Google Git
Sign in
webkit / WebKit / 002405c013ffe776a690d76895042972aa3b88de^! / . / Source / JavaScriptCore / dfg / DFGFlushedAt.h
commit002405c013ffe776a690d76895042972aa3b88de[log] [tgz]
authorfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Mon Nov 18 01:46:48 2013 +0000
committerfpizlo@apple.com <fpizlo@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Mon Nov 18 01:46:48 2013 +0000
tree5f32a7b6f268a5d2772d392a37f6f90fbcebdc89
parent48c4fbd3ef22866a1793b3803cedd7eb8a495ea0 [diff] [blame]
FTL should have an explicit notion of bytecode liveness
https://bugs.webkit.org/show_bug.cgi?id=124181

Source/JavaScriptCore: 

Reviewed by Sam Weinig.
        
This makes FTL OSR exit use bytecode liveness analysis to determine which variables
to include values for. The decision of how to get the values of variables is based on
forward propagation of MovHints and SetLocals.
        
This fixes a bunch of bugs (like https://bugs.webkit.org/show_bug.cgi?id=124138 but
also others that I noticed when I started writing more targetted tests) and allows us
to remove some sketchy code.

* CMakeLists.txt:
* GNUmakefile.list.am:
* JavaScriptCore.vcxproj/JavaScriptCore.vcxproj:
* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/BytecodeBasicBlock.h:
* bytecode/BytecodeLivenessAnalysis.cpp:
(JSC::isValidRegisterForLiveness):
(JSC::setForOperand):
(JSC::computeUsesForBytecodeOffset):
(JSC::computeDefsForBytecodeOffset):
(JSC::stepOverInstruction):
(JSC::computeLocalLivenessForBytecodeOffset):
(JSC::BytecodeLivenessAnalysis::runLivenessFixpoint):
(JSC::BytecodeLivenessAnalysis::operandIsLiveAtBytecodeOffset):
(JSC::getLivenessInfo):
(JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset):
(JSC::BytecodeLivenessAnalysis::computeFullLiveness):
* bytecode/BytecodeLivenessAnalysis.h:
* bytecode/BytecodeLivenessAnalysisInlines.h: Added.
(JSC::operandIsAlwaysLive):
(JSC::operandThatIsNotAlwaysLiveIsLive):
(JSC::operandIsLive):
* bytecode/CodeBlock.h:
(JSC::CodeBlock::captureCount):
(JSC::CodeBlock::captureStart):
(JSC::CodeBlock::captureEnd):
* bytecode/CodeOrigin.cpp:
(JSC::InlineCallFrame::dumpInContext):
* bytecode/FullBytecodeLiveness.h: Added.
(JSC::FullBytecodeLiveness::FullBytecodeLiveness):
(JSC::FullBytecodeLiveness::getOut):
(JSC::FullBytecodeLiveness::operandIsLive):
(JSC::FullBytecodeLiveness::getLiveness):
* dfg/DFGAvailability.cpp: Added.
(JSC::DFG::Availability::dump):
(JSC::DFG::Availability::dumpInContext):
* dfg/DFGAvailability.h: Added.
(JSC::DFG::Availability::Availability):
(JSC::DFG::Availability::unavailable):
(JSC::DFG::Availability::withFlush):
(JSC::DFG::Availability::withNode):
(JSC::DFG::Availability::withUnavailableNode):
(JSC::DFG::Availability::nodeIsUndecided):
(JSC::DFG::Availability::nodeIsUnavailable):
(JSC::DFG::Availability::hasNode):
(JSC::DFG::Availability::node):
(JSC::DFG::Availability::flushedAt):
(JSC::DFG::Availability::operator!):
(JSC::DFG::Availability::operator==):
(JSC::DFG::Availability::merge):
(JSC::DFG::Availability::mergeNodes):
(JSC::DFG::Availability::unavailableMarker):
* dfg/DFGBasicBlock.h:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGDisassembler.cpp:
(JSC::DFG::Disassembler::Disassembler):
* dfg/DFGFlushFormat.cpp:
(WTF::printInternal):
* dfg/DFGFlushFormat.h:
(JSC::DFG::resultFor):
(JSC::DFG::useKindFor):
(JSC::DFG::dataFormatFor):
* dfg/DFGFlushedAt.cpp:
(JSC::DFG::FlushedAt::dump):
* dfg/DFGFlushedAt.h:
(JSC::DFG::FlushedAt::FlushedAt):
(JSC::DFG::FlushedAt::merge):
* dfg/DFGGraph.cpp:
(JSC::DFG::Graph::dump):
(JSC::DFG::Graph::livenessFor):
(JSC::DFG::Graph::isLiveInBytecode):
* dfg/DFGGraph.h:
(JSC::DFG::Graph::baselineCodeBlockFor):
* dfg/DFGOSRAvailabilityAnalysisPhase.cpp:
(JSC::DFG::OSRAvailabilityAnalysisPhase::run):
* dfg/DFGOSRAvailabilityAnalysisPhase.h:
* dfg/DFGPlan.cpp:
(JSC::DFG::Plan::compileInThreadImpl):
* dfg/DFGResurrectionForValidationPhase.cpp: Added.
(JSC::DFG::ResurrectionForValidationPhase::ResurrectionForValidationPhase):
(JSC::DFG::ResurrectionForValidationPhase::run):
(JSC::DFG::performResurrectionForValidation):
* dfg/DFGResurrectionForValidationPhase.h: Added.
* dfg/DFGSSAConversionPhase.cpp:
(JSC::DFG::SSAConversionPhase::run):
* dfg/DFGValueSource.h:
(JSC::DFG::ValueSource::forFlushFormat):
* dfg/DFGVariableAccessData.h:
* ftl/FTLExitValue.cpp:
(JSC::FTL::ExitValue::dumpInContext):
* ftl/FTLInlineCacheSize.cpp:
(JSC::FTL::sizeOfGetById):
* ftl/FTLLocation.cpp:
(JSC::FTL::Location::gpr):
(JSC::FTL::Location::fpr):
(JSC::FTL::Location::directGPR):
* ftl/FTLLowerDFGToLLVM.cpp:
(JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM):
(JSC::FTL::LowerDFGToLLVM::compileBlock):
(JSC::FTL::LowerDFGToLLVM::compileNode):
(JSC::FTL::LowerDFGToLLVM::compileSetLocal):
(JSC::FTL::LowerDFGToLLVM::compileZombieHint):
(JSC::FTL::LowerDFGToLLVM::compilePutById):
(JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint):
(JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock):
(JSC::FTL::LowerDFGToLLVM::appendOSRExit):
(JSC::FTL::LowerDFGToLLVM::emitOSRExitCall):
(JSC::FTL::LowerDFGToLLVM::buildExitArguments):
(JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode):
(JSC::FTL::LowerDFGToLLVM::observeMovHint):
* ftl/FTLOutput.h:
(JSC::FTL::Output::alloca):
* ftl/FTLValueSource.cpp: Removed.
* ftl/FTLValueSource.h: Removed.
* llvm/LLVMAPIFunctions.h:
* runtime/DumpContext.cpp:
(JSC::DumpContext::DumpContext):
* runtime/DumpContext.h:
* runtime/Options.h:
* runtime/SymbolTable.h:
(JSC::SharedSymbolTable::captureStart):
(JSC::SharedSymbolTable::captureEnd):
(JSC::SharedSymbolTable::captureCount):

