-
fpizlo@apple.com authored
https://bugs.webkit.org/show_bug.cgi?id=124181 Source/JavaScriptCore: Reviewed by Sam Weinig. This makes FTL OSR exit use bytecode liveness analysis to determine which variables to include values for. The decision of how to get the values of variables is based on forward propagation of MovHints and SetLocals. This fixes a bunch of bugs (like https://bugs.webkit.org/show_bug.cgi?id=124138 but also others that I noticed when I started writing more targetted tests) and allows us to remove some sketchy code. * CMakeLists.txt: * GNUmakefile.list.am: * JavaScriptCore.vcxproj/JavaScriptCore.vcxproj: * JavaScriptCore.xcodeproj/project.pbxproj: * bytecode/BytecodeBasicBlock.h: * bytecode/BytecodeLivenessAnalysis.cpp: (JSC::isValidRegisterForLiveness): (JSC::setForOperand): (JSC::computeUsesForBytecodeOffset): (JSC::computeDefsForBytecodeOffset): (JSC::stepOverInstruction): (JSC::computeLocalLivenessForBytecodeOffset): (JSC::BytecodeLivenessAnalysis::runLivenessFixpoint): (JSC::BytecodeLivenessAnalysis::operandIsLiveAtBytecodeOffset): (JSC::getLivenessInfo): (JSC::BytecodeLivenessAnalysis::getLivenessInfoAtBytecodeOffset): (JSC::BytecodeLivenessAnalysis::computeFullLiveness): * bytecode/BytecodeLivenessAnalysis.h: * bytecode/BytecodeLivenessAnalysisInlines.h: Added. (JSC::operandIsAlwaysLive): (JSC::operandThatIsNotAlwaysLiveIsLive): (JSC::operandIsLive): * bytecode/CodeBlock.h: (JSC::CodeBlock::captureCount): (JSC::CodeBlock::captureStart): (JSC::CodeBlock::captureEnd): * bytecode/CodeOrigin.cpp: (JSC::InlineCallFrame::dumpInContext): * bytecode/FullBytecodeLiveness.h: Added. (JSC::FullBytecodeLiveness::FullBytecodeLiveness): (JSC::FullBytecodeLiveness::getOut): (JSC::FullBytecodeLiveness::operandIsLive): (JSC::FullBytecodeLiveness::getLiveness): * dfg/DFGAvailability.cpp: Added. (JSC::DFG::Availability::dump): (JSC::DFG::Availability::dumpInContext): * dfg/DFGAvailability.h: Added. (JSC::DFG::Availability::Availability): (JSC::DFG::Availability::unavailable): (JSC::DFG::Availability::withFlush): (JSC::DFG::Availability::withNode): (JSC::DFG::Availability::withUnavailableNode): (JSC::DFG::Availability::nodeIsUndecided): (JSC::DFG::Availability::nodeIsUnavailable): (JSC::DFG::Availability::hasNode): (JSC::DFG::Availability::node): (JSC::DFG::Availability::flushedAt): (JSC::DFG::Availability::operator!): (JSC::DFG::Availability::operator==): (JSC::DFG::Availability::merge): (JSC::DFG::Availability::mergeNodes): (JSC::DFG::Availability::unavailableMarker): * dfg/DFGBasicBlock.h: * dfg/DFGByteCodeParser.cpp: (JSC::DFG::ByteCodeParser::parseBlock): * dfg/DFGDisassembler.cpp: (JSC::DFG::Disassembler::Disassembler): * dfg/DFGFlushFormat.cpp: (WTF::printInternal): * dfg/DFGFlushFormat.h: (JSC::DFG::resultFor): (JSC::DFG::useKindFor): (JSC::DFG::dataFormatFor): * dfg/DFGFlushedAt.cpp: (JSC::DFG::FlushedAt::dump): * dfg/DFGFlushedAt.h: (JSC::DFG::FlushedAt::FlushedAt): (JSC::DFG::FlushedAt::merge): * dfg/DFGGraph.cpp: (JSC::DFG::Graph::dump): (JSC::DFG::Graph::livenessFor): (JSC::DFG::Graph::isLiveInBytecode): * dfg/DFGGraph.h: (JSC::DFG::Graph::baselineCodeBlockFor): * dfg/DFGOSRAvailabilityAnalysisPhase.cpp: (JSC::DFG::OSRAvailabilityAnalysisPhase::run): * dfg/DFGOSRAvailabilityAnalysisPhase.h: * dfg/DFGPlan.cpp: (JSC::DFG::Plan::compileInThreadImpl): * dfg/DFGResurrectionForValidationPhase.cpp: Added. (JSC::DFG::ResurrectionForValidationPhase::ResurrectionForValidationPhase): (JSC::DFG::ResurrectionForValidationPhase::run): (JSC::DFG::performResurrectionForValidation): * dfg/DFGResurrectionForValidationPhase.h: Added. * dfg/DFGSSAConversionPhase.cpp: (JSC::DFG::SSAConversionPhase::run): * dfg/DFGValueSource.h: (JSC::DFG::ValueSource::forFlushFormat): * dfg/DFGVariableAccessData.h: * ftl/FTLExitValue.cpp: (JSC::FTL::ExitValue::dumpInContext): * ftl/FTLInlineCacheSize.cpp: (JSC::FTL::sizeOfGetById): * ftl/FTLLocation.cpp: (JSC::FTL::Location::gpr): (JSC::FTL::Location::fpr): (JSC::FTL::Location::directGPR): * ftl/FTLLowerDFGToLLVM.cpp: (JSC::FTL::LowerDFGToLLVM::LowerDFGToLLVM): (JSC::FTL::LowerDFGToLLVM::compileBlock): (JSC::FTL::LowerDFGToLLVM::compileNode): (JSC::FTL::LowerDFGToLLVM::compileSetLocal): (JSC::FTL::LowerDFGToLLVM::compileZombieHint): (JSC::FTL::LowerDFGToLLVM::compilePutById): (JSC::FTL::LowerDFGToLLVM::compileInvalidationPoint): (JSC::FTL::LowerDFGToLLVM::initializeOSRExitStateForBlock): (JSC::FTL::LowerDFGToLLVM::appendOSRExit): (JSC::FTL::LowerDFGToLLVM::emitOSRExitCall): (JSC::FTL::LowerDFGToLLVM::buildExitArguments): (JSC::FTL::LowerDFGToLLVM::addExitArgumentForNode): (JSC::FTL::LowerDFGToLLVM::observeMovHint): * ftl/FTLOutput.h: (JSC::FTL::Output::alloca): * ftl/FTLValueSource.cpp: Removed. * ftl/FTLValueSource.h: Removed. * llvm/LLVMAPIFunctions.h: * runtime/DumpContext.cpp: (JSC::DumpContext::DumpContext): * runtime/DumpContext.h: * runtime/Options.h: * runtime/SymbolTable.h: (JSC::SharedSymbolTable::captureStart): (JSC::SharedSymbolTable::captureEnd): (JSC::SharedSymbolTable::captureCount): Tools: Reviewed by Mark Hahnenberg. * Scripts/run-jsc-stress-tests: LayoutTests: Reviewed by Mark Hahnenberg or Sam Weinig. I totally added this test after the rest of the patch was r+'d. Under the right tier-up modes this triggers one of the bugs that the rest of the patch is trying to avoid. * js/regress/script-tests/weird-inlining-const-prop.js: Added. (foo): (bar): (fuzz): (testImpl): (test): * js/regress/weird-inlining-const-prop-expected.txt: Added. * js/regress/weird-inlining-const-prop.html: Added. git-svn-id: http://svn.webkit.org/repository/webkit/trunk@159394 268f45cc-cd09-0410-ab3c-d52691b4dbfc
002405c0