[webkit-reviews] review granted: [Bug 213141] CheckIsConstant should not use BadCache exit kind : [Attachment 401812] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 15 12:31:34 PDT 2020
Yusuke Suzuki <ysuzuki at apple.com> has granted Keith Miller
<keith_miller at apple.com>'s request for review:
Bug 213141: CheckIsConstant should not use BadCache exit kind
https://bugs.webkit.org/show_bug.cgi?id=213141
Attachment 401812: Patch
https://bugs.webkit.org/attachment.cgi?id=401812&action=review
--- Comment #15 from Yusuke Suzuki <ysuzuki at apple.com> ---
Comment on attachment 401812
--> https://bugs.webkit.org/attachment.cgi?id=401812
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=401812&action=review
> Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:9676
> - speculationCheck(BadCache, regs, node->child1(),
m_jit.branch64(JITCompiler::NotEqual, regs.gpr(),
TrustedImm64(JSValue::encode(node->constant()->value()))));
> + speculationCheck(BadConstantValue, regs, node->child1(),
m_jit.branch64(JITCompiler::NotEqual, regs.gpr(),
TrustedImm64(JSValue::encode(node->constant()->value()))));
> #else
> - speculationCheck(BadCache, regs, node->child1(),
m_jit.branch32(JITCompiler::NotEqual, regs.tagGPR(),
TrustedImm32(node->constant()->value().tag())));
> - speculationCheck(BadCache, regs, node->child1(),
m_jit.branch32(JITCompiler::NotEqual, regs.payloadGPR(),
TrustedImm32(node->constant()->value().payload())));
> + speculationCheck(BadConstantValue, regs, node->child1(),
m_jit.branch32(JITCompiler::NotEqual, regs.tagGPR(),
TrustedImm32(node->constant()->value().tag())));
> + speculationCheck(BadConstantValue, regs, node->child1(),
m_jit.branch32(JITCompiler::NotEqual, regs.payloadGPR(),
TrustedImm32(node->constant()->value().payload())));
One question. This changes BadCache -> BadConstantValue. So, we also need to
check `hasExitSite(codeOrigin, BadCache)` things too.
For example, Graph::canOptimizeStringObjectAccess has
1775 bool Graph::canOptimizeStringObjectAccess(const CodeOrigin& codeOrigin)
1776 {
1777 if (hasExitSite(codeOrigin, BadCache) || hasExitSite(codeOrigin,
BadConstantCache))
1778 return false;
this code. PutById etc. has,
1847 case PutById:
1848 case PutByIdFlush:
1849 case PutByIdDirect: {
1850 if (node->child1()->shouldSpeculateCellOrOther()
1851 && !m_graph.hasExitSite(node->origin.semantic, BadType)
1852 && !m_graph.hasExitSite(node->origin.semantic, BadCache)
1853 && !m_graph.hasExitSite(node->origin.semantic,
BadIndexingType)
1854 && !m_graph.hasExitSite(node->origin.semantic,
ExoticObjectMode)) {
this code. And there are many this type of codes. Can you ensure that they are
correct after this change?
More information about the webkit-reviews
mailing list