Tools: 

Reviewed by Mark Hahnenberg.

* Scripts/run-jsc-stress-tests:

LayoutTests: 

Reviewed by Mark Hahnenberg or Sam Weinig.
        
I totally added this test after the rest of the patch was r+'d. Under the right tier-up
modes this triggers one of the bugs that the rest of the patch is trying to avoid.

* js/regress/script-tests/weird-inlining-const-prop.js: Added.
(foo):
(bar):
(fuzz):
(testImpl):
(test):
* js/regress/weird-inlining-const-prop-expected.txt: Added.
* js/regress/weird-inlining-const-prop.html: Added.



git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159394 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/JavaScriptCore/dfg/DFGFlushedAt.h b/Source/JavaScriptCore/dfg/DFGFlushedAt.h
index cd8a53d..6dfe716 100644
--- a/Source/JavaScriptCore/dfg/DFGFlushedAt.h
+++ b/Source/JavaScriptCore/dfg/DFGFlushedAt.h

@@ -42,6 +42,12 @@
     {
     }
     
+    explicit FlushedAt(FlushFormat format)
+        : m_format(format)
+    {
+        ASSERT(format == DeadFlush || format == ConflictingFlush);
+    }
+    
     FlushedAt(FlushFormat format, VirtualRegister virtualRegister)
         : m_format(format)
         , m_virtualRegister(virtualRegister)
@@ -65,6 +71,17 @@
     
     bool operator!=(const FlushedAt& other) const { return !(*this == other); }
     
+    FlushedAt merge(const FlushedAt& other) const
+    {
+        if (!*this)
+            return other;
+        if (!other)
+            return *this;
+        if (*this == other)
+            return *this;
+        return FlushedAt(ConflictingFlush);
+    }
+    
     void dump(PrintStream&) const;
     void dumpInContext(PrintStream&, DumpContext*) const;