[Webkit-unassigned] [Bug 84324] DFG can have the spill format identical to the register format
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 5 20:51:09 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=84324
--- Comment #4 from Filip Pizlo <fpizlo at apple.com> 2012-06-05 20:51:02 PST ---
(From update of attachment 145923)
View in context: https://bugs.webkit.org/attachment.cgi?id=145923&action=review
I'm fine with this on principle, but I'm not sure about the calls to terminateSpeculativeExecution(). These days DFG::AbstractState must know exactly where OSR exits may happen since this information is consumed by store elimination. Hence, any calls to speculationCheck() and terminateSpeculativeExecution() ought to be guarded by checks against things that AbstractState would know during the CFA phase, to ensure that we don't end up performing store elimination under the assumption that there is no OSR exit only to have an OSR exit inserted by the backend.
> Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:1043
> + if (isKnownNotInteger(nodeIndex)) {
> + terminateSpeculativeExecution(Uncountable, JSValueRegs(), NoNode);
> + returnFormat = DataFormatInteger;
> + return allocate();
> + }
> +
Perhaps it's better to use isInt32Prediction(m_state.forNode(nodeIndex).m_type) here?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list