply at github.com
Fri Oct 13 03:22:03 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: dcfc255035aed5598df75a58f90a3e1dfeb415fa
https://github.com/WebKit/WebKit/commit/dcfc255035aed5598df75a58f90a3e1dfeb415fa
Author: Yijia Huang <yijia_huang at apple.com>
Date: 2023-10-13 (Fri, 13 Oct 2023)
Changed paths:
A JSTests/stress/getbyoffset-cse-consistency-2.js
M Source/JavaScriptCore/dfg/DFGClobberize.h
M Source/JavaScriptCore/dfg/DFGCommon.h
M Source/JavaScriptCore/dfg/DFGLICMPhase.cpp
Log Message:
-----------
[JSC] REGRESSION(269099 at main) Fix the regression caused by HeapLocation with an extra state
https://bugs.webkit.org/show_bug.cgi?id=262979
rdar://116764992
Reviewed by Yusuke Suzuki.
Previously, we landed a patch (269099 at main) to introduce a new HeapLocation
constructor with an extra state, which might disable certain optimizations in
DFG and FTL and cause regressions. This patch fixes the issue by enabling
the new HeapLocation construction only after LICM phase.
* Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cpp:
* Source/JavaScriptCore/dfg/DFGCSEPhase.cpp:
(JSC::DFG::performGlobalCSE):
(JSC::DFG::performGlobalCSESlow):
* Source/JavaScriptCore/dfg/DFGCSEPhase.h:
* Source/JavaScriptCore/dfg/DFGClobberSet.cpp:
(JSC::DFG::addReads):
(JSC::DFG::addWrites):
(JSC::DFG::addReadsAndWrites):
(JSC::DFG::readsOverlap):
(JSC::DFG::writesOverlap):
* Source/JavaScriptCore/dfg/DFGClobberize.cpp:
(JSC::DFG::doesWrites):
(JSC::DFG::accessesOverlap):
(JSC::DFG::writesOverlap):
(JSC::DFG::clobbersHeap):
* Source/JavaScriptCore/dfg/DFGClobberize.h:
(JSC::DFG::clobberize):
* Source/JavaScriptCore/dfg/DFGClobbersExitState.cpp:
(JSC::DFG::clobbersExitState):
* Source/JavaScriptCore/dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h:
(JSC::DFG::preciseLocalClobberize):
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileCurrentBlock):
* Source/JavaScriptCore/dfg/DFGStoreBarrierInsertionPhase.cpp:
* Source/JavaScriptCore/dfg/DFGValidate.cpp:
* Source/JavaScriptCore/dfg/DFGVarargsForwardingPhase.cpp:
* Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::compileBlock):
(JSC::FTL::DFG::LowerDFGToB3::compileNode):
Canonical link: https://commits.webkit.org/269295@main
More information about the webkit-changes
mailing list