[webkit-reviews] review granted: [Bug 186916] We can't remove code after ForceOSRExit until after FixupPhase : [Attachment 364562] patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 14 19:35:16 PDT 2019

Yusuke Suzuki <ysuzuki at apple.com> has granted Saam Barati <sbarati at apple.com>'s
request for review:
Bug 186916: We can't remove code after ForceOSRExit until after FixupPhase

Attachment 364562: patch


--- Comment #36 from Yusuke Suzuki <ysuzuki at apple.com> ---
Comment on attachment 364562
  --> https://bugs.webkit.org/attachment.cgi?id=364562

View in context: https://bugs.webkit.org/attachment.cgi?id=364562&action=review


> Source/JavaScriptCore/ChangeLog:16
> +	   There was an optimization on the bytecode parser I added that
converted blocks
> +	   with ForceOSRExit in them to remove all IR after the ForceOSRExit.
> +	   this is incorrect because it breaks backwards propagation. For
example, it
> +	   could incorrectly lead us to think it's safe to not check for
overflow in
> +	   an Add because such Add has no non-int uses. Backwards propagation
relies on
> +	   having a view over bytecode uses, and this optimization broke that.
This patch
> +	   rolls out that optimization, as initial perf data shows it may no
longer be
> +	   needed.

You can mention to r232742 here. This patch is logically the revert of r232742.

More information about the webkit-reviews mailing list