[Webkit-unassigned] [Bug 154011] New: Baseline JIT should not require its input to be constant-propagated

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=154011

            Bug ID: 154011
           Summary: Baseline JIT should not require its input to be
                    constant-propagated
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: fpizlo at apple.com

The snippet generator code in the baseline JIT was assuming that bytecode *must* have been constant-propagated.  But you can’t guarantee that.  For example, this constraint means that almost any optimization performed after constant propagation is an invalid optimization, since it may reveal new constant propagation opportunities.

The bytecode generator runs after we have done some constant propagation in the parser, but it doesn’t guarantee that it won’t also do other things that reveal constants.

The correct thing to do - and indeed the thing that all of our other compiler code does - is to gracefully deal with unfolded operations in the backend.  There is no cost to doing so, and it ensures that the compiler doesn't crash if by some weird chance we revealed a constant in some late optimization.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160208/e184dd61/attachment.html>