[webkit-changes] [WebKit/WebKit] 016bc6: ObjectAllocationSinking shouldn't produce Phis to ...
Keith Miller
noreply at github.com
Mon Jan 6 23:20:05 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 016bc646b9f34f98005253d86ab1838541e8c970
https://github.com/WebKit/WebKit/commit/016bc646b9f34f98005253d86ab1838541e8c970
Author: Keith Miller <keith_miller at apple.com>
Date: 2025-01-06 (Mon, 06 Jan 2025)
Changed paths:
A JSTests/stress/phantom-put-by-offset-to-self-over-control-flow.js
M Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp
M Source/JavaScriptCore/dfg/DFGSSACalculator.h
Log Message:
-----------
ObjectAllocationSinking shouldn't produce Phis to the values it's about to phantom.
https://bugs.webkit.org/show_bug.cgi?id=285461
rdar://142276606
Reviewed by Yusuke Suzuki.
In https://commits.webkit.org/283558@main we removed the incorrect Phi omission for values materialized values
but for values that we're about to sink we shouldn't link those to a Phi as we'll crash in lowerDFGToB3.
This patch skips the Phi/Upsilon as long as what we're targeting is a sink candidate (they're locked in at this
point). An alternative fix would be to remove the Phi/Upsilons after we convert to a phantom but that seems slower.
* JSTests/stress/phantom-put-by-offset-to-self-over-control-flow.js: Added.
* Source/JavaScriptCore/dfg/DFGObjectAllocationSinkingPhase.cpp:
* Source/JavaScriptCore/dfg/DFGSSACalculator.h:
(JSC::DFG::SSACalculator::computePhis):
Canonical link: https://commits.webkit.org/288507@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list