[Webkit-unassigned] [Bug 68316] New: DFG JIT does not have full block-local CSE

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=68316

           Summary: DFG JIT does not have full block-local CSE
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: fpizlo at apple.com


DFG JIT can perform some simple load elimination on array accesses, but other than that it cannot do common subexpression elimination (CSE).  This is unfortunate, since CSE would be of great benefit for global variable accesses, more complex forms of array accesses, and repeated arithmetic.  This is particularly true since these operations in JavaScript are so expensive.  Thus eliminating even a few of them can have a big effect.

The DFG JIT should implement block-local CSE with facilities to eliminate both pure operations (additions on numbers, etc) and heap operations (GetGlobalVar, GetByVal, CheckMethod).  The latter should take care to ensure correctness in the case of conflicting side-effects.  CSE should be OSR-friendly: if it eliminates an operation, it should ensure that everything needed to perform that operation in the old JIT if OSR happens is still intact.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.