[webkit-reviews] review granted: [Bug 186916] We can't remove code after ForceOSRExit until after FixupPhase : [Attachment 364562] patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 14 19:35:16 PDT 2019
Yusuke Suzuki <ysuzuki at apple.com> has granted Saam Barati <sbarati at apple.com>'s
request for review:
Bug 186916: We can't remove code after ForceOSRExit until after FixupPhase
https://bugs.webkit.org/show_bug.cgi?id=186916
Attachment 364562: patch
https://bugs.webkit.org/attachment.cgi?id=364562&action=review
--- Comment #36 from Yusuke Suzuki <ysuzuki at apple.com> ---
Comment on attachment 364562
--> https://bugs.webkit.org/attachment.cgi?id=364562
patch
View in context: https://bugs.webkit.org/attachment.cgi?id=364562&action=review
r=me
> Source/JavaScriptCore/ChangeLog:16
> + There was an optimization on the bytecode parser I added that
converted blocks
> + with ForceOSRExit in them to remove all IR after the ForceOSRExit.
However,
> + this is incorrect because it breaks backwards propagation. For
example, it
> + could incorrectly lead us to think it's safe to not check for
overflow in
> + an Add because such Add has no non-int uses. Backwards propagation
relies on
> + having a view over bytecode uses, and this optimization broke that.
This patch
> + rolls out that optimization, as initial perf data shows it may no
longer be
> + needed.
You can mention to r232742 here. This patch is logically the revert of r232742.
More information about the webkit-reviews
mailing list